Kusserow on Compliance: Time running out for nursing and long term care providers’ development of mandated compliance programs

Tips to meet the challenge in a timely and cost effectively manner

The OIG issued voluntary Compliance Program Guidance for Nursing Facilities in March 2000, followed by Supplemental Compliance Program guidance in September 2008. However, the Patient Protection and Affordable Care Act (ACA) made compliance a mandate and it is a game changer for this sector. The new mandates note as a condition of enrollment in Medicare and Medicaid “a facility shall . . . have in operation a compliance and ethics program. . . .”   HHS was directed to issue regulations “for an effective compliance and ethics program for operating organizations” and CMS has issued those regulations with a deadline for organizations and facilities to meet these requirements by November 28, 2019. At that time, state survey agencies will begin assessing facility compliance for compliance.

Tom Herrmann, J.D., served over 20 years in the OIG Office of Counsel and for the past ten years has been a compliance consultant, specializing in nursing home compliance programs. He noted that many nursing facilities lagged behind in developing effective compliance programs because it was viewed as cost prohibitive. Those that implemented programs following the OIG guidance will have little difficulty in meeting the standards. For those who delayed program development, time is running out. State survey agencies will conduct compliance audits following the CMS State Operation Manual “Guidance to Surveyors for Long Term Care Facilities”.  Survey protocols and guides for State Survey Agencies have also been posted by CMS and can be reviewed by nursing homes in preparation for the reviews.  When building or improving the compliance program, CMS requires an annual review of its compliance and ethics program to assess the resources needed for an effective compliance program that includes mandatory training for all covered persons. For more information regarding advisory services in building effective compliance programs, Tom Herrmann can be reached at therrmann@strategicm.com or via phone at (703) 535-1410.

Kash Chopra, JD, provides compliance staffing for clients. She explained that many nursing homes may not require hiring a fulltime compliance office, however, designating someone on the staff to act as a compliance officer as a secondary duty is not a good idea and seldom works satisfactorily. Invariably, the primary duties drive out time for the compliance responsibilities.  One solution that should be considered is using an expert as a Designated Compliance Officer (DCO) to quickly, efficiently, and inexpensively build and manage the program. The OIG in its compliance program documents specifically advises: “For those companies that have limited resources, the compliance function could be outsourced to an expert in compliance.”  For more on staffing compliance officers, Kash Chopra can be reached at 703-236-1291 or at kchopra@strategicm.com

Daniel Peake of the Compliance Resource Center said that many nursing home clients have found an economical solution to the costs of building and managing their compliance program by outsourcing key elements, such as hotline services, sanction screening, compliance training, code and policy development. These services can take a big bite out of the work of building an effective compliance program at a very small price for most organizations providing nursing or long term care. For more information about the cost and benefits of outsourcing key compliance elements, Daniel Peake can be reached at (dpeake@compliancereource.com (703)-236-9854).

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Tips on developing and revising the ‘Code of Conduct’

All compliance guidance from the U.S. Sentencing Commission to the HHS Office of Inspector General (OIG) and DOJ has called for having a Code of Conduct as a foundation document for any effective compliance program. However, many such codes are far out of date and fail to provide the needed guidance for employees on their obligations towards compliance. The initiation of compliance program guidance by the OIG was a major stimulant for having Codes of Conduct. In the early days of responding to such guidance, many organizations quickly developed a “Compliance Plan” that included all seven elements of the program, including a Code. Unfortunately, plans are statements of intent, not an operating program and converting them into fully functioning and effective programs has years. This has included reviewing, revising and updating their Code of Conduct and compliance-related policies.

Daniel Peake of the Compliance Resource Center (CRC) (dpeake@compliancereource.com (703)-236-9854) works with compliance officers to provide a variety of compliance related services that includes the Policy Resource Center (PRC) which provides templates for compliance-related documents, including Codes, charters, policies, audit guides, etc. He notes that the PRC offers Code templates, but it is important that the Code should reflect the organization’s spirit, tone, and culture. If it doesn’t ring true to staff, securing their participation and cooperation in the compliance program will be much more difficult. The Code should be tailored to be an extension the mission and vision of the organization. It needs to be part of an ongoing monitoring effort subject to periodic reviews to ensure it remains up to date with the ever-changing regulatory environment.  He offered the following tips:

11 tips for developing or revising the Code of Conduct

 

  1. Determine whether it is time to review and possibly update the Code. Answering the following will help in making that determination: (a) When the Code was last reviewed/revised? (b) Any significant changes in law, regulation, or guidance since last revision? (c) Any changes/updates to compliance policies since last revision?
  1. Review Code templates and examples of other similar organizations. It is useful to review the codes of other organization to help focus on what is needed; and this can save a lot of time and effort. However, copying a Code from another source may prove to be problematic, if it runs counter to the culture of the organization.
  1. Gain buy-in from executive leadership. This is critical and needs to include personal involvement of the Compliance Officer, as well as HRM and Legal Counsel.
  1. Introductory letter from the CEO. It is a best practice to have the CEO introduce and endorse the Code, along with stating that (a) everyone is equally obligated to adhere to it, (b) everyone has a duty to report potential violations without fear of retaliation, (c) a confidential hotline is available to report confidentially or anonymously, etc.
  1. Reference the Code against compliance-related policies. The Code must not conflict with policies and procedures, as it would risk potential liabilities.
  1. Consider using experts to facilitate process. No need to “reinvent the wheel.”  Code development/revision can be simplified, facilitated, and guided by compliance experts in this field; and can ensure inclusion of key concepts, including those called for by the HHS OIG.
  1. Determine Core Code Content. Key to developing a successful Code is to ensure that it addresses the needs of all stakeholders (i.e. management, employees, Board, regulatory agencies, etc.).
  1. Code must detail procedures for addressing compliance issues. Employees should feel comfortable in approaching his or her supervisor, other members of management, HR or the Compliance Office. In addition there must be an option to report to a confidential hotline.
  2. Dissemination of the Code. The Code must be made available to all covered persons through an Intranet, in hard copy with signature receipt, through compliance training, or a combination of all. If the Code is not new, but one that has been revised, then steps need to be made to stop dissemination of the old version.
  3. Translating Code into other languages. A decision is needed as to whether the Code is to be provided only in English, or with versions in other languages. If it will be disseminated in multiple languages, the challenge will be to ensure the Code is written in simple terms, avoiding slang or jargon that will create problems in translating to be equivalent in meaning.
  4. Ensure all out of date Codes are removed from the website and hard copies collected. Having more than one version of the Code in circulation at the same time is a formula for creating problems.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Exit interviews as a compliance communication channel

Tom Herrmann, JD, had served in a senior capacity with the Office of Counsel to the Inspector General (OIG) at HHS. He pointed out that the OIG, in its compliance guidance, calls for the development of effective lines of communication with employees as very important to the successful implementation of a compliance program and the reduction of any potential for fraud, abuse and waste. This include implementation and use of hotlines (including anonymous hotlines), e-mails, written memoranda, newsletters, and other forms of information exchange to maintain these open lines of communication. One significant channel of communication is the use of exit interviews to debrief departing employees prior to their departure. A major factor influencing the advancement of exit interviews in connection with compliance programs has been the rise in the number of “whistleblowers.” Most of these come from people reporting on an organization they had recently left.  As such, there is great value in debriefing those departing the job that includes asking question about any observed violations of law, regulation, Code of Conduct, or policies. Optimally, an exit interview process should be done in time to permit possible remedial actions before they leave employment.  He has found that exit interviews can also be useful in avoiding other costly litigation involving unlawful harassment, discrimination, safety violations, etc.  It is very important to keep a record of the interviews conducted and responses.

Carrie Kusserow has been developing, enhancing and monitoring exit interview programs for over 15 years. She noted that many organizations conduct employee exit interviews (also called exit surveys) to gather data for improving working conditions and retaining employees. This has been common in human resource management for generations and this type of communication can be useful in taking actions to correct deficiencies, reduce turnover, identify potential compliance-related problems, and maintain a productive work environment. However, exit interviews may also be used to alert an organization to company compliance issues, potential whistle-blowers, or quality of care issues. At a minimum, an exit interview should include compliance program oriented questions that relate to compliance education, policies, anonymous reporting procedures, and attitudes towards the compliance program. The following are examples:

  1. How effective was your training on the compliance program, Code of Conduct and policies?
  2. Were you trained on how to report concern and problems confidentially or anonymously?
  3. Did you believe that those reporting compliance issues would be protected from retaliation?
  4. Are you aware of any ethical or compliance issues; and if so did you report them?
  5. How could the company strengthen its message regarding ethics and compliance?
  6. Is everyone in the work force treated fairly?
  7. Do you believe management fully supports the compliance program?
  8. Are you leaving due to any compliance concerns about your job or work environment?
  9. Are you aware of any improper or illegal conduct in the workplace? If so, who and what?
  10. Have you reported compliance issues or concerns that are unaddressed? If so, explain.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Tips on what to expect from hotline vendors

The U.S. Sentencing Commission and HHS Office of Inspector General (OIG) make it clear that for any compliance program to be effective, it must have active compliance communication channels that meet defined capabilities. Translated, this means organizations must have an employee hotline that permits reporting sensitive matters outside the normal supervisory channels. The failure to establish a credible internal compliance reporting channels often drives individuals to report externally to the OIG and DOJ as “Whistlblowers.”  Internally operated and managed hotlines are generally a bad idea because they are extremely inefficient, costly, and seldom meet any minimum standards. Internal hotlines raise the question of whether anonymity is truly offered and whether employees will ever sufficiently trust calling an employee. It is therefore not surprising that 80 percent of organizations participating in the 2018 Compliance Benchmark Survey Study reported using a hotline vendor. Hotline vendors have the training and experience to handle complainants. However, determining who can provide the best service at the right price is a challenge.

 

What to Expect from Hotline Vendors

    1. Two levels of service are needed: (a) live operator answered calls and (b) a web-based reporting system which prompts individual complainants. Over the last decade there has been a marked trend towards reporting via the web—today web-based reporting almost equals operator answered calls. Organizations should pass on any vendor that does not provide both services.

     

    1. Avoid start up hotline services and ask for a statement of their experience. The more a service knows about hotline operations, the less likely they are to encounter problems or mishandle information.

     

    1. Use only vendors knowledgeable with issues, concerns, and regulatory issues unique to the health care sector. Also, ensure they recognize and ask the right questions about high risk areas identified by the HHS OIG, including those related to the Stark Law and the Anti-Kickback Statute.

     

    1. Avoid any vendor contract that won’t permit cancellations without cause with a simple 30-day written notice. Hotline vendors should hold clients by good service not by contracts. In any contract with a vendor, look to see if cancellation of service is restricted. If so, consider finding a way out of the arrangement and in obtaining service elsewhere.

     

    1. Vendor contracts should include a provision requiring a full written report within the same day of receipt of a call. Urgent matters should be reported immediately via phone.

     

    1. The hotline must provide an option for The U.S. Sentencing Commission, DOJ, and OIG call for anonymity in their guidelines. In the health care sector, nearly two-thirds of all hotline reporters request anonymity. Anonymity is generally in the best interest of the organization as there is no burden of protecting identity if it is unknown. The hotline vendor should have as part of their service a means of communication between the compliance officer and an anonymous reporter. Insist on having that included in the service.

     

    1. Avoid any vendor that provides reports by facsimile or email, as they are not secure and where PHI may be involved could be a complicating HIPAA privacy factor. Web-based reporting is the most secure with notification of a report being provided via email.

     

    1. Compare costs of service, keeping in mind that a vendor should be able to provide their services at a set fee that can be used for comparison purposes. A good rule of thumb is that the cost of a hotline service should not be more than $1 per employee per year. Periodically, compare costs of the vendor being used against other vendors. It may prove to be an opportunity to save money.

     

    1. Look for any inclusive vendor services, such as providing operating protocols for following up on allegations and complaints received through the hotline, as well as other related policies. More reputable firms also provide newsletters or report updates to keep clients up to date on issues relating to their hotline function. Find out what they offer.

     

    1. Look for a vendor that will provide personalized service and is easily accessible and responsible for any and all issues that arise under the contract. Avoid the frustration of interactive voice response (IVR) phone systems, which move callers from one office to another before reaching a stranger who may or may not be able to answer questions.

     

    1. Like any other vendor, the company should have at least one- to three-million dollars liability coverage.

     

    Richard Kusserow will be available to answer any questions related to hotlines at booth 412 at the Las Vegas HCCA Conference.

     

     

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.