Kusserow on Compliance: Compliance officers’ checklist—25 suggestions

Health care organizations are facing increasing risk of exposure to actions by government regulators or enforcement authorities. Government authorities are conducting aggressive investigations and taking actions to hold entities and responsible corporate executives more accountable. It is well understood that having an effective compliance program is a necessity to prevent and detect misconduct that could give rise to liabilities. Despite the abundance of guidance pertaining to corporate compliance, achieving a program that is effective in reducing the likelihood of unwanted events or actions that could give rise to liabilities remains a continuing challenge. The following are suggestions that Compliance Officers may wish to consider during the course of the year.

Ensure That…

  1. A charter for the Compliance Officer function provides proper empowerment and authority.
  2. Minutes of Board and executive oversight committee evidence proper support and oversight.
  3. A clear and consistent message is communicated to everyone that compliance applies to all, regardless of position.
  4. Program managers are engaged in ongoing monitoring over their areas, including risk identification, policies addressing those risks, training of their staff on them, and verifying they are adhering to them.
  5. The code of conduct (code) is written as the “Constitution” for the compliance program, setting forth commitments to the patients being served, staff performing the services, safety of the work environment, and adherence to applicable laws, regulations, and standards.
  6. The code is understandable by all employees; written at no higher than 10th grade level.
  7. Policies and procedures reflect in detail what must be followed to adhere to the code.
  8. Compliance program-related policies/procedures are up to date.
  9. A document management system that tracks changes, revisions, and recessions in policies.
  10. Adequate written guidance are in place for all risk-related aspects of the organization’s
  11. There is evidence that managers/executives are held responsible for supporting compliance.
  12. Adequate resources and support for the compliance program is evidenced in the record.
  13. Periodic independent assessments are made to evidence compliance program effectiveness.
  14. All deficiencies found in reviews are remediated quickly and documented.
  15. A test of the hotline to ensure calls are answered and reported promptly, accurately.
  16. Available metrics are used to confirm the hotline and other channels of communication are
  17. Compliance training and education effectively convey the commitment to compliance.
  18. There is evidence of employee understanding of compliance education programs.
  19. Employee participation in training is documented and filed.
  20. Policies address timely self-disclosures of overpayments and potential violations of law or regulation.
  21. Meaningful and consistent discipline occurs for conduct that violates the code.
  22. A process is in place to capture lessons learned from costly errors resulting from compliance weaknesses.
  23. Assessments are being conducted for all high-risk areas and corrective actions for identified weaknesses.
  24. Periodic surveys of employees to measure and evidence employee understanding of the compliance program; and in measuring the compliance culture of the organization.
  25. Compliance is included in management performance reviews and compensation.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Reminder to compliance officers—EMTALA is a high risk area

EMTALA enforcement is on the rise, and a good example of this was AnMed Health, a hospital located in South Carolina. The hospital recently agreed to pay $1.3 million for violating EMTALA; the largest such settlement to date and it included a CIA. This was as result of failing to provide appropriate screening examinations and stabilizing treatment to patients presented to the emergency department (ED) with psychiatric conditions. As large as the penalty was, the OIG indicated it would have likely been much larger, but AnMed was credited with being cooperative with the OIG during the investigation and having engaged in significant corrective action. It is worth recalling that the OIG issued new regulations that (1) increased the civil monetary penalty amounts for EMTALA violations and (2) encourage providers to self-report EMTALA violations to CMS in order to potentially receive more lenient penalties where there is a violation of the law. Compliance officers should ensure the EMTALA high-risk area is being addressed by ongoing monitoring and auditing. The following offers a suggestions and tips for Compliance officers provided by the Policy Resource Center that have detailed audit guides for high-risk areas, including EMTALA, as well as many related policies and procedures. For more information, contact them directly.

EMTALA Policies

Comprehensive EMTALA policies should address:

  • Who conducts screening with detailed screening protocols
  • Processes for reassessing patients after initial screenings
  • Screenings to be conducted by a physician or qualified medical personnel
  • Documentation and uniformity of screenings regardless of ability to pay
  • Conduct and timeframes for stabilization of patients as obligated under EMTALA
  • Process and patients’ rights for transfers
  • Requirements for physician certifications and medical record documentation for transfers
  • Processes for transfers into the hospital
  • Transfers to medical records and patient consent
  • Refusal for emergencies transfers and state-specific transfer requirements
  • Prohibition of retaliation against whistleblowers that make reports
  • Creating a method to internally report and address potential violations and timely conduct investigations
  • Any changes in the law or accreditation standards.

Training on Policies

The key to a successful EMTALA program is education so that the policies can be followed appropriately by frontline staff. All new staff assigned to the ED should first undergo intensive training on EMTALA policies and annual refresher training is advisable. The training should address scenarios of real life situations that prepare for making quick decisions on the job.

Determine EMTALA Investigating and Reporting Responsibility

EMTALA complaints can come from many sources, including other hospitals, patients, family members and ambulance companies. They frequently also are reported to CMS and the OIG.  It is critical that reported EMTALA issues are addressed promptly and appropriately and how this is handled is viewed seriously by regulatory and enforcement agencies. Clinical leadership should play a key role in this process, but they should understand when and how they would work with the compliance officer and legal counsel who will need to be involved in guiding investigations and interactions with government agencies. Investigations at the direction of legal counsel, especially outside counsel, will preserve privilege, especially since EMTALA provides for the potential for a private cause of action in malpractice cases.

22 Ongoing Auditing EMTALA Tips

  1. Verify that policies/procedures specifically address EMTALA compliance.
  2. Check to see that transfer policies and arrangements are being followed
  3. Determine if there are long delays in the ED
  4. Review triage and screening protocols and training
  5. Review on-call polices and contracts to ensure the ED has adequate coverage
  6. Review bylaws related to who can conduct screenings
  7. Ensure that staff members are not requesting payment prior to screening patients
  8. Review transfer forms and logs
  9. Conduct a medical record audit for screening and transfers
  10. Confirm whistleblower protections
  11. Review internal reporting chain
  12. Review training materials and documentation
  13. Verify specialists are on staff to meet the screening and stabilization requirements, as well as inpatient capabilities for stabilizing emergency patients
  14. Ensure there are no payments requested prior to screening patients
  15. Verify policies prohibit retaliation against whistleblowers that make reports
  16. Verify a method for internally reporting (e.g. hotline) and addressing potential violations
  17. Check to see there is a central log that is properly maintained for disposition and compliance with legal requirement
  18. Confirm that the physician on-call list reflects coverage of services available to inpatients
  19. Verify triaging of patients is being performed properly
  20. Verify all physicians come to the facility when called and are in compliance with the timeframes set forth in policies
  21. Confirm all transfers of individuals with un-stabilized EMCs are initiated either by (a) a written request for transfer or (b) a physician certification regarding the medical necessity for the transfer
  22. Verify there is an established a transfer request log to capture necessary information.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Human resources management compliance jurisdiction

The great majority of internal investigations arise from complaints filed with the human resources management office (HRM) or through the compliance office hotline. Both functions have their own jurisdiction for dealing with sensitive issues, and this can raise tension and conflict if not addressed properly. HRM has a mission to assist employees in a host of ways, ranging from salaries and benefits to working conditions. It is therefore not surprising that the department is a front-line recipient of questions, concerns, complaints, and allegations related to the workplace. For all practical purposes, the primary responsibility for investigating and resolving personnel-related issues, including unfair labor practices, discrimination and harassment, lies with HRM.

Specific rules must be followed when conducting such investigations and the federal agency providing guidance and oversight is not the HHS Office of Inspector General (OIG) or the Department of Justice (DOJ), but the Equal Employment Opportunity Commission (EEOC). Furthermore, in some states, individuals conducting these types of investigations must undergo a designated number of hours of specialized training on the laws and rules governing employees in the workplace.

The sources of workplace complaints are varied, but their emergence is all but inevitable. With that in mind, it is important to have a clearly communicated and consistently applied policy detailing the specific procedure for reporting complaints. Many organizations encourage employees to utilize the “traditional” chain of command approach to reporting and resolution, while others have established more progressive open door communication policies to encourage unrestricted communication. Direct reporting to HRM is also an option for employees.  Allowing employees to report issues via an employee hotline, generally managed by the compliance officer, is yet another mechanism of reporting.  With most hotline calls have issues that fall under HRM primary jurisdiction, it requires careful coordination to guard against a matter falling between the cracks. This does not necessarily create a bright line of authority between the two functions, as many concerns raised may cross the line from being personnel issues to being compliance issues. It is essential that the compliance office and HRM maintain open communications and establish reciprocal reporting obligations for the purpose of ensuring the appropriate department is apprised of issues that are its primary concern. They must be able to coordinate investigative and resolution activity to avoid unnecessary duplication of efforts.

All of these reporting approaches provide a stream of information that can result in the need for internal inquiry or investigation. It is very important to note that, in order to have an effective reporting program that employees will actually utilize, it must be coupled with a clearly stated anti-retaliation policy. Employees must know that retaliation or attempted retaliation in response to lodging a complaint or invoking the complaint process is strictly prohibited by the organization. In August of 2016, the EEOC issued “Enforcement Guidance on Retaliation and Related Issues”, the EEOC’s first comprehensive review of retaliation since 1998. This was in direct response to the fact that retaliation is now the most frequently alleged basis of discrimination that EEOC receives.

The compliance officer focuses much attention on the Anti-Kickback Statute, Stark Laws, False Claims Act, and other fraud laws with considerable attention given to the OIG, DOJ, and state Medicaid Fraud Control Units. By contrast, the laws that most often occupy HRM interest include Title VII of the Civil Rights Act 1964; the Age Discrimination in Employment Act; the Americans with Disabilities Act; the Family and Medical Leave Act; the Fair Labor Standards Act; the Uniform Services Employment/Reemployment Rights Act; the Employee Retirement Security Act’s governing compensation and benefit plans; and the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) for employer-sponsored health benefits, among others.  The government agencies that oversee these areas are the U.S. Department of Labor, the Equal Employment Opportunity Commission (EEOC), and a variety of state agencies.  Violations can result in serious penalties.

Regarding matters that HRM must investigate and resolve, one area long overshadows (numerically) compliance matters raised to the compliance officer to handle: discrimination and unlawful harassment. Complaints to the federal EEOC and state counterparts number over 100,000 annually.  Many other complaints are received by HRM that never go so far as to be reported to outside authorities.   To meet the challenge of avoiding such complaints, HRM must implement a variety of compliance policies and train everyone on them.  These activities are familiar to compliance officers, who must do the same within their risk areas. However, in the case of some of the HRM-related laws and regulations, federal and state governments establish special rules for standards for related policies and mandatory training.  Special rules extend to the manner by which these types of cases are to be investigated and by whom, when there is a formal complaint.

One example of a compliance risk area requiring care relates to unlawful (sexual) harassment. In a series of Supreme Court cases, the High Court set forth the principle that no employer can mount an affirmative defense to allegations of unlawful harassment unless they can meet three standards: (1) they have zero tolerance policies and procedures in place; (2) all employees and managers are trained on these policies; and (3) the organization has taken steps to identify emerging issues and do not just wait until a complaint takes place.  On this last point, examples of action steps by management include screening hotline calls for any indications of emerging issues, conducting exit interviews and asking about employee work environment issues, and using training on the subject as a means to open discussion of potential problems.  In the latter case, having people stay behind to make further inquiries is more likely to open doors that public statement during formal training.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG issues first 2017 Semi-Annual report—1,422 exclusions in first half of 2017

The OIG released is first semi-annual report for 2017 which included the number of exclusion actions taken. There were a total of 1,422 individuals and entities they excluded from Medicare, Medicaid, and other Federal health care programs. Most of the exclusions resulted from convictions for crimes relating to Medicare or Medicaid, for patient abuse or neglect, or as a result of license revocation. The OIG posts all such actions on its List of Excluded Individuals and Entities (LEIE).  In its compliance guidance, the OIG calls for screening of all individuals and entities engaged by or with whom they do business against the LEIE. CMS also makes such screening a condition of participation and enrollment. The OIG has a number of Administrative Sanction authorities whereby they have added steadily to the LEIE database. In the last three years the OIG added over 10,000 exclusions to the LEIE.

OIG Enforcement Authorities

Tom Herrmann, JD, is a nationally recognized health care compliance consultant.  He served for a number of years in the OIG Counsel’s Office as Chief of the Administrative Litigation Branch, and supervised the litigation of cases involving the imposition of civil monetary penalties and program exclusions. He explained that the OIG has been delegated the authorities to impose Civil Monetary Penalties, assessments, and program exclusion on health care providers and others determined to have engaged in defined wrongdoing. The effect of an OIG exclusion is that no payment may be made for any items or services furnished by an excluded individual or entity, or directed or prescribed by an excluded physician. He noted that in almost all instances where the OIG’s imposition of program exclusion or CMPs is appealed, it is upheld by a HHS Administrative Law Judge (ALJ), the HHS Departmental Appeals Board (DAB), and Federal Courts. As such, it is absolutely essential to have ongoing sanction-screening of anyone engaged by a healthcare organization.

Jillian Bower, is another highly experienced health care compliance consultant, who has assisted scores of clients in meeting the sanction-screening obligations through the Compliance Resource Center (CRC). She notes that CMS has been very aggressive in calling for sanction screening, not only of the LEIE, but Debarments posted by the General Services Administration (GSA), as well as pressuring State Medicaid Directors to establish exclusion databases and mandate monthly screening by their enrolled providers. Since then most states have moved to comply with the CMS direction. This has increased the sanction-screening burden greatly for not only for the compliance office, but also human resource management (HRM). Procurement is also affected by the number of vendors and contractors that also have to be screened. Medical credentialing is involved because physicians granted staff privileges have to be screened. In order to meet screening mandates, it is almost a necessity to use a vendor search engine tools to assist in sanction-screening. This saves downloading the sanction databases of all the entities and developing their own search engine. So using a vendor for this purpose is a step in the right direction; however the bulk of the work remains with the organization to do screening and resolving potential “hits” remains with the organization. Altogether this can be a considerable effort and many organizations have to dedicate one or many employees to meet all these obligations. Alternatively, many just outsource the entire process, including verification and certification of results to a vendor

Sanction-Screening Tips

  1. Ensure periodic sanction screening of employees, medical staff, contractors, and vendors against the LEIE, not just at time of engagement but periodically thereafter. An individual or entity may be pass a sanction screen at time of engagement, but later have a sanction imposed.

 

  1. Maintain a complete record of sanction screening to evidence meeting mandates with individual(s) responsible for sanction screening attesting to results each time screening has taken place. If using a vendor to conduct the sanction screening on behalf of the organization, they should provide a full certified report each time they perform their service.

 

  1. Develop a compliance policy and applications requiring as a condition of employment, gaining staff privileges, or engagement, attestation that the individual has not been, nor are they now, the subject of an investigation by any duly authorized regulatory or enforcement agency. It is also advisable to add a condition of engagement that employees must promptly report any notice of investigation that involves them.

 

  1. Care should be taken to meet state Medicaid screening requirements in addition to checking the LEIE. For those organizations that cross state lines, it is particularly important to ensure compliance with state sanction screening mandates that differ from state to state.

 

  1. Inasmuch as most exclusions in the LEIE arise from another underlying court, state agency, or licensure board action, it is critical as part of the credentialing process to verify that health care professionals are duly licensed and not until any restrictions. Engaging or giving staff privileges to individuals who are restricted in their license may be considered by CMS as violating conditions of participation.

 

  1. Educate and inform management and employees on their obligation to promptly report any notification of an adverse action by any duly authorized regulatory or enforcement agency. Policies should be implemented to reinforce this.

 

  1. Consider using a vendor tool to assist in sanction-screening, but compare services and costs to avoid unnecessary expenditures; and consider the cost-benefits of outsourcing then entire sanction-screening process.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.