Kusserow’s Corner: Compliance Records Management Program

What kind of compliance records management system does your organization have?  According to the HHS Office of Inspector General (OIG), all effective compliance programs should provide for the implementation of a records system. The primary purpose is to ensure that all records necessary to protect the integrity of the organization’s compliance process and documents are current with applicable laws, regulations, and requirements and are properly maintained. A well-managed records management program also provides evidence to confirm the effectiveness of the program.

It should include, for example, documentation that employees were adequately trained; reports from the organization’s hotline, including the nature and results of any investigation that was conducted; modifications to the compliance program; self-disclosures; and the results of the organization’s auditing and monitoring efforts. The creation and retention of such documents and reports may raise a variety of legal issues, such as patient privacy and confidentiality.

Furthermore, the Compliance Officer should ensure that operational records are properly maintained.  For example, patient medical records, billing information, and cost reports are areas that should be guided by clear records management policies and procedures.  These policies are often controlled by specific laws and regulations and, therefore, would probably be developed in consultation with legal counsel.  However, once established, the compliance office may become involved in the auditing and monitoring of those policies and procedures because they are related to compliance in many ways.  For example, upon request, an organization should be able to provide documentation, such as patients’ medical records and physicians’ orders, to support the medical necessity of a service that the organization has provided.  The Compliance Officer should ensure that a clear, comprehensive summary of the “medical necessity” definitions and rules of the various government and private plans is prepared and disseminated appropriately.

The OIG recommends that attendance and participation in training programs be made a condition of continued employment and that failure to comply with training requirements should result in disciplinary action, including possible termination, when such failure is serious.

Here are some suggestions that Compliance Officers may wish to consider as part of a compliance records management program:

  1. Develop and implement policies and procedures for the creation, distribution, retention, storage, retrieval and destruction of compliance-related documents.
  2. Develop a document management system to track, administer, and store policy and other compliance-related documents.
  3. Ensure adequate records of its training of employees are maintained, including attendance logs and material distributed at training sessions.
  4. Ensure that there is a hotline log of calls that evidence how the information was handled and controlled.
  5. Review requirements established by CMS and the state for maintaining various categories of records, and then implement controls and document management to address these requirements.
  6. Ensure that the document management program addresses protection of patients’ protected health information.
  7. Extend document and records management to contracts and agreements with referral sources and a maintain a database of all such agreements.
  8. Ensure compliance with records/document management is included as part of ongoing monitoring and auditing.

Richard P. Kusserow was the DHHS Inspector General for over eleven years.  He is the author of nine books related to compliance.  He is the founder and CEO of Strategic Management, a firm that has been providing specialized compliance advisory services since 1992 to 2,000 clients. For more information, contact him at rkusserow@strategicm.com.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.