Evaluate Your Organization’s Current Compliance Program
Whether your organization needs a top to bottom compliance program or just an assessment of the effectiveness of your current program, we can work with your organization towards an effective model that is specific to your needs. All corporate compliance programs are required to have particular elements. While the basic elements remain the same for all compliance programs, we do not believe in a one size fits all compliance program. We tailor our programs to fit each client’s business model, corporate culture, and financial resources. As an example, rather than simply providing potentially unnecessary, duplicative, and potentially conflicting corporate compliance policies, we recommend a review of current facility policies to determine which, if any, new policies are necessary, if current policies need to be revised, or if current policies will work in developing an effective compliance program. We have found that this saves our clients time and money as well as eases the transition of a facility and its employees to a culture of compliance by taking advantage of known systems already in place.
On Call to Answer Compliance Concerns
The attorneys at the Kitch Firm understand the unique nature of health care, most importantly, that compliance concerns arise 24 hours a day. We provide our clients with after-hours numbers so there is assistance available with emergencies at any time.
Attorney-Client Protected Audits
An effective compliance program requires ongoing audits and monitoring of identified risk areas. There are, however, instances where it would be prudent to conduct audits under the attorney-client privilege. Some examples of instances where the attorney-client privilege would be beneficial include audits of high risk areas, new risk areas, areas that may not be covered by the quality assurance or peer review privileges, or audits responding to compliance concerns or complaints. Depending on the particular compliance concern, the Kitch Firm is able to conduct the audit or we partner with experts or even the facility itself to evaluate the validity or extent of a compliance issue.
Once a compliance concern is suspected or identified, the Kitch Firm is able to direct or conduct an investigation of that concern. Under the attorney-client privilege, we are able to analyze the outcome of the investigation and provide legal guidance on a response if necessary.
Response to Government Investigations
It is never pleasant when a facility is served with a subpoena or is subject to a search warrant. The initial response of the facility and its employees to a government investigation may be crucial in establishing the tone and course of the investigation. The Kitch Firm has extensive experience in representing facilities in investigations and allegations by both state and federal agencies.
Voluntary Refunds and Disclosures
An effective compliance program with more likely than not uncover instances of errors in billing or otherwise, which require the refunding of payments to CMS or other sources. It may also reveal noncompliance (intentional or not) which requires disclosure to the OIG. If necessary, Kitch firm has the experience to be able to guide your organization through these processes, to work towards limiting the likelihood or scope of government intervention, minimizing the financial impact on your organization and building a foundation to defend against criminal implications if necessary.
Corporate Compliance Programs are Required
Under the Affordable Care Act, all health care providers will be required to have corporate compliance programs. Skilled nursing facilities were required to have their programs implemented by March 23, 2013. However, corporate compliance programs are not new. In 1991, the federal government enacted the Organizational Sentencing Guidelines (Chapter 8 of the Federal Sentencing Guidelines), with the goal of encouraging “good corporate citizenship”. The Sentencing Guidelines make the penalties for corporate crime both uniform and predictable. Penalties under the guidelines include fines and imprisonment, as well as an integrity agreement or “corporate probation.” In the case of a corporation which does not have an effective compliance program in place, an “integrity agreement” is mandatory. An integrity agreement or “probation” involves federal compulsory monitoring of the organization and adoption of a government imposed compliance program, which can be far more expensive and intrusive than a voluntary compliance program.
Promote Ethical and Lawful Conduct
Much like the name infers, the Guidelines provide a base fine for each crime or violation which is then either increased or decreased based upon the presence of certain aggravating and/or mitigating factors. Each crime or violation is assigned a base fine, which is One such mitigating factor is the existence of an effective corporate compliance program. Under the Guidelines, an organization which has an effective corporate compliance program might avoid corporate “probation” and criminal prosecution, or at the very least receive a reduced fine. Effective corporate compliance programs have reduced settlements with the federal government by as much as 95%. The Federal Sentencing Guidelines incentivize corporate compliance programs for all types of corporate organizations and industry, not just healthcare.
Oversight of Medicare & Medicaid Programs
According to its website, the Health and Human Services (HHS) Office of the Inspector General (OIG) (HHS OIG) is “the largest inspector general’s office in the Federal Government, with more than 1,700 employees dedicated to combating fraud, waste and abuse and to improving the efficiency of HHS programs. A majority of OIG’s resources goes toward the oversight of Medicare and Medicaid — programs that represent a significant part of the Federal budget and that affect this country’s most vulnerable citizens.” The OIG is responsible for policing healthcare provider compliance.
This is one of the biggest, time consuming, parts of a compliance program. The OIG states that every compliance program should develop and distribute written compliance standards, procedures, and practices that guide the organization and the conduct of its employees throughout day-to-day operations. They should be developed under the direction and supervision of the compliance officer, compliance committee, and operational managers. They should be distributed to anyone affected including employees, vendors, physicians, contractors, etc. There should not only be general compliance policies, but also specific policies and procedures for various clinical, financial, and administrative functions of the organization.
Code of Conduct
In addition to the standard “policies and procedures” an organization needs a Code of Conduct. A Code of Conduct is a “Corporate Statement of Principles” that guides the organization. It should function like a Constitution or a Mission Statement. It should detail the fundamental principles, values and framework for action within the organization. It should contain the basic legal principles under which the organization must operate and how employees should respond to violations of the Code of Conduct. It does not have to be complicated. It should be brief and easily readable; speaking to all employees.
Specific Risk Areas
Providers don’t necessarily have to develop a new, comprehensive set of policies as part of their compliance program if existing policies effectively encompass the provider’s operations and relevant rules. However, providers should conduct a baseline assessment of risk areas (compliance reviews). The OIG has developed a list of risk areas affecting various providers which is included in its model compliance guidance. Additionally, the OIG releases its workplan each year which identifies additional areas of concern. These should be viewed as a starting point for an internal review of vulnerabilities. Make sure there are policies and procedures that address each of the risk areas.
To begin to assess your policies and procedures, you may use our Corporate Compliance Policy Audit & Crosswalk, available at Corporate Compliance Policy Audit Crosswalk 2022.
Creation and Retention of Records
A provider should establish policies and procedures regarding the creation, distribution, retention, and destruction of documents. For skilled nursing facilities, policies should provide for the complete, accurate, and timely documentation of all nursing and therapy services, including subcontracted services, as well as MDS information. The OIG states that facilities should have policies covering the retention and destruction for at least the following types of documents:
Compliance as an Element of Employee Performance
An effective compliance program should have policies for evaluating employee performance which utilizes the promotion of, and adherence to, the elements of the compliance program as a factor in the evaluation. Managers and supervisors should be disciplined for failing to adequately instruct their subordinates or for failing to detect noncompliance with applicable policies and legal requirements, where reasonable diligence would have led to the discovery of any problems or violations and given the nursing facility the opportunity to correct them earlier. Conversely, those supervisors who have demonstrated leadership in the advancement of the company’s code of conduct and compliance objectives should be singled out for recognition. To measure the effectiveness of this element of the program, the OIG suggests evaluating several areas. Do employees experience recurring pitfalls because the guidance on certain issues is not adequately covered in company policies? Do employees flagrantly disobey an organization’s standards of conduct because they observe no sincere buy-in from senior management? Do employees have trouble understanding policies and procedures because they are written in legalese or at difficult reading levels? Does an organization routinely experience systematic billing failures because of poor instructions to employees on how to implement written policies and practices?
The purpose of the Compliance Committee is to advise the compliance officer and to assist in the implementation of the compliance program. The Compliance Committee benefits from having members with various backgrounds that they bring to the table such as operations, finance, audit, human resources, and clinical management (e.g., the medical director), as well as employees and managers of key operating units. The Compliance Officer needs to be an integral part of the committee.
The OIG has outlined certain functions that should be considered by the Compliance Committee:
The education and training of all personnel is imperative to an effective compliance program. This includes corporate officers, managers, health care professionals at all levels. Training should not only include summarizing the organization’s compliance program, fraud and abuse laws, and Federal health care program and private payor requirements, but also on areas specific to the employees job requirements. The organization must communicate effectively its standards and procedures to all affected employees, physicians, independent contractors, and other significant agents by requiring participation in such training programs or by other means, such as disseminating publications.
Training can come from the inside or hired from the outside. New employees should be trained as soon as possible. Training programs and materials should be tailored to the audience; designed to take into account the skills, experience, and knowledge of the individual trainees. The compliance officer should document any formal training undertaken by the nursing facility as part of the compliance program. In addition to training on the specific risk areas, the OIG also suggests:
The OIG suggests that the requirements for training each year be specific to all employees and also by discipline. Training should be a factor in job performance evaluations. The OIG also suggests that organizations give vendors and outside contractors the opportunity to participate in the nursing facility’s compliance training and educational programs. Such training is particularly important for facilities that rely on agencies to provide temporary direct care staff. The introduction of consolidated billing gives added importance to educating vendors about the facility’s compliance policies and procedures.
Evaluation of the effectiveness of this element should at least address the following questions. How frequently are employees trained? Are employees tested after training? Do the training sessions and materials adequately summarize the important aspects of the organization’s compliance program? Are training instructors qualified to present the subject matter and field questions?
There must be a means for individuals to report compliance concerns. First and foremost, the first line supervisors should be play a key role in responding to concerns, but should not undermine the role of the Compliance Officer. First line supervisors can also be key in enforcing policies against retaliation.
There should be open lines of communication with the Compliance Officer. In addition to serving as a contact point for reporting problems, the compliance officer should be viewed as someone to whom personnel can go to get clarification on the facility’s policies.
An organization can use hotlines and other forms of communication such as email, newsletters and suggestion boxes. If the organization establishes a hotline, the telephone number should be made readily available to all employees, independent contractors, residents, and family members by circulating the number on wallet cards or conspicuously posting the telephone number in common work areas. Individuals should be able to report compliance concerns anonymously. The compliance officer should maintain a log that records such calls, including the nature of any investigation and its results. Such information, redacted of individual identifiers, should be included in reports to the governing body, the CEO, and compliance committee.
When evaluating the effectiveness of this element, the organization should consider the following questions. Do policies and procedures adequately guide employees to whom and when they should be communicating compliance matters? Are employees confident that they can report compliance matters to management without fear of retaliation? Are employees reporting issues through the proper channels? Do employees have the proper motives for reporting compliance matters?
An effective compliance program should have very clear policies that set out the consequences of violating the organization’s standards of conduct, policies, and procedures. The punishment should fit the crime. For example, intentional noncompliance should subject violators to significant sanctions. Such sanctions could be as severe as termination, or financial penalties, as appropriate. Disciplinary action may be appropriate where a responsible employee’s failure to detect a violation is attributable to his or her negligence or reckless conduct.
It is imperative to disseminate the range of disciplinary standards for improper conduct and to educate employees regarding these standards. Often this is contained in the employee handbook. The consequences of noncompliance should be consistently applied and enforced, in order for the disciplinary policy to have the required deterrent effect. All levels of employees should be potentially subject to the same types of disciplinary action for the commission of similar offenses, because the commitment to compliance applies to all personnel within an organization. This means corporate officers to CNAs to Administrators.
In evaluating the effectiveness of the organizations disciplinary processes, the organization should consider the following questions. Have appropriate sanctions been applied to compliance misconduct? Are sanctions applied to all employees consistently, regardless of an employee’s level in the corporate hierarchy? Have double-standards in discipline bred cynicism among employees?
An effective compliance program should incorporate and ongoing evaluation program, the extent of which is guided by the size of the organization and its resources. The Compliance Officer should document the ongoing monitoring and report back to senior management as well as the compliance committee. The OIG suggest that one effective tool is the performance of regular, periodic compliance audits by internal or external evaluators who have expertise in Federal and State health care statutes, regulations, and program requirements, as well as private payor rules. These assessments should focus both on the nursing facility’s day-to-day operations, as well as its adherence to the rules governing claims development, billing and cost reports, and relationships with third parties. The OIG recommends that when a compliance program is established in a nursing facility, the compliance officer, with the assistance of department managers, should take a ‘‘snapshot’’ of their operations from a compliance perspective. This assessment can be undertaken by outside consultants or internal staff, provided they have knowledge of health care program requirements. This ‘‘snapshot’’ can serve as a baseline for the compliance officer and other managers to judge the nursing facility’s progress in reducing potential areas of vulnerability.
The OIG suggests the following means for ongoing evaluation:
The organization should make every effort to ensure that they are using the appropriate reviewers to conduct the evaluations/monitoring. The reviewers should:
In evaluating the effectiveness of the organizations auditing and monitoring, the organization should consider the following questions. In evaluating the effectiveness of the organizations disciplinary processes, the organization should consider the following questions. Do audits focus on all pertinent departments of an organization? Does an audit cover compliance with all applicable laws, as well as Federal and private payor requirements? Are results of past audits, pre-established baselines, or prior deficiencies reevaluated? Are the elements of the compliance program monitored? Are auditing techniques valid and conducted by objective reviewers?
Ultimately, what the organization does when there is an allegation of a compliance problem is key to the program’s effectiveness. The compliance officer or other management officials must immediately investigate the allegations to determine whether a material violation of applicable law or the requirements of the compliance program has occurred and, if so, take decisive steps to correct the problem. Such steps may include a corrective action plan, the return of any overpayment, a report to the Government, and/or a referral to criminal and/or civil law enforcement authorities. This will become more important when CMS publishes its final rule on disclosure. In any event, the organization should take measures to stop any potential fraudulent activity until the outcome of the investigation has been decided.
When there are indications of potential fraud, it may be prudent to engage compliance counsel to conduct the investigation. The OIG believes that the investigative file should contain documentation of the alleged violation, a description of the investigative process (including the objectivity of the investigators and methodologies utilized), copies of interview notes and key documents, a log of the witnesses interviewed and the documents reviewed, the results of the investigation, e.g., any disciplinary action taken, and the corrective action implemented. The organization should have policies and procedures for conducting investigations.
To evaluate the effectiveness of its response to compliance issues, an organization should consider the following questions. What is the correlation between the deficiency identified and the corrective action necessary to remedy? Are isolated overpayment matters properly resolved through normal repayment channels? Is credible evidence of misconduct that may violate criminal, civil or administrative law promptly reported to the appropriate Federal and State authorities?