Senior Living Corporate Compliance

Evaluate Your Organization’s Current Compliance Program

Whether your organization needs a top to bottom compliance program or just an assessment of the effectiveness of your current program, we can work with your organization towards an effective model that is specific to your needs. All corporate compliance programs are required to have particular elements. While the basic elements remain the same for all compliance programs, we do not believe in a one size fits all compliance program. We tailor our programs to fit each client’s business model, corporate culture, and financial resources. As an example, rather than simply providing potentially unnecessary, duplicative, and potentially conflicting corporate compliance policies, we recommend a review of current facility policies to determine which, if any, new policies are necessary, if current policies need to be revised, or if current policies will work in developing an effective compliance program. We have found that this saves our clients time and money as well as eases the transition of a facility and its employees to a culture of compliance by taking advantage of known systems already in place.

On Call to Answer Compliance Concerns

The attorneys at the Kitch Firm understand the unique nature of health care, most importantly, that compliance concerns arise 24 hours a day. We provide our clients with after-hours numbers so there is assistance available with emergencies at any time.

Attorney-Client Protected Audits

An effective compliance program requires ongoing audits and monitoring of identified risk areas. There are, however, instances where it would be prudent to conduct audits under the attorney-client privilege. Some examples of instances where the attorney-client privilege would be beneficial include audits of high risk areas, new risk areas, areas that may not be covered by the quality assurance or peer review privileges, or audits responding to compliance concerns or complaints. Depending on the particular compliance concern, the Kitch Firm is able to conduct the audit or we partner with experts or even the facility itself to evaluate the validity or extent of a compliance issue.

Compliance Investigations

Once a compliance concern is suspected or identified, the Kitch Firm is able to direct or conduct an investigation of that concern. Under the attorney-client privilege, we are able to analyze the outcome of the investigation and provide legal guidance on a response if necessary.

Response to Government Investigations

It is never pleasant when a facility is served with a subpoena or is subject to a search warrant. The initial response of the facility and its employees to a government investigation may be crucial in establishing the tone and course of the investigation. The Kitch Firm has extensive experience in representing facilities in investigations and allegations by both state and federal agencies.

Voluntary Refunds and Disclosures

An effective compliance program with more likely than not uncover instances of errors in billing or otherwise, which require the refunding of payments to CMS or other sources. It may also reveal noncompliance (intentional or not) which requires disclosure to the OIG. If necessary, Kitch firm has the experience to be able to guide your organization through these processes, to work towards limiting the likelihood or scope of government intervention, minimizing the financial impact on your organization and building a foundation to defend against criminal implications if necessary.

Corporate Compliance Programs are Required

Under the Affordable Care Act, all health care providers will be required to have corporate compliance programs. Skilled nursing facilities were required to have their programs implemented by March 23, 2013. However, corporate compliance programs are not new. In 1991, the federal government enacted the Organizational Sentencing Guidelines (Chapter 8 of the Federal Sentencing Guidelines), with the goal of encouraging “good corporate citizenship”. The Sentencing Guidelines make the penalties for corporate crime both uniform and predictable. Penalties under the guidelines include fines and imprisonment, as well as an integrity agreement or “corporate probation.” In the case of a corporation which does not have an effective compliance program in place, an “integrity agreement” is mandatory. An integrity agreement or “probation” involves federal compulsory monitoring of the organization and adoption of a government imposed compliance program, which can be far more expensive and intrusive than a voluntary compliance program.

Promote Ethical and Lawful Conduct

Much like the name infers, the Guidelines provide a base fine for each crime or violation which is then either increased or decreased based upon the presence of certain aggravating and/or mitigating factors. Each crime or violation is assigned a base fine, which is One such mitigating factor is the existence of an effective corporate compliance program. Under the Guidelines, an organization which has an effective corporate compliance program might avoid corporate “probation” and criminal prosecution, or at the very least receive a reduced fine. Effective corporate compliance programs have reduced settlements with the federal government by as much as 95%. The Federal Sentencing Guidelines incentivize corporate compliance programs for all types of corporate organizations and industry, not just healthcare.

Oversight of Medicare & Medicaid Programs

According to its website, the Health and Human Services (HHS) Office of the Inspector General (OIG) (HHS OIG) is “the largest inspector general’s office in the Federal Government, with more than 1,700 employees dedicated to combating fraud, waste and abuse and to improving the efficiency of HHS programs. A majority of OIG’s resources goes toward the oversight of Medicare and Medicaid — programs that represent a significant part of the Federal budget and that affect this country’s most vulnerable citizens.” The OIG is responsible for policing healthcare provider compliance.

This is one of the biggest, time consuming, parts of a compliance program. The OIG states that every compliance program should develop and distribute written compliance standards, procedures, and practices that guide the organization and the conduct of its employees throughout day-to-day operations. They should be developed under the direction and supervision of the compliance officer, compliance committee, and operational managers. They should be distributed to anyone affected including employees, vendors, physicians, contractors, etc. There should not only be general compliance policies, but also specific policies and procedures for various clinical, financial, and administrative functions of the organization.

Code of Conduct

In addition to the standard “policies and procedures” an organization needs a Code of Conduct. A Code of Conduct is a “Corporate Statement of Principles” that guides the organization. It should function like a Constitution or a Mission Statement. It should detail the fundamental principles, values and framework for action within the organization. It should contain the basic legal principles under which the organization must operate and how employees should respond to violations of the Code of Conduct. It does not have to be complicated. It should be brief and easily readable; speaking to all employees.

Specific Risk Areas

Providers don’t necessarily have to develop a new, comprehensive set of policies as part of their compliance program if existing policies effectively encompass the provider’s operations and relevant rules. However, providers should conduct a baseline assessment of risk areas (compliance reviews). The OIG has developed a list of risk areas affecting various providers which is included in its model compliance guidance. Additionally, the OIG releases its workplan each year which identifies additional areas of concern. These should be viewed as a starting point for an internal review of vulnerabilities. Make sure there are policies and procedures that address each of the risk areas.

To begin to assess your policies and procedures, you may use our Corporate Compliance Policy Audit & Crosswalk, available at Corporate Compliance Policy Audit Crosswalk 2022.

Creation and Retention of Records

A provider should establish policies and procedures regarding the creation, distribution, retention, and destruction of documents. For skilled nursing facilities, policies should provide for the complete, accurate, and timely documentation of all nursing and therapy services, including subcontracted services, as well as MDS information. The OIG states that facilities should have policies covering the retention and destruction for at least the following types of documents:

• all records and documentation (e.g., billing and claims documentation) required for participation in Federal, State, and private health care programs, including the resident assessment instrument, the comprehensive plan of care and all corrective actions taken in response to surveys;
• all records, documentation, and audit data that support and explain cost reports and other financial activity, including any internal or external compliance monitoring activities; and
• all records necessary to demonstrate the integrity of the nursing facility compliance process and to confirm the effectiveness of the program.

Compliance as an Element of Employee Performance

An effective compliance program should have policies for evaluating employee performance which utilizes the promotion of, and adherence to, the elements of the compliance program as a factor in the evaluation. Managers and supervisors should be disciplined for failing to adequately instruct their subordinates or for failing to detect noncompliance with applicable policies and legal requirements, where reasonable diligence would have led to the discovery of any problems or violations and given the nursing facility the opportunity to correct them earlier. Conversely, those supervisors who have demonstrated leadership in the advancement of the company’s code of conduct and compliance objectives should be singled out for recognition. To measure the effectiveness of this element of the program, the OIG suggests evaluating several areas. Do employees experience recurring pitfalls because the guidance on certain issues is not adequately covered in company policies? Do employees flagrantly disobey an organization’s standards of conduct because they observe no sincere buy-in from senior management? Do employees have trouble understanding policies and procedures because they are written in legalese or at difficult reading levels? Does an organization routinely experience systematic billing failures because of poor instructions to employees on how to implement written policies and practices?

Compliance Officer

• overseeing and monitoring implementation of the compliance program;
• reporting on a regular basis to the nursing facility’s governing body, CEO, and compliance committee (if applicable) on the progress of implementation, and assisting these components in establishing methods to improve the nursing facility’s efficiency and quality of services, and to reduce the facility’s vulnerability to fraud, abuse, and waste;
• periodically revising the program in light of changes in the organization’s needs, and in the law and policies of Government and private payor health plans;
• developing, coordinating, and participating in a multifaceted educational and training program that focuses on the elements of the compliance program, and seeking to ensure that all relevant employees and management understand and comply with pertinent Federal and State standards;
• ensuring that independent contractors and agents who furnish physician, nursing, or other health care services to the residents of the nursing facility are aware of the residents’ rights as well as requirements of the nursing facility’s compliance program applicable to the services they provide;
• coordinating personnel issues with the nursing facility’s Human Resources/ Personnel office (or its equivalent) to ensure that (i) the National Practitioner Data Bank has been checked with respect to all medical staff and independent contractors (as appropriate) and (ii) the OIG’s List of Excluded Individuals/Entities has been checked with respect to all employees, medical staff, and independent contractors;
• assisting the nursing facility’s financial management in coordinating internal compliance review and monitoring activities, including annual or periodic reviews of departments;
• independently investigating and acting on matters related to compliance, including the flexibility to design and coordinate internal investigations (e.g., responding to reports of problems or suspected violations) and any resulting corrective action (e.g., making necessary improvements to nursing facility policies and practices, taking appropriate disciplinary action, etc.) with all nursing facility departments, subcontracted providers, and health care professionals under the nursing facility’s control
• participating with facility’s counsel in the appropriate reporting of self-discovered violations of program requirements; and continuing the momentum of the compliance program after the initial years of implementation.

Compliance Committee

The purpose of the Compliance Committee is to advise the compliance officer and to assist in the implementation of the compliance program. The Compliance Committee benefits from having members with various backgrounds that they bring to the table such as operations, finance, audit, human resources, and clinical management (e.g., the medical director), as well as employees and managers of key operating units. The Compliance Officer needs to be an integral part of the committee.

The OIG has outlined certain functions that should be considered by the Compliance Committee:

• analyzing the legal requirements with which the nursing facility must comply, and specific risk areas;
• assessing existing policies and procedures that address these risk areas for possible incorporation into the compliance program;
• working with appropriate departments to develop standards of conduct and policies and procedures to promote compliance with legal and ethical requirements;
• recommending and monitoring, in conjunction with the relevant departments, the development of internal systems and controls to carry out the organization’s policies;
• determining the appropriate strategies and approaches to promote compliance with program requirements and detection of any potential violations, such as through hotlines and other fraud reporting mechanisms;
• developing a system to solicit, evaluate, and respond to complaints and problems; and
• monitoring internal and external audits and investigations for the purpose of identifying deficiencies, and implementing corrective action.
• The evaluation of this element should address several questions. Does a compliance officer have sufficient professional experience working with billing, clinical records, documentation, and auditing principles to perform assigned responsibilities fully? Has a compliance officer or compliance committee been unsuccessful in fulfilling their duties because of inadequate funding, staff, and authority necessary to carry out their jobs? Did the addition of the compliance officer function to a key management position with other significant duties compromise the goals of the compliance program (e.g., chief financial officer who discounts certain overpayments identified to improve the company’s bottom line profits)?

The education and training of all personnel is imperative to an effective compliance program. This includes corporate officers, managers, health care professionals at all levels. Training should not only include summarizing the organization’s compliance program, fraud and abuse laws, and Federal health care program and private payor requirements, but also on areas specific to the employees job requirements. The organization must communicate effectively its standards and procedures to all affected employees, physicians, independent contractors, and other significant agents by requiring participation in such training programs or by other means, such as disseminating publications.

Training can come from the inside or hired from the outside. New employees should be trained as soon as possible. Training programs and materials should be tailored to the audience; designed to take into account the skills, experience, and knowledge of the individual trainees. The compliance officer should document any formal training undertaken by the nursing facility as part of the compliance program. In addition to training on the specific risk areas, the OIG also suggests:

• compliance with Medicare participation requirements relevant to their respective duties and responsibilities;
• appropriate and sufficient documentation;
• prohibitions on paying or receiving remuneration to induce referrals;
• proper documentation in clinical or financial records;
• residents’ rights; and
• the duty to report misconduct.

The OIG suggests that the requirements for training each year be specific to all employees and also by discipline. Training should be a factor in job performance evaluations. The OIG also suggests that organizations give vendors and outside contractors the opportunity to participate in the nursing facility’s compliance training and educational programs. Such training is particularly important for facilities that rely on agencies to provide temporary direct care staff. The introduction of consolidated billing gives added importance to educating vendors about the facility’s compliance policies and procedures.

Evaluation of the effectiveness of this element should at least address the following questions. How frequently are employees trained? Are employees tested after training? Do the training sessions and materials adequately summarize the important aspects of the organization’s compliance program? Are training instructors qualified to present the subject matter and field questions?

There must be a means for individuals to report compliance concerns. First and foremost, the first line supervisors should be play a key role in responding to concerns, but should not undermine the role of the Compliance Officer. First line supervisors can also be key in enforcing policies against retaliation.

There should be open lines of communication with the Compliance Officer. In addition to serving as a contact point for reporting problems, the compliance officer should be viewed as someone to whom personnel can go to get clarification on the facility’s policies.

An organization can use hotlines and other forms of communication such as email, newsletters and suggestion boxes. If the organization establishes a hotline, the telephone number should be made readily available to all employees, independent contractors, residents, and family members by circulating the number on wallet cards or conspicuously posting the telephone number in common work areas. Individuals should be able to report compliance concerns anonymously. The compliance officer should maintain a log that records such calls, including the nature of any investigation and its results. Such information, redacted of individual identifiers, should be included in reports to the governing body, the CEO, and compliance committee.

When evaluating the effectiveness of this element, the organization should consider the following questions. Do policies and procedures adequately guide employees to whom and when they should be communicating compliance matters? Are employees confident that they can report compliance matters to management without fear of retaliation? Are employees reporting issues through the proper channels? Do employees have the proper motives for reporting compliance matters?

An effective compliance program should have very clear policies that set out the consequences of violating the organization’s standards of conduct, policies, and procedures. The punishment should fit the crime. For example, intentional noncompliance should subject violators to significant sanctions. Such sanctions could be as severe as termination, or financial penalties, as appropriate. Disciplinary action may be appropriate where a responsible employee’s failure to detect a violation is attributable to his or her negligence or reckless conduct.

It is imperative to disseminate the range of disciplinary standards for improper conduct and to educate employees regarding these standards. Often this is contained in the employee handbook. The consequences of noncompliance should be consistently applied and enforced, in order for the disciplinary policy to have the required deterrent effect. All levels of employees should be potentially subject to the same types of disciplinary action for the commission of similar offenses, because the commitment to compliance applies to all personnel within an organization. This means corporate officers to CNAs to Administrators.

In evaluating the effectiveness of the organizations disciplinary processes, the organization should consider the following questions. Have appropriate sanctions been applied to compliance misconduct? Are sanctions applied to all employees consistently, regardless of an employee’s level in the corporate hierarchy? Have double-standards in discipline bred cynicism among employees?

An effective compliance program should incorporate and ongoing evaluation program, the extent of which is guided by the size of the organization and its resources. The Compliance Officer should document the ongoing monitoring and report back to senior management as well as the compliance committee. The OIG suggest that one effective tool is the performance of regular, periodic compliance audits by internal or external evaluators who have expertise in Federal and State health care statutes, regulations, and program requirements, as well as private payor rules. These assessments should focus both on the nursing facility’s day-to-day operations, as well as its adherence to the rules governing claims development, billing and cost reports, and relationships with third parties. The OIG recommends that when a compliance program is established in a nursing facility, the compliance officer, with the assistance of department managers, should take a ‘‘snapshot’’ of their operations from a compliance perspective. This assessment can be undertaken by outside consultants or internal staff, provided they have knowledge of health care program requirements. This ‘‘snapshot’’ can serve as a baseline for the compliance officer and other managers to judge the nursing facility’s progress in reducing potential areas of vulnerability.

The OIG suggests the following means for ongoing evaluation:

• testing the billing and claims reimbursement staff on its knowledge of applicable program requirements and claims and billing criteria;
• unannounced mock surveys and audits;
• examination of the organization’s complaint logs and investigative files; legal assessment of all contractual relationships with contractors, consultants and potential referral sources;
• reevaluation of deficiencies cited in past surveys for State requirements and Medicare participation requirements;
• checking personnel records to determine whether individuals who previously have been reprimanded for compliance issues are now conforming to facility policies;
• questionnaires developed to solicit impressions of a broad cross-section of the nursing facility’s employees and staff concerning adherence to the code of conduct and policies and procedures, as well as their work loads and ability to address the residents’ activities of daily living;
• validation of qualifications of nursing facility physicians and other staff, including verification of applicable State license renewals;
• trend analysis, or longitudinal studies, that uncover deviations in specific areas over a given period; and
• analyzing past survey reports for patterns of deficiencies to determine if the proposed corrective plan of action identified and corrected the underlying problem.

The organization should make every effort to ensure that they are using the appropriate reviewers to conduct the evaluations/monitoring. The reviewers should:

• have the qualifications and experience necessary to adequately identify potential issues with the subject matter that is reviewed;
• be objective and independent of line management to the extent reasonably possible;
• have access to existing audit and health care resources, relevant personnel, and all relevant areas of operation;
• present written evaluative reports on compliance activities to the CEO, governing body, and members of the compliance committee on a regular basis, but no less often than annually; and
• specifically identify areas where corrective actions are needed.

In evaluating the effectiveness of the organizations auditing and monitoring, the organization should consider the following questions. In evaluating the effectiveness of the organizations disciplinary processes, the organization should consider the following questions. Do audits focus on all pertinent departments of an organization? Does an audit cover compliance with all applicable laws, as well as Federal and private payor requirements? Are results of past audits, pre-established baselines, or prior deficiencies reevaluated? Are the elements of the compliance program monitored? Are auditing techniques valid and conducted by objective reviewers?

Ultimately, what the organization does when there is an allegation of a compliance problem is key to the program’s effectiveness. The compliance officer or other management officials must immediately investigate the allegations to determine whether a material violation of applicable law or the requirements of the compliance program has occurred and, if so, take decisive steps to correct the problem. Such steps may include a corrective action plan, the return of any overpayment, a report to the Government, and/or a referral to criminal and/or civil law enforcement authorities. This will become more important when CMS publishes its final rule on disclosure. In any event, the organization should take measures to stop any potential fraudulent activity until the outcome of the investigation has been decided.

When there are indications of potential fraud, it may be prudent to engage compliance counsel to conduct the investigation. The OIG believes that the investigative file should contain documentation of the alleged violation, a description of the investigative process (including the objectivity of the investigators and methodologies utilized), copies of interview notes and key documents, a log of the witnesses interviewed and the documents reviewed, the results of the investigation, e.g., any disciplinary action taken, and the corrective action implemented. The organization should have policies and procedures for conducting investigations.

To evaluate the effectiveness of its response to compliance issues, an organization should consider the following questions. What is the correlation between the deficiency identified and the corrective action necessary to remedy? Are isolated overpayment matters properly resolved through normal repayment channels? Is credible evidence of misconduct that may violate criminal, civil or administrative law promptly reported to the appropriate Federal and State authorities?

CMS Survey and Certification Memos

OIG Advisory Opinions

Special Fraud Alerts

OIG Compliance Education Material

OIG Work Plan

OIG Office of Evaluations and Inspection Reports

OIG Health Care Fraud and Abuse Control Program Report

Corporate Compliance Policy Audit Crosswalk 2022