Seven Elements to an Effective Compliance Program (Compliance 101 Ch. 2)

The Compliance Committee

"to advise the compliance officer and assist in the implementation of the compliance program." - will benefit from having diverse perspectives - Participate in the identification of and prioritization of risk - Regulatory reviewing and assessing compliance policies and procedures - Assisting with the development of standards of conducts and policies and procedures - Conducting an annual review of the Compliance Plan document - Determining the appropriate strategy to promote compliance - Developing a system to solicit, and evaluate, and respond to complaints and problems

2. Compliance Officer and Compliance Committee (Seven Elements of an Effective Compliance Program)

- "To carry out such operational responsibilities, such individuals shall be given adequate resources, appropriate authority, and direct access to the governing authority of an appropriate subgroup of the governing authority" - OIG considers there to be some risk involved in having the compliance officer report to general counsel or to the CFO - Compliance Officer should not be council, nor subordinate counsel, for the provider - the compliance officer is the "focal point" of the compliance program and the compliance committee advises the Compliance Officer and assists in the establishment of the compliance program.

Every organization needs to assure that Policies and Procedures in the Code of Conduct exist for:

- Auditing and monitoring- Compliance record retention - Self disclosure-Regular sanction checks (may be in HR) - specific areas of risk (conflict of interest, billing, clinical integrated networks, third-party relationships, etc) - Non-Retaliation (may be in HR) - Stark/Anti-kickback - HIPAA Privacy and Security

4. Monitoring and Auditing (Seven Elements of and Effective Compliance Program)

- Conducting risk assessments before you develop a monitoring and auditing plan is critical as it helps identify key priorities for compliance focus. - Prioritizing risks will help define the focus for the compliance program - key is to strive for and demonstrate a process for continually improving on compliance activities - ongoing evaluation is critical to the success of a compliance program - OIG calls for audits to focus on programs or divisions, including external relations with third-party contractors, especially those with substantive exposure to government enforcement action. - Certain functions that should be reviewed: 1. anti-kickback and self-referral 2. conflicts of interest 3. documentation, billing & coding 4. Third-party contracts 5. compliance program process to assess if it works as it was meant to. Is it meaningful to the organization? Two ways to approach auditing: 1. Concurrent Audit 2. Retrospective Audit Monitoring can be performed by: 1.Interviews with Personnel 2. Questionnaires 3. Peer Review 4. Reviews of documentation 5.Trend analysis over time. 6. Reviewing exit interviews 7. Hotline issues and trends -Other departments may be doing auditing. - Auditing and monitoring should be documented and findings shared with management, governing body, compliance committee with a plan to address the potential problem.

6. Enforcement and Discipline (Seven Elements of an Effective Compliance Program)

- Fair, equitable and consistent. - OIG believes program should include a written policy statement setting for disciplinary actions that may be imposed for failing to comply with standards, policies, procedures, regulations. - That policy should include the following points * noncompliance will be punished. * failure to report noncompliance will be punished. * an outline of disciplinary procedures. * list of the parties responsible for appropriate action. * a promise that discipline will be fair and consistent. - Intentional or reckless noncompliance is to be punishable with signification sanctions. - Progressive Discipline: multi-step process, penalties become increasingly more severe. - Education should never be labeled as a punishment and should be presented in a positive and supportive context. - the number one reason people are noncompliant is because they did not know the appropriate choice to make

Compliance Officer Duties

- Overseeing and monitoring the implementation and ongoing operation of the compliance program - Reporting on a regular basis to a governing body, CEO, and compliance committee - Revising the compliance program periodically as appropriate - Developing, coordinating, and participating in a multifaceted educational and training program - Ensuring that appropriate background checks are done to eliminate sanctioned individuals and contractors - Assisting with auditing and monitoring activities - Independently investigating and acting on matters related to compliance

response and prevention

- The organization must respond appropriately and timely if misconduct occurred. Failure to respond or to engage in lengthy delay can have serious consequences. - Detected but uncorrected misconducts can endanger the reputation, mission, and legal status of the organization. - Ignoring a legitimate report of wrong doing will alienate staff, especially the person who reported the problem and encourage qui tam (whistleblower) action. - OIG recommends an investigation anytime a potential violation has been identified - First step may be to meet with legal counsel and determine the seriousness of the misconduct and develop a plan of action. Will help you determine if attorney-client-privilege's is recommended. - Internal investigation should be handled by skilled investigators and documented according to your policy - Investigative team should be knowledgeable in that particular area and capable of being objective - Compliance officer should be a part of the team, but to emphasize commitment, participations by a member of the senior staff is desirable when possible. - OIG calls for prompt reporting of the misconduct to the appropriate governmental authority within a reasonable period but not more than 60 days after determining there is credible evidence of a violation related to payment for services, and not more than 30 days to avoid stricter fines. If repayment is required it must be made within 60 days of identification -Overpayments must be reported and returned only if it is identified within six years of the date the overpayment was received. -If misconduct did occur the government must be notified

Code of Conduct and Employees

- all employees must receive, read and understand that standards. - a supervisor should explain the standards and answer any questions. - employees should attest in writing that they have received, read and understand the standards. - employee compliance w/ the standards must be enforced through appropriate discipline when necessary. - discipline for noncompliance should be stated in the standards.

Code of Conduct: Content Checklist

- demonstrates system wide emphasis on compliance with all applicable laws and regulations. - written plainly and concisely so all employees can understand the standards - translated into other languages -includes internal and external regulations - mentions org policies w/out completely restating. - consistent i/ org policies and procedures.

1. Standards (Code) of Conduct/Policies and Procedures (Seven Elements of an Effective Compliance Program)

- first and foremost, demonstrates the organizations ethical attitude and its enterprise wide emphasis on compliance with all applicable laws and regulations. - for all employees, vendors, contractors, suppliers - provides a process for proper decision making, for doing the right thing, and behavior - tailored to the organizations culture, business, and corporate identity - Disciplinary procedures and penalties should be stated Plainly and clearly written - Translated into other languages when appropriate - Consistent with company policies and procedures- Policies and Procedures address areas of risk (only thing worse than not having a policy, is having a policy and not following it). - a policy of non-retaliation/non-retribution should be developed and communicated - policies developed so that staff knows what to do if prevented with a subpoena, search warrant, or if questioned by a government investigator. - Stand alone document. Should be included in every general compliance training session.

5. Reporting and Investigating (Seven Elements of an Effective Compliance Program) (developing effective lines of communication and screening)

- open door policy is important to the success of a compliance program where employees feel comfortable a supervisor or compliance professional - must be no retaliation or retribution for coming forward for a reporting method to be effective. - if a employee suspects retaliation this could create fertile ground for whistleblowers. - Two reasons employees don't come forward: retaliation, and nothing will be done. -Confidentiality is key - Common method is having a hotline or helpline. - 80% of hotline calls are human resources or employer relations issues - once a complaint is received or question raised, it must be handled by skilled investigators and subject matter experts - all complaints must be logged and tracked - Should be a written policy of how calls to the hotline will be addressed. Specific steps for an investigation - Most orgs have in-house email systems - small orgs could have suggestion box Compliance communication can be incorporated into existing systems, such as: - a compliance column with frequently asked questions in a in-house newsletter - posters - compliance website - tent cards in the cafeteria - monthly webinars

The Seven Essential Elements of an Effective Compliance Program

1.Standards (Code) of Conduct/Policies and Procedures 2. Compliance Officer and Compliance Committee (establishing compliance oversight) 3. Education (conducting effective training and education) 4. Monitoring and Auditing 5. Reporting and Investigating (developing effective lines of communication and screening) 6. Enforcement and Discipline (enforcing standards through well-publicized disciplinary guidelines) 7. Response and Prevention (responding promptly to detected offenses and undertaking corrective action)

Attorney-Client Privilege

A rule of evidence requiring that communications between a client and his or her attorney be kept confidential, unless the client consents to disclosure.

3. Education (Seven Elements of an Effective Compliance Program)

OIG suggests training in two types: General for all employees and second covering more specific information for appropriate personnel. General Compliance training would include: 1. Elements of your compliance program 2. Code of Conduct 3. The reporting system 4. Individual accountability for reporting suspected non-compliance 5.Non-retaliation policy 6. Who the compliance officer is 7. Explanation of fraud, waste, abuse Specific Training for specialized personnel: 1. Actions outside of scope of practice 2. Government and private payor reimbursement principles 3. Third-party relationships 4. Identification of privacy breach 5. Stark/Anti-kickback laws 6. Submission of a claim for physician services rendered by a non-physician 7. Signatures for a physician rendered without authorization 8.EMTALA 9. Conflicts of Interest 10. Proper documentation of services rendered 11. Directions for conducting investigations

HCCA Code of Ethics for Health Care Compliance Professionals (Appendix J). Three principles addressed are:

Principle I: Obligations to the Public - health care compliance professionals should embrace the spirit and letter of the law governing their employing organization and exemplify the highest ethical standards in their conduct Principle II: Obligations to the Employing Organization - Compliance progressions should serve their employing organization with the highest sense of integrity, exercise unprejudiced and unbiased judgement on their behalf, and promote effective compliance programs. Principle III: Obligation to the Profession - Compliance professionals should strive, through their actions, to uphold integrity and dignity of the profession, to advance the effectiveness of compliance programs and to promote professionalism in health care.

concurrent audit

Review of a client's health care while the client is still receiving care. Audit in "real" time (present). Harder to execute.

retrospective audit

evaluation of a client's record after discharge from an agency. A look back. Easier to audit retrospectively.

Code of Conduct Purpose:

• To present specific guidelines for employees to follow • To confirm that all employees comprehend what is required of them • To provide a process for proper decision making • To confirm that employees put standards into everyday practice • To elevate corporate performance in basic business relationship • To confirm that the organization upholds and supports proper compliance conduct