Kusserow on Compliance: 2020 Compliance office staffing levels

75% of compliance offices are staffed with only one part- or full-time person

Over half of compliance offices are not expecting budgetary increases

The following are results from the report for the 2020 SAI Global Healthcare Compliance Benchmark Survey developed with and analyzed by Strategic Management. Data was gathered with respect to the adequacy of resources for Compliance Officers in meeting their challenges. Reading the details of the responses suggest that many compliance offices are likely operating with less than fully adequate resources to meet their obligations.

Survey results indicated that the average compliance office staff levels are five with about one third of respondents reporting only one full-or part-time person. Thirty percent reported having two and five persons with one quarter reported six or more staff; and one fifth reported compliance offices over 10 staff members. In a related question, over half of respondents indicated they are expecting their budget to remain mostly the same with about one quarter expecting some increase. Given the average staffing level of compliance offices, increasing responsibilities, heightened enforcement by government agencies, and limited increases in budgetary resources, it is likely that most compliance offices are stretching their limited resources. The Survey also found that many are turning to external vendors to provide services and tools, to stretch limited staff resources and to lower operating costs.

For more information about the Survey, contact Richard Kusserow at rkusserow@strategicm.com.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Continued confusion regarding the CMS preclusion list

Those on list are prohibited from MA Plans or Part D Sponsors payment

Questions continue arise concerning the CMS Preclusion List final rule. The Preclusion List is a list generated by CMS that contains the names of prescribers, individuals, and entities that are unable to receive payment for Medicare Advantage (MA) items and service and or Part D drugs prescribed or provided to Medicare beneficiaries. The rule mandates Part D sponsors, or their pharmacy benefit managers, to screen against the Preclusion List and reject any pharmacy claim prescribed by an individual or entity on it. MA plans must deny payment for a health care item or service furnished by an individual or entity on the list. Plans and sponsors must also notify impacted beneficiaries who received care or a prescription from a provider on the Preclusion List in the last twelve months. The list includes those who are currently revoked from Medicare, are under an active reenrollment bar, and whose underlying conduct CMS has determined to be detrimental to the Medicare program; or have engaged in behavior for which CMS could have revoked the prescriber and determined the underlying conduct would have led to the revocation. Such conduct includes, but is not limited to: felony convictions and OIG exclusions. CMS indicated that individuals or entities appearing on the List of Excluded Individuals/Entities (LEIE) and/or the System for Award Management (SAM) list would also be placed on the Preclusion List.

MA plans and Part D sponsors are required to access the list through an Enterprise Identity Data Management (EIDM) account with CMS. The list is updated monthly.  The causes for most of the confusion is that only plans approved by CMS are granted access to the Preclusion List. As a result, many if not most, organizations use a vendor for sanction screening services. However, the vendors are not always given access to the List.  The way around this obstacle has been for Plans to give their vendor the list and have them include it in their screening services. Another point of confusion is that technically, it is not a sanction list. It includes many parties who have not been formally sanctioned to be included on the OIG LEIE, although many on the list are also on the LEIE.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ, OIG promote a ‘Culture of Compliance,’ Strategic Management can help

The Department of Justice (DOJ) “Evaluation of Corporate Compliance Programs” notes that an effective compliance program includes “[t]he company’s culture of compliance.” It also states it is important for a company to create and foster a culture of ethics and compliance with the law and for executive leadership to implement a culture of compliance from the top. The DOJ calls for its prosecutors to assess whether the company has established processes that incorporate the culture of compliance into its day-to-day operations. The OIG stresses similar points in its Compliance Program Guidance by stating that compliance efforts need to be designed to establish a culture that promotes prevention, detection and resolution of instances of conduct that violate applicable laws, regulations, health care program requirements, and ethical and business practices. The OIG further advises that consideration should be given to using questionnaires that solicit impressions of a broad cross-section of employees and staff. Elsewhere the OIG recommends evaluations of compliance program through “employee surveys.” The U.S. Sentencing Commission Guidelines notes the importance of organizations to develop institutional compliance cultures that discourage criminal conduct and that an effective compliance program must “promote an organizational culture that encourages ethical conduct and a commitment to compliance.”

Solution to Measuring and Benchmarking Compliance Culture

Since 1993, Strategic Management has employed its healthcare compliance culture benchmark survey, on behalf of hundreds of health care organizations with more than three quarters of a million surveyed population. It was developed by a former DHHS Inspector General with the assistance of two PhD experts. The survey design measures employee attitude and perceptions concerning the compliance environment; and has been tested and validated to provide reliable results. The huge database of users permits organizations to benchmark their results against that universe. The results provide invaluable metrics of program effectiveness and can establish a baseline from which future surveys can be used to benchmark improvement. The report provides insights into how effective the compliance program has been in changing and improving the compliance culture of an organization. Employing this tool is surprisingly inexpensive and costs only a small fraction of a full compliance program effectiveness evaluation or even gap analysis.  They are also less costly than developing and delivering a home grown survey that are not validated or tested for reliability. Reports from the Survey runs 30 to 50 pages and include tips for addressing any weaknesses; and benchmarks results against the huge universe of those who have used the same survey three ways: (a) overall results, (b) by category, and (c) individual questions.

 

For more information on a Compliance Culture Survey, contact Kash Chopra, JD (703-535-1413) or at  KChopra@strategicm.com .

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Effective compliance document management system

All effective health care compliance programs should implement some type of compliance Document Management System (DMS), which involves the process of organizing, filing, controlling, and storing documents. The primary purpose is to ensure that all documents, including the Code of Conduct, charters of compliance functions, compliance-related policies and procedures, records of hotline and investigation activity, etc. are current with applicable laws, regulations, and requirements and are properly maintained. A well-managed compliance DMS evidences the effectiveness of the compliance program. Compliance officers need to ensure that their records management policy is being followed and is in line with any retention schedules required by law. When audited by a government entity, it would be necessary to produce evidence about the operation and management of the compliance program. A well-structured DMS will ensure the organization meets regulatory compliance mandates, provide the availability of documents evidencing compliance program effectiveness, and, in turn, mitigate exposure to liabilities.

The 2020 Eleventh Annual Healthcare Compliance Benchmark Survey conducted by SAI Global and Strategic Management Services included questions that focused on management of policy and compliance documents. Results from the latest survey found that compliance offices were split nearly in half between those that manually manage compliance-related documents and those who used automated assistance. One-third reported using some sort of document management software to assist. Only one-fifth reported using a comprehensive document management system. The trend from review of past surveys clearly indicate a movement away from manual processes to DMS. The following are tips to consider when managing compliance-related documents:

  1. Document Management System (DMS). Develop a compliance Document Management System to track, administer, and store compliance related documents and health care compliance policies and procedures.

 

  1. Set-up a Records Retention Schedule. As part of the DMS, schedule how long records should be kept from an operational and legal standpoint, and that outdated records are disposed of in a timely, systematic manner. When determining the retention period for records, it’s important to: (a) perform a record inventory of all physical and electronic records; (b) establish a standardized record classification system; and (c) conduct research on all federal, state, and local records retention requirements.

 

  1. Policies and Procedures. Develop and implement policies and procedures for the creation, distribution, retention, storage, retrieval, and destruction of compliance related documents and health care compliance policies and procedures. Ensure that the compliance records management policy addresses protection of patients’ protected health information. Keep all revised or rescinded policy documents. Should an issue arise concerning a policy, it will be the document in effect at that time and not a current version.

 

  1. Accessibility and Location. The DMS must include being able to find and access information, when needed. It is advisable to index records by date, subject matter, creator, and location of the record.

 

  1. Ongoing Monitoring and Auditing. It is important to have ongoing monitoring of the records management system to ensure compliance with the policy and procedures. Periodic independent audits of compliance should also take place to ensure retention schedules are being followed, timely reviews are made to keep documents current, destruction of documents are in accordance with policies, etc.

 

  1. Records Disposal/Destruction. There are times when documents are no longer needed and should be destroyed. Maintaining unnecessary records longer than necessary increases exposure to possible breaches. Disposing or destroying records must follow closely the written policy guidance, including the means for doing it. It is also important to keep a record of the record disposal.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.