OIG report outlines key components of an effective compliance program
OIG report outlines key components of an effective compliance program
Round table discussion results in a how-to guide
A sound compliance program is a little like art: It’s hard to define, but you usually know it when you see it. Even then, one provi der’s definition of a proper compliance effort may mean something totally different to a fraud investigator.
This difference in perception has been the basis for much of the conflict and hard feelings between the provider community and the federal fraud police as the two sides have debated how to distinguish between simple billing errors and overt fraud and abuse in government health programs.
In an effort to help establish constructive dialogue and consensus of opinion on what constitutes an adequate compliance program, earlier this year the Office of Inspector General (OIG) and the nonprofit Health Care Compliance Association co-sponsored a government-industry round table. Over 125 compliance officers, health care compliance consultants, and government representatives attended the daylong event.
One result of the meeting is a recently released report by the OIG, titled "Building a Partnership for Effective Compliance: A Report on the Government-Industry Roundtable," summarizing the key conclusions.
While the report acknowledges that the participants "did not attempt to reach consensus on the many issues that surround compliance with health care program requirements," it does provide additional insight into what’s needed to organize an effective compliance program.
Here are the key areas of concern reported by the participants:
• Cost of compliance.
The cost of implementing a compliance program was a major concern of most round table members. As one attendee stated, "the more compliance you do, the more you have to do." Representatives of smaller and rural health care providers were particularly concerned about the cost of employee screening, training, and hotline services associated with a comprehensive compliance program.
• Identifying and responding to risk areas.
Most participants said they focus their compliance efforts on areas highlighted by government compliance guidances, special fraud alerts, the OIG’s published work plans, and fraud settlements. One downside to concentrating on federal health programs is a tendency to overlook dealings with private payers, participants noted.
The round table report stated that the best way to kick off an oversight program is to perform an internal risk assessment to identify possible compliance weaknesses, starting with any areas where there had been a previous history of poor compliance.
• Coordinating a compliance program among different departments or subsidiaries.
Participants generally agreed that a single, coordinated compliance program should be implemented among all units of larger providers. Strong communication on compliance issues among the different divisions was viewed as critical. For mega-practices or groups that are part of an integrated delivery system, one way to do this is to have a compliance person from each business unit be part of an organizationwide compliance committee.
Whom to include on compliance committee?
Generally speaking, individuals who serve on compliance committees are heads of the following departments within an organization: human resources, internal audit, patient accounts, legal, billing, medical practice billing, and information technology. Some chief financial officers and chief executive officers also participate in such committees. Smaller providers, which may not have a designated compliance committee, may want to consider a task force to address compliance concerns as they arise.
• Addressing human resources issues associated with compliance.
Participants noted overlaps in the responsibilities of a human resources department and the compliance function. Close collaboration between these two functions in the areas of training, hiring, and disciplining, as well as the establishment of hotlines with complaint follow-ups, is considered necessary by the attendees. Cross-training between the two components would lead to a better understanding of each other’s responsibilities and duties. This is especially true in cases where both functions must share responsibilities, such as the hotline and training.
• Addressing potential conflicts for the compliance officer.
The participants discussed the possible conflict that may exist when a compliance officer holds other key management responsibilities, especially at small or rural health care providers where such arrangements often are a practical necessity.
Suggestions to avoid possible conflicts included establishing appropriate checks and balances within the organization’s compliance structure by creating a strong and active compliance steering committee and assigning the compliance job to well-respected managers who are sensitive to potential conflicts that might arise.
• Enhancing the effectiveness of the compliance officer.
Participants noted that compliance officers need to give prompt and clear responses to employee questions to maintain credibility. A compliance office’s open-door policy, particularly in smaller entities, can help foster good communication.
However, compliance officers shouldn’t just be reactive. "There is a need to reach out to employees using such methods as field visits to work locations and polling employees about compliance and work issues. If employees know the compliance officer, they may be more likely to talk freely with that person," notes the report. Other ideas suggested to improve communications included a strong policy against retaliation, internal newsletters, exit interviews, e-mail, and Internet Web sites.
• Developing an adequate training program.
The participants agreed that compliance and human resources training should cover such topics as code of conduct, ethics, compliance requirements, and corporate policies and procedures. Some participants indicated that they do "cascade" training that evolves from the general to the specific, starting with comprehensive training in the areas of billing and coding. Overall, some form of compliance education should take place at least once a year, the report recommends.
• Assessing effectiveness.
The round table report says assessment of a compliance plan’s effectiveness should be viewed as an ongoing effort. Communication with employees, department managers, and the board of directors is considered a key element in determining the effectiveness of a provider’s compliance program.
Round table participants recommended three types of audits as useful measures of a program effectiveness:
— baseline audits (initial audits);
— proactive audits (these can be based on the risk areas identified in the OIG’s compliance program guidances or special fraud alerts);
— issue-based audits (when the provider knows there is a problem and is trying to ascertain the depth of the problem).
Here are some specific refinements to the audit process that practices might consider:
— Have audit teams composed of nurses review claims both before and after claim submission.
— Regularly gather those responsible for billing to discuss any changes specified in recent Medicare bulletins, then make one person responsible for ensuring the changes are implemented in-house.
Most participating providers said they rely on the OIG’s work plan and past investigations by the OIG and the Department of Justice to establish their own internal audit plans.
In addition, many of the compliance officers noted the "chilling effect" that audits tend to have on individual physicians. As a result, the compliance officers noted that they had observed a recent trend toward downcoding to avoid the possibility of an investigation. In turn, many group compliance officers are focusing their auditing and training efforts on promoting proper documentation.
• Determining the sample size necessary to validate audit results.
The OIG’s "Provider Self-Disclosure Protocol" recommends that an initial probe sample should consist of at least 30 units of documentation, even though the Medicare Carrier’s Manual requires a sample of only 10 units. The participants agreed that defining the sampling size depended largely upon the nature of the inquiry.
Another issue raised regarding the design of the audit plan was the use of retrospective reviews as opposed to prospective reviews. In general, the participants favored prospective reviews because they tend to be less costly and less time-consuming.
• Demonstrating the effectiveness of compliance program.
Participants agreed that documentation is the key to demonstrating the effectiveness of a provider’s compliance program. Proper documentation of the following items was highly recommended: audit results; logs of hotline calls and their resolution; corrective action plans; due diligence efforts regarding business transactions; disciplinary action; and modification and distribution of policies and procedures.
Because the OIG is encouraging self-disclosure of overpayments and billing irregularities, the report highly recommends maintaining a record of disclosures and refunds to the health care programs. Records of employee education, including the number of training hours, the courses offered, and the identities of the attendees, demonstrate to both the employees and outsiders that the provider is committed to its compliance program. Annual reports and Web sites provide other venues to showcase a compliance program.
• Documenting contractor guidance.
Many attendees expressed frustration with attempts to reconcile the views of the Health Care Financing Administration’s intermediaries and carriers and how to respond to conflicting advice received from them. Providers strongly recommended HCFA develop a better system to permit them to ask questions and obtain guidance on all billing/coding issues.
Until that happens, the general feeling of the participants was that a provider receiving advice should: document all communications with HCFA and its contractors in writing; attempt to seek clarification with the HCFA regional office; if necessary, contact HCFA headquarters for any unresolved issues.
• Assessing effectiveness.
Government participants in the round table cited a number of factors they generally take into consideration when evaluating the effectiveness of a provider’s compliance efforts. These include:
— management’s commitment to, and good-faith efforts to implement, a compliance program as measured by such factors as the amount of funding, training, availability of guidance on policies and procedures, and the background of the individual designated as the compliance officer;
— evidence of open lines of communication and their appropriate use to address employee concerns and questions;
— documented practice of refunding overpayments and self-disclosing incidents of noncompliance with program requirements.
OIG officials emphasized they do not expect a compliance program to prevent all problems from arising. Instead, they are more interested in how the practice reacts when a compliance question presents itself. They also are interested in the program’s impact on daily operations and how well employees retain and apply what they learn from their various training activities.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.