LAMI January 2015 Compliance Webinar · 1/16/2015 4 Compliance Program Overall Organizational...

1/16/2015

1

The 8 Elements of a Corporate ComplianceThe 8 Elements of a Corporate Compliance Program

January 21, 2015 Leading Age Michigan

Your Speaker

Betsy Anderson, PresidentBetsy Anderson, PresidentFrost Healthcare111 Pfingsten Road, Suite 300Deerfield, IL 60015Main: (847) 236-1111 or (888) 377-8120Direct: (847) 282-6307banderson@frrcpas [email protected]

©2015 FR&R Healthcare Consulting, Inc.2

1/16/2015

2

Your Speakers

Janet Potter, CPA, MASManager, Healthcare ResearchFrost Healthcare111 S. Pfingsten Road, Suite 300Deerfield, IL 60015Main: (847) 236-1111Direct: (847) 282-6457( )[email protected]

3©2015 FR&R Healthcare Consulting, Inc.

Acronyms

• ACA – Affordable Care ActACA Affordable Care Act

• ACO – Accountable Care Organization

• HHS – Department of Health and Human Services

• MAC – Medicare Administrative Contractors

• MDS – Minimum Data Set

• MedPAC – Medicare Payment Advisory Commissiony y

• OIG – Office of Inspector General

• PEPPER – Program for Evaluating Payment Patterns Electronic Report


1/16/2015

3

Corporate Compliance ProgramsThe OIG’s Views

• OIG issued guidance for nursing facilities on March 16 200016, 2000– Voluntary compliance program

– Contains seven elements of an effective compliance plan

• Supplemental guidance issued in 2008– Excellent training, educational, and in-service materials


Corporate Compliance ProgramsThe OIG’s Views

• Affordable Care Act of 2010 (ACA)– Mandatory compliance and ethics program for nursing

facilities

– Modified the seven elements of an effective compliance plan

• Effective as of March 23, 2013

• OIG recently instructed HHS to issue rules to implement the compliance program requirement – this

id i l dguidance is long overdue

• No guidance yet on the “ethics” portion of the requirement


1/16/2015

4

Compliance Program Overall Organizational Benefits

• Quality improvement – quality of care as a potential liability risk was added in 2008 Supplementalliability risk was added in 2008 Supplemental Guidance

• Office of Inspector General (OIG) recognition of compliance effort

• Public and vendor awareness of commitment to corporate compliance and conduct

• Improved communications and feedbackImproved communications and feedback• Internal control and risk management


OIG Model Compliance Guidance

• Specific risk areas identified– Quality of care

– Resident’s rights

– Billing and cost reporting

– Employee screening

– Kickbacks, inducements, and self-referrals


1/16/2015

5

Quality of Care Risk Areas

• Absence of a comprehensive, accurate assessment of each resident’s functional capacity and aof each resident s functional capacity and a comprehensive care plan

• Inappropriate or insufficient treatment and services to address resident’s clinical conditions, including:− Pressure ulcers

− Dehydration

− MalnutritionMalnutrition

− Incontinence of bladder

− Mental or psychosocial issues



• Failure to accommodate residents’ needs and preferencesp

• Failure to properly prescribe, administer, and monitor prescription drug usage

• Inadequate staffing levels or insufficiently trained or supervised staff to provide medical, nursing, and related services

• Failure to provide appropriate therapy services• Failure to provide appropriate services to assist

residents with activities of daily living


1/16/2015

6


• Failure to provide ongoing activities programs to p g g p gmeet resident needs

• Failure to report incidents of resident abuse or neglect to the administrator and other officials as required by State and federal laws


Resident’s Rights Risk Areas

• Discriminatory admission procedures or denial of access to servicesaccess to services

• Mental, verbal, or physical abuse

• Inappropriate use of physical or chemical restraints

• Failure to ensure personal privacy and access to medical records upon request

• Failure to ensure that medical records are properly protected


1/16/2015

7

Resident’s Rights Risk Areas

• Denial of right to participate in care related and g p ptreatment decisions

• Failure to safeguard resident’s financial affairs


Billing and Cost Reporting Risk Areas

• Billing for items or services not provided as claimed

• Submitting claims for items and services that are not medically necessary

• Submitting claims to Medicare Part A for residents who are not eligible for coverage

• Duplicate billing

• Failure to identify, properly report, and refund creditFailure to identify, properly report, and refund credit balances


1/16/2015

8


• Submitting claims for items or services that were not d d b th h i iordered by the physician

• Knowingly billing for substandard or inadequate care

• Providing misleading information on the Minimum Data Set (MDS) or providing inappropriate information to assign a RUG level for a resident

• Up-coding the level of services billed

• Billing for items or services that should be billed as part of a unit or daily rate (unbundling)



• Billing residents for items or services that should be included in the per diem rate or billed to anotherincluded in the per diem rate or billed to another payer

• Altering documentation or falsifying physician signatures on information used to verify services or items were ordered and provided

• Failure to maintain adequate documentation to support treatment diagnosis results and continuitysupport treatment, diagnosis, results, and continuity of care

• False cost reports


1/16/2015

9

Employee Screening Risk Areas

• Failure to verify licensing and certification of individuals (employees temporary staff contractors)individuals (employees, temporary staff, contractors) through licensing authorities

• Failure to provide criminal background checks• Failure to ensure that a potential employee is not

excluded from the Medicare or Medicaid program• Failure to periodically check OIG and General

Services Administration websites for newly excludedServices Administration websites for newly excluded individuals or providers


Kickbacks, Inducements, and Self-Referrals Risk Areas

• Routinely waiving coinsurance or deductible amounts y gwithout a good faith collection effort

• Agreements between skilled nursing facilities (SNFs) and transferring entities that involve inappropriate practices

• Soliciting, accepting, or offering any gift or gratuity of more than a nominal value to referral sources or other entities with which the organization has a businessentities with which the organization has a business relationship


1/16/2015

10

Kickbacks, Inducements, and Self-Referrals Risk Areas

• Arrangements with a hospital to accept admissions based on payment above PPS ratesbased on payment above PPS rates

• Financial arrangements with physicians, including the Medical Director

• Joint ventures

• Inappropriate vendor access to medical records

• Arrangements with vendors to receive non-covered items at below fair market value prices provided the organization orders Medicare or Medicaid billable items or services


Identifying Your Facility’s Risk Areas

• Review processes and current procedures for existing risk areas– Triple check process

– Internal audits

• Watch for new risk areas

• Identifying risk areas is a team effort, no individual should be solely responsible for assessing new potential risk y p g pareas

• New risk areas can arise at any time; it is important to stay vigilant to determine what new areas in particular apply to your facility/organization


1/16/2015

11

New Risk Areas

• Internal areas to watch include:Internal areas to watch include:– Recent survey results

– Appeals in process

– Denied claims from all payor types

– Cost report audits

– Financial statement audits

– Internal control issues

– Staff shortages

– Staff turnover


New Risk Areas

• External resources to watch include:External resources to watch include:– OIG publications including the OIG Work Plan, the semi-annual report to

Congress and reports from OIG studies

– MedPAC reports to Congress

– CMS Quarterly Compliance newsletter

– Leading Age newsletters both state and national

– Survey and Certification letters

– Items in the news:Items in the news:

• HIPAA investigations

• Quality of care issues

• Local, state, and federal news items concerning nursing facility care and entire post-acute care continuum


1/16/2015

12

Eight Elements of the Corporate Compliance program per the ACA

1. Implementing written policies, procedures, and standards of p g p , p ,conduct

2. Designating a compliance officer and committee3. Exercise care to ensure that authority is not delegated to those

with a propensity to engage in criminal, civil, and administrative violations of ACA

4. Conducting effective training and education and developing effective lines of communication

5. Enforcing standards through well-publicized disciplinary guidelinesguidelines

6. Conducting internal monitoring and auditing7. Responding promptly to detected offenses and developing

corrective action8. Periodically reassess its compliance program to reflect changes

within the organization


Customize Compliance programs

• Regardless of size structure or available resources theRegardless of size, structure, or available resources, the OIG recommends that every facility should strive to accomplish the objectives and principles underlying all of the compliance policies and procedures in the guidance

• One size does not fit all facilities


1/16/2015

13

Evidence of an Effective Program

• Letters Regarding the ProgramLetters Regarding the Program

• Sign in Sheet for Education

• Employee Certifications

• Copies of Audited Charts

• Audit Results

• Records of Disciplinep

• Overpayments Paid/Underpayments Identified


Documentation

• Documentation is the key to demonstrating theDocumentation is the key to demonstrating the effectiveness of a facility’s compliance program


1/16/2015

14

Implement Written Policies, Procedures, Standards of Conduct

Focus on the identified risk areas of the organization• Focus on the identified risk areas of the organization• Provide guidance for overall conduct of all employees

related to day-to-day operations• Developed by compliance officer, compliance

committee, and departmental managers• Provided to all employees, physicians, vendors,

contractors etc affected by the policiescontractors, etc. affected by the policies


Who Should be the Compliance Officer?

• Needs to be a high-level person with sufficient th it d tresources, authority and autonomy

• Responsible to oversee the program – Developed, operating and monitoring

– Coordinated with/oversee privacy officer/security officer to ensure that proper Health Insurance Portability and Accountability Act of 1996 privacy and security controls are in place p

• Reports directly to facility owner, governing body and/or Board of Directors


1/16/2015

15

Who Should be the Compliance Officer?

• Do we have the “right” compliance officer in place?Do we have the right compliance officer in place?– Do we have one named at all?

• Were the compliance officer and compliance committee fully trained for their roles?

• Does everyone know who the compliance officer is and how to contact him or her?


Implement Written Policies, Procedures, Standards of Conduct

• Code of Conduct– Organization’s expectations

– Brief summary that applies to all employees

– Easy to understand and read

– Part of the employee handbook

– Certification by all employees that they have received, read, and will abide by the Code


1/16/2015

16

Code of Conduct

• Current employees as well as those newly hired mustCurrent employees, as well as those newly hired, must certify that they have received, read, and will abide by the organization’s Code of Conduct


Code of Conduct

• The certifications updated any time the Code of Conduct isThe certifications, updated any time the Code of Conduct is revised or amended by the organization, are retained in the employee’s personnel file and made available for review.


1/16/2015

17

Designated Compliance Officer and Committee

• Designated compliance officer duties:– Oversaw and monitored implementation of compliance

program

– Reports on an ongoing basis to Board of Directors, Chief Executive Officer, and compliance committee

– Reports directly to the Board of Directors on all compliance related matters

– Revises the program as needed


Designated Compliance Officer and Committee

• Designated compliance officer duties

D l di t d ti i t i– Develops, coordinates, and participates in training and education

– Ensures that vendors, contractors, physicians, etc. are aware of compliance program and resident rights issues as they affect the services provided

– Assists financial management in coordinating internal compliance and monitoring reviews


1/16/2015

18

Delegate Authority with Caution

• Exercise care to ensure that authority is not delegated toExercise care to ensure that authority is not delegated to those with “a propensity to engage in criminal, civil, and administrative violations” of ACA– Background checks

– Exclusion lists


OIG Exclusion Lists

• The OIG has an online searchable database of individuals and organizations which have been excluded from one or more government programs– Should be searched for all employees, vendors, volunteers,

and contractors prior to hiring or contracting

• Not just clinical, also includes administrative

• Providers are encouraged by the OIG to review the l i li t t l t thl i t l iexclusion lists at least monthly prior to employing or

contracting with any individual as well as to rescreen current employees and vendors


1/16/2015

19

OIG Exclusion Lists

• The OIG recommends checking all variations of namesThe OIG recommends checking all variations of names– Robert

– Bob

– Rob

– And so on

• Excluded providers/individuals could change their name slightly and move to a new Stateslightly and move to a new State


OIG Exclusion Lists

• Check name on these sites: – SAM (System for Award Management): http://sam govSAM (System for Award Management): http://sam.gov

– LEIE (List of Excluded Individuals and Entities):

• http://oig.hhs.gov/fraud/exclusions/exclusions_list.asp

– MDCH licensing sanctions for health facilities and professionals are available at http://michigan.gov/lara/0,4601,7-154-35299_63294_63302---,00.html and http://michigan.gov/healthlicense


1/16/2015

20

Proper Delegation

• Consider the following:Consider the following:– Are my facility’s policies available and not just collecting dust on the

“policy shelf”

– Are my vendors/volunteers aware of my facility’s policies? Code of Conduct?

– Am I doing exclusion checks before hire and monthly?


Conduct Effective Training and Education

• Training and education should include:Overall compliance program and Code of Conduct– Overall compliance program and Code of Conduct

– Fraud and abuse laws

– Federal health care requirements (Medicare, Medicare Advantage and Medicaid)

– Other payer requirements


1/16/2015

21


• Are we training the “right” people on the “right” things?things?– Is the training meaningful?

– Is the training job-appropriate?

– Do we track all of our training efforts?

– Are there gaps in our facility knowledge-base?



• Job/department specific training:Claims development and submission– Claims development and submission

– Resident rights– Quality of care– Marketing practices

• Training techniques:– Internal– Outside consultants– Must be documented and provided regularly


1/16/2015

22

Ongoing Education

• Employees are required to have a minimum number ofEmployees are required to have a minimum number of educational hours per year, as appropriate, as part of their employment responsibilities– “Minimum” not defined by the OIG

– Look at individual job specific professional requirements as well as state guidelines


Vendors

• The OIG recommends that a facility give vendors andThe OIG recommends that a facility give vendors and outside contractors the opportunity to participate in the facility’s compliance training and educational programs

• With the implementation of relationships with accountable care organizations (ACOs) and other organizations, ensure relationships with these organizations are included in your compliance programcompliance program


1/16/2015

23

Develop Effective Lines of Communication

• Encourage open lines of communicationSh ld b itt d t t li i• Should be permitted to report compliance issues anonymously

• Reports of compliance issues should be documented• Forms of communication include:

– Hotlines– E-mails– NewslettersNewsletters– Suggestion boxes


Enforce Standards Through Well-Publicized Disciplinary Guidelines

• Disciplinary policies must set out the result of violating standards of conduct and policies and procedures

• Educate on the consequences of non-compliance

• Consistent application of disciplinary action to all levels of employees is critical

• Factor in job performanceFactor in job performance

• Condition of employment


1/16/2015

24

Conduct Internal Monitoring and Auditing

• Ongoing evaluation process– Quality improvement mechanism (Quality AssuranceQuality improvement mechanism (Quality Assurance

Committee involvement)– Auditor should be independent– May need to retain legal counsel – attorney-client privilege

and work product doctrine

• Must be documented• Focus on day-to-day operations

F i k• Focus on risk areas– Claims development– Billing and cost reporting– Relationships with third parties


Triple Check Process

• A process conducted to review all data prior to submitting aA process conducted to review all data prior to submitting a claim to ensure accuracy and appropriateness

• May include all payers but concentrate on risk areas of Part A and B claims as well as Medicare Advantage and managed care

• A system that ensures all elements required for proper reimbursement are in place prior to billing the payerreimbursement are in place prior to billing the payer


1/16/2015

25

PEPPER Reports

• PEPPER is an analysis of Medicare Part A claims data forPEPPER is an analysis of Medicare Part A claims data for specific areas that are considered to be at high risk for fraud, waste, and abuse.

• Claims data is extracted from paid UB-04 claims

• Reports on the three most recent federal fiscal years

• Compares your organization’s outcomes to others in your:St t– State

– Medicare Administrative Contractor (MAC) jurisdiction

– Nation

• Reports are issued annually in April


What Do You Do With PEPPER?

• PEPPER is an auditing and monitoring tool to supportPEPPER is an auditing and monitoring tool to support compliance requirements of the ACA

• Identify root causes of increases or decreases in target percents

• Develop specific action plans for compliant documentation

• Be proactive and preventive


1/16/2015

26

Respond Promptly to Detected Offenses; Develop Corrective Action

• Immediate investigation of suspected noncomplianceg p p

• Decisive steps to correct the problem may include:– Corrective action plan

– Return of overpayments

– Report to governmental agency(ies)

– Referral to authorities



• Response to noncompliance can include:Response to noncompliance can include:– Training and education– Disciplinary action– Returning overpayments through billing corrections– Review and revision of policies and procedures– Assessment of effectiveness of compliance program

and/or committee/officer


1/16/2015

27


• Serious infractions could result in– Self-reporting

– Requires any person who has received an overpayment to report and return it within 60 days after the overpayment has been “identified”

– Remember, knowingly retaining an overpayment constitutes a violation of the FCA

– Involvement of authorities– Involvement of authorities

• Legal advice is critical in these instances


Assess the Compliance program

• Periodically reassess the compliance program to reflect changes within the organizationreflect changes within the organization– New services

– New risk areas

– Effectiveness of plan

– New regulations


1/16/2015

28

Common Problems with Compliance Programs

• Too generic

• No real mechanism for self-investigation

• Poor or non-existent reporting mechanism

• Weak compliance officer

• Failure to monitor the compliance program

• Program is ineffective


Resources

• OIG: http://oig hhs gov/OIG: http://oig.hhs.gov/– https://oig.hhs.gov/compliance/compliance-guidance/index.asp

• MedPAC: http://www.medpac.gov/

• Survey and Certification letters: http://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/Policy-and-Memos-to-States-and-Regions htmlMemos to States and Regions.html

• CMS Provider Compliance: http://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/ProviderCompliance.html


1/16/2015

29

Questions?

LAMI January 2015 Compliance Webinar · 1/16/2015 4 Compliance Program Overall Organizational...

Documents

Transcript of LAMI January 2015 Compliance Webinar · 1/16/2015 4 Compliance Program Overall Organizational...