Kusserow on Compliance: Measuring compliance program effectiveness using validated and reliable knowledge surveys

The OIG from its earliest compliance guidance documents has recommended the use of “[q]uestionnaires developed to solicit impressions of a broad cross section” of the workforce. Evaluating effectiveness through the use of questionnaires or surveys can measure the compliance culture and/or knowledge of the organization. Such surveying of employees are one of the two methods suggested for evidencing compliance program effectiveness by the HHS OIG in its Compliance Guidance for Hospitals and Supplemental Guidance for Hospitals. The agency noted that “as part of the review process, the compliance officer or reviewers should consider techniques such as…using questionnaires developed to solicit impressions of a broad cross-section of the hospital’s employees and staff.” It further reinforced this by stating it “recommends that organizations should evaluate all elements of a compliance program through “employee surveys.”   The OIG also stated that “[t]he existence of benchmarks that demonstrate implementation and achievements are essential to any effective compliance program.”

Steve Forman, CPA, has 35 years experience as a compliance officer and health care compliance consultant. He has used compliance surveys for over 20 years to measure program effectiveness and has found them to be an extremely inexpensive method to provide great insight into the compliance program’s effectiveness. However, he notes that it is critical that the survey being used has been professional developed, as well as validated and tested over many organizations. In addition, it is necessary for employees to have confidence in the fact that their scoring will not be attached to them. This means that the survey needs to be independently administered that ensures the confidentiality and anonymity of participants. It is very useful for organizations gaining feedback from employees by querying them on their knowledge of the compliance program elements drawn from their general observations and personal experiences. Results from a survey can evidence employees’ knowledge; awareness and understanding of the compliance program are used to identify positives and weaknesses of the compliance program.  It can provide empirical evidence of the advancement of program knowledge, understanding, and effectiveness.

Jillian Bower has been overseeing administration of knowledge surveys with health care organizations for more than 6 years at the Compliance Resource Center (CRC). The CRC has been employing compliance surveys since 1993.  The most popular survey for Compliance Officers is the Compliance Knowledge Survey© that tests the knowledge of the compliance program’s structure and operations, including the understanding of the role of the Compliance Officer, how the hotline functions, etc. It specifically focuses on the OIG’s seven elements of an effective compliance program and uses simple closed-ended questions with “Yes and “No” answers choices that requires no more than 20 to 30 minutes to complete. Reports from this survey runs 30 pages or more that includes tips for addressing weaknesses and benchmarks results against the universe of those who have used the same survey three ways; (a) overall results, (b) by topic, and (c) individual questions. The biggest benefit of the Compliance Knowledge Survey© is being able to benchmark the results of an organization with the universe of those that have used the same survey by overall results, topical areas, and by question.

Carrie Kusserow with 15 years experience as a compliance officer and consultant has found that reports of survey results can evidence both strengths in the compliance program, as well as areas opportunities for improvements in the Compliance Program. It is one way that compliance program effectiveness can be objectively measured with credible metric evidence. Using the same survey over time, permits measurements that can benchmark progress in Compliance Program development and in tracking improvements.

Al Bassett, JD, has assisted in building and evaluating compliance program effectiveness more than just about anyone in the country over the last 20 years. He has routinely employed employee surveys as a tool to obtain the most out of a compliance effectiveness review. He has found that a compliance knowledge survey parallels and reinforces his findings from document reviews, observation of program operations, and interviews of key staff. In addition, he has surveys administered to provide the foundation for focus group meetings. Findings from a survey can identify potential weakness, but does explain the “why” for the issue. He cautions that for reliable and credible result, the survey should be professionally developed and administers.  From experience he notes that internally developed questionnaires naturally raise employee suspicion that the questions are being designed to bias the results in favor of the organization.  There is also the concern that if administered internally, anonymity in responding to questions would be lost. Another issue is that the credibility of the results is not likely to provide convincing evidence to any outside authorities. A properly developed survey will also address a response-set bias, where respondents may always answering the questions as “yes” or “no”. It is therefore important to have a few reverse scored questions included.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on
Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Oncology remains high federal enforcement priority

Oncology continues to be a high enforcement priority for the DOJ, OIG, FBI, and CMS.  The latest fraud investigation by the DOJ involves CCS Oncology, large and prominent providers of cancer care. The reported question being investigated relates to possible billing irregularities involving Medicare and Medicaid. As with most cases related to oncology irregularities, the predication was by a “whistleblower.” The complaint alleges CCS billed for more expensive procedures than were actually performed, billed for procedures that never were performed, and performed medically unnecessary procedures on patients, among other violations, according to the source. The stream of cases is long enough to outline key factors that have led to settlements with the DOJ and OIG. Compliance Officers, whose portfolio of responsibilities include oncology services may wish to review the following to ensure none of these factors are at work in a manner that may trigger investigation.

Common Oncology Enforcement Issues

  1. Employees knowingly submitted false records to Medicare and Medicaid to increase revenue
  2. Claims submitted for services performed without required physician supervision
  3. Offering unnecessary treatments and services to patients
  4. Recruitment and treatment of terminal patients that should have been referred to hospice care
  5. Re-treatment of patients in excess of prescribed dosage limits
  6. Claims for services when physician reviews had not taken place
  7. Claims where treatment occurred without prior required IGRT scan
  8. Physicians allowed registered nurses to fill out prescriptions for medications
  9. Offering inducements (“kickbacks”) to patients by waiving their co-pays
  10. Conducting not necessary fluorescence in situ hybridization (FISH) tests for bladder cancer
  11. Filing payment claims for GAMMA functions by improperly trained physicians and staff
  12. Seeking payments for tests whose results doctors had not reviewed
  13. Billing E&M services on the same day as a related procedure
  14. Double and over-billing Medicare for services that lacked supporting documentation
  15. Improperly billing for radiation treatment without proper physician supervision
  16. Submitting false claims for magnetic resonance imaging (MRI) services
  17. Billing for services that were not documented in the patients’ medical records
  18. Billing twice for the same services
  19. Misrepresentation of the level of a service provided to increase reimbursement
  20. Routinely waived patient copayments as an inducement, then billing Medicare for them.
  21. Claims for services not performed, medically necessary, and/or properly documented
  22. Claims for services rendered to patients referred by physicians benefiting from referral
  23. Purchasing cancer treatments from unlicensed sources for oncology practice
  24. Diluting patients’ chemotherapy treatments and delivering in a manner designed to extend period of treatment time
  25. Claims for medically unnecessary or properly documented intensity-modulated radiation therapy (IMRT)
  26. Unsupported add-on claims for “special treatment procedures” and “specialty physics consults”
  27. Violating the Stark Laws and Anti-Kickback statute by rewarding referring physicians

 

Kusserow on Compliance: Extending and economizing compliance programs—tools, services and tips

Compliance officers are confronted with a host of ever increasing external regulatory and internal demands with most having inadequate resources to meet all the challenges.  Furthermore, it is becoming increasingly common to add responsibility for HIPAA Privacy to the portfolio of compliance officers’ duties. All of this results in ongoing efforts to find ways to extend capabilities, while being sensitive to limited available resources. There are finite options available. Of course, the preference is to handle all this with internal staff. However, unfortunately for most compliance officers, limitations on increased office staffing limits this option. In some cases, organizations turn to Out-Sourcing their compliance program. This is most often done as a measure to temporarily fill gaps with an Interim Compliance Officer (ICO) when an incumbent leaves, or smaller organizations contracting the function out to an individual or firm to assume responsibility by providing a Designated Compliance Officer (DCO). Co-Sourcing is a third option and “middle ground” between hiring new staff (In-Sourcing) and Out-Sourcing and may prove to be the best strategy available for compliance officers to take huge pressures away, if implemented correctly. It involves using limited vendor services and tools to address key elements in the compliance program.

Co-Sourcing Compliance Services/Tools

The key factor that separates Out-Sourcing from Co-Sourcing is the maintaining control and direction under the compliance officer. It involves using a third-party on an ongoing basis to supplement limited staff resources by carrying part of the workload. It can help bridge the gap without compromising the ability to easily return to a structure where the compliance officer reassumes full operation when staffing issues are resolved. This approach is also recognized by the OIG as a useful solution to where an organization is limited in-house compliance expertise and resources. Compliance Officers are increasingly employing this as a means as a practical solution when confronted with a staffing shortage and offers the advantage of using limited, rather than full time services. It also may permit gaining access to a range of specialist without having them full time on payroll.

Common Types of Co-Sourcing Tools/Services

Co-Sourcing Expert Services

There are a number of advantages of engaging outside experts for limited scope of work, especially to address staff shortage or obtaining technical skills that do not exist in-house. Careful use of vendors to supplement the Compliance Office can not only gain access to experts not available in-house, but can save time, money, and effort; while maintaining flexibility to end an arrangement at anytime, when no longer needed. The following are common examples of Co-Sourced services:

Co-Sourcing Tips

  1. Clearly define duties, tasks, responsibilities, and methodology for vendor to follow.
  2. Ensure the agreement is flexible to expand or contract levels of service as needed.
  3. Look for providers that have industry specific expertise.
  4. Check experience and seek references of the firm.
  5. Ensure individuals provided have the needed skills, experience, and expertise.
  6. Bigger is not always better, as smaller niche firms are more likely to provide better, less expensive services.
  7. If planning to Co-Source for multiple tools and services, consider seeking discounts for a “bundling” arrangement.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Effective hotline programs

All healthcare organizations need confidential compliance communication channels. First and foremost among them is a hotline. By definition, all effective compliance programs should have a hotline. It is an important avenue of communication between employees and management, in that it permits employees to report sensitive matters outside the normal supervisory channels.  The reality is that developing and monitoring a hotline is a critical part of any effective compliance program. It provides an avenue of communication that permits employees to report sensitive matters outside the normal supervisory channels. The compliance officer bears the responsibility of constantly reviewing and improving the effectiveness of the hotline operation.  The US Sentencing Commission, the HHS Office of Inspector General (OIG), and Department of Justice (DOJ) all call for having a hotline, as well as other authorities, including the Sarbanes-Oxley Act for publicly traded companies and the federal courts in connection with unlawful harassment. Failure to establish positive internal compliance reporting channels often results in reporting externally to the OIG and DOJ from “whistleblowers.” The challenge is establishing effective internal compliance communication. Today, it is the exception to find organizations trying to manage a hotline function internally. The fact is that any advantage of internally operated hotlines is more than off-set by the disadvantages.

From a practical standpoint, it simply is not cost effective to operate a hotline 24/7 internally.  Even those that decide to operate and manage the function in house are confronted with a number of challenges—it is extremely inefficient, costly and seldom meets any minimum standards. Hotline numbers will need to be “backstopped” against tracing and all caller identification systems have to be blocked. People answering the calls in house should not be highly visible to the work force. Confidence comes from neither party being known to the other. Hotline vendors have the training and experience to handle complainants. Callers are generally nervous and afraid and knowing they are providing information to an outside party generally is reassuring. They always raise the question of whether anonymity is truly offered and whether employees will ever sufficiently trust calling an employee. It has become the standard practice for organizations to outsource their hotline to a vendor.  However, evaluating those providing the best service at the right price is a challenge. The following are questions that can be used to determine a properly qualified vendor. Those failing key tests should be avoided as they may prove to be a future liability.

 

Questions for hotline vendors

  1. Cost of Service. Does the vendor charge an established fixed rate or sliding rate based upon number of calls? Seek a fixed, not a variable rate, based upon number or time of calls. A good rule of thumb is that the cost of a hotline service should not exceed $1-3 per employee per year.

 

  1. Industry Focus. Can the vendor evidence having understanding and expertise of issues related to the health care industry? Failing to understand healthcare standards and regulatory matters limits the ability to properly debrief callers. Ask for a breakdown of the types of clients they serve by industries.

 

  1. Hours of Service. Does the vendor provide 24/7 service? If not, don’t use them.

 

  1. Call Centers. Does the vendor provide call services? If so, avoid them completely. Call centers provide outbound calls used to promote services and products. Others answer after hour services for businesses (doctors, plumbers, electricians, etc.) and relate messages to their clients. The people doing this are performing a clerical function and answering hotline calls requires more professional expertise. Furthermore, there is the risk of having calls interrupted by a call for some needing emergency service.

 

  1. Hotline Service Types. Does the vendor provide multiple levels of service for (a) receiving live operator calls and (b) a web-based reporting system that prompts individual complainants? One level alone is not enough.

 

  1. Avoiding Vendor Contract Traps. Does the contract permit cancellation at any time with a simple 30 day notice? If not, don’t use them. Staying with a vendor should be because of good service, not because of being locked into them by contract terms. If you have a current contract, check the termination clauses to see if cancelling a contract is cumbersome. If it is, ask to renegotiate the termination clause. If they decline, then take steps to follow termination procedures in the contract.

 

  1. Hotline Number. Does the vendor want to use their phone number? This is a common vendor trap to lock in users to their service. You advertise their number everywhere and to change would necessitate changing all the places you have advertise the number. Always use and own your own hotline number that can be pointed to a vendor.

 

  1. Language Translation. Does the vendor provide a language translation service to address non-English speakers?

 

  1. Check Vendor Background. What is the level of hotline experience among the ownership, management, and operation of the service?

 

  1. Length of Hotline Experience. How many years of experience can the vendor evidence in the management of hotline operations?

 

  1. Policies, Procedures, and Protocols. Does the vendor provide advice on developing operating protocols for following up an allegations and complaints received through the hotline?

 

  1. Business Associate Agreement (BAA). Does the vendor offer to sign a BAA to meet HIPAA protected health information (PHI) requirements for any patient related information received through the hotline? If they don’t know what that means, forget them.

 

  1. Timelines. Will the vendor agree to provide a full written report within one business day of receipt of the call and for urgent matters, immediate notification?

 

  1. Report Delivery Security. Does the vendor deliver call reports by the most secure means? It is critical to establish a secure call report submission process to a specific responsible party and to an alternate should the primary contact be unavailable? Any delivery of reports via fax or email lack necessary security. It is critical that reports are secured to protect those filing the report, as well as those who are subject of the report or mentioned in them. HIPAA PHI, proprietary and confidential data, and personnel information must be protected. Web-based reporting is the most secure with notification of a report being provided via email.

 

  1. Routine vs. Urgent Reporting. Does the vendor assist in establishing a process that alerts the primary contact to any urgent report received? A delay in reporting a serious issue could result in potential liabilities.

 

  1. Insurance. Does the vendor provide at least one to three million dollars liability coverage? If your vendor does not have this insurance, consider changing over to one that provides this assurance.

 

  1. Caller Contact Information. Does the vendor have procedures for providing callers with a means to call back without disclosing their identity?

 

  1. Personalized Service. Does the vendor provide the identity or identities of individuals available to respond to any issues or question that may arise, whether it relates to call reports, invoice issues, or providing general advice? Not having easy access to someone or having to go through a phone system moving you from one office to another before you find a stranger who may or may not be able to answer your questions can be frustrating. If possible, seek an identified accounts manager who will be responsible for any and all issues that arise under the contract.

 

  1. Training and Assistance. Does the vendor provide guidance on the best way to promote understanding of the hotline?

 

  1. Other Useful Benefits. Are there any other services or benefit provided under the contract? This would include such things as supporting policy and procedures for hotline management, poster templates, newsletters, etc. For smaller organizations, these benefits may exceed even the service fees paid to the vendor. Find out what they offer.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.