360 likes | 756 Views
How to Design and Implement A Corporate Compliance Program. Auditing and Monitoring Operations and Business Processes. Our House Analogy. The physical structure (walls, ceiling) Like the mechanical aspects of a compliance program The “furniture/appliances” The substantive laws/policies
E N D
How to Design and Implement A Corporate Compliance Program Auditing and Monitoring Operations and Business Processes
Our House Analogy • The physical structure (walls, ceiling) • Like the mechanical aspects of a compliance program • The “furniture/appliances” • The substantive laws/policies • What we must “comply” with versus the “how we get there”
Prior Sessions: “Process” Aspects (The House) • Some of the process pieces we’ve explored: • Compliance officer/committee • Employee education/training • Checking exclusion status of employees & contractors • Creating/retaining compliance records
Today: More Process • Auditing and Monitoring Systems • OIG: Integral to an “effective” compliance program • Monitoring operations (business processes, quality, resident safety) • And your compliance program’s effectiveness
Auditing & Monitoring Is Just: • Reliable, periodic systems to audit or check on identified “risk areas” in corporate/facility operations • Not overly complex • But comprehensive & reliable • That specifies how it works and who’s responsible for auditing • With reviews of systems for reliability
RISK … “exposure to the chance of injury or loss” • Business Risk • Healthcare Company Risk • Quality Risk
RISK Lawsuit Whistleblower InvestigationDenials Audit False claims Abuse Conflict of Interest Theft Survey Five Star Background Check PROBE Medical Necessity Kickback Referral Disclosure Falsification Supplementation Class action Labor ExclusionControls Staffing Consolidated Billing Resident Trust Triple Check Reimbursement Coding HIPAA RUGSHR RAC MDSMAC PAC POC EEOC SOD SEC CMP OIG CMSDOJ AR PPD EIEIO
Another Risk Management Approach(aka “an Integrated Approach” CMS- Quality Improvement - survey - quality measures - staffing
“DASHBOARD”forIntegrating Risk Data • Data Metrics • Quality • Business • Healthcare Company Compliance
Dashboard Development • Get constituent buy-in and allocate funds; • Select project team; • In-house • Consultant /vendor • Combination • Determine data to be “rolled-up”; • Don’t create new data • Select dashboard format based on ease of data import (manually or through IT); • Wide-distribution to constituents • Act on indicators
Making Auditing and Monitoring Practical A Step-By-Step Approach to Taking the Pulse of Your Operations and Compliance Program
1. Specifically target and identify what you are auditing • Possible audit “targets” come from: • OIG “risk areas” (later webinars) • Your own operations experience • Internal/external finance or business audits • Survey results, QI scores, QA meetings, complaints, hotline calls, satisfaction surveys
Poor “Targeting” = Poor Results • With multiple targets, failure to clearly define, and give team clear direction = disorganization, missed issues & ineffective auditing • Am I targeting med error rates, contract compliance with illegal kickbacks, improper MDS coding and resulting improper payment claims?
2. Design the Specific Auditing Steps You’ll Employ • What source information/processes am I examining? • Unlocked med carts in hall, sample of payment claims, facility contracts, hotline responses? • Where is the information I’m testing located in terms of operations?
2. Design the Specific Auditing Steps You’ll Employ • How will we audit those sources? • Pulling/reviewing resident charts? • Interviewing nursing staff, families, residents? • Observing staff with residents? • Observing compliance officer interactions with Board members?
2. Design the Specific Auditing Steps You’ll Employ • How will we gather and report our findings? • Preparing written reports, charts, or making oral reports? • To whom? • Maybe internal reporting and/or external to consultants/counsel
2. Design the Specific Auditing Steps You’ll Employ • How frequently are we accessing our information sources? • Annual audit of financial records? • Quarterly review (med. regimen) ? • Time-limited review of med error rates (spike in rates)? • Followed by periodic check on the “fixes” • The findings dictate frequency
2. Design the Specific Auditing Steps You’ll Employ • Who’s responsible for the audit to make sure it’s targeted, examines the sources we’ve identified, on the schedule we’ve established? • For internal/external audits, put one person in charge • Even with audit “teams” • Including for reporting function
3. Decide How We’ll Use the Audit Results Obtained • Depends on the issue and company • External CPA audit goes to CFO • Care plan audit to DON, administrator, consultant, Quality Assurance Committee • Purpose: spot an issue, analyze it, repair it, communicate repair, consider legal reporting requirements
If You Want to Write a Specific Audit Flowchart • These questions will direct how to do that • Really, for any issue you can think of: quality, finance, business ops • And, if you’re looking for an “audit & monitoring” policy for your compliance program, these questions will take you there
An Example Compliance with Facility Obligations Under Medicare Part D [From OIG 2008 Supplemental Guidance for Nursing Facilities]
1. Target / Identify What We’re Monitoring • Audit/monitor following aspects of Medicare Part D compliance: • Explaining Part D Plans to residents accurately/completely? • Are our pharmacy contracts sufficient to ensure resident choice in Part D Plans?
1. Target / Identify What We’re Monitoring • Have mechanism to contract with additional pharmacies or with one (exclusive) with broader Plans? • Avoid coaching, steering, requiring a resident to select a specific Part D Plan or specific pharmacy? • Do employees/contractors accept items of value from Part D Plan or pharmacy to refer patients?
2. Designate Specific Audit Steps • Review any policy/procedure and “scripts” used to explain Part D Plans to residents • Observe 15 instances of staff explaining Plans to residents. • Supplement with 15 interviews of staff, residents and families re how we explained Plans
2. Designate Specific Audit Steps • Identify failures to describe Plan fully or accurately or respond to resident requests for Plans we don’t offer • Observe 15 instances of pharmacy rep or contractor discussing Plans with residents • Any instances of coaching, steering, requiring a specific Plan or pharmacy? • Supplement with resident/family/staff interviews re those interactions. • Counsel employees / consider discipline for violations & any corrective action required?
2. Designate Specific Audit Steps • Observe 15 interactions between resident and contract pharmcy(ies) to ensure no steering, coaching, etc. • Report violations to compliance officer/committee • Corrective action required? • Examine how pharmacy contracts are negotiated / executed to ensure no items of value to induce contracts or referrals
2. Designate Specific Audit Steps • Identify any items of value provided to facility staff, resident or family by facility staff, Part D Plan rep, or pharmacy rep • Via interviews with staff, resident, family, contractors (I.D. #) • Determine if permissible under applicable law (counsel / compliance officer) • Identify who will perform these steps by title and frequency (if not above)
3. Designate How We Will Use the Audit Results • Share audit results and any noncompliance instances with compliance officer or designee as soon as practicable after audit • And with QA Committee as directed by compliance officer • Compliance officer will share results with Board and decide if additional steps required (corrections, external reporting)
Summary • Our Q and A approach is one format • Many ways to design audit system • Keys are: • Is it manageable? • Does it work (finding problems)? • Is it thorough? • Are we actually using it and the results? • Are we auditing the audit system to ensure it’s working also?