OIG Video Series – Effective Compliance Program Development

The Office of Inspector General (“OIG”) has released a series of videos relating to compliance issues.  Recent videos cover compliance program/type and basic elements of compliance programs.  Access OIG Compliance Videos

Recent OIG advice includes:

• Foster a culture of compliance
• Devote adequate resources to compliance
• Create useful policies and procedures
• Train your staff
  • Offer training often
  • Be creative with training to foster interest
  • Stay current on compliance issues
  • Promote communication
    • Be visible within your organization
    • Communicate the hotline
    • Communicate and reinforce non-retaliation for making complaints
    • Take appropriate corrective action
• Team approach to investigations
• Investigate to resolution
• Create appropriate corrective action
• Use results to improve compliance process
• Conduct regular audits
• Determine risk areas
  • Coding
  • Contracts
  • Quality of care
  • Review compliance program regularly

 Access OIG Compliance Videos

Mandatory Compliance Programs Under the Affordable care Act

Now Is The Time To Re-Examine Compliance “Best Practices” In Your Organization

Historically, compliance programs have not been per se mandatory.  However, most larger health care organizations have established formal compliance programs to foster an atmosphere of compliance and to take advantage of possible benefits under the Federal Sentencing Guidelines.  The Patient Protection and Affordable Care Act of 2010 has made compliance programs mandatory for many providers.  The exact scope of what type of provider will be required to establish formal compliance programs has not yet been set in stone by the Office of Inspector General.  However, it can probably be expected that most providers will be required to formalize their compliance efforts.

Institutional health care compliance has been growing for well over a decade now.  Compliance is becoming of major importance to health care providers of all nature and size.  The OIG has promoted compliance programs by releasing compliance guidance covering a number of industries, including billing companies, physician practices, hospitals, home health agencies, long term care facilities, ambulatory surgery centers and others.  Smaller providers who have previously not had the establishment of formal compliance programs on their radar will now be required to adopt formal plans.

It is not enough to simply adopt a compliance plan, place it on a shelf, and let it collect dust.  A compliance program requires active monitoring.  There are seven basic elements that are necessary for a compliance program to meet regulatory requirements and the requirements under the Federal Sentencing Guidelines.  The seven primary elements of an effective compliance program include:

1)      The establishment of written compliance policies and procedures;

2)      The designation of a high ranking individual within the organization to serve as compliance officer;

3)      The establishment of an effective training and education program for all levels of personnel;

4)      The establishment of effective lines of communication, such as a compliance hotline,  to enable individuals within the organization to report compliance breaches;

5)      Performing ongoing internal auditing and monitoring

6)      The creation of a system that enforces breaches of the compliance program including appropriate discipline and corrective measures

7)      The establishment of effective measures to respond to compliance problems that are detected.

 An effective compliance program establishes an atmosphere of compliance that permeates the entire organization.  A compliance program should be tailored to the specific circumstances of the provider.  The program should also feed and grow on itself.  As problems are detected appropriate changes should be made to the program and related policies and procedures.

 Mandatory compliance programs also highlight the importance of compliance on larger institutions who may have already adopted formal programs.  These institutions should take the signal that compliance is of growing importance.   Providers who have already adopted compliance plans should take the opportunity to dust them off and re-examine the role of compliance within their organization.  Now is the time to increase the focus on compliance and assure that compliance is an active system rather than a written plan that is sitting on the shelf.

Best Practices In Compliance Program Operation

 Given the increased importance of compliance, it is helpful to for providers to get a feel for what constitutes “best practice” when operating a compliance program.  “Best Practices” is a term that is thrown around all of the time in the business world.  It is used in many contexts and takes on a variety of meanings depending on who is using it and for what purpose.  Wikipedia defines “best practices” as follows:

Best practices are generally-accepted, informally-standardized techniques, methods or processes that have proven themselves over time to accomplish given tasks. Often based upon common sense, these practices are commonly used where no specific formal methodology is in place or the existing methodology does not sufficiently address the issue. The idea is that with proper processes, checks and testing, a desired outcome can be delivered more effectively with fewer problems and unforeseen complications. In addition, a “best” practice can evolve to become better as improvements are discovered.  Best practice is considered by some as a business buzzword, used to describe the process of developing and following a standard way of doing things that multiple organizations can use.  http://en.wikipedia.org/wiki/Best_practice

As I was thinking about the concept of “best practices” in health care compliance, the Wikipedia definition seems to fall al little bit short of what I would have in mind when discussing “best practices” in health care compliance programs.

The Miriam-Webster Dictionary defines “Best” as the superlative form of “good.”  “Best” means “excelling all others” and “offering or producing the greatest advantage, utility, or satisfaction.”  I believe that the definition from Wikipedia is an accurate depiction of what the term “best practices” has become in the business world.  The term has been thrown around loosely to the  point that is no longer carries the meaning of the plain words that make up the two word “buzzword.”

In the health care compliance context, I believe that it is not advisable to direct you efforts toward the standard “buzzword” meaning of “best practices.”  Instead, you should focus toward attempting to achieve the meaning of “best practices” that is tied to the superlative form of the word “good.”  You should not focus on the “we are doing what everyone else is doing” or the “what we are doing will pass by in most cases” version of best practices when looking at your compliance plan.  The consequences of that approach could easily come back to bite you in the superlative.

 In reality, you may never be able to meet the truly “best” standard.  However, the point of the compliance program requirement is that you are trying to make your compliance program and your organization “the best” when it comes to compliance.  Here are a few tips to help you attempt to meet the “best practices” standard:

 1.         Act as if you are under a Corporate Integrity Agreement.  Always assume that the government is looking over your shoulder and that you will be called upon at some point to justify the effectiveness of your compliance program.

2.         Follow the government guidelines to the tee.  Familiarize yourself with the Federal Sentencing Guidelines and OIG Industry Guidance and integrate these requirements into your compliance plan.

3.         Keep up with government releases, speeches, regulations, comments, advisory opinions, and all other communication that help to define your obligations.

4.         Make your compliance plan a “living and breathing” documents that is continually up for revision based on specific things that you learn about your specific organizations.

5.         Make sure your compliance officer focuses on compliance and does not wear other hats that compete for time, attention or perspective.

6.         Make certain that sufficient resources are devoted to compliance.  Adopt the view that it is better to spend money on compliance that to pay for mistakes down the road.

 If there is any area where you are not able to achieve “best practices” for financial or other reasons, be prepared to justify your shortcomings.  Key to all of this is to operate as if you will someday be required to defend the effectiveness of your compliance program.  In all likelihood you will someday be in exactly that position given the current state of the health care industry and mentality of the governmental agencies that are charged with enforcement.

 These are just a few tips to get you thinking about your compliance approach.  Health care reform has made compliance programs mandatory for the first time.  There are also multiple indications that the government wants organizations to devote more to compliance as a way to save health care costs.  It is clearly time for organizations of all types and sizes to re-focus their efforts on compliance within their organizations.

Basic Elements of An Effective Compliance Program

Developing a compliance program that will be effective to reduce internal and external risk is a “practice specific activity.”  There is no “one size fits all” compliance program and there is no good “off the shelf” form solution.  There are certainly vendors, consultants and lawyers out there who would like you to believe that you can take a form, make a few changes and fill in a few blanks, and create an effective compliance program for your organization.  This approach really misses the point of what is required in order to develop and effective program.  Certainly the written plan is an important and necessary part of the compliance effort.  However, even more important is the process that you go through to develop the compliance plan.

 Establishing a compliance program requires you to perform a risk assessment on your specific organization and document the outcomes of that assessment.  The risk assessment could take many forms.  Compliance professionals talk about a “gap analysis” which is an approach to help determine the vulnerabilities of your organization.  A lawyer or compliance professional that has specific training and background in performing legal risk analysis can help you design an appropriate risk analysis process.  The primary point here is that this process needs to be organization specific rather than based on a pre-canned form.  You need to score your areas of risk and provide emphasis to appropriate areas of risk that are identified through your risk assessment.

 All compliance programs will have language regarding compliance with fraud and abuse, anti-kickback statutes, HIPAA and other health care laws.  It means virtually nothing to simply adopt a pre-canned policy without backing the policy up with the process that the practice went through to identify the specific risks that it faces given the specific nature of its practices, size, and specific personalities involved in the operation.

 As mentioned above, the Office of Inspector General has issued general industry guidance on compliance program development and one such guidance relates to physician practices.  This guidance, plus the general requirements of the Federal Sentencing Guidelines, provide general elements that are necessary to make a compliance program effective.  There are generally seven (7) basic core elements that are required of an effective compliance program including:

•  Adoption of written guidelines and policies to promote the organization’s commitment to compliance;
•  Identification and appointment of a high ranking individual within the organization to serve as compliance officer;
•  Establishment of anonymous reporting systems, preferably through multiple pathways, to encourage individuals to make complaints regarding compliance items without fear of retaliation;
•  Effective education and training programs for all levels of employees and others with close relationships to the organization;
•  Ongoing auditing systems to assess the effectiveness of the compliance program and to provide input into areas that require additional emphasis;
•  Mechanisms to enforce the requirements of the compliance program and to discipline employees for violations of the organization’s commitment to compliance; and
•  An ongoing system of program modification based upon audit, feedback and experience that can further adapt the compliance policies to the specific issues faced by the organization.

 Establishing Commitment From the Top of the Organization

 An important and often overlooked aspect of developing a compliance program is the need to obtain commitment from the top of the organization.  Many times in a physician practice this will mean the physician owners of the practice.  It is important that the physician have a clear understanding of the need and benefit of establishing a focused compliance program.  There will inevitably be initial expenditures involved with establishing a compliance system.  In some cases it may even necessitate retaining additional staff.  There will almost certainly be fees to outside attorneys and consultants if the organization is not large enough to hire the needed expertise internally.  It is important that sufficient resources be allocated to compliance and that the physicians and administration understand that in the long term, these expenditures will pay off by reducing the risk of institutional compliance problems.  The difficulty is that if the compliance program works to reduce risks, there will never be a serious event that proves the benefit of the expenditures.  However, if an event occurs in the future and there is no compliance program in place, the regrets will be very deep because compliance issues are much more difficult to solve if there is no compliance plan in place.

 As a practical matter, the institutional “buy-in” is often the most difficult hurdle to overcome.  It is somewhat easier now that compliance plans are becoming mandatory.  Yet there is still risks associated with under-funding compliance activities or providing enough resources to do the “bare minimum” when it comes to compliance due to a reluctant attitude on the part of physician leaders who are now being forced to develop compliance programs that they have not fully embraced. 

 Certain groups may be in a position that they have not been dependent upon institutions who have implemented compliance programs.  Some practices completely reject policies and procedures of any kind that could bind the physicians in their practices.  These organizations present the greatest challenges and unfortunately the greatest potential risk of violations of federal and state laws occurring due to the low level of leadership embracing appropriate compliance activities.  Even as these groups are forced to adopt compliance programs, they present the greatest residual risk because of a low level of physician commitment.

 We suggest that physician practices begin the process of implementing formal compliance programs immediately to provide more time to gain physician commitment and appropriately assess the risks associated with the specific practice.  It takes a great deal of time to develop a system for establishing compliance programs, perform a “gap analysis” or other baseline analysis, perform employee interviews and take other steps to identify specific risk areas.  Developing a compliance program is much more than simply adopting a form compliance program.  Even though the precise effective date that compliance programs will become mandatory for physician practices has not yet been set, providers should consider this time a gift to permit them to develop appropriate policies rather than a reprieve.

About The Author

This article is part of a multiple part series by Health Care Attorney John Fisher, CHC on compliance programs for physician practices.

John Fisher, JD, CHC  is a seasoned health care attorney and is certified in Health Care Compliance by the Health Care Compliance Association.  Mr. Fisher is available to assist physician groups and other health care providers nationwide in the development and operation of Compliance Programs.

Mr. Fisher has significant experience in the various legal and regulatory matters that are faced by physicians including the Stark Law, Anti-Kickback Statute and Safe Harbors, Medicare and Medicaid reimbursement rules, HIPAA, False Claims Act, antitrust laws, employment laws, contract matters, business ventures and laws governing financial relationships between physicians, and others.

Mr. Fisher practices with the Ruder Ware law firm in Wausau, Wisconsin.  His practice on compliance and Federal Law issues is nationwide.

Expected Requirements For Physician Compliance Programs

We expect HHS to establish compliance program core elements that continue to track prior OIG guidance and the federal Sentencing Guidelines elements for an effective compliance program when developing required compliance program elements for other providers/suppliers. The OIG issued compliance guidance for Individual and Small Group Practices in October of 2000 (“Physician Practice Guidelines”).  The Physician Practice Guidelines include some degree of “scalability.” OIG has indicated in the past that what may constitute effective compliance measures for a large, complex organization may be unnecessary for a small physician practice or supplier. The Physician Practice Guidelines indicate that the “guidance for physicians does not suggest that physician practices implement all seven components of a full scale compliance program.”  The extent of required compliance activities will depend on the size of the provider and the scope and complexity of the practice.  There is no “one size fits all” solution.  In order to be effective, a compliance program will need to be based on the specific risks and factors associated with the practice.

 We recommend that physician groups begin the process of establishing compliance programs as soon as possible and that they not wait for final regulations.  Compliance programs are a good way for physician practices to reduce risk associated with fraud and abuse and other legal matters that present risk to their operations.  It makes sense for physicians to begin development now to provide ample time for creation of appropriately scaled policies and input from various personnel in the group. 

 It is clear that simply adopting written policies will not be adequate to meet the requirements of the mandatory compliance obligations.  Rather, physician practices will need to establish an ongoing system of monitoring their operations for compliance issues and modifying practices based on the specific factors present in the practice environment.  The development of compliance policies require consideration of the seven (7) core elements of effective compliance programs as contained in the Federal Sentencing Guidelines and in the various industry guidance that have been released by the Office of Inspector General, including the Physician Practice Guidelines.

 The Physician Practice Guidelines provide some guidance to direct the structure of compliance programs for physician practices.  However, every practice is different and must go through the process of identifying risk areas that are applicable given the precise makeup and personalities involved in the practice environment.  Simply adopting “canned” compliance policies will be largely ineffective.  The practice needs to document the entire process of creating policies, perform “gap analysis” or other suitable analysis of the precise risks that are faced by the practice, document commitment and involvement from the highest levels of the practice, and train staff and others on the obligations and nature of the compliance program.

 About The Author

This article is part of a multiple part series by Health Care Attorney John Fisher, CHC on compliance programs for physician practices.

John Fisher, JD, CHC  is a seasoned health care attorney and is certified in Health Care Compliance by the Health Care Compliance Association.  Mr. Fisher is available to assist physician groups and other health care providers nationwide in the development and operation of Compliance Programs.

Mr. Fisher has significant experience in the various legal and regulatory matters that are faced by physicians including the Stark Law, Anti-Kickback Statute and Safe Harbors, Medicare and Medicaid reimbursement rules, HIPAA, False Claims Act, antitrust laws, employment laws, contract matters, business ventures and laws governing financial relationships between physicians, and others.

Mr. Fisher practices with the Ruder Ware law firm in Wausau, Wisconsin.  His practice on compliance and Federal Law issues is nationwide.

Mandatory Compliance Programs for Physician Practices

 Steps Necessary to Implement an Effective Compliance Program

 John H. Fisher, J.D., C.H.C.

 It is no secret that the government is becoming increasingly aggressive in its enforcement efforts against health care providers.  At the same time, regulations are becoming more complicated.  The combination of these two forces means that many unknowing providers are being caught up in costly investigations of their practices.  The government is taking a “return on investment” approach to health care fraud and is seeing a good return on every dollar that they put into the efforts.  As a result, we cannot expect fraud enforcement to decrease any time soon.

 For this reason, it is important that providers, including medical practices, develop and operate systems to help them comply with governmental regulations and third party payer billing requirements.  The development of a formalized compliance program has become an indispensible part of the risk management process of medical practice.  Failure to maintain compliance can lead to an increase in reimbursement disputes, increased uncollectable fees, more demands for repayment, civil litigation and in extreme cases, potential criminal prosecution.  Matters to be addressed in compliance programs include not only billing practices but also anti-kickback compliance, state and federal self-referral prohibitions, state fee-splitting laws, licensure and accreditation requirements, labor relations matters, antitrust and price fixing prohibitions, HIPAA and medical records issues and a whole host of other state and federal laws.

 Formalized compliance programs first began appearing in the late 1990s as a way to minimize risk in primarily large institutions.  Compliance programs are a child of the Federal Sentencing Guidelines which factors in the adoption of 7 pillars of an effective compliance program when a health care organization is facing potential institutional criminal penalties for legal violations.  Formal compliance programs were more deeply woven into the fabric of many organizations as the Medicare Office of Inspector General began releasing compliance guidance directed toward specific segments of the health care industry in the late 1990s and continuing through the mid 2000s.  One of the industry segments that the OIG has specifically addressed in its published compliance guidance are physician practices. 

 Acffordable Care Act Mandates Formal Compliance Programs

 Even though compliance programs have not traditionally been mandatory, over the past ten years, formal compliance has become industry “best practices” for virtually all segments of the health care industry.  Compliance guidance for physician practices was issued by the Office of Inspector General in 2000.  Since that time, many physician practices, especially more complex specialty practices, have developed some sort of compliance plan.  Although compliance plans have not previously been mandatory, they have become “industry standard” as a way to minimize risks associated with health care regulations such as the Health Insurance Portability and Accountability Act of 1996, the Medicare and Medicaid Fraud and Abuse Laws, Anti-kickback Statute, Civil Monetary Laws, False Claims Act, the Clinical Laboratory Improvement Act and all other state and federal statutes, regulations and directives that apply to the operation of a complex physician’s practice.

 Section 6401 of the Patient Protection and Affordable Care Act of 2010, as amended by the Health Care Education Reconciliation Act of 2010 (the “Affordable Care Act”) requires HHS and the Office of Inspector General to promulgate regulations that require most healthcare providers and suppliers to establish compliance programs.  The compliance programs are intended to be “effective in preventing and detecting criminal, civil, and administrative violations” under the Medicare and Medicaid laws and other laws that govern operations.

Under the Affordable Care Act, physicians and group practices, along with other relatively small providers, will be required to establish compliance programs as a condition of enrollment in the Medicare program.  Early versions of the Affordable Care Act included an exception for physicians which was deleted from the version of the Act that was signed into law.  We know that the mandatory compliance program requirement will apply to physician practices absent further legislative action.

 The Affordable Care Act’s compliance program mandates are divided into two categories: (1) requirements for nursing facilities and (2) requirements for all other providers and suppliers. The nursing facility compliance program provisions in the Affordable Care Act are relatively detailed and contain a specific timetable for implementation.  The statutory requirements pertaining to other types of health care providers do not provide any time frame for implementation but rather leave this issue to the discretion of HHS. 

 HHS is required to issue regulations creating a timetable and basic core compliance program requirement.  These matters are to be addressed in regulations that are yet to be published.  Medicare & Medicaid Services (CMS) officials have made public statements that indicate that the agency expects to issue the mandatory compliance program requirements on a rolling basis. There is no additional information on the expected timetable for application of the mandatory compliance program requirement at this time, but most professionals in the industry expect regulations to be out by early in 2012.

About The Author

This article is part of a multiple part series by Health Care Attorney John Fisher, CHC on compliance programs for physician practices.

John Fisher, JD, CHC  is a seasoned health care attorney and is certified in Health Care Compliance by the Health Care Compliance Association.  Mr. Fisher is available to assist physician groups and other health care providers nationwide in the development and operation of Compliance Programs.

Mr. Fisher has significant experience in the various legal and regulatory matters that are faced by physicians including the Stark Law, Anti-Kickback Statute and Safe Harbors, Medicare and Medicaid reimbursement rules, HIPAA, False Claims Act, antitrust laws, employment laws, contract matters, business ventures and laws governing financial relationships between physicians, and others.

Mr. Fisher practices with the Ruder Ware law firm in Wausau, Wisconsin.  His practice on compliance and Federal Law issues is nationwide.

Attorney John Fisher Receives Certification in Health Care Compliance

Attorney John H. Fisher II, a health care attorney with Ruder Ware in Wausau, Wisconsin, has obtained certification in health care compliance.  Mr. Fisher will now carry the designation of CHC (Certified Healthcare Compliance).  The certification is provided by the Health Care Compliance Association (“HCCA”), a national organization based in Minneapolis.  Mr. Fisher is the fourth attorney resident in the State of Wisconsin to obtain this certification.

The HCCA defined the CHC designation as follows:

 The CHC© is a professional with knowledge of relevant regulations and expertise in compliance processes sufficient to assist the health care industry to understand and address legal obligations, and promote organizational integrity through the operation of effective compliance programs.

The HCCA also states that:

The purpose of certification is to promote health care compliance through the certification of qualified health care compliance professionals by:

1. Recognizing formally those individuals who meet the eligibility requirements of the CCB and pass the Certified in Healthcare Compliance© (CHC©) Examination.
2. Encouraging continued personal and professional growth in the practice of health care compliance.
3. Providing a national standard of requisite knowledge required for certification; thereby assisting employers, the public and members of the health professions in the assessment of a health care compliance professional.