LAMI January 2015 Compliance Webinar · 1/16/2015 4 Compliance Program Overall Organizational...
Transcript of LAMI January 2015 Compliance Webinar · 1/16/2015 4 Compliance Program Overall Organizational...
1/16/2015
1
The 8 Elements of a Corporate ComplianceThe 8 Elements of a Corporate Compliance Program
January 21, 2015 Leading Age Michigan
Your Speaker
Betsy Anderson, PresidentBetsy Anderson, PresidentFrost Healthcare111 Pfingsten Road, Suite 300Deerfield, IL 60015Main: (847) 236-1111 or (888) 377-8120Direct: (847) 282-6307banderson@frrcpas [email protected]
©2015 FR&R Healthcare Consulting, Inc.2
1/16/2015
2
Your Speakers
Janet Potter, CPA, MASManager, Healthcare ResearchFrost Healthcare111 S. Pfingsten Road, Suite 300Deerfield, IL 60015Main: (847) 236-1111Direct: (847) 282-6457( )[email protected]
3©2015 FR&R Healthcare Consulting, Inc.
Acronyms
• ACA – Affordable Care ActACA Affordable Care Act
• ACO – Accountable Care Organization
• HHS – Department of Health and Human Services
• MAC – Medicare Administrative Contractors
• MDS – Minimum Data Set
• MedPAC – Medicare Payment Advisory Commissiony y
• OIG – Office of Inspector General
• PEPPER – Program for Evaluating Payment Patterns Electronic Report
©2015 FR&R Healthcare Consulting, Inc.4
1/16/2015
3
Corporate Compliance ProgramsThe OIG’s Views
• OIG issued guidance for nursing facilities on March 16 200016, 2000– Voluntary compliance program
– Contains seven elements of an effective compliance plan
• Supplemental guidance issued in 2008– Excellent training, educational, and in-service materials
5©2015 FR&R Healthcare Consulting, Inc.
Corporate Compliance ProgramsThe OIG’s Views
• Affordable Care Act of 2010 (ACA)– Mandatory compliance and ethics program for nursing
facilities
– Modified the seven elements of an effective compliance plan
• Effective as of March 23, 2013
• OIG recently instructed HHS to issue rules to implement the compliance program requirement – this
id i l dguidance is long overdue
• No guidance yet on the “ethics” portion of the requirement
6©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
4
Compliance Program Overall Organizational Benefits
• Quality improvement – quality of care as a potential liability risk was added in 2008 Supplementalliability risk was added in 2008 Supplemental Guidance
• Office of Inspector General (OIG) recognition of compliance effort
• Public and vendor awareness of commitment to corporate compliance and conduct
• Improved communications and feedbackImproved communications and feedback• Internal control and risk management
7©2015 FR&R Healthcare Consulting, Inc.
OIG Model Compliance Guidance
• Specific risk areas identified– Quality of care
– Resident’s rights
– Billing and cost reporting
– Employee screening
– Kickbacks, inducements, and self-referrals
8©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
5
Quality of Care Risk Areas
• Absence of a comprehensive, accurate assessment of each resident’s functional capacity and aof each resident s functional capacity and a comprehensive care plan
• Inappropriate or insufficient treatment and services to address resident’s clinical conditions, including:− Pressure ulcers
− Dehydration
− MalnutritionMalnutrition
− Incontinence of bladder
− Mental or psychosocial issues
9©2015 FR&R Healthcare Consulting, Inc.
Quality of Care Risk Areas
• Failure to accommodate residents’ needs and preferencesp
• Failure to properly prescribe, administer, and monitor prescription drug usage
• Inadequate staffing levels or insufficiently trained or supervised staff to provide medical, nursing, and related services
• Failure to provide appropriate therapy services• Failure to provide appropriate services to assist
residents with activities of daily living
10©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
6
Quality of Care Risk Areas
• Failure to provide ongoing activities programs to p g g p gmeet resident needs
• Failure to report incidents of resident abuse or neglect to the administrator and other officials as required by State and federal laws
11©2015 FR&R Healthcare Consulting, Inc.
Resident’s Rights Risk Areas
• Discriminatory admission procedures or denial of access to servicesaccess to services
• Mental, verbal, or physical abuse
• Inappropriate use of physical or chemical restraints
• Failure to ensure personal privacy and access to medical records upon request
• Failure to ensure that medical records are properly protected
12©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
7
Resident’s Rights Risk Areas
• Denial of right to participate in care related and g p ptreatment decisions
• Failure to safeguard resident’s financial affairs
13©2015 FR&R Healthcare Consulting, Inc.
Billing and Cost Reporting Risk Areas
• Billing for items or services not provided as claimed
• Submitting claims for items and services that are not medically necessary
• Submitting claims to Medicare Part A for residents who are not eligible for coverage
• Duplicate billing
• Failure to identify, properly report, and refund creditFailure to identify, properly report, and refund credit balances
14©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
8
Billing and Cost Reporting Risk Areas
• Submitting claims for items or services that were not d d b th h i iordered by the physician
• Knowingly billing for substandard or inadequate care
• Providing misleading information on the Minimum Data Set (MDS) or providing inappropriate information to assign a RUG level for a resident
• Up-coding the level of services billed
• Billing for items or services that should be billed as part of a unit or daily rate (unbundling)
15©2015 FR&R Healthcare Consulting, Inc.
Billing and Cost Reporting Risk Areas
• Billing residents for items or services that should be included in the per diem rate or billed to anotherincluded in the per diem rate or billed to another payer
• Altering documentation or falsifying physician signatures on information used to verify services or items were ordered and provided
• Failure to maintain adequate documentation to support treatment diagnosis results and continuitysupport treatment, diagnosis, results, and continuity of care
• False cost reports
16©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
9
Employee Screening Risk Areas
• Failure to verify licensing and certification of individuals (employees temporary staff contractors)individuals (employees, temporary staff, contractors) through licensing authorities
• Failure to provide criminal background checks• Failure to ensure that a potential employee is not
excluded from the Medicare or Medicaid program• Failure to periodically check OIG and General
Services Administration websites for newly excludedServices Administration websites for newly excluded individuals or providers
17©2015 FR&R Healthcare Consulting, Inc.
Kickbacks, Inducements, and Self-Referrals Risk Areas
• Routinely waiving coinsurance or deductible amounts y gwithout a good faith collection effort
• Agreements between skilled nursing facilities (SNFs) and transferring entities that involve inappropriate practices
• Soliciting, accepting, or offering any gift or gratuity of more than a nominal value to referral sources or other entities with which the organization has a businessentities with which the organization has a business relationship
18©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
10
Kickbacks, Inducements, and Self-Referrals Risk Areas
• Arrangements with a hospital to accept admissions based on payment above PPS ratesbased on payment above PPS rates
• Financial arrangements with physicians, including the Medical Director
• Joint ventures
• Inappropriate vendor access to medical records
• Arrangements with vendors to receive non-covered items at below fair market value prices provided the organization orders Medicare or Medicaid billable items or services
19©2015 FR&R Healthcare Consulting, Inc.
Identifying Your Facility’s Risk Areas
• Review processes and current procedures for existing risk areas– Triple check process
– Internal audits
• Watch for new risk areas
• Identifying risk areas is a team effort, no individual should be solely responsible for assessing new potential risk y p g pareas
• New risk areas can arise at any time; it is important to stay vigilant to determine what new areas in particular apply to your facility/organization
©2015 FR&R Healthcare Consulting, Inc.20
1/16/2015
11
New Risk Areas
• Internal areas to watch include:Internal areas to watch include:– Recent survey results
– Appeals in process
– Denied claims from all payor types
– Cost report audits
– Financial statement audits
– Internal control issues
– Staff shortages
– Staff turnover
©2015 FR&R Healthcare Consulting, Inc.21
New Risk Areas
• External resources to watch include:External resources to watch include:– OIG publications including the OIG Work Plan, the semi-annual report to
Congress and reports from OIG studies
– MedPAC reports to Congress
– CMS Quarterly Compliance newsletter
– Leading Age newsletters both state and national
– Survey and Certification letters
– Items in the news:Items in the news:
• HIPAA investigations
• Quality of care issues
• Local, state, and federal news items concerning nursing facility care and entire post-acute care continuum
©2015 FR&R Healthcare Consulting, Inc.22
1/16/2015
12
Eight Elements of the Corporate Compliance program per the ACA
1. Implementing written policies, procedures, and standards of p g p , p ,conduct
2. Designating a compliance officer and committee3. Exercise care to ensure that authority is not delegated to those
with a propensity to engage in criminal, civil, and administrative violations of ACA
4. Conducting effective training and education and developing effective lines of communication
5. Enforcing standards through well-publicized disciplinary guidelinesguidelines
6. Conducting internal monitoring and auditing7. Responding promptly to detected offenses and developing
corrective action8. Periodically reassess its compliance program to reflect changes
within the organization
23©2015 FR&R Healthcare Consulting, Inc.
Customize Compliance programs
• Regardless of size structure or available resources theRegardless of size, structure, or available resources, the OIG recommends that every facility should strive to accomplish the objectives and principles underlying all of the compliance policies and procedures in the guidance
• One size does not fit all facilities
24©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
13
Evidence of an Effective Program
• Letters Regarding the ProgramLetters Regarding the Program
• Sign in Sheet for Education
• Employee Certifications
• Copies of Audited Charts
• Audit Results
• Records of Disciplinep
• Overpayments Paid/Underpayments Identified
25©2015 FR&R Healthcare Consulting, Inc.
Documentation
• Documentation is the key to demonstrating theDocumentation is the key to demonstrating the effectiveness of a facility’s compliance program
26©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
14
Implement Written Policies, Procedures, Standards of Conduct
Focus on the identified risk areas of the organization• Focus on the identified risk areas of the organization• Provide guidance for overall conduct of all employees
related to day-to-day operations• Developed by compliance officer, compliance
committee, and departmental managers• Provided to all employees, physicians, vendors,
contractors etc affected by the policiescontractors, etc. affected by the policies
27©2015 FR&R Healthcare Consulting, Inc.
Who Should be the Compliance Officer?
• Needs to be a high-level person with sufficient th it d tresources, authority and autonomy
• Responsible to oversee the program – Developed, operating and monitoring
– Coordinated with/oversee privacy officer/security officer to ensure that proper Health Insurance Portability and Accountability Act of 1996 privacy and security controls are in place p
• Reports directly to facility owner, governing body and/or Board of Directors
28©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
15
Who Should be the Compliance Officer?
• Do we have the “right” compliance officer in place?Do we have the right compliance officer in place?– Do we have one named at all?
• Were the compliance officer and compliance committee fully trained for their roles?
• Does everyone know who the compliance officer is and how to contact him or her?
29©2015 FR&R Healthcare Consulting, Inc.
Implement Written Policies, Procedures, Standards of Conduct
• Code of Conduct– Organization’s expectations
– Brief summary that applies to all employees
– Easy to understand and read
– Part of the employee handbook
– Certification by all employees that they have received, read, and will abide by the Code
30©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
16
Code of Conduct
• Current employees as well as those newly hired mustCurrent employees, as well as those newly hired, must certify that they have received, read, and will abide by the organization’s Code of Conduct
31©2015 FR&R Healthcare Consulting, Inc.
Code of Conduct
• The certifications updated any time the Code of Conduct isThe certifications, updated any time the Code of Conduct is revised or amended by the organization, are retained in the employee’s personnel file and made available for review.
32©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
17
Designated Compliance Officer and Committee
• Designated compliance officer duties:– Oversaw and monitored implementation of compliance
program
– Reports on an ongoing basis to Board of Directors, Chief Executive Officer, and compliance committee
– Reports directly to the Board of Directors on all compliance related matters
– Revises the program as needed
33©2015 FR&R Healthcare Consulting, Inc.
Designated Compliance Officer and Committee
• Designated compliance officer duties
D l di t d ti i t i– Develops, coordinates, and participates in training and education
– Ensures that vendors, contractors, physicians, etc. are aware of compliance program and resident rights issues as they affect the services provided
– Assists financial management in coordinating internal compliance and monitoring reviews
34©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
18
Delegate Authority with Caution
• Exercise care to ensure that authority is not delegated toExercise care to ensure that authority is not delegated to those with “a propensity to engage in criminal, civil, and administrative violations” of ACA– Background checks
– Exclusion lists
35©2015 FR&R Healthcare Consulting, Inc.
OIG Exclusion Lists
• The OIG has an online searchable database of individuals and organizations which have been excluded from one or more government programs– Should be searched for all employees, vendors, volunteers,
and contractors prior to hiring or contracting
• Not just clinical, also includes administrative
• Providers are encouraged by the OIG to review the l i li t t l t thl i t l iexclusion lists at least monthly prior to employing or
contracting with any individual as well as to rescreen current employees and vendors
36©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
19
OIG Exclusion Lists
• The OIG recommends checking all variations of namesThe OIG recommends checking all variations of names– Robert
– Bob
– Rob
– And so on
• Excluded providers/individuals could change their name slightly and move to a new Stateslightly and move to a new State
37©2015 FR&R Healthcare Consulting, Inc.
OIG Exclusion Lists
• Check name on these sites: – SAM (System for Award Management): http://sam govSAM (System for Award Management): http://sam.gov
– LEIE (List of Excluded Individuals and Entities):
• http://oig.hhs.gov/fraud/exclusions/exclusions_list.asp
– MDCH licensing sanctions for health facilities and professionals are available at http://michigan.gov/lara/0,4601,7-154-35299_63294_63302---,00.html and http://michigan.gov/healthlicense
38©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
20
Proper Delegation
• Consider the following:Consider the following:– Are my facility’s policies available and not just collecting dust on the
“policy shelf”
– Are my vendors/volunteers aware of my facility’s policies? Code of Conduct?
– Am I doing exclusion checks before hire and monthly?
39©2015 FR&R Healthcare Consulting, Inc.
Conduct Effective Training and Education
• Training and education should include:Overall compliance program and Code of Conduct– Overall compliance program and Code of Conduct
– Fraud and abuse laws
– Federal health care requirements (Medicare, Medicare Advantage and Medicaid)
– Other payer requirements
40©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
21
Conduct Effective Training and Education
• Are we training the “right” people on the “right” things?things?– Is the training meaningful?
– Is the training job-appropriate?
– Do we track all of our training efforts?
– Are there gaps in our facility knowledge-base?
41©2015 FR&R Healthcare Consulting, Inc.
Conduct Effective Training and Education
• Job/department specific training:Claims development and submission– Claims development and submission
– Resident rights– Quality of care– Marketing practices
• Training techniques:– Internal– Outside consultants– Must be documented and provided regularly
42©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
22
Ongoing Education
• Employees are required to have a minimum number ofEmployees are required to have a minimum number of educational hours per year, as appropriate, as part of their employment responsibilities– “Minimum” not defined by the OIG
– Look at individual job specific professional requirements as well as state guidelines
43©2015 FR&R Healthcare Consulting, Inc.
Vendors
• The OIG recommends that a facility give vendors andThe OIG recommends that a facility give vendors and outside contractors the opportunity to participate in the facility’s compliance training and educational programs
• With the implementation of relationships with accountable care organizations (ACOs) and other organizations, ensure relationships with these organizations are included in your compliance programcompliance program
44©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
23
Develop Effective Lines of Communication
• Encourage open lines of communicationSh ld b itt d t t li i• Should be permitted to report compliance issues anonymously
• Reports of compliance issues should be documented• Forms of communication include:
– Hotlines– E-mails– NewslettersNewsletters– Suggestion boxes
45©2015 FR&R Healthcare Consulting, Inc.
Enforce Standards Through Well-Publicized Disciplinary Guidelines
• Disciplinary policies must set out the result of violating standards of conduct and policies and procedures
• Educate on the consequences of non-compliance
• Consistent application of disciplinary action to all levels of employees is critical
• Factor in job performanceFactor in job performance
• Condition of employment
46©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
24
Conduct Internal Monitoring and Auditing
• Ongoing evaluation process– Quality improvement mechanism (Quality AssuranceQuality improvement mechanism (Quality Assurance
Committee involvement)– Auditor should be independent– May need to retain legal counsel – attorney-client privilege
and work product doctrine
• Must be documented• Focus on day-to-day operations
F i k• Focus on risk areas– Claims development– Billing and cost reporting– Relationships with third parties
47©2015 FR&R Healthcare Consulting, Inc.
Triple Check Process
• A process conducted to review all data prior to submitting aA process conducted to review all data prior to submitting a claim to ensure accuracy and appropriateness
• May include all payers but concentrate on risk areas of Part A and B claims as well as Medicare Advantage and managed care
• A system that ensures all elements required for proper reimbursement are in place prior to billing the payerreimbursement are in place prior to billing the payer
©2015 FR&R Healthcare Consulting, Inc.48
1/16/2015
25
PEPPER Reports
• PEPPER is an analysis of Medicare Part A claims data forPEPPER is an analysis of Medicare Part A claims data for specific areas that are considered to be at high risk for fraud, waste, and abuse.
• Claims data is extracted from paid UB-04 claims
• Reports on the three most recent federal fiscal years
• Compares your organization’s outcomes to others in your:St t– State
– Medicare Administrative Contractor (MAC) jurisdiction
– Nation
• Reports are issued annually in April
©2015 FR&R Healthcare Consulting, Inc.49
What Do You Do With PEPPER?
• PEPPER is an auditing and monitoring tool to supportPEPPER is an auditing and monitoring tool to support compliance requirements of the ACA
• Identify root causes of increases or decreases in target percents
• Develop specific action plans for compliant documentation
• Be proactive and preventive
©2015 FR&R Healthcare Consulting, Inc.50
1/16/2015
26
Respond Promptly to Detected Offenses; Develop Corrective Action
• Immediate investigation of suspected noncomplianceg p p
• Decisive steps to correct the problem may include:– Corrective action plan
– Return of overpayments
– Report to governmental agency(ies)
– Referral to authorities
51©2015 FR&R Healthcare Consulting, Inc.
Respond Promptly to Detected Offenses; Develop Corrective Action
• Response to noncompliance can include:Response to noncompliance can include:– Training and education– Disciplinary action– Returning overpayments through billing corrections– Review and revision of policies and procedures– Assessment of effectiveness of compliance program
and/or committee/officer
52©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
27
Respond Promptly to Detected Offenses; Develop Corrective Action
• Serious infractions could result in– Self-reporting
– Requires any person who has received an overpayment to report and return it within 60 days after the overpayment has been “identified”
– Remember, knowingly retaining an overpayment constitutes a violation of the FCA
– Involvement of authorities– Involvement of authorities
• Legal advice is critical in these instances
53©2015 FR&R Healthcare Consulting, Inc.
Assess the Compliance program
• Periodically reassess the compliance program to reflect changes within the organizationreflect changes within the organization– New services
– New risk areas
– Effectiveness of plan
– New regulations
54©2015 FR&R Healthcare Consulting, Inc.
1/16/2015
28
Common Problems with Compliance Programs
• Too generic
• No real mechanism for self-investigation
• Poor or non-existent reporting mechanism
• Weak compliance officer
• Failure to monitor the compliance program
• Program is ineffective
55©2015 FR&R Healthcare Consulting, Inc.
Resources
• OIG: http://oig hhs gov/OIG: http://oig.hhs.gov/– https://oig.hhs.gov/compliance/compliance-guidance/index.asp
• MedPAC: http://www.medpac.gov/
• Survey and Certification letters: http://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/Policy-and-Memos-to-States-and-Regions htmlMemos to States and Regions.html
• CMS Provider Compliance: http://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/ProviderCompliance.html
©2015 FR&R Healthcare Consulting, Inc.56
1/16/2015
29
Questions?