Kusserow on Compliance: A definition of health care compliance

A good starting point for meeting the obligations of a compliance officer’s position is to define health care compliance. This can be useful in developing plans and objectives for the program, as well as explaining the meaning to executive leadership and the board.

  1. Health care compliance is defined as adhering to laws, rules, regulations, and program requirements, as well as the Codes of Conduct, policies, and procedures for the organization. Meeting this definition means identifying and meeting all applicable legal, regulatory, program requirements, and payment standards that vary considerably depending on type of organizations and the services they provide. To achieve this requires promoting not only compliance with rules, but ethical conduct and a culture that promotes prevention, detection, and resolution of conduct that does not conform to the established rules.
  2. Health care compliance can also be defined also as the ongoing process of meeting, or exceeding the legal, ethical, and professional standards applicable to a particular health care organization or provider. The HSS Office of Inspector General (OIG) has helped with the definition of health care compliance through its compliance guidance documents, which call for compliance efforts to be designed to establish a culture within organizations that promotes prevention, detection, and resolution of instances of conduct that do not conform to federal and state law; federal, state, and private payor health care program requirements; and ethical and business policies. The scope extends to many areas including patient care, billing, reimbursement, managed care contracting, research standards, Occupational Safety and Health Administration (OSHA) standards, the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) standards, and the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules, to name a few. The biggest challenge for health care organizations and their compliance officers is keeping track of all these numerous requirements and regulations.

Meeting the definition for health care compliance means meeting all of the rules and requirements set forth and applicable to them across a broad range of criteria, including all applicable legal, regulatory, program requirements, and payment standards that vary considerably depending on type of organizations and the services they provide.  As one examines the meaning of health care compliance, it becomes clear that it embraces a great variety of things, including adhering to laws, rules, regulations, and program requirements, as well as organization Codes of Conduct, policies, and procedures governing the day to day operations. Because health care has become so complex in recent years, the industry is under constant scrutiny. Compliance programs promote not only compliance to rules, but to ethical conduct and the promotion of a culture that encourages prevention, detection, and resolution of conduct that does not conform to federal and state law; federal, state, and private payor health care program requirements; and the organization’s ethical and business policies. It is nearly impossible to define the extent or complexity of the ever changing healthcare compliance world. New laws and regulations come into play on a daily basis from all level of government.  Some of these have far ranging implications such as HIPAA and HITECH laws that are designed to protect the privacy of patient information.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Using sanction-screening tools vs. outsourcing the entire process

In order to save time and costs, more and more health care organizations have been moving to outsource functions that are not core business activities. Compliance programs have been part of that trend: (1) 80 percent of compliance offices use vendors to provide hotline services, (2) 50 percent of compliance offices use vendors to provide policy development tools, and (3) two-thirds of compliance offices use vendors to provide E-learning tools. Included in the growing list of outsourced tasks has been the movement to address the rapidly growing cost and time commitment obligations related to sanction-screening. Two-thirds of compliance offices use a vendor search engine tools to assist in sanction-screening that saves an organization from downloading the sanction databases and developing a search engine. This is a trend driven by the rapid development of many new databases against which to screen employees, medical professionals, contractors, vendors, etc., including the following:

  • OIG List of Excluded Individuals and Entities (LEIE)
  • GSA Excluded Parties List System (EPLS)
  • 40 Medicaid states now have sanction data bases requiring monthly screening
  • Drug Enforcement Administration (DEA)
  • FDA

All this has increased the burden of sanction-screening exponentially, not only for the compliance office, but also human resource management for new hires and periodic screening of current employees and procurement with vendors and contractors. Medical credentialing is involved as result of having to screen physicians who are granted staff privileges. Using vendors has been a great help, but the most difficult part of the process is resolving “potential hits.” This can be a considerable effort and many organizations have to dedicate staff for investigation and resolution of these hits. It is complicated by the fact that most sanction data does not provide sufficient information to make positive identification. As a result of this heavy burden, many have moved beyond simply using a vendor tool to outsourcing the entire process to vendors. The following address selecting a sanction-screening vendor and outsourcing the process.

 

Tips for selecting sanction-screening vendor

 

Tips for outsourcing the sanction-screening process

  • Determine the cost of moving from use of a vendor search engine tool to outsourcing the screening, along with investigation and resolution of “potential hits.”
  • Inquire as to the methodology they follow in resolving potential “hits,” a critical part of any screening effort.
  • Ensure the vendor provides a certified report of the results that can be made part of the compliance office records.
  • Review an example of the type of reports they would provide to determine if it meets the documentary needs of the organization.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Human resources compliance—update on EEOC investigations

Most hotline complaints received relate to HR related issues, including harassment, discrimination, and unfair treatment, making this one of the most common compliance issue areas. Many employees go on to report their complaints to the Equal Employee Opportunity Commission (EEOC) that is responsible for addressing workplace harassment complaints. Media reports have focused on the long delays in resolving allegations of discrimination (1.5 years for federal employees and 500 days for the private sector). An increase of $15 million was authorized this year in the EEOCs budget, which may help with the backlog. The reason for the longer wait for federal employee complaints is that that a federal employee must first file a complaint with his or her agency’s equal employment office, which conducts an investigation. The employee may then file a lawsuit or request a hearing with an EEOC administrative judge.  The staffing level for the Commission is about 2,000, of which there are 549 investigators responding to allegations and complaints. For 2017, the Commission reported:

  • Resolution of 99,106 charges, an increase of 1,660 over 2016
  • Reduction of the inventory of pending charges by 16 percent to 61,621
  • Secured $484 million for victims of discrimination
  • 7,218 successful mediations resulting in over $163.7 million in benefits to charging parties
  • Resolution of 6,661 federal employee hearing requests with $73 million in their relief
  • Resolution of 4,284 appeals of agency decisions
  • Resolution of 85 percent of appeals over 500 days pending
  • $13.3 million in remedies secured
  • 4,500 individuals received monetary relief as a direct result of litigation resolutions
  • 184 lawsuits filed, including 124 suits on behalf of individuals

In most cases, the EEOC has found that there was not sufficient evidence to make a finding that discrimination occurred. Only about 3 percent of cases were found to have reasonable cause.  Also reported was an increase in the number of complaints being received that may be fueled in part by the emergence of the #MeToo movement.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Tips on what to expect from hotline vendors

The U.S. Sentencing Commission and HHS Office of Inspector General (OIG) make it clear that for any compliance program to be effective, it must have active compliance communication channels that meet defined capabilities. Translated, this means organizations must have an employee hotline that permits reporting sensitive matters outside the normal supervisory channels. The failure to establish a credible internal compliance reporting channels often drives individuals to report externally to the OIG and DOJ as “Whistlblowers.”  Internally operated and managed hotlines are generally a bad idea because they are extremely inefficient, costly, and seldom meet any minimum standards. Internal hotlines raise the question of whether anonymity is truly offered and whether employees will ever sufficiently trust calling an employee. It is therefore not surprising that 80 percent of organizations participating in the 2018 Compliance Benchmark Survey Study reported using a hotline vendor. Hotline vendors have the training and experience to handle complainants. However, determining who can provide the best service at the right price is a challenge.

 

What to Expect from Hotline Vendors

    1. Two levels of service are needed: (a) live operator answered calls and (b) a web-based reporting system which prompts individual complainants. Over the last decade there has been a marked trend towards reporting via the web—today web-based reporting almost equals operator answered calls. Organizations should pass on any vendor that does not provide both services.

     

    1. Avoid start up hotline services and ask for a statement of their experience. The more a service knows about hotline operations, the less likely they are to encounter problems or mishandle information.

     

    1. Use only vendors knowledgeable with issues, concerns, and regulatory issues unique to the health care sector. Also, ensure they recognize and ask the right questions about high risk areas identified by the HHS OIG, including those related to the Stark Law and the Anti-Kickback Statute.

     

    1. Avoid any vendor contract that won’t permit cancellations without cause with a simple 30-day written notice. Hotline vendors should hold clients by good service not by contracts. In any contract with a vendor, look to see if cancellation of service is restricted. If so, consider finding a way out of the arrangement and in obtaining service elsewhere.

     

    1. Vendor contracts should include a provision requiring a full written report within the same day of receipt of a call. Urgent matters should be reported immediately via phone.

     

    1. The hotline must provide an option for The U.S. Sentencing Commission, DOJ, and OIG call for anonymity in their guidelines. In the health care sector, nearly two-thirds of all hotline reporters request anonymity. Anonymity is generally in the best interest of the organization as there is no burden of protecting identity if it is unknown. The hotline vendor should have as part of their service a means of communication between the compliance officer and an anonymous reporter. Insist on having that included in the service.

     

    1. Avoid any vendor that provides reports by facsimile or email, as they are not secure and where PHI may be involved could be a complicating HIPAA privacy factor. Web-based reporting is the most secure with notification of a report being provided via email.

     

    1. Compare costs of service, keeping in mind that a vendor should be able to provide their services at a set fee that can be used for comparison purposes. A good rule of thumb is that the cost of a hotline service should not be more than $1 per employee per year. Periodically, compare costs of the vendor being used against other vendors. It may prove to be an opportunity to save money.

     

    1. Look for any inclusive vendor services, such as providing operating protocols for following up on allegations and complaints received through the hotline, as well as other related policies. More reputable firms also provide newsletters or report updates to keep clients up to date on issues relating to their hotline function. Find out what they offer.

     

    1. Look for a vendor that will provide personalized service and is easily accessible and responsible for any and all issues that arise under the contract. Avoid the frustration of interactive voice response (IVR) phone systems, which move callers from one office to another before reaching a stranger who may or may not be able to answer questions.

     

    1. Like any other vendor, the company should have at least one- to three-million dollars liability coverage.

     

    Richard Kusserow will be available to answer any questions related to hotlines at booth 412 at the Las Vegas HCCA Conference.

     

     

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.