The Department of Health and Human Services Office of Inspector General (OIG) in its various compliance guidance documents calls for ongoing monitoring and auditing of programs and operations, including the compliance office. However, there is very little information provided to differentiate between these two ongoing efforts. From my experience, most hospitals do not fully differentiate between these two activities or appreciate the differences, with the result that they are failing to make the grade.
Ongoing monitoring is a program manager’s responsibility. What this means is that managers are responsible for overseeing their own operations. This includes (a) keeping current with changes in rules, regulations, and applicable laws; (b) developing internal controls, policies, and procedures to comply with them; (c) training staff on these rules; and (d) taking steps in monitoring or verifying compliance with these new guidelines. It can be best described as a continuous control monitoring process and method with the purpose to detect compliance and risk issues associated with an organization’s operational environment and address them quickly. Ongoing monitoring should be designed to test for inconsistencies, duplication, errors, policy violations, missing approvals, incomplete data, dollar or volume limit errors, or other possible breakdowns in internal controls. Monitoring techniques may include sampling protocols that permit program managers to identify and review variations from an established baseline.
In contrast, ongoing auditing reviews are performed to oversee how management has performed in its ongoing monitoring processes. Reviewers should avoid performing the functions of day-to-day monitoring that belongs to management. The program audits focus on how well management has met its ongoing monitoring responsibilities by confirming proper controls are in place and functioning as they were intended, or identifying weaknesses in the program that need to be addressed. Auditing needs to be an independent and objective review, performed by people external to the program area to be reviewed. The auditing team may involve the compliance office, internal or external audit, other program managers, or any combination thereof.
For many, the program of ongoing monitoring begins with trying to keep up with changes in reimbursement policies, regulations, and laws. These have to be translated into changes in processes (e.g. billing), policy guidance, and staff training on the changes. Many who have not been able to keep pace have run into a Recovery Audit Contactor (RAC) who conducts Automated Reviews that identify deviations (not keeping up) in the billing processes.
These result in a demand letter. However, ongoing monitoring is not limited to billing operations. They can involve any high risk area or program, including such as cost report development, the Emergency Medical Treatment and Active Labor Act (EMTALA), and the number one legal risk area, physician arrangements.
For many hospital program managers, designing a system that verifies compliance is a big problem. It has to be specially designed for each departmental activity. Effectiveness of staff training needs to be tested. What kind of metrics should be employed? There should be online testing, but then there are the questions of what that should consist of, how large a test should be, how often it should occur, what kind of trend analysis should be implemented, and who should review the reports?