Kusserow on Compliance: Compliance officers’ checklist—25 suggestions

Health care organizations are facing increasing risk of exposure to actions by government regulators or enforcement authorities. Government authorities are conducting aggressive investigations and taking actions to hold entities and responsible corporate executives more accountable. It is well understood that having an effective compliance program is a necessity to prevent and detect misconduct that could give rise to liabilities. Despite the abundance of guidance pertaining to corporate compliance, achieving a program that is effective in reducing the likelihood of unwanted events or actions that could give rise to liabilities remains a continuing challenge. The following are suggestions that Compliance Officers may wish to consider during the course of the year.

Ensure That…

  1. A charter for the Compliance Officer function provides proper empowerment and authority.
  2. Minutes of Board and executive oversight committee evidence proper support and oversight.
  3. A clear and consistent message is communicated to everyone that compliance applies to all, regardless of position.
  4. Program managers are engaged in ongoing monitoring over their areas, including risk identification, policies addressing those risks, training of their staff on them, and verifying they are adhering to them.
  5. The code of conduct (code) is written as the “Constitution” for the compliance program, setting forth commitments to the patients being served, staff performing the services, safety of the work environment, and adherence to applicable laws, regulations, and standards.
  6. The code is understandable by all employees; written at no higher than 10th grade level.
  7. Policies and procedures reflect in detail what must be followed to adhere to the code.
  8. Compliance program-related policies/procedures are up to date.
  9. A document management system that tracks changes, revisions, and recessions in policies.
  10. Adequate written guidance are in place for all risk-related aspects of the organization’s
  11. There is evidence that managers/executives are held responsible for supporting compliance.
  12. Adequate resources and support for the compliance program is evidenced in the record.
  13. Periodic independent assessments are made to evidence compliance program effectiveness.
  14. All deficiencies found in reviews are remediated quickly and documented.
  15. A test of the hotline to ensure calls are answered and reported promptly, accurately.
  16. Available metrics are used to confirm the hotline and other channels of communication are
  17. Compliance training and education effectively convey the commitment to compliance.
  18. There is evidence of employee understanding of compliance education programs.
  19. Employee participation in training is documented and filed.
  20. Policies address timely self-disclosures of overpayments and potential violations of law or regulation.
  21. Meaningful and consistent discipline occurs for conduct that violates the code.
  22. A process is in place to capture lessons learned from costly errors resulting from compliance weaknesses.
  23. Assessments are being conducted for all high-risk areas and corrective actions for identified weaknesses.
  24. Periodic surveys of employees to measure and evidence employee understanding of the compliance program; and in measuring the compliance culture of the organization.
  25. Compliance is included in management performance reviews and compensation.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Reminder to compliance officers—EMTALA is a high risk area

EMTALA enforcement is on the rise, and a good example of this was AnMed Health, a hospital located in South Carolina. The hospital recently agreed to pay $1.3 million for violating EMTALA; the largest such settlement to date and it included a CIA. This was as result of failing to provide appropriate screening examinations and stabilizing treatment to patients presented to the emergency department (ED) with psychiatric conditions. As large as the penalty was, the OIG indicated it would have likely been much larger, but AnMed was credited with being cooperative with the OIG during the investigation and having engaged in significant corrective action. It is worth recalling that the OIG issued new regulations that (1) increased the civil monetary penalty amounts for EMTALA violations and (2) encourage providers to self-report EMTALA violations to CMS in order to potentially receive more lenient penalties where there is a violation of the law. Compliance officers should ensure the EMTALA high-risk area is being addressed by ongoing monitoring and auditing. The following offers a suggestions and tips for Compliance officers provided by the Policy Resource Center that have detailed audit guides for high-risk areas, including EMTALA, as well as many related policies and procedures. For more information, contact them directly.

EMTALA Policies

Comprehensive EMTALA policies should address:

  • Who conducts screening with detailed screening protocols
  • Processes for reassessing patients after initial screenings
  • Screenings to be conducted by a physician or qualified medical personnel
  • Documentation and uniformity of screenings regardless of ability to pay
  • Conduct and timeframes for stabilization of patients as obligated under EMTALA
  • Process and patients’ rights for transfers
  • Requirements for physician certifications and medical record documentation for transfers
  • Processes for transfers into the hospital
  • Transfers to medical records and patient consent
  • Refusal for emergencies transfers and state-specific transfer requirements
  • Prohibition of retaliation against whistleblowers that make reports
  • Creating a method to internally report and address potential violations and timely conduct investigations
  • Any changes in the law or accreditation standards.

Training on Policies

The key to a successful EMTALA program is education so that the policies can be followed appropriately by frontline staff. All new staff assigned to the ED should first undergo intensive training on EMTALA policies and annual refresher training is advisable. The training should address scenarios of real life situations that prepare for making quick decisions on the job.

Determine EMTALA Investigating and Reporting Responsibility

EMTALA complaints can come from many sources, including other hospitals, patients, family members and ambulance companies. They frequently also are reported to CMS and the OIG.  It is critical that reported EMTALA issues are addressed promptly and appropriately and how this is handled is viewed seriously by regulatory and enforcement agencies. Clinical leadership should play a key role in this process, but they should understand when and how they would work with the compliance officer and legal counsel who will need to be involved in guiding investigations and interactions with government agencies. Investigations at the direction of legal counsel, especially outside counsel, will preserve privilege, especially since EMTALA provides for the potential for a private cause of action in malpractice cases.

22 Ongoing Auditing EMTALA Tips

  1. Verify that policies/procedures specifically address EMTALA compliance.
  2. Check to see that transfer policies and arrangements are being followed
  3. Determine if there are long delays in the ED
  4. Review triage and screening protocols and training
  5. Review on-call polices and contracts to ensure the ED has adequate coverage
  6. Review bylaws related to who can conduct screenings
  7. Ensure that staff members are not requesting payment prior to screening patients
  8. Review transfer forms and logs
  9. Conduct a medical record audit for screening and transfers
  10. Confirm whistleblower protections
  11. Review internal reporting chain
  12. Review training materials and documentation
  13. Verify specialists are on staff to meet the screening and stabilization requirements, as well as inpatient capabilities for stabilizing emergency patients
  14. Ensure there are no payments requested prior to screening patients
  15. Verify policies prohibit retaliation against whistleblowers that make reports
  16. Verify a method for internally reporting (e.g. hotline) and addressing potential violations
  17. Check to see there is a central log that is properly maintained for disposition and compliance with legal requirement
  18. Confirm that the physician on-call list reflects coverage of services available to inpatients
  19. Verify triaging of patients is being performed properly
  20. Verify all physicians come to the facility when called and are in compliance with the timeframes set forth in policies
  21. Confirm all transfers of individuals with un-stabilized EMCs are initiated either by (a) a written request for transfer or (b) a physician certification regarding the medical necessity for the transfer
  22. Verify there is an established a transfer request log to capture necessary information.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS to issue new Medicare card to 60 million beneficiaries

New cards will no longer contain Social Security number

Over 2.5 million beneficiaries are victims of identity theft incidents

CMS is readying a fraud prevention initiative that removes Social Security numbers from Medicare cards to help combat identity theft, and safeguard taxpayer dollars.  This is being done to meet the congressional deadline for replacing all Medicare cards by April 2019 that followed the passage of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). CMS will assign all Medicare beneficiaries a new, unique a Medicare Beneficiary Identifier (MBI) number which will contain a combination of numbers and uppercase letters. Beneficiaries will be instructed to safely and securely destroy their current Medicare cards and keep the new MBI confidential. Issuance of the new MBI will not change the benefits a Medicare beneficiary receives and will be designed to help protect against personal identity theft affects a large and growing number of seniors.  According to the DOJ, people age 65 or older are increasingly the victims of this type of crime that now are estimated to affect 2.6 million seniors a year. Two-thirds of all identity theft victims reported a direct financial loss with also the problems associated with disrupting lives, damage credit ratings, and result in inaccuracies in medical records and costly false claims.

New card will be mailed beginning in April 2018 and will use the unique, randomly-assigned MIB number to replace the Social Security-based Health Insurance Claim Number (HICN) currently used on the Medicare card.  Providers and beneficiaries will both be able to use secure look up tools that will support quick access to MBIs when they need them. There will also be a 21-month transition period where providers will be able to use either the MBI or the HICN further easing the transition.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG issues first 2017 Semi-Annual report—1,422 exclusions in first half of 2017

The OIG released is first semi-annual report for 2017 which included the number of exclusion actions taken. There were a total of 1,422 individuals and entities they excluded from Medicare, Medicaid, and other Federal health care programs. Most of the exclusions resulted from convictions for crimes relating to Medicare or Medicaid, for patient abuse or neglect, or as a result of license revocation. The OIG posts all such actions on its List of Excluded Individuals and Entities (LEIE).  In its compliance guidance, the OIG calls for screening of all individuals and entities engaged by or with whom they do business against the LEIE. CMS also makes such screening a condition of participation and enrollment. The OIG has a number of Administrative Sanction authorities whereby they have added steadily to the LEIE database. In the last three years the OIG added over 10,000 exclusions to the LEIE.

OIG Enforcement Authorities

Tom Herrmann, JD, is a nationally recognized health care compliance consultant.  He served for a number of years in the OIG Counsel’s Office as Chief of the Administrative Litigation Branch, and supervised the litigation of cases involving the imposition of civil monetary penalties and program exclusions. He explained that the OIG has been delegated the authorities to impose Civil Monetary Penalties, assessments, and program exclusion on health care providers and others determined to have engaged in defined wrongdoing. The effect of an OIG exclusion is that no payment may be made for any items or services furnished by an excluded individual or entity, or directed or prescribed by an excluded physician. He noted that in almost all instances where the OIG’s imposition of program exclusion or CMPs is appealed, it is upheld by a HHS Administrative Law Judge (ALJ), the HHS Departmental Appeals Board (DAB), and Federal Courts. As such, it is absolutely essential to have ongoing sanction-screening of anyone engaged by a healthcare organization.

Jillian Bower, is another highly experienced health care compliance consultant, who has assisted scores of clients in meeting the sanction-screening obligations through the Compliance Resource Center (CRC). She notes that CMS has been very aggressive in calling for sanction screening, not only of the LEIE, but Debarments posted by the General Services Administration (GSA), as well as pressuring State Medicaid Directors to establish exclusion databases and mandate monthly screening by their enrolled providers. Since then most states have moved to comply with the CMS direction. This has increased the sanction-screening burden greatly for not only for the compliance office, but also human resource management (HRM). Procurement is also affected by the number of vendors and contractors that also have to be screened. Medical credentialing is involved because physicians granted staff privileges have to be screened. In order to meet screening mandates, it is almost a necessity to use a vendor search engine tools to assist in sanction-screening. This saves downloading the sanction databases of all the entities and developing their own search engine. So using a vendor for this purpose is a step in the right direction; however the bulk of the work remains with the organization to do screening and resolving potential “hits” remains with the organization. Altogether this can be a considerable effort and many organizations have to dedicate one or many employees to meet all these obligations. Alternatively, many just outsource the entire process, including verification and certification of results to a vendor

Sanction-Screening Tips

  1. Ensure periodic sanction screening of employees, medical staff, contractors, and vendors against the LEIE, not just at time of engagement but periodically thereafter. An individual or entity may be pass a sanction screen at time of engagement, but later have a sanction imposed.

 

  1. Maintain a complete record of sanction screening to evidence meeting mandates with individual(s) responsible for sanction screening attesting to results each time screening has taken place. If using a vendor to conduct the sanction screening on behalf of the organization, they should provide a full certified report each time they perform their service.

 

  1. Develop a compliance policy and applications requiring as a condition of employment, gaining staff privileges, or engagement, attestation that the individual has not been, nor are they now, the subject of an investigation by any duly authorized regulatory or enforcement agency. It is also advisable to add a condition of engagement that employees must promptly report any notice of investigation that involves them.

 

  1. Care should be taken to meet state Medicaid screening requirements in addition to checking the LEIE. For those organizations that cross state lines, it is particularly important to ensure compliance with state sanction screening mandates that differ from state to state.

 

  1. Inasmuch as most exclusions in the LEIE arise from another underlying court, state agency, or licensure board action, it is critical as part of the credentialing process to verify that health care professionals are duly licensed and not until any restrictions. Engaging or giving staff privileges to individuals who are restricted in their license may be considered by CMS as violating conditions of participation.

 

  1. Educate and inform management and employees on their obligation to promptly report any notification of an adverse action by any duly authorized regulatory or enforcement agency. Policies should be implemented to reinforce this.

 

  1. Consider using a vendor tool to assist in sanction-screening, but compare services and costs to avoid unnecessary expenditures; and consider the cost-benefits of outsourcing then entire sanction-screening process.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.