Kusserow on Compliance: Nine tips for compliance officers—addressing high-risk areas

Carrie Kusserow is an expert on conducting compliance risk assessments and has been called upon by compliance officers to meet their challenge of addressing the numerous compliance high-risk areas. She notes that there are more than 40 high-risk areas identified by the OIG in its Compliance Guidance for hospitals. Guidance for other health care sectors has a similar set of compliance high-risk areas and the number of identified compliance risk areas continues to grow every year. To meet this challenge, compliance officers must stress to program managers their ongoing monitoring responsibility to identify and manage compliance risks within their areas of operations. This includes keeping informed of current rules and regulations; ensuring changes are incorporated into policies and procedures; training staff on following that written guidance; and verifying staff adherence to new policies. Ongoing auditing of operational high-risk areas has two primary objectives, including verifying that managers meet their obligations, and validating that the process achieves the desired outcomes. Audits need to be conducted by parties independent of the operational areas being audited, and may include compliance office staff, internal audit, outsider consultants and auditors, or any combination thereof. She offered the following tips for consideration by compliance officers:

 

  1. Work with management to identify operational high-risk compliance areas as set forth in the OIG Work Plans, Fraud Alerts, Advisory Opinions, audits, and enforcement priorities and in Medicare contractor activities, industry news, PERM reports, and PEPPER data.

 

  1. Implement specialized training programs for program managers on what they need to do to meet their ongoing monitoring of high-risk areas in their operational area.

 

  1. Ensure that program managers have identified and listed all compliance high-risks areas related to their operational areas; have developed/implemented monitoring plans for identified risk areas as part of meeting their ongoing monitoring responsibilities. This includes testing and reviewing adequacy of the internal controls (e.g. policies/procedures) to reduce likelihood of that an unwanted event will occur in high risk areas.

 

  1. Rank high-risk areas in terms of vulnerability and impact or damage from a risk incident, including calculating the potential damage from a compliance risk failure, including the magnitude of direct and indirect financial and reputational consequences; and the likelihood of a compliance risk event by considering whether the area is a current enforcement priority based on risk assessment results.

 

  1. Develop and implement an audit plan based on risk assessment results, giving highest priority to the highest risk areas. The audits should test and continuously review current internal controls for adequacy in mitigating risk and reducing the chance of an unwanted risk event.

 

  1. Ensure corrective action plans have been instituted for all risk area deficiencies identified by ongoing monitoring or auditing.

 

  1. Have a follow-up review of any areas where there had been findings requiring remedial action to ensure corrective measures have been taken and are working as intended.

 

  1. Consider engaging compliance experts to independently evaluate the effectiveness of a compliance program.

 

  1. Present results of risk assessment, monitoring and auditing as regular agenda items for management and board level compliance committees.

 

For more information on compliance high-risk assessment, contact Carrie Kusserow, Strategic Management Managing Senior Consultant (703-535-1453) or at ckusserow@strategicm.com

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: GAO calls for CMS to mitigate program risks in managed care

·       Medicaid enrollment in managed care rose in three years from 35 to 55 million beneficiaries

·       $170 billion Medicaid managed care is half of total federal Medicaid expenditures

·       CMS is not doing enough to ensure accuracy in payments

 

Congress called for the Government Accountability Office (GAO) to conduct a study of the Payment Error Rate Measurement (PERM), which  measures the accuracy of capitated payments for managed care, including CMS’s and states’ oversight. Driving this inquiry was the rapid growth of Medicaid managed care enrollment, which increased by 56 percent in three years, jumping from covering 35 million beneficiaries to 54.6 million beneficiaries. Federal Medicaid managed care expenditures last year were $171 billion, almost half of the total for Medicaid. The GAO focused on weaknesses in oversight, given the recent rapid growth. The GAO reviewed program integrity risks reported in 27 federal and state audits and investigations over a five year period; federal regulations and guidance on the PERM; and the CMS’s Focused Program Integrity Reviews. The GAO also contacted program integrity officials in the 16 states with a majority of 2016 Medicaid spending for managed care. The GAO found:

  1. Ten of 27 federal and state audits and investigations identified about $68 million in overpayments and unallowable MCO costs, not accounted for by PERM estimates.
  2. Another investigation resulted in a $137.5 million settlement.
  3. CMS does not have a process to track managed care overpayments and cannot determine whether states considered those overpayments when they set capitation rates.
  4. CMS is not doing enough to ensure that states are adequately paying managed Medicaid companies and that the plans are making correct payments to providers.
  5. The managed care component of the PERM neither includes a medical review of services delivered to enrollees, nor reviews of MCO records or data.
  6. CMS and states have updated regulations, focused reviews, and used federal program integrity contractors’ audits of managed care services, however, some of this is only recent, and it may not fully address risks across all states.
  7. CMS does not ensure identification and reporting of overpayments to providers and unallowable costs by MCOs.

The GAO called for CMS to consider and take steps to mitigate the program risks that are not measured in the PERM, such as overpayments and unallowable costs. Such an effort could include actions such as revising the PERM methodology or focusing additional audit resources on managed care. The GAO also recommended CMS expedite the release of planned guidance and requirements for states to report to the CMS overpayments made between managed-care providers and plans.

 

 

 

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ Policy for continued antitrust enforcement DOJ

At the American Bar Association’s Anti-Trust in Healthcare Conference, Deputy Attorney General Barry Nigro provided a wide ranging presentation regarding DOJ efforts to combat rising health care fraud. He noted that, in 2016, health care spending in the United States accounted for $3.3 trillion, or $10,348 per person—approximately 18 percent of Gross Domestic Product (GDP). At this level of spending, the economy can ill afford fraudulent activity to increase the cost of health care. Inasmuch as health care involves critical care, it means the DOJ is giving it a higher priority. DOJ is continuing to give this area a priority that includes rigorous investigation and prosecution of those engaged in Medicare provider fraud and price gouging by drug makers. The DOJ will carry on with questioning mergers and potential collusion among health systems and payers. This includes market allocation agreements, price fixing, and naked market allocation. Some of the topical areas covered in his address included the following:

  1. Criminal prosecutions related to price fixing and market allocation agreements
  2. Parties circumventing generic drug regulations
  3. Market allocation and no-poach agreements
  4. Limitations on exemptions and immunities from anti-trust laws
  5. Continued reliance on the Clayton Antitrust Act
  6. Urging states to consider negative effect on competition when passing laws
  7. Support for certificate of need provisions
  8. Urging states to consider laws that impose occupational licensing requirements
  9. Professionals being able to advertise receiving board certification to patients

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Inappropriate denial of services and payments in the Medicare Advantage program

In an update to its Workplan, the HHS office of Inspector General (OIG) added a new project in June. The OIG Office of Evaluation and Inspection will be reviewing and evaluating the question of inappropriate denial of service and payment in the Medicare Advantage program. Medicare Advantage Plans must cover all of the services that original Medicare covers. Capitated payment models are used for these plans. It is based on payment per person rather than payment per service provided. A central concern about the capitated payment model used in Medicare Advantage is that there may be an incentive to inappropriately deny access to, or reimbursement for, health care services in an attempt to increase profits for managed care plans. There have been questions raised as to whether some of the plans may be inappropriately denying service claims as a means to increase their profits.  The OIG plans to conduct medical record reviews to determine the extent to which beneficiaries and providers were denied preauthorization or payment for medically necessary services covered by Medicare. To the extent possible, we will determine the reasons for any inappropriate denials and the types of services involved.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.