Kusserow on Compliance: OIG Strategic plan outlines top priorities for 2020 – 2025

 The HHS Office of Inspector General (OIG) has identified seven major initiatives as part of its strategic plan for the period between 2020 and 2025. The initiatives include: (1) fraud and abuse protections; (2) safeguarding the Medicare trust funds; (3) protecting beneficiaries from prescription drug abuse; (4) combating health care cybersecurity threats; (5) promoting patient safety and accuracy of payments in home and community settings; (6) leveraging technology; and (7) ensuring HHS managed care and new health care models produce value.

  1. Fraud and Abuse Protections. OIG audits of national Medicaid data found substantial improper payments to providers for Medicaid Services; states were not always correctly determining lack of eligibility of individuals for Medicaid benefits. These two areas will be a focus for OIG oversight.
  2. Safeguarding the Medicare Trust Funds. The OIG plans to use data analytics to identify program areas and geographic areas of high-risk. It should provide strategic oversight of emergency preparedness and response affecting Medicare beneficiaries, Medicare Advantage, prescription drug spending, and the transition to value-based care.
  3. Protecting Beneficiaries from Prescription Drug Abuse, Including Opioids. The OIG’s efforts will focus on identifying opportunities to improve the efficiency and effectiveness of monitoring and identifying and holding accountable those engaged in fraud and abuse related to prescription drugs. Major efforts will include empowering partners through data sharing and education.
  1. Combatting Health Care Cybersecurity Threats. The OIG will increase efforts to combat cybersecurity threats, including hacking attacks, manipulation of medical devices, and inappropriate access to U.S. genomic data. The OIG will perform more cybersecurity audits of HHS agencies and programs, in partnership with other agencies, to conduct investigations that may involve espionage or foreign threats.
  1. Promoting Patient Safety and Accuracy of Payments in Home and Community Settings. The OIG plans increased efforts to reduce improper payments for services in noninstitutional settings, including home health. The OIG’s plans include outreach, education, audits, evaluations, inspections, investigations, and administrative enforcement.
  1. Leveraging Technology as it Intersects with HHS Programs. The OIG highlights that technology can be used to increase the efficiency, quality, and accessibility of the health care system. The OIG will work with other HHS agencies, patients, and providers to educate and oversee the use of health technology to positively impact providers and patients. The OIG will also assess how it can use Artificial Intelligence to foster value and quality in HHS programs.
  1. Ensuring HHS Managed Care and New Healthcare Models Produce Value. As CMS programs shift to value-based care and payment, the OIG has identified three elements that are critical to achieving better value, quality, and outcomes: (1) aligning program incentives with improved health outcomes; (2) strengthening program integrity; and (3) delivering innovative technology. The OIG will oversee the continued transition to value-based programs and will address and combat any issues of fraud, waste, and abuse.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: 2020 Compliance office staffing levels

75% of compliance offices are staffed with only one part- or full-time person

Over half of compliance offices are not expecting budgetary increases

The following are results from the report for the 2020 SAI Global Healthcare Compliance Benchmark Survey developed with and analyzed by Strategic Management. Data was gathered with respect to the adequacy of resources for Compliance Officers in meeting their challenges. Reading the details of the responses suggest that many compliance offices are likely operating with less than fully adequate resources to meet their obligations.

Survey results indicated that the average compliance office staff levels are five with about one third of respondents reporting only one full-or part-time person. Thirty percent reported having two and five persons with one quarter reported six or more staff; and one fifth reported compliance offices over 10 staff members. In a related question, over half of respondents indicated they are expecting their budget to remain mostly the same with about one quarter expecting some increase. Given the average staffing level of compliance offices, increasing responsibilities, heightened enforcement by government agencies, and limited increases in budgetary resources, it is likely that most compliance offices are stretching their limited resources. The Survey also found that many are turning to external vendors to provide services and tools, to stretch limited staff resources and to lower operating costs.

For more information about the Survey, contact Richard Kusserow at rkusserow@strategicm.com.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: A Dozen tips for evaluating hotline vendors

Review current vendor contracts; it may be time to switch

A hotline is a critical part of any effective compliance program. It provides an avenue of communication that permits employees to report sensitive matters outside the normal supervisory channels. The compliance officer bears the responsibility of constantly reviewing and improving the effectiveness of the hotline operation. The U.S. Sentencing Commission, HHS OIG, and DOJ call hotlines critical to an effective compliance program. Most hotlines are operated through vendors. Only a very few organizations have the size, capacity, and resources to manage a 24/7 hotline, as is needed for an effective operation. The following are some best practice tips in selecting or retaining a hotline vendor:

 

  1. Compare costs of a vendor with the cost to maintain and operate a hotline in-house. A vendor should provide their services at a set (fixed) fee that can be used for comparison purposes. A good rule of thumb is that the cost of a hotline service should be around $1 per employee per year.

 

  1. Industry Focus. Determine the level of expertise in the health care industry. It is advisable to have a company familiar with and sympathetic to health care issues, rather than focus on employee theft or other generic matters common to all industries. Ask for a breakdown of the types of clients they serve. Do they have a primary focus (transportation, finance, energy, health care)?

 

  1. Hotline Service Types. In today’s environment, it is advisable to have two levels of service. The first is a Web-based reporting system that prompts individual complainants, as well as the option to call and speak with a live operator. Either approach has its pluses and minuses. Your vendor should provide both approaches in a single service fee.

 

  1. Vendor Contract Traps. A vendor should keep business with good service, not tricky contract terms. The contract should permit cancelation at any time with a simple 30-day notice.  If you have a current contract, check the termination clauses to see if cancelling a contract is cumbersome. If it is, ask to renegotiate the termination clause and if they decline, then take steps to follow termination procedures in the contract. Usually such procedures are a short window to cancel, before the contract renews.

 

  1. Hotline Number. Always use and own your own hotline number. To use a vendor number is another common vendor trap. If you advertise their number, to then change would necessitate changing all the places you have advertise the number. If, in such a contract, it is advisable to either renegotiate the agreement to use you own number or change to another vendor, it is worth the pain of making the change.

 

  1. Background and References. It is advisable to know as much about the vendor as you can. Determine who the key players are in the ownership, management and operation of the service and check out their credentials. Do they have personal history and expertise in hotline operations? Also, ask for client references from any vendor you are considering.

 

  1. Policies, Procedures, and Protocols. The company should be able to provide expert advice on developing operating protocols for following up an allegations and complaints received through the hotline. This includes providing/signing a Business Associate Agreement to meet HIPAA Protected Health Information requirements (and if they don’t know what that means, forget them).

 

  1. It is important to insist and have as part of any contract, provision of a full written report within one business day of receipt of the call. For urgent matters, it should be immediate.

 

  1. Reports Provided. Reports on individual calls should be well written, clear, concise and of high quality. The manner the report is delivered is important. There are security problems with reports provided either by facsimile or email. This could be problematic. Web-based reporting is the most secure, with notification of a report being provided via email.

 

  1. Like any other vendor, the company should have at least one to three million dollars liability coverage. If your vendor does not have this insurance, consider changing over to one that provides this assurance.

 

  1. Caller Contact Information. Although anonymity is a must for any hotline, sometimes gaining additional information from callers is important. Vendors should have procedures for providing callers with a means to call back without disclosing their identity. Check that out to see if it meets your needs.

 

  1. Accessibility to Responsible Parties. Responsiveness of vendors to your hotline needs is very important. If something comes up, will there be a responsible live human being available with who you can communicate issues and concerns? You never want to be lost in a bureaucratic shuffle or IVR system.

 

For more information on this topic, contact Marvin Mills (mmills@complianceresource.com).

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Effective compliance document management system

All effective health care compliance programs should implement some type of compliance Document Management System (DMS), which involves the process of organizing, filing, controlling, and storing documents. The primary purpose is to ensure that all documents, including the Code of Conduct, charters of compliance functions, compliance-related policies and procedures, records of hotline and investigation activity, etc. are current with applicable laws, regulations, and requirements and are properly maintained. A well-managed compliance DMS evidences the effectiveness of the compliance program. Compliance officers need to ensure that their records management policy is being followed and is in line with any retention schedules required by law. When audited by a government entity, it would be necessary to produce evidence about the operation and management of the compliance program. A well-structured DMS will ensure the organization meets regulatory compliance mandates, provide the availability of documents evidencing compliance program effectiveness, and, in turn, mitigate exposure to liabilities.

The 2020 Eleventh Annual Healthcare Compliance Benchmark Survey conducted by SAI Global and Strategic Management Services included questions that focused on management of policy and compliance documents. Results from the latest survey found that compliance offices were split nearly in half between those that manually manage compliance-related documents and those who used automated assistance. One-third reported using some sort of document management software to assist. Only one-fifth reported using a comprehensive document management system. The trend from review of past surveys clearly indicate a movement away from manual processes to DMS. The following are tips to consider when managing compliance-related documents:

  1. Document Management System (DMS). Develop a compliance Document Management System to track, administer, and store compliance related documents and health care compliance policies and procedures.

 

  1. Set-up a Records Retention Schedule. As part of the DMS, schedule how long records should be kept from an operational and legal standpoint, and that outdated records are disposed of in a timely, systematic manner. When determining the retention period for records, it’s important to: (a) perform a record inventory of all physical and electronic records; (b) establish a standardized record classification system; and (c) conduct research on all federal, state, and local records retention requirements.

 

  1. Policies and Procedures. Develop and implement policies and procedures for the creation, distribution, retention, storage, retrieval, and destruction of compliance related documents and health care compliance policies and procedures. Ensure that the compliance records management policy addresses protection of patients’ protected health information. Keep all revised or rescinded policy documents. Should an issue arise concerning a policy, it will be the document in effect at that time and not a current version.

 

  1. Accessibility and Location. The DMS must include being able to find and access information, when needed. It is advisable to index records by date, subject matter, creator, and location of the record.

 

  1. Ongoing Monitoring and Auditing. It is important to have ongoing monitoring of the records management system to ensure compliance with the policy and procedures. Periodic independent audits of compliance should also take place to ensure retention schedules are being followed, timely reviews are made to keep documents current, destruction of documents are in accordance with policies, etc.

 

  1. Records Disposal/Destruction. There are times when documents are no longer needed and should be destroyed. Maintaining unnecessary records longer than necessary increases exposure to possible breaches. Disposing or destroying records must follow closely the written policy guidance, including the means for doing it. It is also important to keep a record of the record disposal.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.