Compliance 101 Chapter 3

What is the significance of Board Support?

• right culture begins with the board

• board has responsibility for overseeing fiduciary assets and mission of organizaiton

• can’t have compliance program (CP), much less an effective one without board support.

Board commitment and responsibilities are addressed in

• Federal Sentencing Guidelines (FSG)

• Office of Inspector General (OIG) Practical Guidance for Health Care Governing Boards

• Caremark International Derivative

• Sarbanes Oxley Act

What is the first step in implementation of a compliance plan?

• communication from management and board of their commitment

• resolution/memo from board stating support

• support needs be in written format to communicate unqualified support and commitment to compliance process. Needs to be distributed to everyone

• whatever process is used, staff should be given the opportunity to ask questions and offer feedback

Management Support

• management buy-in is critical

• Compliance Officer (CO) should include managers in investigations, development of Corrective Action Plans (CAPs), and be available when needed

• culture tone is set by managers

• managers must rigorously observe non retaliation policy

• day to day operation must stay on top of compliance issues

• CO should ask manager what new regulations are developing in manager’s fields

Physician Support

• find a physician champion who understands and supports compliance program (CP)

• achieve buy-in early

• invite physicians to be part of compliance committee (CC) and see their input throughout the startup and beyond

ways to communicate compliance with physicians

• discuss business and clinical aspects of issue

• emphasize clinical and fiscal improvements

• build trust through involvement

• involve physicians early in the process

• give physicians lots of data

• work 1 on 1 with them

• cultivate early adopters and enthusiasts

• be a partner, not a dictator

• communicate

Staff Support

• staff need to be convinced it’s everyone’s responsibility to look for problem areas, not only for compliance department

• staff buy-in will directly correlate with the ability to foster an environment of trust

• accepting the non-retaliation policy is nothing short of gospel is the best way to ensure active staff participation

• rewarding and thanking those who come forward to do the right thing will provide immediate positive feed back to staff and real long term rewards for compliance program (CP)

Education

• first step to heightening awareness on a day-to-day basis

Financial Support

• management and Board of Directors (BoD) must be willing to make financial commitment to compliance

• Level of commitment is not directly correlated with the resources allocated, but a reasonable budget must be developed in consultation with the compliance program (CP)

• an organization unwilling to commit necessary resources isn’t demonstrating support for the CP and the message will filter down through the organization

Compliance budget

• determined by size, scope, and responsibilities, as well as type of organization

• a compliance program that has neither the moral nor budgetary support of senior management may be deemed as tacit approval for inappropriate activities

Ongoing Operations Examples

• hotline/helpline

• educational materials

• compliance resources such as newsletters and journals

• legal counsel

6 tips for saving on future compliance costs

1. embed quality into existing processes

2. centralize common processes and controls

3. improve human resources infrastructures

4. improve information system processes

5. emphasize training

6. monitor marketing and compensation

Code of Conduct (CoC) qualities

• should be ready at launch of compliance program (CP)

• should reflect spirit, tone, and culture of organization

• needs to “ring true” to staff to secure their participation and cooperation in the CP

• should begin with strong endorsement from highest level of management

• provides guidance for appropriate conduct, offers the way to get answers in the organization

• should include organization’s mission and values if any

Code of Conduct (CoC) requirements

• detailed outline of procedures for handling questions

• a description of chain of command

• alternate methods of reporting

• anonymous reporting

• procedures on how complaints should be handled (should be realistic and sustainable)

• should include description of compliance program (CP) as well as names and contact inform for all compliance personnel

• should emphasize zero tolerance for fraud or abuse; a commitment to submitting accurate and timely billing and compliance with all laws and regulations

• should address organization’s risk areas. some examples include

  • stark law

  • conflicts of interests (COIs)

  • gifts

  • gratuities

• should outline discipline procedures, including progressive discipline procedures, if appropriate.

• outline consequences of malicious or incorrect wrongdoing

• clearly state that everyone has a personal obligation to report any possible wrongdoing

• state that not reporting makes an employee subject to discipline as well

• should include sample questions/scenarios for reference

Code of Conduct (CoC) attestation

• most require an employee signature

• emphasizes the importance of the document and can provide certain legal advantages should there be a government inquiry

• should be completed annually

• signed attestation should be kept in employee file.

After the compliance infrastructure is in place, what is the first step to launching an effective compliance program (CP)?

risk assessment

What are the steps in risk assessment?

1. identify

2. analyze

3. prioritize

4. mitigate

What is the significance of a risk assessment

• it becomes the basis for focus of the education and auditing and monitoring plans for compliance activities

• can serve as a benchmark to which future risks can be compared

Risk Assessment Process: Identify

• review any previous problem areas

• review identified issues by Office of Inspector General (OIG)

• include individualized risk areas

• review previous audits, investigative reports, or evaluations

• look at existing policies and procedures (P&P)

• risk areas that may be identified

  • cultural issues

  • no controls in business processes

  • new regulations, systems, products, leadership

  • no policies, guidance, standards in specific area

  • policy revision or education

  • ineffective communication

  • billing, documentation, and/or coding issue

  • third party relationship

  • stark

Risk Assessment Process: Analyze

see what management controls are already in place related to those risks

Risk Assessment Process: Prioritize

• rank each risk with high, medium, or low

• rank as to its likelihood of occurring and impact to the organization

Risk Assessment Process: Mitigate

• management develops mitigation plans for identified risks

• the compliance officer (CO)’s role is to facilitate completing the mitigation plans with management

• once the assessment is finalized, the CO’s role is monitoring the mitigation plan to ensure risk are mitigated

What is a tried and true quality management technique?

PDCA

• Plan: meet with the committee to discuss and document current position and possible next steps

• Do: take baby steps, make attempt at next steps knowing there may be false steps along the way

• Check: review lessons learned

• Act: with the committee, decide how to incorporate what you’ve learned with what you still need to do

Ongoing Evaluation for Compliance Program (CP)

• doing a regular review of the compliance program (CP) can be better handled with the Plan, Do, Check, Act (PDCA) method.

• the first 2 years of the CP are usually focused on establishing and refining the infrastructure

• keep realistic expectations

• CPs are always evolving