Compliance Program Basics

PRESENTED BYSHARLENE EVANS CPC, CPC-H, CHC

Compliance Program Basics

Disclaimer

Views expressed in this presentation are those of the speaker and do not necessarily reflect the views of Catholic Health Initiative (CHI) or any of CHI affiliations.

Agenda

Getting to know meGetting to know youWhy is a Corporate Responsibility Program

Important8 Elements of an Effective Compliance

ProgramNot all Compliance Programs are Built the

SameA Coder’s Path to Compliance

Introduction – Getting to Know Me

My Journey to ComplianceWhy Healthcare Compliance

Getting to Know You

1. How many are from Hospitals?2. How many are from Physician Practices?3. Other areas?4. Who’s hospital/practice has a Compliance

Program?5. Who knows what a Compliance Department

does? Other Names used

Corporate Responsibility Office Integrity Office Compliance & Ethics Department

Why have an Effective Compliance Program?


1. Regulatory requirements & guidance Federal Sentencing Guidelines, OIG and

Affordable Care Act

Federal Sentencing Guidelines

Federal Sentencing Guidelines – Chapter 8 An organization shall exercise due diligence to

prevent and detect criminal conduct; and otherwise promote an organizational culture

that encourages ethical conduct and commitment to compliance with the law.

Affordable Care Act

Section 6401 of the Affordable Care Act “A provider of medical or other items or services or

supplier within a particular industry sector or category” shall establish a compliance program as a condition of enrollment in Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP).”

An enforcement date for provider compliance plans as mandated in the Affordable Care Act not yet to been issued.

Office Of Inspector General (OIG)

The OIG has been advising providers to voluntarily adopt compliance plans, since the 1990’ds and has issued several compliance program guidance (CPG’s) for particular provider types, including hospitals, nursing homes, pharmaceutical manufactures, and physician group practices.

The CPG’s identify specific risk areas for the particular provider types and offer compliance tips.

OIG Website: https://oig.hhs.gov/compliance/compliance-guidance/index.asp

https://oig.hhs.gov/compliance/compliance-guidance/index.asp

https://oig.hhs.gov/compliance/compliance-guidance/index.asp


2. Studies suggest that a strong ethical culture can reduce the risk of fraud, waist and abuse

3. Impact from unethical conduct Loss of employee faith and commitment Reputation risk

4. Level of enforcement activities, already high, likely to grow

5. Promote patient safety and ensure delivery of high quality patient care.

*Effective Compliance Programs are an essential tool for identifying and mitigating audit risks

OIG STATES - THERE IS NO SINGLE “BEST” COMPLIANCE PROGRAM,

GIVEN THE DIVERSITY WITHIN THE INDUSTRY

Elements of an Effective Compliance Program

8 Elements of an Effective Compliance Program

1. Written Policies, Procedures and Standards of Conduct

2. Compliance Program Oversight3. Education and Training4. Reporting/Communication5. Enforcement and Discipline6. Monitoring and Auditing7. Response to Detected Offenses and Prevention8. Ongoing risk assessment – added in 2004**Federal Sentencing Guidelines, 1991, United states Sentencing Commission Revision,

2004


1. Written Policies and Procedures Code of conduct which addresses compliance

expectations State the organization's mission, goals and

ethical requirements of compliance Articulate the commitment to comply with all

Federal and State Standards Emphasis on preventing fraud waste and abuse

Employee’s should be required to acknowledge that they have read & understand the Code of Conduct


Compliance-related policies for operational high risk areas

Accurate billing and coding Payments and collections Credentialing Anti-Kickback & Stark Record Retention Cost Reports

Policies and Procedures should be: written clearly, be concise, in non-technical language which is easily understood by all.


2. Compliance Program Oversight Designate a Compliance Officer who serves as the focal point

for compliance Responsibility may be the only duty they have or in smaller

organizations this duty is added to other management responsibilities.

Has a leadership role that is recognized and promoted by senior management. Access to the hospitals governing body and the CEO

Relationship to General Counsel/Legal and Chief Financial Officer Conflict of interest for compliance officers to be under legal

or finance Most Corporate Integrity agreements prohibit the compliance

officer be under legal or finance or have combined roles.


Compliance Committee The OIG recommends that a compliance committee be

established to advise the compliance officer and assist in implementation of the compliance program.

Leaders who should be on the Committee Compliance Officer President/CEO Chief Operations Officer (CEO) Chief Financial Officer (CFO) Human Resources Department Management

Names for the Committee Audit & Compliance Committee


3. Education and Training Training should highlight

The compliance program, Fraud and abuse laws, Coding requirements Claim development & submission process marketing practices

1-2 hours general compliance training• Include all employee’s, board members, executives, volunteers


Various methods for training Web-based interactive New employee orientation Staff meetings

Be effective – testing, knowledge Separate Specialized high risk area training

Example: Billing, Coding, Cardiology –ICD’s Attendance and participation in training

programs should be a condition of continued employment. Failure to comply with requirements could result in

disciplinary action, including possible termination.


4. Reporting/Communication Access to the Compliance Officer

Open lines of communication to the Compliance Officer should be established. “Open Door” policy

Several options should be available for employees to report compliance issues

In-person – Supervisor, Manager, Compliance Officer Electronically – e-mail Anonymously

Hotline – number should be posted for employees Locked drop boxes

Written confidentiality and non-retaliation policies should be developed and distributed to all employees.


5. Enforcement and Discipline Disciplinary policies outline disciplinary actions that

may be imposed. Failing to report a potential compliance issue Participation in non-compliant behavior

Level of discipline is consistent regardless of status Compliance Officer does not carry out discipline, they only

recommend. New Employee’s

Background investigations Disclose criminal convictions or exclusions

List of Excluded Individuals & Entities – LEIE https://oig.hhs.gov/exclusions/index.asp

https://oig.hhs.gov/exclusions/index.asp


6. Monitoring and AuditingDifference between Monitoring & AuditingMonitoring - includes regular reviews performed as

part of normal operations to confirm ongoing compliance. Occurs on a regular basis (daily, weekly, monthly)

during normal day to day operations Are performed by staff Checks to see if procedures are working Follow-up on recommendations and corrective

action plans to ensure they are being implemented


Auditing – includes formal reviews of compliance with a particular set of standards as base measures. Ensures compliance with a range of statutory and

CMS requirements in critical operational areas Includes regular, periodic evaluations of the

compliance program to determine the programs overall effectiveness

Is performed at least annually, or ore frequently as appropriate

May include a variety of audit methods (desk, onsite, internal, or external)

Includes written reports containing findings, recommendations and proposed corrective actions


Audits can be performed by internal or external auditorsAuditors should:

Be independent of and not employed in the department being audited Be competent to identify potential issues within the critical review

areasAudits should be designed to address compliance with:

Kickback arrangements Stark – Physician self-referrals CPT/HCPS/Diagnosis Coding Claim development and submission Reimbursement Cost Reporting Marketing


Other references you can use for audit plans: OIG Work Plan -

https://oig.hhs.gov/reports-and-publications/workplan/index.asp

Medicare Administrative Contractor –MAC LCD’s, CERT

Recovery Audit Contractors – RAC https://racinfo.healthdatainsights.com/home.aspx?Return

Url=%2f List of Excluded Individuals & Entities – LEIE




https://racinfo.healthdatainsights.com/home.aspx?ReturnUrl=/

https://racinfo.healthdatainsights.com/home.aspx?ReturnUrl=/



Compliance Program Effectiveness At least annually, include the basic elements Measurement of various outcomes

Billing and Coding error rates Identified overpayments Audit results Training/Education

Reported out to the Audit and Compliance Committee and Board


7. Response to detected offenses and prevention

Detected but uncorrected misconduct can seriously endanger the mission, reputation and an entities legal status

Steps to investigate the conduct in question is necessary to determine whether a violation has occurred

If a violation has occurred steps to correct the violation must be taken. These could included:

Referral to criminal and/or civil law enforcement Corrective Action Plan Reporting & Repayments of Overpayments – 60 days


8. Ongoing risk assessment Conducted annually Focus is on identifying risk areas Identified by high, medium and low Includes face-to-face interviews with senior

leaders Revenue cycle Risk management Lab Pharmacy

Results of the risk assessment are used to develop compliance work plans and annual audit reviews.

LETS TAKE A CLOSER LOOK AT A FEW OF THE ELEMENTS

Not all Compliance Programs are Built the

Same

Hospital Physician Group/Office

Code of Conduct Complex, lengthy covering

multiple risk areas Professional production,

printed and/or distributed to all employees

Posted on the IntranetMade available or distributed to:

Board and Board committees

Medical Staff members Volunteers, Students,

Vendors, others

Code of Conduct Simple & Short Create a Word document

and print a few copies to have at the front desk and nursing station

Hold a meeting to implement to all employees

Element #1 – Written Policies and Procedures


Policies and Standards• High, medium and

even lower risk areas• Areas requiring

special guidance• Address consistent

approach

Policy and StandardsMinimal written

policiesVery operations

focused

Element #1 – Written Policies and Procedures


Billing for items or services not provided

Up-coding/Under-coding (Medical Necessity

DRG CreepCost ReportingRevenue Cycle AreasExcluded

Provider/Background Checking

Billing for items or services not provided

DocumentationMedical NecessityUp-coding/Under-codingMisuse of provider

identification numbersUnbundlingDouble-billing resulting

in duplicate payment

Risk Areas Addressed in Policies Include:


Where does this person report? What is the line to the Board?

What other hats does the Compliance Officer wear? None Full time with additional staff

What is the committee structure and what is their charter? Board Audit and Compliance

committee Senior Leader Compliance

committee

Practice Manager will most likely oversee the compliance efforts and report to the ownership.

It is highly unlikely a compliance committee will exist.

Benefits – react to change quickly and low cost

Challenges – Lack of independence and will staff actually raise issues – due to fear of retaliation.

Element #2 – Compliance Program Oversight


Use of on-line based learning

Annual Education Role based

education as neededPhysician education

programNewsletters and

Bulletins

Education at the time of employment

Education on the Code of conduct is enough

Conversations at staff meetings surrounding specific topics

Element #3 – Education and Training


Formal Audit work planIncludes focus reviews

on high risk areas: Revenue Cycle Lab Pharmacy Physician Contracts

Regular reporting to Board, Audit and Compliance committee and senior leadership

Uses third-party billing company to perform periodic reviews of documentation and coding

Element #4 – Auditing and Monitoring


Anonymous reporting

External hotlineFocus on non-

retaliationPoster in break

rooms or by time clocks

Lock box which can only be accessed by compliance officer

Physician(s) should help support a focus of non-retaliation during staff meetings.

Element #5 – Reporting/Communication

Implementation of a Compliance Program

Send a message that your organization operates in an ethical manner and is committed to quality customer and patient care.

Be there to Protect and Serve, not be there to police and intimidate

WHAT EXPERIENCE DOES A CODER NEED TO ENTER THE COMPLIANCE FIELD?

Coding Career Path to Compliance


Compliance Specialist/Analyst Coding experience & Auditing Experience

Certified (CCS, CPC, CPC-H) and or RHIT is normally preferred 3 – 5 years in healthcare compliance, internal audit, coding, billing, finance

Data analytics Run reports and pick samples

Certified in Healthcare Compliance (CHC or equivalent) - normally don’t have to have it when hired, but within a certain time frame.

Ability to multi – task Multiple projects Putting out multiple “Fires” – start the day with a plan, this may

changeCommunication

Be able to deliver a concise message. Able to speak to an audience, at their level.


Do you like to read the Federal Register and/or State and Federal Laws?

Are you able to interpret the regulations? http://www.cms.gov

Manuals Physician Fee Schedule Conditions of Participation – CoPs Conditions of Coverage - CfCs

https://www.federalregister.gov – Proposed and Final Rules Inpatient Perspective Payment System - IPPS Outpatient Perspective Payment System -OPPS

http://www.cms.gov/

https://www.federalregister.gov/

Coder Career Path to Compliance

Revised Code of Washington – RCW http://app.leg.wa.gov/rcw

Washington Administrative Code - WAC http://app.leg.wa.gov/wac/

Washington Healthcare Association http://www.hca.wa.gov/

Noridian Healthcare Solutions, LLC – A & B https://www.noridianmedicare.com/

http://app.leg.wa.gov/rcw

http://app.leg.wa.gov/wac/

http://www.hca.wa.gov/

https://www.noridianmedicare.com/

Coder Career Path to Compliance

American Academy of Professional Coders – AAPC Certified Professional Compliance Officer –CPCO https://www.aapc.com

Health Care Compliance Association – HCCA CHC – Certified in Healthcare Compliance CHRC – Certified in Healthcare Research Compliance CHPC – Certified in Healthcare Privacy Compliance CCEP – Certified Compliance and Ethics Professional http://www.hcca-info.org

University of Washington Certificate in Healthcare Regulatory Compliance –

Continuing Education http://www.pce.uw.edu/certificates/health-care-regulatory-co

mpliance.html

https://www.aapc.com/

http://www.hcca-info.org/

http://www.pce.uw.edu/certificates/health-care-regulatory-compliance.html

http://www.pce.uw.edu/certificates/health-care-regulatory-compliance.html

Questions

Documents

Compliance Program Basics