make compliance great again - .net framework

Make Compliance Great Again:

The Importance of Building and Maintaining a Tremendous Compliance

Program

October 10, 2016

Allyson H. Kinzel

VP & Chief Compliance and Ethics Officer

The University of Texas MD Anderson

Cancer Center

The materials presented and the opinionsexpressed in this presentation are those of thepresenter and do not necessarily reflect theviews of The University of Texas System, TheUniversity of Texas MD Anderson Cancer Center(MD Anderson), or MD Anderson’s InstitutionalCompliance Office.

Objectives

• Explore what an effective – even tremendous -compliance program is• OIG Effectiveness Review Guidance• OIG Corporate Integrity and Institutional

Compliance Agreements, and CorrectiveAction Plans

• Explore the important role complianceprograms play in an organization’s strategicbusiness planning processes

• Explore ethical decision-making in organizations

Compliance Programs

Based on Federal Sentencing Guidelines for Organizations (1991)• Set out by the United States Sentencing

Commission• Sentencing Reform Act of 1984• Rules that set out a uniform sentencing policy for

convictions in US Federal Court System• Key concept: lessor penalties for organizations

with effective compliance programs• Guidelines are advisory and established the seven

key components that we all know and love• Updated with Section 8B2.1 (2004 and 2011)

OIG Compliance Guidance

• Hospitals• Nursing Facilities• PHS Research Award Recipients• Ambulance Suppliers• Pharmaceutical Manufacturers• Individual and Small Group Physician Practices• Hospices• Home Health Agencies• DMEPO Suppliers

OIG Compliance Guidance: Key Links

https://oig.hhs.gov/compliance/

https://oig.hhs.gov/compliance/101/index.asp

https://oig.hhs.gov/compliance/compliance-guidance/index.asp

https://oig.hhs.gov/compliance/compliance-guidance/docs/Practical-Guidance-for-Health-Care-Boards-on-Compliance-Oversight.pdf

https://oig.hhs.gov/compliance/

https://oig.hhs.gov/compliance/101/index.asp

https://oig.hhs.gov/compliance/compliance-guidance/index.asp

Most Recent OIG Guidance“Compliance is an enterprise-wide

responsibility.”

OIG Guidance

The OIG recognizes that the implementation of a compliance program may not entirely eliminate fraud, abuse, and waste from the hospital system. However, a sincere effort by hospitals to comply with applicable Federal and State standards…through the establishment of an effective compliance program, significantly reduces the risk of unlawful or improper conduct.

-63 Fed. Reg. 8988, February 23, 1998

OIG GuidanceThe OIG, for example, will consider the existence of an effective compliance program that pre-dated any governmental investigation of when addressing the appropriateness of administrative penalties.

- 63 Fed. Reg. 8988, fn.2, February 23, 1998

Governmental Expectations(The Magnificent 7)

• Compliance Officer and Compliance Committee(s).

• Policies & Procedures and Standards of Conduct.

• Open Lines of Communication.

• Appropriate Training & Education.

• Monitoring & Auditing.

• Response to Detected Deficiencies.

• Enforcement of Disciplinary Standards.

Roadmap to Effectiveness(and Tremendousness)

• Conduct compliance effectiveness reviews every year.

• Have external reviews completed periodically for independentvalidation of the effectiveness of your compliance program.

• Apply the effectiveness review criteria to each component of yourprogram.

• Monitor Corporate Integrity Agreements, Institutional ComplianceAgreements, and Corrective Action Plans issued by OIG and others.

• Determine what to track and how to measure the success andeffectiveness of your program.

• Determine what metrics/data you can analyze in your program.

Compliance Program Guidance

Hospitals should regularly review the implementation and execution of their compliance program elements. This review should be conducted at least annually and should include an assessment of each of the basic elementsindividually, as well as the overall success of the program.

- 70 Fed. Reg. 4874, January 31, 2005


Hospitals should consider these factors, as well as others, when developing a strategy for assessing their compliance programs. While no one factor is determinative of program effectiveness, the following factors are often observed in effective compliance programs.

- 70 Fed. Reg. 4874, January 31, 2005


1. Compliance Officer and Compliance Committee• Does the compliance department have a clear, well-crafted

mission?

• Is the compliance department properly organized?

• Does the compliance department have sufficient resources (staffand budget), training, authority, and autonomy to carry out itsmission?

• Is the relationship between the compliance function and thegeneral counsel function appropriate to achieve the purpose ofeach? Audit function?


Compliance Officer and Compliance Committee• Is there an active compliance committee, comprised of

trained representatives of each of the relevant functionaldepartments, as well as senior management?

• Are ad hoc groups or task forces assigned to carry out anyspecial missions, such as conducting an investigation orevaluating a proposed enhancement to the complianceprogram?

• Does the compliance officer have direct access to thegoverning body (e.g., board), the president or CEO, all seniormanagement, and legal counsel?


1. Compliance Officer and Compliance Committee• Does the compliance officer have independent authority to retain

outside legal counsel?

• Does the compliance officer have a good working relationship withother key operational areas, such as internal audit, coding, billing,and clinical departments?

• Does the compliance officer make regular reports to the board ofdirectors and other organization management concerning differentaspects of the organization’s compliance program?

Corporate Integrity Agreements & Institutional Compliance Agreements

1. Compliance Officer and Compliance Committee• Is the Compliance Officer subordinate to the General Counsel or the

Chief Financial Officer?

• Does the Compliance Officer make periodic reports (at least quarterly)to a Compliance Committee made up of senior executives of relevantdepartments (e.g., billing, clinical, human resources, audit, legal,operations)?

• Does the Compliance Committee:• Assist in or validate the Compliance Risk Analysis?• Oversee monitoring of internal/external audits?• Oversee investigations?


2. Policies & Procedures/Standards of Conduct• Are policies and procedures clearly written, relevant to day-

to-day responsibilities, readily available to those who needthem, and re-evaluated on a regular basis?

• Does the organization monitor staff compliance with internalpolicies and procedures?

• Have the standards of conduct been distributed to alldirectors, officers, managers, employees, contractors, andmedical and clinical staff members?


2. Policies & Procedures/Standards of Conduct• Has the entity developed a risk assessment tool, which is re-

evaluated on a regular basis, to assess and identify weaknesses and risks in operations?

• Does the risk assessment tool include an evaluation of Federal health care program requirements, as well as other publications, such as the OIG’s work plans, special advisory bulletins, and special fraud alerts?


2. Policies & Procedures/Standards of Conduct• Do all new workforce members certify, in writing, or in

electronic form, that he/she has received, read, understood,and shall abide by your institution’s Standards of ConductGuide within 30 days of joining your workforce?

• Do you periodically revise your institution’s Standards ofConduct Guide and re-distribute it to existing workforcemembers for re-certification?

• Are all policies and procedures regarding operations of theCompliance Program and compliance with Federal health careprograms at least annually assessed and updated asappropriate?


3. Open Lines of Communication• Has the organization fostered an organizational culture that

encourages open communication, without fear of retaliation?

• Has the organization established an anonymous hotline orother similar mechanism so that staff, contractors, patients,visitors, and medical and clinical staff members can reportpotential compliance issues?

• How well is the hotline publicized; how many and what typesof calls are received; are calls logged and tracked (to establishpossible patterns); and is the caller informed of theorganization’s actions?


3. Open Lines of Communication• Are all instances of potential fraud and abuse investigated?

• Are the results of internal investigations shared with theorganization governing body and relevant departments on aregular basis?

• Is the governing body actively engaged in pursuingappropriate remedies to institutional or recurring problems?

• Does the organization utilize alternative communicationmethods, such as a periodic newsletter or compliance intranetwebsite?


3. Open Lines of Communication• Has the organization established an anonymous hotline or

other similar disclosure mechanism which is appropriatelypublicized (e.g., via periodic e-mails to workforce members orby posting the information in prominent common areas)?

• Has the Chief Compliance Officer established a “DisclosureProgram” and maintains a disclosure log, which, at aminimum, includes:• A record and summary of each disclosure received

(whether anonymous or not)?• The status of the respective internal reviews?• Any corrective action taken in response


4. Appropriate Training and Education• Does the organization provide qualified trainers to conduct

annual compliance training for its staff, including both generaland specific training pertinent to the staff’s responsibilities?Physicians/faculty/medical staff?

• Has the organization evaluated the content of its training andeducation program on an annual basis and determined thatthe subject content is appropriate and sufficient to cover therange of issues confronting its employees?

• Has the organization kept up-to-date with any changes inFederal health care program requirements and adapted itseducation and training program accordingly?


4. Appropriate Training and Education• Has the organization formulated the content of its education

and training program to consider results from its audits andinvestigations; results from previous training and educationprograms; trends in hotline reports; and OIG, CMS, or otheragency guidance or advisories?

• Has the organization evaluated the appropriateness of itstraining format by reviewing the length of the trainingsessions; whether training is delivered via live instructors orvia computer-based training programs; the frequency oftraining sessions; and the need for general and specifictraining sessions?

• Has the organization documented who has completed therequired training?


4. Appropriate Training and Education• Does the organization seek feedback after each session to

identify shortcomings in the training program, and does itadminister post-training testing to ensure attendeesunderstand and retain the subject matter delivered?

• Has the organization’s governing body been provided withappropriate training on fraud and abuse laws?

• Has the organization assessed whether to impose sanctionsfor failing to attend training or to offer appropriate incentivesfor attending training?


4. Appropriate Training and Education• Does each new workforce member receive at least one hour of

general compliance training related to the Compliance Program,Standards of Conduct Guide, and Policies and Procedures?

• Does the Chief Compliance Officer retain all training coursematerials and workforce members’ certifications that they havereceived required training (specifying the type of training and datereceived/completed)?

• Are trainings annually reviewed, and, where appropriate, updatedto reflect changes in Federal health care program requirements, anyissues discovered during internal/external audits, and any otherrelevant information?


5. Monitoring and Auditing• Is the audit plan re-evaluated annually, and does it address the

proper areas of concern, considering, for example, findings fromprevious years’ audits, risk areas identified as part of the annual riskassessment, and high volume services?

• Does the audit plan include an assessment of billing systems, inaddition to claims accuracy, in an effort to identify the root cause ofbilling errors?

• Has the organization evaluated the error rates identified in theannual audits?

• Is the role of the auditors clearly established and are coding andaudit personnel independent and qualified, with the requisitecertifications?


5. Monitoring and Auditing• Is the audit department available to conduct unscheduled

reviews and does a mechanism exist that allows thecompliance department to request additional audits ormonitoring should the need arise?

• If the error rates are not decreasing, has the organizationconducted a further investigation into other aspects of theorganization compliance program in an effort to determinehidden weaknesses and deficiencies?

• Does the audit include a review of all billing documentation,including clinical documentation, in support of the claim?


5. Monitoring and Auditing

• Does the organization have monitoring functions for all areas that the compliance program covers (e.g., research, privacy, others)? As well as monitoring functions for problem areas that are subject to the CIA/ICA?


6. Response to Detected Deficiencies

“Anything can still go wrong.” - H. Kinzel

• Has the organization created a response team, consisting ofrepresentatives from the compliance, audit, and any otherrelevant functional areas, that may be able to evaluate anydetected deficiencies quickly?

• Are all matters thoroughly and promptly investigated?

• Are corrective action plans developed that take intoaccount the root causes of each potential violation?


6. Response to Detected Deficiencies• Are periodic reviews of problem areas conducted to verify

that the corrective action that was implemented successfullyeliminated existing deficiencies?

• When a detected deficiency results in an identifiedoverpayment to the organization, are overpayments promptlyreported and repaid to the payor?

• If a matter results in a probable violation of law, does theorganization promptly disclose the matter to the appropriatelaw enforcement agency?


6. Response to Detected Deficiencies

• Restitution based upon the facts of the situation resulting in refunds to federal agencies


7. Enforcement of Disciplinary Standards• Are disciplinary standards well-publicized and readily available to

all organization personnel?

• Are disciplinary standards enforced consistently across theorganization?

• Is each instance involving the enforcement of disciplinarystandards thoroughly documented?

• Are employees, contractors and medical and clinical staffmembers checked routinely (e.g., at least annually) againstgovernment sanctions lists, including the OIG’s List of ExcludedIndividuals/Entities (LEIE) and the General ServicesAdministration’s Excluded Parties Listing System?

7. Enforcement of Disciplinary Standards• Does your institution screen all workforce members against

the Exclusion Lists prior to engaging their services and, aspart of the hiring or contracting process?

• Does your institution remove persons from responsibilityfor, or involvement with, its business operations if theperson’s compensation or the items or services furnished,ordered, or prescribed by the person are paid in whole orpart, directly or indirectly, by Federal health care programsor otherwise with Federal funds at least until such time asthe person is reinstated into participation in the Federalhealth care programs?


Organizational Strategic Planning(A Seat at the Table)

• Compliance needs a seat at the table – the earlier the better

• Compliance officers know new laws, federal and state enforcement trends, types of investigations at the organization, and pulse of the employees and patients

• Compliance officers view issues differently than business or legal teams

• Early input prevents later roadblocks

Ethical Decision-Making

• Build a culture of sound decision-making across your organization; ensure that integrity matters

• Implement an institutional ethics policy

– Self-dealing of employees

– Outside employment/conflicts of interest

– Vendor relationships

– Gifts and benefits to employees

– Honoraria

– Use of company resources

– Other topics specific to your organization


• Create an ethical advisory committee

– Appoint key leadership members

– Create vision and mission statements

– Determine what issues will come before the group

– Establish education and outreach objectives

– Review Standards of Conduct regularly

– Choose a methodology (or two) for ethical review and then ask the relevant questions


• Create an environment free of fear of retaliation– Ensure that organization has solid non-retaliation

policy

• Allow all employees to ask questions and express discomfort or concern; speak up!

• Instill trust in leadership

• Start at the top

• Encourage reporting of concerns

Questions?

Allyson H. Kinzel

[email protected]

(713)745-6053

mailto:[email protected]

make compliance great again - .net framework

Documents