1 how to design and implement a corporate compliance program auditing and monitoring operations and...
TRANSCRIPT
1
How to Design and Implement A Corporate Compliance
ProgramAuditing and Monitoring Auditing and Monitoring Operations and Business Operations and Business
ProcessesProcesses
2
Our House Analogy
The physical structure (walls, ceiling)The physical structure (walls, ceiling) Like the mechanical aspects of a Like the mechanical aspects of a
compliance programcompliance program The “furniture/appliances”The “furniture/appliances”
The substantive laws/policiesThe substantive laws/policies What we must “comply” with What we must “comply” with
versus the “how we get there”versus the “how we get there”
3
Prior Sessions: “Process” Aspects (The House)
Some of the process pieces we’ve Some of the process pieces we’ve explored:explored: Compliance officer/committeeCompliance officer/committee Employee education/trainingEmployee education/training Checking exclusion status of Checking exclusion status of
employees & contractorsemployees & contractors Creating/retaining compliance Creating/retaining compliance
recordsrecords
4
Today: More Process
Auditing and Monitoring SystemsAuditing and Monitoring Systems OIG: Integral to an “effective” OIG: Integral to an “effective”
compliance programcompliance program Monitoring operations (business Monitoring operations (business
processes, quality, resident safety)processes, quality, resident safety) And your compliance program’s And your compliance program’s
effectivenesseffectiveness
5
Auditing & Monitoring Is Just:
Reliable, periodic systems to audit or Reliable, periodic systems to audit or check on identified “risk areas” in check on identified “risk areas” in corporate/facility operationscorporate/facility operations Not overly complexNot overly complex But comprehensive & reliableBut comprehensive & reliable That specifies how it works and who’s That specifies how it works and who’s
responsible for auditingresponsible for auditing With reviews of systems for reliabilityWith reviews of systems for reliability
6
RISK
… “… “exposure to the chance of injury or exposure to the chance of injury or loss”loss”
1.1. Business RiskBusiness Risk
2.2. Healthcare Company RiskHealthcare Company Risk
3.3. Quality RiskQuality Risk
7
RISKLawsuit Whistleblower Investigation Denials Audit
False claims Abuse Conflict of Interest
Theft Survey Five Star Background Check PROBE
Medical Necessity Kickback Referral Disclosure
Falsification Supplementation Class action Labor
Exclusion Controls Staffing Consolidated Billing
Resident Trust Triple Check Reimbursement Coding
HIPAA RUGS HR RAC MDS MAC PAC POC EEOC SOD SEC CMP OIG CMS DOJ AR PPD EIEIO
8
LONG TERM CARE RISKS
HEALTHCARECOMPANY
QUALITY
BUSINESS
LTC
9
Business Risks
Financial Viability
Sarbanes-Oxley
(Public Company)
Enforcement
10
Healthcare Company Risks
Regulatory
OIG/DOJ
Whistleblower
11
Quality Risks
Reimbursement
Fraud/Abuse
Litigation
12
One Risk Management Approach
(aka “the Silo approach”)
QualityRisks
BusinessRisks
Healthcare Company Risks
13
Components of
Risk Management “Silos”
QualityRisksCMS-Quality Improvement
- survey- quality measures- staffing
BusinessRisksExternal -Internal AuditDashboard
Healthcare Company RisksOIG – ComplianceProgram
14
Another Risk Management Approach
(aka “an Integrated Approach” Quality Risk
Healthcare CompanyRisk
OIG – Compliance
Program
Business RiskExternal -Internal
AuditDashboard
CMS-Quality Improvement
- survey- quality measures- staffing
15
“DASHBOARD”for
Integrating Risk Data
Data MetricsData Metrics QualityQuality BusinessBusiness Healthcare Company ComplianceHealthcare Company Compliance
16
Dashboard Formats
17
Dashboard Development Get constituent buy-in and allocate funds;Get constituent buy-in and allocate funds; Select project team;Select project team;
In-house In-house Consultant /vendorConsultant /vendor Combination Combination
Determine data to be “rolled-up”;Determine data to be “rolled-up”; Don’t create new dataDon’t create new data
Select dashboard format based on ease of data Select dashboard format based on ease of data import (manually or through IT);import (manually or through IT);
Wide-distribution to constituentsWide-distribution to constituents Act on indicatorsAct on indicators
18
Making Auditing and Monitoring Practical
A Step-By-Step Approach to Taking A Step-By-Step Approach to Taking the Pulse of Your Operations and the Pulse of Your Operations and
Compliance ProgramCompliance Program
19
1. Specifically target and identify what you are auditing
Possible audit “targets” come from:Possible audit “targets” come from: OIG “risk areas” (later webinars)OIG “risk areas” (later webinars) Your own operations experienceYour own operations experience
Internal/external finance or Internal/external finance or business auditsbusiness audits
Survey results, QI scores, QA Survey results, QI scores, QA meetings, complaints, hotline meetings, complaints, hotline calls, satisfaction surveyscalls, satisfaction surveys
20
Poor “Targeting” = Poor Results
With multiple targets, failure to With multiple targets, failure to clearly define, and give team clear clearly define, and give team clear direction = disorganization, missed direction = disorganization, missed issues & ineffective auditingissues & ineffective auditing
Am I targeting med error rates, Am I targeting med error rates, contract compliance with illegal contract compliance with illegal kickbacks, improper MDS coding and kickbacks, improper MDS coding and resulting improper payment claims?resulting improper payment claims?
21
2. Design the Specific Auditing Steps You’ll Employ
What source information/processes What source information/processes am I examining?am I examining? Unlocked med carts in hall, sample Unlocked med carts in hall, sample
of payment claims, facility of payment claims, facility contracts, hotline responses?contracts, hotline responses?
Where is the information I’m testing Where is the information I’m testing located in terms of operations?located in terms of operations?
22
2. Design the Specific Auditing Steps You’ll Employ
How will we audit those sources?How will we audit those sources? Pulling/reviewing resident charts?Pulling/reviewing resident charts? Interviewing nursing staff, families, Interviewing nursing staff, families,
residents?residents? Observing staff with residents?Observing staff with residents? Observing compliance officer Observing compliance officer
interactions with Board members?interactions with Board members?
23
2. Design the Specific Auditing Steps You’ll Employ
How will we gather and report our How will we gather and report our findings?findings? Preparing written reports, charts, Preparing written reports, charts,
or making oral reports?or making oral reports? To whom?To whom?
Maybe internal reporting and/or Maybe internal reporting and/or external to consultants/counselexternal to consultants/counsel
24
2. Design the Specific Auditing Steps You’ll Employ
How frequently are we accessing our How frequently are we accessing our information sources?information sources? Annual audit of financial records?Annual audit of financial records? Quarterly review (med. regimen) ?Quarterly review (med. regimen) ? Time-limited review of med error rates Time-limited review of med error rates
(spike in rates)?(spike in rates)? Followed by periodic check on the Followed by periodic check on the
“fixes”“fixes” The findings dictate frequencyThe findings dictate frequency
25
2. Design the Specific Auditing Steps You’ll Employ
Who’s responsible for the audit to Who’s responsible for the audit to make sure it’s targeted, examines the make sure it’s targeted, examines the sources we’ve identified, on the sources we’ve identified, on the schedule we’ve established?schedule we’ve established? For internal/external audits, put For internal/external audits, put
one person in chargeone person in charge Even with audit “teams”Even with audit “teams” Including for reporting functionIncluding for reporting function
26
3. Decide How We’ll Use the Audit Results Obtained
Depends on the issue and companyDepends on the issue and company External CPA audit goes to CFOExternal CPA audit goes to CFO Care plan audit to DON, administrator, Care plan audit to DON, administrator,
consultant, Quality Assurance consultant, Quality Assurance CommitteeCommittee
Purpose: spot an issue, analyze it, repair Purpose: spot an issue, analyze it, repair it, communicate repair, consider legal it, communicate repair, consider legal reporting requirementsreporting requirements
27
If You Want to Write a Specific Audit Flowchart
These questions will direct how to do These questions will direct how to do thatthat Really, for any issue you can think Really, for any issue you can think
of: quality, finance, business opsof: quality, finance, business ops And, if you’re looking for an “audit & And, if you’re looking for an “audit &
monitoring” policy for your monitoring” policy for your compliance program, these compliance program, these questions will take you therequestions will take you there
28
An Example
Compliance with Facility Obligations Compliance with Facility Obligations Under Medicare Part DUnder Medicare Part D
[From OIG 2008 Supplemental [From OIG 2008 Supplemental Guidance for Nursing Facilities]Guidance for Nursing Facilities]
29
1. Target / Identify What We’re Monitoring
Audit/monitor following aspects of Audit/monitor following aspects of Medicare Part D compliance:Medicare Part D compliance:
Explaining Part D Plans to Explaining Part D Plans to residents accurately/completely?residents accurately/completely?
Are our pharmacy contracts Are our pharmacy contracts sufficient to ensure resident sufficient to ensure resident choice in Part D Plans?choice in Part D Plans?
30
1. Target / Identify What We’re Monitoring
Have mechanism to contract with Have mechanism to contract with additional pharmacies or with one additional pharmacies or with one (exclusive) with broader Plans?(exclusive) with broader Plans?
Avoid coaching, steering, requiring a Avoid coaching, steering, requiring a resident to select a specific Part D Plan or resident to select a specific Part D Plan or specific pharmacy?specific pharmacy?
Do employees/contractors accept items of Do employees/contractors accept items of value from Part D Plan or pharmacy to value from Part D Plan or pharmacy to refer patients?refer patients?
31
2. Designate Specific Audit Steps
Review any policy/procedure and Review any policy/procedure and “scripts” used to explain Part D “scripts” used to explain Part D Plans to residents Plans to residents
Observe 15 instances of staff Observe 15 instances of staff explaining Plans to residents.explaining Plans to residents.
Supplement with 15 interviews of Supplement with 15 interviews of staff, residents and families re how staff, residents and families re how we explained Planswe explained Plans
32
2. Designate Specific Audit Steps
Identify failures to describe Plan fully or Identify failures to describe Plan fully or accurately or respond to resident requests for accurately or respond to resident requests for Plans we don’t offerPlans we don’t offer
Observe 15 instances of pharmacy rep or Observe 15 instances of pharmacy rep or contractor discussing Plans with residentscontractor discussing Plans with residents
Any instances of coaching, steering, requiring a Any instances of coaching, steering, requiring a specific Plan or pharmacy?specific Plan or pharmacy?
Supplement with resident/family/staff interviews Supplement with resident/family/staff interviews re those interactions.re those interactions.
Counsel employees / consider discipline for Counsel employees / consider discipline for violations & any corrective action required?violations & any corrective action required?
33
2. Designate Specific Audit Steps
Observe 15 interactions between resident Observe 15 interactions between resident and contract pharmcy(ies) to ensure no and contract pharmcy(ies) to ensure no steering, coaching, etc.steering, coaching, etc.
Report violations to compliance Report violations to compliance officer/committeeofficer/committee Corrective action required?Corrective action required?
Examine how pharmacy contracts are Examine how pharmacy contracts are negotiated / executed to ensure no items negotiated / executed to ensure no items of value to induce contracts or referralsof value to induce contracts or referrals
34
2. Designate Specific Audit Steps
Identify any items of value provided to Identify any items of value provided to facility staff, resident or family by facility facility staff, resident or family by facility staff, Part D Plan rep, or pharmacy repstaff, Part D Plan rep, or pharmacy rep Via interviews with staff, resident, Via interviews with staff, resident,
family, contractors (I.D. #)family, contractors (I.D. #) Determine if permissible under Determine if permissible under
applicable law (counsel / compliance applicable law (counsel / compliance officer)officer)
Identify who will perform these steps by Identify who will perform these steps by title and frequency (if not above)title and frequency (if not above)
35
3. Designate How We Will Use the Audit Results
Share audit results and any Share audit results and any noncompliance instances with compliance noncompliance instances with compliance officer or designee as soon as practicable officer or designee as soon as practicable after auditafter audit
And with QA Committee as directed by And with QA Committee as directed by compliance officercompliance officer
Compliance officer will share results with Compliance officer will share results with Board and decide if additional steps Board and decide if additional steps required (corrections, external reporting)required (corrections, external reporting)
36
Summary
Our Q and A approach is one formatOur Q and A approach is one format Many ways to design audit systemMany ways to design audit system Keys are:Keys are:
Is it manageable?Is it manageable? Does it work (finding problems)?Does it work (finding problems)? Is it thorough?Is it thorough? Are we actually using it and the results?Are we actually using it and the results? Are we auditing the audit system to Are we auditing the audit system to
ensure it’s working also?ensure it’s working also?