Upload
alan-stephens
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
WPHN Compliance ForumWPHN Compliance Forum
October 13, 2008
Shelley C. Koltnow VP Corporate Responsibility
Via Christi Health System
Compliance Forum AgendaCompliance Forum Agenda
• Establishing and Managing an Effective Compliance Program in a Rural or Small Provider Setting..………………………..40 minutes
• Q & A / Discussion…………...10 minutes• 5 minute Break• Role of the Compliance Officer• …………………………20 minutes• Risk Areas for Critical Access Hospital
………………………...20 minutes• Q & A / Discussion……………10 minutes• Q & A / Discussion – Further interest/future
programs? • Conclude
Compliance Helps to Navigate the RisksCompliance Helps to Navigate the RisksBy having an effective compliance program in place, a CAH can better navigate the increasing uncertainties and risks associated with the current healthcare regulatory and legal environment.
What is a Compliance Program?What is a Compliance Program?
• Culture of Compliance
– February 23, 1998
First “OIG Compliance Program Guidance for Hospitals”
Focus – adoption of voluntary compliance programs
Promote – “ higher level of ethical and lawful conduct
throughout the health care industry”
Provide – “clear guidance” to reduce fraud and abuse
What is a Compliance Program?What is a Compliance Program?
• Culture of Compliance– January 31, 2005
“OIG Supplemental Compliance Program Guidance for Hospitals” – strong feedback to OIG from the industry
Recognition of high risk areas
Focus – Development and use of internal controls
Promote – Compliance program effectiveness through cultural integration
Provide – Recognition of benefits aside from preventing or mitigating fraud and abuse
What is a Compliance ProgramWhat is a Compliance Program
• OIG recognized benefits to providers: Enhancing health care providers’ operations
Improving the quality of health care services
Reducing overall cost of health care services
Demonstrate commitment to honest and responsible corporate
conduct (evidence-based compliance)
Reporting process free of retaliation
Reduction of loss to government and hospital
Increased likelihood of preventing, identifying, and correcting
problems at early stage
Elements of EffectivenessElements of Effectiveness
• Origin – the Federal Sentencing Guidelines (FSG)
– Reduction of penalty for corporations Requires effective compliance/ethics program
Elements include prevention and detection of criminal conduct, culture
of compliance to assure effectiveness of the program (Section 8B2.1)
Compliance officer – high level, access to CEO, board and overall
responsibility for the compliance/ethics program.
Background checks
Education
Reporting of non-compliant activity (no retaliation)
Discipline
Annual reports to Board and risk assessments
Compliance Plan Compliance Plan
• Elements – Code of Conduct
Standards to guide organizational behavior
Expectation as a condition of employment, contractual relationships, vendor relationships, or being a credentialed provider with clinical privileges
Communicated to all constituents
Approved and endorsed by the governing body
Reviewed annually and updated as needed
Consistent with applicable laws, regulations and policies
“living document” – enforce consistently
Compliance PlanCompliance Plan
• Elements– Policies and Procedures
Part of organization’s policy manual Communicated to all constituents – education Regularly reviewed and updated Approved by Compliance Committee and governing body
of the organization Accessible to all constituents Touch on risk areas for compliance issues
Compliance PlanCompliance Plan
• Elements– Policies and Procedures
Some recognized compliance risk areas: Billing and coding Medical necessity / case management Cost reporting EMTALA Conflicts of Interest, gifts, gratuities Relations with providers and others who refer Medicare and Medicaid fraud and abuse HIPAA privacy and security Government investigations Obligations of Employees to compliance program
Compliance PlanCompliance Plan
• Elements– Compliance Committee
A committee is required to assure that the compliance plan is implemented appropriately across the organization
Comprised of leaders over high risk areas Executives – CFO and COO are typically involved Meets regularly Agenda reflects approvals of policies, education on
compliance matters, discussion of compliance and culture Minutes to the governing body Tie to quality of care, risk management and finance
Compliance PlanCompliance Plan
• Education and Training– Effective education and training on a regular (year
around) basis on key compliance topics– Equivalent to training required in other areas– Standard documentation processes to assure
audit trail– Alert to new developments and issues pertaining
to the organization– Tie to culture, ethics, doing the right thing– Assure reporting mechanisms and compliance
program is known throughout the organization
Compliance PlanCompliance Plan
• Elements– Reporting process
Channels within the organization where individuals can raise concerns or report issues
No retaliation (express or implicit) Like incident reporting – non punitive opportunity to bring
concerns forward Investigate each report Document each report and the disposition of the issue Signs or posters to remind individuals of their duty to
report concerns Hotline for anonymous reports
Compliance PlanCompliance Plan
• Elements– Monitoring and auditing
More than “vigilance” Identify key risk areas and conduct focused reviews Monitor any corrective action plans to assure adherence Make sure any overpayments are returned immediately Consider independent audits each year to assure coding and
cost reporting are accurate and correct – document to governing body
Document continuous monitoring and process improvement efforts as part of the Program (including quality)
Compliance PlanCompliance Plan
• Elements– Disciplinary action for compliance infractions
Consider a policy specific to compliance infractions Follow fair and consistent process with HR disciplinary
policy Assure that any infractions are investigated and
established before discipline is provided Assure the disciplinary process is not retaliatory Consider HIPAA violations to be serious and impose
appropriate disciplinary action – document! Coordinate with HR
Compliance PlanCompliance Plan
• Elements– Response to any offense
Do not delay or postpone Develop an investigation plan with specific goals and
timetables Consider whether legal advice is needed and whether the
investigation should be conducted under the attorney – client privilege
Don’t wait until the problem arises to have an attorney engaged!
Limit communication to those who “need to know” Consider independent auditor involvement (can be
engaged by attorney under the privilege) Report results promptly if any overpayment or disclosure
Compliance PlanCompliance Plan
• Elements– Compliance Officer
High level executive position with autonomy and independence to implement Plan
Reports to CEO and governing body Has adequate resources to perform job Knows how to spot legal and regulatory issues (e.g.,
EMTALA, HIPAA, Medicare/Medicaid reimbursement, OSHA, CLIA, etc.)
Access to any materials or documents, information , and individuals needed to investigate
Independent access to legal counsel
Critical Access Hospitals – Rural Health CareCritical Access Hospitals – Rural Health CareCAH provide care in rural areas and have some distinct needs and challenges regarding putting an effective compliance program in place.
Critical Access Hospitals Critical Access Hospitals
• Issues for small or rural providers– Small staff and limited resources (probably not a full-time
position for compliance)– In small communities, HIPAA can be large part of a
compliance program focus (“everyone knows everyone”)– Relevance of compliance (“we are small – we don’t need a full
compliance program”)– Culture – Priorities– Compliance officer independence (“many hats” issue)
Critical Access HospitalsCritical Access Hospitals
• Although small, CAH compliance programs must be effective and evidence-based
• Integration into operations and culture is essential• Documentation of efforts toward compliance
– HIPAA and Compliance issues log(s)– Medicare Conditions of Participation for CAHs– Compliance committee meeting minutes– Written compliance plan– Written investigation plans, showing timetables and final
outcomes– Compliance education and training – Coordination with risk management, quality, finance and
the governing body
Critical Access HospitalsCritical Access Hospitals
• Operations – Assure there is always a compliance contact– Compliance policy manual is up-to-date and
available– Conduct HIPAA training and discipline consistently– Realistic budget showing adequate resources– Annual CO education
HCCA is great – credential of “CHC” is good to obtain
– Culture is very important in small provider – Tools (MediRegs, Comply-Track, other)
Critical Access HospitalsCritical Access Hospitals
• Relationships– Network of compliance professionals in the
area/region– Staff interactions – Board– Building buy-in and commitment– Listen – analyze both the business aspects and the
compliance issues before responding– Use the committee for difficult decisions– Engage commitment of CEO
Critical Access HospitalsCritical Access Hospitals
• Effectiveness – Address all elements– Communicate effectively– Assess risk with priorities of action– Monitor for excluded providers – Consistency and documentation– Discipline– Education– Tone at the top– Culture
Critical Access HospitalsCritical Access Hospitals
• Buy-in Tips– Obtain a champion– Involve physicians on committees and work groups– Provide one-on-one feedback and education where
appropriate– Understand the clinical sides and business issues driving the
compliance issue – collaboration without violation!– Listening– Physician and provider relationships (contracts and
agreements, payments) are discussed openly with appropriate review
– Quality committee as compliance committee
Discussion and Questions Discussion and Questions
Short Break
Compliance Officer’s JobCompliance Officer’s JobAssure the organization adheres to its standards of conduct while monitoring, auditing, reporting and managing the demonstration of a compliant culture throughout the organization.
Role of Compliance OfficerRole of Compliance Officer
• Basic Requirements
– Accountability to governing body
– Member of senior management
– Independence to raise matters whenever and wherever they
arise without fear of retaliation or inaction
– Support from top (board and CEO – responsible executive)
– Connection to operations to build ethical programs and culture
– Authority to make and implement decisions and
recommendations
Role of Compliance OfficerRole of Compliance Officer
• According to OIG’s Supplemental Compliance Guidance (20050:– Compliance department is “backbone of the
hospital’s compliance program” – Compliance officer should be “well-qualified,
member of senior management and supported by a compliance committee”
– CO should “implement the hospital’s compliance program and to ensure that the hospital complies with all applicable Federal health care program requirements.”
Role of the Compliance OfficerRole of the Compliance Officer
• Standards for Compliance Officer/Department:– “clear, well-crafted mission”– “properly organized”– “sufficient resources (staff and budget), training,
authority and autonomy to carry out its mission”– Relation between compliance and any attorneys
appropriate?– Active compliance committee – members from
“relevant functional departments”
Role of the Compliance OfficerRole of the Compliance Officer
• Ability to form ad hoc groups or task forces to carry out any “special missions such as conducting an investigation or evaluating a proposed enhancement”
• CO has “direct and independent access to governing body, CEO, all senior management and legal counsel”
• “Independent authority to retain outside legal counsel”
Role of the Compliance OfficerRole of the Compliance Officer
• Good working relationship/contact with departments that perform patient financial services (coding, cost reporting)
• Regular reports to governing body and hospital management about the “different aspects of the hospital’s compliance program
Critical Access Hospital Challenge: Critical Access Hospital Challenge:
In a CAH, the Compliance Officer role may be difficult to fill and to fulfill. OIG expects program to be effective. What to do?
Discussion and Questions? Discussion and Questions?
Risk AreasRisk AreasFailure to implement and continue a compliance program can lead to risk of exclusion, civil money penalties, recoupment of funds, and other penalties for substandard survey findings. What are the risks?
Critical Access Risk AreasCritical Access Risk Areas
• Status as a CAH is maintained – all elements • Length of stay (96 hours annual LOS)• Other services like swing beds, psychiatric,
rehabilitation, and hospice and contracts with various providers of these services– Compliance with CoP for each type of service
• Surveys– Designed to detect “to determine whether a citation
of non-compliance is appropriate.” (CMS, 2008)
Critical Access Risk AreasCritical Access Risk Areas
• Conditions of Participation– CMS expects total compliance– Measures compliance through “observations,
interviews, document/record reviews…to establish organizational and patient-focused functions and processes…and compliance with Federal health, safety, and quality standards that …assure beneficiaries receive safe, quality care and services.”
– Check the State Operations Manual for Standards
Critical Access Risk AreasCritical Access Risk Areas
• Recap of certain CoP for Critical Access Hospitals– Makes available 24 hour emergency care services
per state requirements for CAHs– Operates no more than 15 acute beds or up to 25
inpatient beds used interchangeable for acute or SNF-level care, provided no more than 15 are used at any one time for acute care
– Maintains an average LOS of 96 hours or less on an annual basis (acute)
Critical Access Risk AreasCritical Access Risk Areas
• Provide dietary, pharmacy, laboratory, and radiological services either full-time, on-site or part-time, off-site under arrangement with another provider
• Networking arrangement with at least 1 hospital for patient referral and transfer; communication systems to share patient data; emergency and non-emergency transportation
Critical Access Risk AreasCritical Access Risk Areas
– Networking arrangements for credentialing of medical staff, quality assurance with at least 1 hospital, one peer review organization or other appropriate, state-qualified entity
– Staffing requirements are met – Required inpatient care may be provided by a
physician assistant or ARNP, subject to the oversight of a physician (who need not be present in the facility)
Critical Access Risk AssessmentCritical Access Risk Assessment
• Calculation of the reasonable cost of services for inpatient hospital care – basis for reimbursement from Medicare
– Reasonable cost to provide outpatient services plus a fee-
schedule payment for professional services – basis for
reimbursement from Medicare
– Provision of skilled nursing, rehabilitation, and home health,
psychiatric, and other services. In Kansas, CAHs are
encouraged to integrate as many services locally as is
practical.
Critical Access Risk AreasCritical Access Risk Areas
• False Claims Act
– “Knowingly presents or causes to be presented to the
United States Government a false or fraudulent claim for
payment or approval…” (31 USC 3729(A)(1)
– Cost report continues to be area of strong OIG focus
– Accuracy is key to compliance
– FCA applies to claims for interim and final payment
– Important for CDM and cost reporting to be monitored
Critical Access Risk AreasCritical Access Risk Areas
• Claims preparation and submission– Coding errors (up-coding, incorrect coding,
etc.)– Cost reporting– Non-covered services – Insufficient documentation of care– Billing for services not provided– Medical necessity– Churning of acute to LTC to acute again– Outpatient pricing and coding
Critical Access Risk AreasCritical Access Risk Areas
• Information Technology– HIPAA privacy and security– CDM accuracy and current information; continued
monitoring– Systems and software for patient care – Biomedical services – Electronic prescribing– Networked information sharing among providers
Critical Access Risk AreasCritical Access Risk Areas
• EMTALA– Medical screening examination– Transfer rules– Hospital’s capacity to stabilize/treat patients– Medical record issues– Policy – process for on-call providers
CAH rules Medical staff bylaws
Critical Access Risk Areas Critical Access Risk Areas
• Substandard Care– OIG can exclude any provider from participation if
the care is substandard Neither knowledge or intent is required Unnecessary, substandard items or services provided to a
patient even if the patient is not a Medicare beneficiary
– Quality goals and measures – Meet all Medicare CoP for CAHs
Quality assessment and performance improvement Medical staff credentialing and monitoring Care protocols
Critical Access Risk AreasCritical Access Risk Areas
• Referral Statutes– Anti-kickback
Hospital cannot give or receive a benefit (cash or kind) in exchange for referrals (one purpose)
Safe harbors require legal advice Includes inducements, discounts, etc. No professional courtesy to physicians/providers
– Stark Physicians with compensation or ownership arrangements
with an entity cannot refer government beneficiaries to the entity except where the arrangement meets a legal exception
• Tax exemption and conflicts of interest– No private benefit or inurement– Insiders must be dealt with at arm’s length and
independence– Fair market value is key– Disclosure of conflicts of interest of all leaders,
board members, physicians, vendors
Critical Access Risk AreasCritical Access Risk Areas
• Beneficiary Inducements– Gifts and gratuities– Cost-sharing waivers (co-pay or deductible)– Free transportation
• HIPAA privacy and data security• Contracts with other providers for services
ConclusionConclusionFailure to implement a compliance program that is culturally integrated and evidence-based creates unnecessary risk in today’s enforcement environment. An effective program, along with the quality and risk management efforts assures ongoing viability and sustainability.
Discussion and Questions