Kusserow on Compliance: Meeting long term care compliance program legal mandates

The Patient Protection and Affordable Care Act (ACA) included a mandate that long term care (LTC) skilled nursing facilities (SNFs) and nursing homes adopt and implement an effective compliance and ethics program as a condition of participation in the Medicare and Medicaid programs. Facilities have until November 28, 2019 to meet the compliance program requirements. At that time, state survey agencies will begin assessing facility compliance with implementation of an effective compliance and ethics program following the CMS State Operation Manual “Guidance to Surveyors for Long Term Care Facilities.”  CMS requires annual review of its compliance and ethics program to ensure that modifications are made to reflect changes in laws, regulations, and to reduce violations.

Tom Herrmann, J.D., served over 20 years in the OIG Office of Counsel and for the past ten years has been a compliance consultant, specializing in nursing home compliance programs. He explains that the new mandate parallels the HHS OIG Compliance Program Guidance for Nursing Facilities and those that followed the guidance will have little problem in meeting the new mandate, but those who didn’t have only months to come into compliance. For those organizations with weak programs, he suggests the most cost effective method to begin catching up is to have a compliance expert perform a gap analysis to identify elements needed for the compliance program and how be able to evidence program effectiveness. A gap analysis should provide a “road map” and step-by-step plan for bringing a facility into compliance with the mandates. Those that have already implemented their compliance program should consider having an effectiveness evaluation conducted by experts to verify it will meet mandated standards.

Kash Chopra, J.D., has assisted many smaller LTC organizations in answering the challenge of meeting the mandate challenge by providing Designated Compliance Officers (DCOs) that assume the responsibility of being the Compliance Officer, including the building and managing of the program. The OIG recognizes using DCOs when the wide range of compliance responsibilities become a serious problem for smaller organizations and a full time Compliance Officer is unaffordable. The OIG’s position is that “For those companies that have limited resources, the compliance function could be outsourced to an expert in compliance.”  The OIG further recognize that an outsourced party can provide services on a part time basis.  Using highly experienced experts can lower fixed costs, reduce staff loads, and avoid using someone who is less qualified. Also, most of the work can be done remotely. Using an outside expert part-time, can accomplish more than a lesser experienced full time employee. She advises comparing the cost of hiring a compliance officer against that of a part time expert acting as the DCO.

For more information on this subject, Kash Chopra can be reached at kchopra@strategicm.com or via telephone at (703) 535-1413. Also see https://compliance.com/blog/contracting-compliance-program/

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Free Health Law Webinar–Internal and Government Investigation Strategies

It’s your last chance to register for the second free webinar in Wolters Kluwer Legal & Regulatory, U.S.’s four-part webinar series in partnership with Alston & Bird focusing on best practices for handling internal and external healthcare fraud and False Claims Act investigations.

“Internal and Government Investigation Strategies”, will discuss how companies can conduct cohesive internal investigations, what the government expects organizations to do and the investigative techniques that the government uses. To register, visit the link below:
Internal and Government Investigation Strategies 
Tuesday, December 4, 2018 at 2 PM EST
Moderator: Frank Sheeder, Partner at Alston & Bird
Featured speakers: Wade Miller, Partner, and Matt Dowell, Senior Associate at Alston & Bird

For information on the full webinar series, visit http://health.wolterskluwerlb.com/2018/10/wk-announces-free-webinar-series-on-healthcare-investigations/

Kusserow on Compliance: OIG issues annual report on top management challenges facing HHS

Annually, the OIG prepares a summary of the most significant management and performance challenges facing the Department of Health and Human Services. This summary is referred to as the Top Management Challenges (TMC). The OIG forecasts new and emerging issues HHS will face HHS in the years to come. The current TMCs are identified as follows:

  1. Preventing and Treating Opioid Misuse. The challenges includes (a) reducing inappropriate prescribing and misuse of opioids; (b) combating fraud and diversion of prescription opioids and potentiator drugs; (c) ensuring access to appropriate treatment for opioid use disorder; and (d) ensuring that funding for prevention and treatment is used appropriately

 

  1. Ensuring Program Integrity in Medicare Fee-for-Service and Effective Administration of Medicare. Medicare spending represents over 15 percent of all federal spending and it is estimated that the Trust Fund for Medicare Part A will be depleted by 2026. Challenges include (a) reducing improper payments; (b) combating fraud; (c) fostering prudent payment policies; and (d) maximizing the promise of health information technology.

 

  1. Ensuring Program Integrity and Effective Administration of Medicaid. Medicaid is the largest federal health care program, with 67 million individuals enrolled, and expenditures of $592 billion. Challenges include (a) improving the reliability of national Medicaid data; (b) reducing improper payments; (c) combating fraud; and (d) ensuring appropriate Medicaid eligibility determinations.

 

  1. Ensuring Value and Integrity in Managed Care and Other Innovative Healthcare Payment and Service Delivery Models. Managed care and other innovative models promote innovation and effectiveness. Challenges include (a) ensuring effectiveness and integrity in new models; (b) combating provider fraud and abuse; (c) fostering compliance by managed care organizations.

 

  1. Protecting the Health and Safety of Vulnerable Populations. HHS programs provide critical health and human services to many vulnerable populations in many different settings. Challenges include (a) ensuring the safety and security of unaccompanied children in HHS care; (b) addressing substandard nursing home care; (c) reducing problems in hospice care; (d) mitigating risks to individuals receiving home- and community-based services; (e) ensuring access to safe and appropriate services for children; and (f) addressing serious mental illness.

 

  1. Improving Financial and Administrative Management and Reducing Improper Payments. With annual outlays of over $1.1 trillion, HHS must also ensure the completeness, accuracy, and timeliness of any financial and program information provided to other entities. Challenges include (a) addressing weaknesses in financial management systems; (b) addressing Medicare trust fund issues/social insurance; (c) reducing improper payments; (d) improving contract management; and (d) implementing the DATA Act.

 

  1. Protecting the Integrity of HHS Grants. In FY 2017, HHS awarded $101 billion in grants (excluding CMS) that requires additional verification of existing controls and reporting requirements. Challenges include (a) ensuring appropriate and effective use of grant funds; (b) ensuring effective grant management at the department level; (c) ensuring program integrity and financial capability at the grantee level; and (d) combating fraud, waste, and abuse.

 

  1. Ensuring the Safety of Food, Drugs, and Medical Devices. FDA has the challenge of ensuring the safety and security of the nation’s food and medical products (including drugs, biological products, and medical devices), which directly affect the health of every American. Challenges include (a) ensuring food safety; (b) ensuring the safety, effectiveness, and quality of drugs and medical devices; and (c) ensuring the security of drug supply chains.

 

  1. Ensuring Quality and Integrity in Programs Serving American Indian/Alaska Native Populations. Many HHS programs provide health and human services to AI/ANs throughout the U.S. Challenges include (a) addressing deficiencies in IHS management, infrastructure, and quality of care; and (b) preventing fraud and misuse of HHS funds serving AI/AN populations.

 

  1. Protecting HHS Data, Systems, and Beneficiaries from Cybersecurity Threats. Challenges include (a) protecting data on internal systems; (b) overseeing the cybersecurity of data in cloud environments; (c) ensuring that providers, grantees, and contractors are adhering to sound cybersecurity principles; (d) securing HHS’s data and systems; and (e) advancing cybersecurity within the healthcare ecosystem.

 

  1. Ensuring that HHS Prescription Drug Programs Work as Intended. HHS oversees coverage of prescription drugs under various programs operated by the Department. Challenges include (a) protecting the integrity of prescription drug programs; (b) fostering prudent payments for prescription drugs; and (b) ensuring appropriate access to prescription drugs.

 

  1. Ensuring Effective Preparation and Response to Public Health Emergencies. HHS is responsible for ensuring both it and its State and local partners are prepared to respond to, and recover from, public health emergencies efficiently and effectively. Challenges include ensuring (a) access to health and human services during and after emergencies: (b) effective use and oversight of funding; and (c) effective and timely responses to infectious disease threats.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Is outsourcing HIPAA privacy worth considering?

The Ninth Annual Healthcare Compliance Benchmark Survey, conducted by SAI Global and Strategic Management Services, revealed that the highest-ranking priority focus for 2018 was dealing with data breaches. Nearly 75 percent of the 388 responding organizations reported that the compliance office had taken the responsibility for HIPAA Privacy. The Survey also indicated compliance office resources were being strained in meeting all their responsibilities. This was underscored with the reported fact that 75 percent of compliance offices were staffed with five or fewer staff, with one third of offices having only a one person staff.

Kash Chopra, JD, MBA, has outsourced a number of data protection officers (DPOs) in a variety of organizations, as result of the fact that many compliance offices don’t have the experience and knowledge to address the wide range of duties and responsibilities of privacy offices. This is consistent with a growing trend of outsourcing functions that are not at the core of the mission of the organization. When providing outsourced DPOs, they are normally placed under direction of the compliance officer. Most of the DPOs she has provided work at or below an average of 20 hours per week with most of the work being performed remotely.  What makes this possible is that  DPOs already have expertise and are current on state and Federal requirements, as well as what is needed in the development, implementation, and maintenance of privacy policies and key documents that address privacy requirements. The DPO will know how to address and oversee the monitoring of data access and investigations as well as breaches and complaints. Among the advantages of using DPOs are:

  1. Permits compliance officers to focus on other compliance areas
  2. Not paying the loaded cost of a fulltime W-2 employee
  3. DPOs are more efficient with no learning curve on HIPAA
  4. Bring experience and detailed knowledge of federal and state laws/regulations
  5. Experience in dealing with privacy issues
  6. Better risk protection
  7. Lower fixed costs and reduced staff workload
  8. Expertise in HIPAA/HITECH privacy and security compliance

Chopra can be reached at KChopra@strategicm.com or (703) 535-1413 for more information about using HIPAA experts to serve as a DPO.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.