Kusserow on Compliance: A definition of health care compliance

A good starting point for meeting the obligations of a compliance officer’s position is to define health care compliance. This can be useful in developing plans and objectives for the program, as well as explaining the meaning to executive leadership and the board.

  1. Health care compliance is defined as adhering to laws, rules, regulations, and program requirements, as well as the Codes of Conduct, policies, and procedures for the organization. Meeting this definition means identifying and meeting all applicable legal, regulatory, program requirements, and payment standards that vary considerably depending on type of organizations and the services they provide. To achieve this requires promoting not only compliance with rules, but ethical conduct and a culture that promotes prevention, detection, and resolution of conduct that does not conform to the established rules.
  2. Health care compliance can also be defined also as the ongoing process of meeting, or exceeding the legal, ethical, and professional standards applicable to a particular health care organization or provider. The HSS Office of Inspector General (OIG) has helped with the definition of health care compliance through its compliance guidance documents, which call for compliance efforts to be designed to establish a culture within organizations that promotes prevention, detection, and resolution of instances of conduct that do not conform to federal and state law; federal, state, and private payor health care program requirements; and ethical and business policies. The scope extends to many areas including patient care, billing, reimbursement, managed care contracting, research standards, Occupational Safety and Health Administration (OSHA) standards, the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) standards, and the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules, to name a few. The biggest challenge for health care organizations and their compliance officers is keeping track of all these numerous requirements and regulations.

Meeting the definition for health care compliance means meeting all of the rules and requirements set forth and applicable to them across a broad range of criteria, including all applicable legal, regulatory, program requirements, and payment standards that vary considerably depending on type of organizations and the services they provide.  As one examines the meaning of health care compliance, it becomes clear that it embraces a great variety of things, including adhering to laws, rules, regulations, and program requirements, as well as organization Codes of Conduct, policies, and procedures governing the day to day operations. Because health care has become so complex in recent years, the industry is under constant scrutiny. Compliance programs promote not only compliance to rules, but to ethical conduct and the promotion of a culture that encourages prevention, detection, and resolution of conduct that does not conform to federal and state law; federal, state, and private payor health care program requirements; and the organization’s ethical and business policies. It is nearly impossible to define the extent or complexity of the ever changing healthcare compliance world. New laws and regulations come into play on a daily basis from all level of government.  Some of these have far ranging implications such as HIPAA and HITECH laws that are designed to protect the privacy of patient information.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Human resources compliance—update on EEOC investigations

Most hotline complaints received relate to HR related issues, including harassment, discrimination, and unfair treatment, making this one of the most common compliance issue areas. Many employees go on to report their complaints to the Equal Employee Opportunity Commission (EEOC) that is responsible for addressing workplace harassment complaints. Media reports have focused on the long delays in resolving allegations of discrimination (1.5 years for federal employees and 500 days for the private sector). An increase of $15 million was authorized this year in the EEOCs budget, which may help with the backlog. The reason for the longer wait for federal employee complaints is that that a federal employee must first file a complaint with his or her agency’s equal employment office, which conducts an investigation. The employee may then file a lawsuit or request a hearing with an EEOC administrative judge.  The staffing level for the Commission is about 2,000, of which there are 549 investigators responding to allegations and complaints. For 2017, the Commission reported:

  • Resolution of 99,106 charges, an increase of 1,660 over 2016
  • Reduction of the inventory of pending charges by 16 percent to 61,621
  • Secured $484 million for victims of discrimination
  • 7,218 successful mediations resulting in over $163.7 million in benefits to charging parties
  • Resolution of 6,661 federal employee hearing requests with $73 million in their relief
  • Resolution of 4,284 appeals of agency decisions
  • Resolution of 85 percent of appeals over 500 days pending
  • $13.3 million in remedies secured
  • 4,500 individuals received monetary relief as a direct result of litigation resolutions
  • 184 lawsuits filed, including 124 suits on behalf of individuals

In most cases, the EEOC has found that there was not sufficient evidence to make a finding that discrimination occurred. Only about 3 percent of cases were found to have reasonable cause.  Also reported was an increase in the number of complaints being received that may be fueled in part by the emergence of the #MeToo movement.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Emerging government enforcement priorities for 2018

At the HCCA conference in April, there were several presentations regarding the government’s enforcement priorities. There were a number of emerging issues that were the subject of considerable attention: the opioid crisis, electronic health record (EHR) fraud, and telehealth/telemedicine. By far, the area given the most attention was the opioid crisis.  More than a dozen presenters included comments in their presentations on this subject, including presenters from the DOJ, OIG, CMS, and the OCR. This is not surprising in that last October the President declared this to be a national public health care crisis and marshaled regulatory and enforcement agencies to actively focus on steps to alleviate it. Other agencies not present at the HCCA are included in this effort, such as the FDA, FCC, CDC, Indian Health Service, Veterans Administration, Department of Defense TRICARE program, and others. At the federal and state level, there is increased legislative, regulatory, and enforcement actions activity related to substance abuse and behavioral health services. In January, the Attorney General announced the DEA was increasing its focus on pharmacies and prescribers who dispense unusual or disproportionate amount of such drugs. He also has created the Prescription Interdiction and Litigation (PIL) task force to aggressively deploy and coordinate all available criminal and civil law enforcement tools to address the crisis. Both DOJ and OIG presenters noted the July 2017 “take down” of 412 defendants in 41 different judicial districts. The defendants included over 100 doctors, nurses, and other medical license professionals. Together these individuals were responsible for over $1.3 billion in false billings.

The second most reported topic concerned cyber and IT security of Protected Health Information (PHI). This was a main topic in the presentation by OCR, but was alluded to in seven other presentations on cybersecurity and threats and complying with HIPAA Privacy and Security standards. The OCR reported that since 2009, there have been 2178 reports of breaches over 500 files with more than 300,000 cases of breaches affecting fewer than 500 files. The OCR has responded to over 170,000 complaints that resulted in over 25,000 cases being resolved with corrective action measures.  The OCR expects about 17,000 new complaints this year.  The top 10 recurring issues involve: (1) disclosure of sensitive paper information, (2) business associate agreements, (3) risk analysis, (4) failure to manage risks, such as with encryption, (5) lack of transmission security, (6) failure of ongoing auditing, (7) no patching of software, (8) insider threats, (9) improper disposal of records, and (10) insufficient backup of information and contingency planning.

Several sessions focused on physician arrangements and how they could implicate the Anti-Kickback Statute and Stark Laws.  Statistics from DOJ indicated the continuing trend of increased number of qui tam cases that has grown from 426 in 2015 to around 500 in 2017 with annual settlements averaging about $2.5 billion per year.

New cases involving Meaningful Use Fraud were reported with the promise that more new cases were under development.  Another area getting a lot of enforcement attention by the DOJ and OIG relate to telehealth and telemedicine. Cases surfacing now are focusing on claims arising from billings for these areas that did not qualify as such.  Only certain telehealth services are covered by Medicare and providers should take care to follow CMS guidance on what qualifies.

It is interesting to compare these priorities with results for the 2018 Compliance Benchmark Survey of compliance officers. There was no mention of the opioid crisis, as it was just an emerging national issue at the time the survey was taken. HIPAA security/cyber-security was the highest priority. It is troubling that corrupt arrangements with referral sources remains the number one regulatory and enforcement priority for the OIG and DOJ but is ranked fifth in priority to respondents. The other major and continuing enforcement priority related to claims submissions and that ranked third in priority by compliance officers.  A complementary webinar relating to this survey will be presented on May 9th.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Temporary staffing and interim compliance officers

When individuals from a compliance office, including compliance officers, retire, move to new organizations, or are replaced for any reason, it can leave a gap in the day to day management of the compliance efforts that can create a serious risk. This underscores the importance of not only finding a suitable replacement quickly, however, that process can be time consuming. As such, it is not surprising that many organizations turn to engaging temporary expert assistance, including acting the use of Interim Compliance Officers (ICOs). This decision is often made with the realization that having a gap in the program over a period of months, or designating someone internally to do the work can be dangerous. Smaller organizations are not likely to have anyone sufficiently qualified to carry out all the duties. It is also risky to have someone making decisions, or failing to make decisions, that may create liabilities. The worst decision is selecting someone to take on the role of compliance officer as a temporary set of secondary duties to his or her current job. This will always lead the individual to continue giving priority to their regular job and do as little as possible in compliance.

Temporary staffing has the advantage of quickly filling immediate needs, including addressing any pending issues or problems. Properly experienced professionals can hit the ground quickly and be effective, not just be a placeholder. This approach will permit the organization to continue its search for the permanent replacement.  Using a properly qualified outside expert presents a lot of advantages. The expert can bring the experience of having served in other organizations and dealing with many of the same issues already addressed by prior jobs.  Important also is that they have not been invested in any prior decisions, nor have they been aligned with any parties in the organization. Most importantly, the expert brings “fresh eyes” to the program. An outside expert can provide an objective assessment on the state of the compliance program, offer suggestions, and give guidance for improvements.

Finding the right ICO with a lot experience and technical skills can make significant improvements for any compliance program in a relatively short order.  In fact, it may be the most economical means to have an independent evaluation of a compliance program. However, care needs to be taken when deciding on an expert. It is important that someone is not hired who is a “cast off” from another organization. As such, it is important that references be checked carefully to be assured of someone who is competent and reliable. It is important to design the engagement to bring maximum return of benefit for the cost. Therefore, in the case of an ICO, consideration should be given to the added scope of work. Organizations should expect to have the outside expert:

  • provide an independent assessment of the status of the compliance program;
  • make an assessment of high-risk areas that warrant attention;
  • be able to efficiently and effectively address compliance risk issues that may arise;
  • offer suggestions to build a firmer foundation for the compliance program;
  • review the existing Code, compliance policies, and other guidance;
  • evaluate the quality and effectiveness of compliance training;
  • develop a “road map” for the incoming compliance officer to follow;
  • assist in identifying and evaluating candidates for the permanent position;
  • assess resources needed to effectively operate the compliance program;
  • identify or build metrics that evidence compliance program effectiveness; and
  • develop comprehensive briefings for management and board on the state of the program.

Finally, for even fairly large organizations, a true compliance expert can hold things together for several months without having to be full time on site. Most organizations can keep their compliance program operating with many of the added benefits noted above, using an expert for 50 to 80 hours per month. After all, the ICO is holding the compliance program together, not building it.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.