Kusserow on Compliance: Questions board-level compliance committees should be asking

HHS OIG compliance guidance calls for a Board-level committee to oversee the Compliance Program (CP). The HHS Inspector General noted that the best boards are those that are active, questioning, and exercise (constructive) skepticism in their oversight, asking probing questions about the compliance program. Boards need to know what type of questions they should be asking, and compliance officers should assist them with this problem. However, compliance officers in turn should be prepared to provide full and complete answers to them. The OIG and American Health Lawyers Association developed specific suggested questions that Board’s should be asking in their jointly produced “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors” and “Corporate Responsibility and Health Care Quality (2007): A Resource for Health Care Boards of Directors”. The following are drawn from these advisory documents:

  1. Does the compliance officer have sufficient authority to implement the CP?
  2. What is the level of resources necessary to properly implement and operate the CP?
  3. Has the compliance officer been given the sufficient resources to carry out the mission?
  4. Have compliance-related responsibilities been delegated across all levels of management?
  5. What evidence is there that all employees are held equally accountable for compliance?
  6. How has the code been incorporated into corporate policies across the organization?
  7. What evidence is there that the code is understood and accepted across organization?
  8. Has management taken affirmative steps to publicize importance of code to employees?
  9. Have compliance-related policies been developed that address compliance risk areas?
  10. Are there policies/procedures for CP operation and how they should be reviewed/updated?
  11. What kind of document management ensures compliance-related documents are up to date?
  12. What is the scope of compliance-related education and training?
  13. What evidence is there of the effectiveness of CP training?
  14. What measures enforce training mandates and provide remedial training?
  15. What evidence is available that employees understand compliance expectations?
  16. How are compliance risks identified?
  17. What is the evidence that identified compliance risks are being addressed?
  18. Is the board being kept up to date on regulatory and industry compliance risks?
  19. How is the compliance program structured to address such risks?
  20. How are “at risk” operations assessed from a compliance perspective?
  21. Is conformance with the CP periodically evaluated?
  22. Does the CP undergo periodical independent evaluation of its effectiveness?
  23. What is the process for the evaluation and responding to suspected compliance violations?
  24. What kind of training is provided to those who conduct investigation of reported violations?
  25. How do the CO, HRM, and legal counsel coordinate in resolving compliance issues?
  26. What are the policies to ensure preservation of relevant CP documents and information?
  27. What policies address protection of “whistleblowers” and those accused of misconduct?
  28. What are the results of ongoing compliance monitoring by all program managers?
  29. How is ongoing compliance auditing being performed and by whom?
  30. How often is sanction-screening conducted and with what results?
  31. Are results from sanction-screening included in a signed report by the responsible parties?
  32. Has the CP been evaluated for effectiveness by a qualified independent reviewer?
  33. What evidence regarding effectiveness of hotline operation and follow-up investigations?
  34. What are the metrics being used to evidence CP effectiveness?
  35. What are the results of an independent review and assessment of the CP?

 

More information regarding available tools and resources available to assist in answering these questions, contact Daniel Peake at (dpeake@complianceresource.com) (703-236-9854).

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Compliance document management

Controlling and managing compliance-related policies and procedures are among the most challenging areas for compliance officers and are a subject of great confusion. Kash Chopra, MBA and JD, works in assisting Compliance Officers with compliance related problems and has found that most organizations go about development of compliance policies in a haphazard and ad hoc manner that exposes them to a great deal of potential liability. She has frequently encountered organizations that do not properly keep track of policies with the result of overlapping or duplicate policies on the same subject that could create significant liability. The failure to keep track of rescinded or revised policies is another common problem with potential liability consequences. For Compliance Officers addressing this issue, she notes that policy management refers to all stages of document life cycle and is critical to an effective compliance program. This includes:

  1. Controlling all compliance-related documents
  2. Standardizing document form/format
  3. Establishing a need for a new document
  4. Prompting when action is needed
  5. Managing work flow in creation of new/revised documents
  6. Tracking when documents should be reviewed for updating
  7. Maintaining an archive of retired documents and policies
  8. Storing and managing all compliance-department documents
  9. Ensuring document access controls and security
  10. Establishing hyperlinks to related regulators and authorities
  11. Facilitating distribution to employees, vendors, and consultants
  12. Documenting certifications and attestations

For more information on this subject, contact KChopra@strategicm.com or (703) 535-1413

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Compliance officers cite HIPAA as their highest priority

The 2019 Compliance Benchmark Survey respondents reported that compliance officers are finding dealing with data breaches as their highest-ranked priority, with two-thirds of respondents citing HIPAA Security/Cyber-security and over half for HIPAA Privacy as their number one concern. This represented the biggest change since last year’s survey. Coupled with this finding was that nearly 75 percent of respondents reported the compliance office has assumed responsibility for HIPAA Privacy and nearly one-third assumed responsibility for HIPAA Security. So far this year, OCR has reportedly received upwards of a quarter million HIPAA privacy complaints.

The Survey did not focus on privacy laws and regulations emerging on the state level, nor did it provide much understanding on how organizations and compliance offices were responding to the challenges. As such, a separate 2019 survey has been designed to gather that information along with a variety of other issues.  It is designed to provide a general understanding of levels and nature of current commitment to this area.  Those who wish to participate in the 2019 HIPAA Compliance Survey can do so by clicking on the following hyperlink.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Meeting nursing home compliance program legal mandates

The November 28, 2019 deadline approaches for skilled nursing facilities and nursing homes to adopt and implement an effective compliance and ethics program as a condition of participation in the Medicare and Medicaid programs. At that time, state survey agencies will begin assessing facility compliance with implementation of an effective compliance and ethics program. Yet, the OIG continues to find major problems with that health care sector. The OIG recently reported that posthospital extended care services or Medicare beneficiary coverage must be preceded by an inpatient stay in a hospital for not less than three consecutive calendar days. The OIG found that CMS improperly paid 65 of the 99 skilled nursing facility (SNF) claims sampled by the OIG.  Projecting from its sample, the OIG estimated that CMS improperly paid $84 million for SNF services over a two-year period.

Those nursing homes that followed the OIG guidance will have little problem in meeting the new mandate, but those who did not have only months to come into compliance. Organizations trying to catch up should consider having a compliance expert perform a gap analysis to identify elements needed for the compliance program and how be able to evidence program effectiveness. A gap analysis should provide a “road map” and step-by-step plan for bringing a facility into compliance with the mandates. Those that have already implemented a compliance program should consider having an effectiveness evaluation conducted by experts to verify that the program will meet mandated standards.

For more information about meeting the standards of these new mandates, Tom Herrmann may be reached at thermmann@strategicm.com or at (703) 535-1410.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.