Tips and Ideas for Developing a Compliance Work Plan
Now that we are in 2016, it is time to develop the annual Compliance Office work plan. For those still working on theirs, this blog provides tips and ideas. These ideas are not all-encompassing and are generic in nature. Each organization will have its own set of priorities resulting from its own culture and experience. Hopefully, this blog will provide additional thoughts. Many points highlighted below are specifically referenced in the OIG compliance documents. These points are also consistent with the ongoing monitoring and auditing expectations for all programs, including the Compliance Program (CP). Wherever possible, the focus should be on developing metrics that evidence compliance program effectiveness. The items cited correspond to the seven standard elements of an effective CP and are provided to assist in assessing what organizations may need in the following months. Some items include references to sources of additional guidance and assistance. Further ideas can be found in the OIG’s 2016 Work Plan.
Compliance Oversight and Management
- Review and update all charters and policies related to the duties and responsibilities of the Board and Executive/Management Compliance Committees. Check out the Policy Resource Center for guidance on creating these documents.
- Examine Executive/Management and Board Compliance Committee minutes to determine whether an outside third-party would find convincing evidence that the Board is meeting its duty of care and responsibilities in overseeing the implementation, operation, and management of the CP.
- Prepare and deliver an annual briefing and training for the Board on changes in the regulatory and legal environment, and remind the Board of its duties and responsibilities for providing CP oversight. If needed, a number of different PowerPoint briefing programs can be found at the Compliance Training Center.
- Develop a Compliance Office budget to ensure sufficient staff and other resources to fully meet obligations and responsibilities, and present it to executive leadership and the Board.
- Review and report on the compliance document management system that addresses the creation, retention, storage, retrieval, and destruction of compliance-related documents, including those mandated to protect the integrity of the CP. Policies and guidance on this system can be found at the Policy Resource Center.
Written Compliance Guidance
- Conduct a gap analysis of compliance-related policies for both the management and operation of the CP and operational areas. If needed, more than 1,000 such templates are available at the Policy Resource Center.
- Review the Code of Conduct to ensure it is current to the needs of the organization; consistent with current policies; no more than a 12-20 pages in length; and written at or below the 10th grade reading level so that all covered persons will be able to understand the content.
- Verify that the Code of Conduct has been disseminated to all new employees, supervisors, executives, medical staff, Board members, contractors, vendors, and other affected parties. Prepare a summary report of this for the compliance oversight committees.
Compliance Education and Training
- Verify and prepare documentation demonstrating that all covered persons have received compliance training, and develop a report on this for the compliance oversight committees. Many vendors offer interactive training programs to track and document those who receive training and evidence knowledge of the materials through tests and quizzes. More on this topic can be found at the Compliance Training Center.
- Ensure specialized training programs that explain applicable laws and regulations relating to federal health care reimbursement and proper documentation and coding are provided for all claims processing staff.
- Conduct a validated knowledge survey that evidences employee awareness and understanding of key elements of the CP, and other information provided in compliance training. The OIG specifically recommends surveying employees on their knowledge of the CP. An inexpensive survey anchored in a large database that can be used for comparative purposes can be found at the Compliance Survey Center.
- Ensure annual compliance training programs include fraud and abuse laws, coding requirements, claims development and submission processes, general prohibitions on paying or receiving remuneration to induce referrals, and other current legal and program standards. Many such programs can be found at the Compliance Training Center.
- Review the hotline intake log and prepare a summary report for the compliance oversight committees on the types of issues reported and the resolution of those issues.
- Develop a report that evidences prompt documenting, processing, and resolution of complaints and allegations received by the Compliance Office.
- Conduct a review of the hotline vendor, which includes test calling, to ensure that the vendor is performing according to the required terms and conditions. For more information, see the Hotline Service Center.
- Physically verify that hotline posters appear prominently on employee boards in all work areas and review all other methods that promote hotline use.
- As part of ongoing monitoring, determine that all calls received by the hotline function are properly documented and logged; and all records, both electronic and paper, are securely maintained with adequate access controls.
Compliance Enforcement and Sanction Screening
- Verify that the organization performs sanction screening in a timely manner for all employees and others engaged by the organization against the OIG’s List of Excluded Individuals and Entities (LEIE). Ensure that the organization documents verification with a signed certification by a responsible party. Inexpensive sanction screening search engine tools and services that include certification of results are available.
- Conduct a review and prepare a report regarding whether all actions concerning the enforcement of disciplinary standards are properly documented.
Compliance Ongoing Monitoring and Auditing
- Ensure that the compliance audit plan addresses the high-risk areas related to federal health care program requirements, as well as the OIG Compliance Guidance, Work Plan, Special Advisory Bulletins, and Fraud Alerts; including but not limited to arrangements with physicians that may implicate the Anti-Kickback Statute and Stark Laws, EMTALA, Cost Reports, Claims Development and Submission, Laboratory Services, HIPAA Privacy and Security, PATH, Bad Debts, Credit Balances, and Outpatient Services. Such audit plans can be found at the Policy Resource Center.
- Conduct a review of all high-risk areas to verify that program managers have been engaging in ongoing monitoring of their areas of responsibility. This includes ensuring that all regulatory changes have been translated into written guidance; all staff members have been trained on these policies; and staff is properly following all policies. Develop a report on this for the compliance oversight committees.
- Ensure that a database for all arrangements with physicians and others in a position to influence the flow of business to the organization exists; and that the database contains written terms that meet both the Stark and Anti-Kickback statutory requirements and is supported by policies and procedures for determining needs for services; selecting who will fill those needs; determining fair market value for services; and verifying performance on the agreements. Questionable arrangements remain the number one enforcement priority for the OIG and DOJ.
- With the HHS Office of Civil Rights stepping up on audit and enforcement, ensure that the high risks associated with HIPAA and HITECH Privacy and Security requirements for protecting health information and guarding against breaches are the subject of compliance review and new baseline security audits.
- Review and develop metrics to evidence CP effectiveness and progress. A wide range of such metrics can be found this webinar, “Using Metrics to Evidence Compliance Program Effectiveness.”
- Enlist the help of experts to conduct an independent review of the seven CP elements to verify effectiveness of the CP, as the OIG Compliance Guidance advises.
Response to Detected Problems and Corrective Action
- Verify that all identified issues related to potential fraud are promptly investigated and documented.
- Review all corrective action measures related to compliance to verify that they have been completed and are effective. Prepare a summary report for the compliance oversight committees.
- Ensure staff is properly trained to promptly investigate and resolve reasonable allegations or indications of non-compliance.
- Conduct a review and prepare a report evidencing that all corrective action measures to prevent recurrence of identified problems were taken, verified as complete, and validated as effective.
- Conduct a review that ensures all overpayments identified are promptly reported and repaid. Such a review is best performed in connection with an audit of whether the program manager for claims processing has properly been carrying out the manager’s ongoing monitoring duties.