an introduction to compliance program

An Introduction to Compliance Program

at Tri-City Health Center

Presented by Linh Phan

“ Any health care entity which does not have a compliance program is

‘ institutionally nuts’ ”

Karen Morrisette

Deputy Chief of Criminal Division

U.S. Department of Justice

What is a Compliance Program?Compliance program implies a primary concern with the exercises of rules and regulationsIt is about prevention, detection, collaboration, and enforcementIt is a system of policies and procedures developed to assure compliance with and conformity to all applicable federal and state laws governing the organizationIt is a part of the fabric of the organization, a commitment to an ethical way of conducting business, and a system for doing the right thing

Why Develop a Compliance Program?

Communicate Organization’s Commitment

Astronomical Fines & Penalties

Provides “safe” way to report suspected wrong doing

Raise awareness

Good Business Sense/Competitive Edge

Gain good reputation and public Image

Protect directors & officers from individual criminal & civil liability

Why Compliance programs are essential?

Paybacks to the fiscal intermediaries or carriers may result in audited servicesAvoid the Government’s “Help”- Imposed Compliance ProgramExcluded from probation and Court imposed programsReduce threat of qui tam (whistle-blower) lawsuitsEnsure continuous funding grants

How an Effective Compliance Program should be?

Must be comprehensive

Should integrate with current regulations

Should adopt the Compliance Program Guidance recommended by the Office of Inspector General (OIG)

Must be an ongoing process

A Comprehensive Compliance Program

Include seven elements of Federal Sentencing Guidance:

1. Policies & procedures2. Oversight & leadership3. Education & training4. Auditing & monitoring5. Reporting & investigating6. Enforcement & discipline7. Response & prevention

Identify, respond, and prevent current risk areas- Kickbacks- Physician self-referral (STARK)- Pharmaceutical and marketing- Clinical research- Quality of care- Medicare secondary payer law- Prescription drug plan- Privacy( state action, other)

A Comprehensive Compliance Program

HHS Office of Inspector General

The OIG in conjunction with the Justice department is responsible for enforcing rules and regulations under the Medicare and Medicaid laws outlined as part of the Social Security Act administered by Centers for Medicare and Medicaid services (CMS)The OIG collects on an average more than $100 billion annually from health care fraud.Health care fraud is number two priority in Justice department

Benefits of adopting the Compliance Program Guidance by the OIG

Adopting a compliance program concretely demonstrates to the community at large that a provider has a strong commitment to honesty and responsible corporate citizenship

Compliance program reinforce employee’s innate sense of right and wrong

An effective Compliance program helps a provider fulfill its legal duty to government and private payers


Compliance programs are cost-effective

A compliance program provides a more accurate view of employee and contractor behavior relating to fraud and abuse

The quality of care provided to patients is enhanced by an effective compliance program


A compliance program provides procedures to promptly correct misconductAn effective compliance program may mitigate any sanction imposed by the governmentVoluntarily implementing a compliance program is preferable to waiting for the OIG to impose a Corporate Integrity Agreement (CIA)

Who should be included in the Compliance Program?

Board of DirectorsOversight CommitteeExecutive TeamCompliance Officer Managers & SupervisorsPhysiciansStaff

Board of Directors

Critical to the Program success due to their involvementUnderstand the Program background and approval of programPeriodic updatesEducation

Compliance Oversight Committee

Varying perspectives:

- Operations, finance, audit, HR, utilization review, social work, medicine, coding and legal

- Employees and managers of key operating units

Compliance Oversight Committee

Set goal and objectives

Assist in implementation & operation of the compliance program

Advise the Compliance Officer

Review reports & recommendations from the Compliance Officer

Annual review & evaluation of the program

Establish rotation

Meets monthly or quarterly

Compliance OfficerDirect board access

Authority to make decisions

Communicator

Operational responsibility

- The leader

- Management of daily compliance operations

- Implementation of each compliance element

Report to the Board of Director

Managers & Supervisors

Written StatementGoals & objectives for individuals and work units

Periodic performance reviews

System of rewards & recognitions of contribution

Corrective action or discipline policies & procedures

Physicians

Understand compliance as a necessity

Documentation & Coding responsibility

Staff

Knowledgeable

Courteous

Responsive

Why Involve Everyone?

Building trust to facilitate change

Buy-in is the key to succeed

Keep Commitment

Communicate both good & bad news

Allow frustrations to ventilate

Honor confidentiality

Take responsibility for mistakes

Obstacles to an effective Compliance program

Commitment and buy-inLack of fundingToo many roles for the compliance officerInterpreting laws and regulationsLack of resources and staffLack of education and trainingResistance to changeLack of or poor communicationFear of retaliation/retributionNo internal enforcement

“A compliance program is never finished; it should always be a work in progress.”

“No Compliance officer can master all applicable rules, regulations, codes, etc

Developing the Compliance Program

Focus 1. Policies & procedures2. Oversight & leadership3. Education & training4. Auditing & monitoring5. Reporting & investigating6. Enforcement & discipline7. Response & prevention

Policies & Procedures

To present specific guidelines for employees to followTo confirm all employees comprehend what is required of themTo provide a process for proper decision-makingTo confirm that employees put standards into everyday practiceTo elevate corporate performances in basic business relationshipsTo confirm that the organization upholds and supports proper compliance conduct


Demonstrate system wide emphasis on compliance with all applicable laws and regulationsWritten plainly and concisely so all employees can understand the standardsTranslated into other languages as appropriateIncludes internal and external regulationsMentions organizational policies without restating them Is consistent with company policies and procedures


All employees must receive, read, and understand the standards

Employee should attest

Must be enforced through appropriate discipline when necessary

Discipline for non-compliance should be stated in the standards

Education & Training

A general session for all employees- to heighten awareness among all employees, 1 to 3 hours annually, along with code of conduct and attestation (web based)Second session covering more specific information for appropriate personnelWritten annual education planImportant to be communicated from the topInternal vs. ExternalMandatory vs. VoluntaryOther communication mediaEducation assessment

Auditing & Monitoring

Audits to focus on programs or divisions, including external relations with third-party contractors (must be always documented and reported, presented to CEO or board no less than annually)

Concurrent audits- not recommendedRetrospective audits- will identify and address potential problems individually as they ariseReport to fiscal intermediary or carrierFirst step is to contact your in-house or external counsel, under attorney-client privilegeMonitoring is necessary to determine whether compliance elements have been satisfiedCan be random-medical and financial records

Auditing & Monitoring

On-site visits (Compliance SWAT teams)InterviewsQuestionnairesReviews of Medical and Financial recordsReviews of policies and procedures of different departmentsTrend analysisIncluding Compliance language in job descriptionPosing compliance-related questions in exit interviews

Reporting & Investigating

Open door where the employee feels comfortable approaching his or her SupervisorEmployee must be made sure that there will be no retaliation or retribution for coming forward- No retaliation policyConfidentiality and anonymity also possible to an extentHotline

Reporting & Investigating

Hotline numbers and procedures must be clearly communicated to employees

Once complaint received, it must be investigated

Documentation

Enforcement and Discipline

Fair, equitable, and consistent.Written policyProgressive disciplineDocumentationApplies to contracts and outside vendors

PolicyNoncompliance will be punishedFailure to report noncompliance will be punishedAn outline of disciplinary proceduresThe parties responsible for appropriate actionA promise that discipline will be fair and consistent

Response and PreventionMeet with In-house or outside counselDevelop appropriate plan of actionInternal investigation( attorney-client privilege)DocumentedTeam to meet before and after investigationFinal report within 60 days but within 30 days to avoid stricter finesVoluntary disclosurePolicy and Procedure for staff on what to expect and how to handle contact from government about an investigation

Needed Resources

* Board of Directors

- Endorsement or memo

- Educated- Caremark International Derivative Litigation

* Support from Management

Physician

Staff

* Financial-staffing, ongoing operations

Action Plans

Establishing the Code of ConductEstablishing the Policies & ProceduresEstablishing the HotlineCommittee Review Board education and approvalStaff trainingInternal assessments/Risk assessments-

P &P, auditsContinual evaluation and advancement of program

Tentative Timeline for Development of the Compliance Plan

Action Plan July

2009

August

2009

Sep-Oct

2009

Nov- Dec

2009

1st quarter 2010

Designees

Establishment of the Code of Conduct, Policies & Procedures, Hotline

CO

Review & Approval Committee & Board

Compliance Education & Training

Vendor

Risk Assessment CO

Auditing & Monitoring CO & Department

leads

Reporting & Investigating, disciplinary & remediation mechanisms

CO

Training & Launching the Program

CO

Program evaluation CO, Committee

& Board

Improved Compliance Processes

Compliance

Laws

Rules

Regulations

Quality

Excellent

Brilliant

Superior

Compliance Strategies

Important Laws & Regulations

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Main content of HIPAA- Title II:- Fraud & Abuse controls: Makes it a criminal

offense to submit claims based on incorrect codes or medically unnecessary services

- Medical liability reform: The government has the power to exclude the organization from Medicare, Medicaid, and a long list of other government programs

- Administrative Simplification


HIPAA- Administrative simplification

Privacy and security regulations- Created to improve efficiency & effectiveness of

healthcare system by standardizing the electronic exchange of clinical & administrative data

- Attempts to improve security in the age of ever-changing electronic data interchange

- Aims to safeguard the confidentiality of private information & protect the integrity of health data while ensuring the availability of care

Important Laws & RegulationsHIPAA- Administrative simplification

Privacy regulations Protected Health Information collected from individuals and created/received by a covered entity

Applied in treatment, payment & healthcare operations (TPO)

Uses & Disclosures for TPO

1. Authorization required

Mandatory disclosures:

+ To patient with some exceptions

+ To the Secretary of DHHS to investigate an alleged privacy violation



Privacy regulations

1. Authorization required for TPO (cont.)Permissive disclosures:Public Health Activities

Health Oversight Activities

Law Enforcement

Organ & Tissue Donation

Avert Serious Threat

Workers’ Compensation

Report Abuse & Neglect

Legal Proceedings

Information about Decedents

Research

Specialized Gov. functions



Privacy regulations2. Uses & Disclosures that require an opportunity

to object

* Family directories

* Family, Friends and others- Involved in the patient’s care- Involved in payment for the patient’s care

* Notification


HIPAA- Administrative simplification Privacy regulations

3. Uses & Disclosures requiring an Authorization* Applied in marketing, fundraising* Valid Authorization- Description of information to be used or disclosed that

identifies the information in a specific and meaningful fashion: names, specific ID of persons/ class of persons

- Description of each purpose of the requested use/disclosure: expiration date/event, signature of the individual/personal representative

- Required statements: right to revoke, conditions of participation, potential for information to be re-disclosed

- Must give the individual a copy



Privacy regulations- Patient’ right

Access and copy informationRequest restriction of use for TPORequest confidential communicationAn account of disclosuresReceive a copy of the notice of privacy practicesRequest amendments



Security Rule

Intent of the Security Rule: technology neutral, scalable, protection of confidentiality, integrity and availability of electronic information against any reasonably anticipated threats or hazards, and improper use or disclosure

Components of the Security Rule: safeguards of administrative, physical and technical; documentation; and policies & procedures



Security Management Process

Required specifications on implementing the Security Rule

Covered entities implement policies & procedures to prevent, detect, contain, and correct security violation

Include implementation specification of risk analysis, risk management, & sanction policy



Standards for Electronic Transactions

Apply the content and format of eight electronic transactions to the healthcare industry

The transactions and code set regulations standardize a unique method for billing of services rendered by all healthcare providers

Mandate health plans to accept these standard electronic claims, referral authorization, and other transactions


False Claims Act (FCA)Empowers government to investigate and bring civil action in fraud cases

Provides significant financial incentives for private citizens to come forward (Qui tam or whistle-blower suits)

Whistleblower can be eligible to receive anywhere from 15% to 25% of the governments total award for the case

Intent of the Government to promote an environment of trust where the problems are brought forward and resolved


False Claims Act (FCA)- updatedThe Fraud Enforcement and Recovery Act of 2009, S. 386, (FERA):

- Liability attaches whenever a person knowingly makes a false claim to obtain money or property, any part of which is provided by the government without regard to whether the wrongdoer deals directly with the government;

- Agent acting on the government's behalf; or with a third-party contractor, grantee or other recipient of such money or property.

Important Laws & RegulationsFalse Claims Act (FCA)- updated

The FERA amendments will likely result in an increase in FCA claims filed against health care providersRisk of Investigation and Liability Has Increased: false claims submitted to a Medicare Advantage plan may now be within the scope of the FCARepayment Obligations Have Increased: the FCA may be violated once an overpayment is knowingly and "improperly" retained or concealed Retaliation Exposure Has Increased : both employees and independent contractors now have a right of action against health care companies for alleged retaliation for their efforts to prevent or remedy alleged violations of the FCA


Corporate Integrity AgreementThe government can impose a CIA against the organizationThey are onerousThree to eight yearsUnannounced auditsExtensive reporting requirementsGovernment appointed monitor is put in charge of the organizations compliance program


Anti-kickback StatueA criminal statueProhibits any knowing and willful conduct involving:

- The solicitation, receipt, offer, or payment of any kind of remuneration in return for referring or inducing an individual to provide healthcare services under Medicare or Medicaid

- The recommendation or arrangement of the purchase, lease, or ordering of an item or service that may be wholly or partially reimbursed under a federal health care programHas safe harbor regulations


Anti-kickback Statue (AKS)- Highlights the “Intent Standard”

No excuse for ignorance of the law

Require proof from an individual to prove his/her unlawful conduct is of improper intent

- Statutory ExceptionsDiscounts- if properly disclosed & reflected in costs/charges

Employment

Group purchasing arrangements

Certain waiver of co-insurance

Certain risk sharing arrangement


Anti-kickback Statue (AKS)Personal Services & Management Contracts Safe Harbor

Writing signed by the parties

Agreement covers all services provided

Periodic/sporadic agreements specify exact schedule, length and charge for intervals of service

Term of agreement is at least 1 year

Compensations set in advance, FMV, & does not consider volume or value of referrals or other business between parties

Services do not involve counseling or promotion of activities that violate State or Federal law

Aggregate services do not exceed those reasonable and necessary to achieve business purposes of the services


Stark Laws - Self-referral StatutesA civil actIf a physician or a family member has a financial relationship with an entity that provides designated health services (DHS) that the physician may not make a referral for any DHS that is reimbursable by Medicare, and the entity that provides the services may not bill Medicare for the services provided as a result of the prohibited referral


Stark LawsFinancial Relationship- Can be direct or indirect- Ownership/investment: equity, debt or other means

- Not included retirement plan interest, option received as compensation until exercised

- Indirect: a broken chain of ownership/ investment indirect

- Compensation: any remuneration between a physician/ immediate family member and an entity


Stark Laws

Statutory Exceptions

Personal services

Group Practice Payment

Payments for rental of office space or equipment

Employment-related payments


AKS & Stark: What to knowAKS

Intent based

Criminal/Civil

Any Federal Healthcare Program

Requires Proof of Improper Intent

Applies to Any Referral Source

Safe Harbors

OIG Advisory Opinions

STARK

Fact based

Civil only

Medicare only

Strict liability

Must be a Physician & an Entity in the mix

Exceptions

CMS Advisory Opinions

* Both AKS & STARK are difficult to defend

* The absence of one does not preclude the other


Federal Sentencing GuidelinesIn 1984 Congress enacted the Sentencing Reform Act of 1984- designed to correct inequalities in federal sentences

An organization found guilty of fraud is also subject to fines

FSG include guidance for assessing fines

4 aggravating & 4 mitigating factors


Federal Sentencing GuidelinesAggravating factors

- Upper-level employee

- Repeat offense

- Hindrance during investigation

- Awareness and tolerance of the violation was pervasive.


Federal Sentencing GuidelinesMitigating factors

- Effective compliance program

- Self-reported violation promptly

- Cooperated in investigation

- Accepted responsibility

Measuring Effectiveness

Awareness

External Review

Outcomes

Repayments

Measuring Effectiveness

Staff knowledgeAll seven elements included in the programComparing issues year to yearTracking corrective actionsReviewing concurrent auditsEducational session pre-and post-testsTracking “bill denials”Organizational survey resultsAudit resultsCompliance topics on department/organization agendas

Program Evaluation

StructureThe capacity to promote

compliance with applicable regulatory

requirement

ProcessHow the compliance program operates in practice to address identified risk areas

OutcomeActual performance of

the organization on identified compliance

standards

Effectiveness

an introduction to compliance program

Documents