Kusserow on Compliance: Meeting long term care compliance program legal mandates

The Patient Protection and Affordable Care Act (ACA) included a mandate that long term care (LTC) skilled nursing facilities (SNFs) and nursing homes adopt and implement an effective compliance and ethics program as a condition of participation in the Medicare and Medicaid programs. Facilities have until November 28, 2019 to meet the compliance program requirements. At that time, state survey agencies will begin assessing facility compliance with implementation of an effective compliance and ethics program following the CMS State Operation Manual “Guidance to Surveyors for Long Term Care Facilities.”  CMS requires annual review of its compliance and ethics program to ensure that modifications are made to reflect changes in laws, regulations, and to reduce violations.

Tom Herrmann, J.D., served over 20 years in the OIG Office of Counsel and for the past ten years has been a compliance consultant, specializing in nursing home compliance programs. He explains that the new mandate parallels the HHS OIG Compliance Program Guidance for Nursing Facilities and those that followed the guidance will have little problem in meeting the new mandate, but those who didn’t have only months to come into compliance. For those organizations with weak programs, he suggests the most cost effective method to begin catching up is to have a compliance expert perform a gap analysis to identify elements needed for the compliance program and how be able to evidence program effectiveness. A gap analysis should provide a “road map” and step-by-step plan for bringing a facility into compliance with the mandates. Those that have already implemented their compliance program should consider having an effectiveness evaluation conducted by experts to verify it will meet mandated standards.

Kash Chopra, J.D., has assisted many smaller LTC organizations in answering the challenge of meeting the mandate challenge by providing Designated Compliance Officers (DCOs) that assume the responsibility of being the Compliance Officer, including the building and managing of the program. The OIG recognizes using DCOs when the wide range of compliance responsibilities become a serious problem for smaller organizations and a full time Compliance Officer is unaffordable. The OIG’s position is that “For those companies that have limited resources, the compliance function could be outsourced to an expert in compliance.”  The OIG further recognize that an outsourced party can provide services on a part time basis.  Using highly experienced experts can lower fixed costs, reduce staff loads, and avoid using someone who is less qualified. Also, most of the work can be done remotely. Using an outside expert part-time, can accomplish more than a lesser experienced full time employee. She advises comparing the cost of hiring a compliance officer against that of a part time expert acting as the DCO.

For more information on this subject, Kash Chopra can be reached at kchopra@strategicm.com or via telephone at (703) 535-1413. Also see https://compliance.com/blog/contracting-compliance-program/

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Benefits of employing compliance liaisons

Kash Chopra is an MBA and J.D. consultant with Strategic Management, a firm that has built managed evaluated and enhanced hundreds of compliance program. She is a strong advocate for compliance officers making use of Compliance Liaisons (CLs) and notes that many organizations with multiple sites have found them an effective adjunct to the compliance program which can be used to champion the program at outlying or remote facilities or locations.  Among the major benefits of CLs is that they can serve an important role in extending the reach of the compliance office to an organization’s different geographies and businesses. There are many other benefits in that they can be used to develop and expand proactive approaches to regulatory interactions, ensure full visibility regarding what is happening in outlying facilities and locations, and provide the ability to communicate compliance office initiative at their locale while communicating what is happening in their business environment. The CL’s provide an avenue by which to keep organization leadership informed on how shifts in the regulatory landscape are affecting current and—equally important—proposed operational activities. In addition to understanding the organization’s inherent regulatory risks, they should have basic understanding of regulators’ expectations as to how the organization can mitigate risks. However she warns, to be effective, it is very important that they are provided with clear and detailed responsibilities as well as the resources, authority, and independence required to conduct their duties effectively.

 

Compliance Liaison Benefits

  • Raising and maintaining compliance awareness at the local area
  • Providing early identification emerging risks areas and issues
  • Aiding in the investigation and resolution of compliance issues
  • Communicating information on compliance priorities to department faculty and staff
  • Assisting in planning and implementing compliance education/training programs
  • Assisting in development of effective auditing/monitoring plans
  • Providing a channel to refer compliance issues to the compliance office
  • Calling attention to emerging compliance-related issues
  • Assisting in communicating regulatory and legal issues to help ensure compliance
  • Tracking specific metrics for the compliance office
  • Providing a process for responding to regulator requests
  • Assisting in scheduling meetings to discuss compliance matters
  • Providing a process for escalating compliance issues
  • Tracking compliance issues from identification, through investigation to resolution

For more information, Chopra can be reached at KChopra@strategicm.com or (703) 535-1413

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Is outsourcing HIPAA privacy worth considering?

The Ninth Annual Healthcare Compliance Benchmark Survey, conducted by SAI Global and Strategic Management Services, revealed that the highest-ranking priority focus for 2018 was dealing with data breaches. Nearly 75 percent of the 388 responding organizations reported that the compliance office had taken the responsibility for HIPAA Privacy. The Survey also indicated compliance office resources were being strained in meeting all their responsibilities. This was underscored with the reported fact that 75 percent of compliance offices were staffed with five or fewer staff, with one third of offices having only a one person staff.

Kash Chopra, JD, MBA, has outsourced a number of data protection officers (DPOs) in a variety of organizations, as result of the fact that many compliance offices don’t have the experience and knowledge to address the wide range of duties and responsibilities of privacy offices. This is consistent with a growing trend of outsourcing functions that are not at the core of the mission of the organization. When providing outsourced DPOs, they are normally placed under direction of the compliance officer. Most of the DPOs she has provided work at or below an average of 20 hours per week with most of the work being performed remotely.  What makes this possible is that  DPOs already have expertise and are current on state and Federal requirements, as well as what is needed in the development, implementation, and maintenance of privacy policies and key documents that address privacy requirements. The DPO will know how to address and oversee the monitoring of data access and investigations as well as breaches and complaints. Among the advantages of using DPOs are:

  1. Permits compliance officers to focus on other compliance areas
  2. Not paying the loaded cost of a fulltime W-2 employee
  3. DPOs are more efficient with no learning curve on HIPAA
  4. Bring experience and detailed knowledge of federal and state laws/regulations
  5. Experience in dealing with privacy issues
  6. Better risk protection
  7. Lower fixed costs and reduced staff workload
  8. Expertise in HIPAA/HITECH privacy and security compliance

Chopra can be reached at KChopra@strategicm.com or (703) 535-1413 for more information about using HIPAA experts to serve as a DPO.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Understanding and addressing whistleblowers

The vast majority of the cases resolved by the Civil Division of the Department of Justice (DOJ) were cases brought by “whistleblowers” under the qui tam provision of the False Claims Act (FCA). Whistleblowers are responsible for an even higher percentage of cases resulting in OIG Corporate Integrity Agreements (CIAs). Although most compliance officers are well aware of this program, many remain unclear as to how the process works. Tom Herrmann, J.D., who served over 20 years in the Office of Counsel to the OIG and as an Appellate Judge for the Medicare Appeals Board, explained that Congress permitted a whisltleblower called the “Relator” to file a case with the DOJ under the FCA.  Since this provision of law went into effect in 1986, there have been over 10,000 qui tam cases filed with a current average of one such case being filed every day of the year. The intent was to create incentives for private parties to detect and pursue fraud under the FCA. In return for reporting this information, Relators receive a portion (usually about 15 to 25 percent) of any recovered damages.  Once the lawsuit is filed, it is placed “under seal”, meaning that it is kept secret from everyone but the government, in order to give the DOJ enough time to investigate the allegations in deciding whether to join (“intervene”) in the case. Intervention by the DOJ occurs only in about one in five qui tam lawsuits, leaving whistleblowers the option to pursue cases on their own, however the chances of success are much lower than in cases when the government joins. Most successful qui tam cases are resolved through settlement negotiations rather than a court trial, although trials may occur.

Kash Chopra, J.D., noted that the overwhelming number of cases that result in a CIA, arise from whistleblowers and these, in turn, are based upon violations of the federal Anti-Kickback Statute (AKS). It is the government’s position that all claims arising from a corrupt arrangement violating the AKS or in some cases, the Stark Law, are considered fraudulent. This is even when the services rendered were needed and provided appropriately.  She advises here clients that the best ways to manage the whistleblower risk is to ensure that they are channeled through internal communication channels and their complaints are promptly evaluated, investigated, and resolved.  It is worth considering the following:

  1. Using outside experts to independently audit arrangements with physicians and evaluate compliance communication channel effectiveness.
  2. Ensuring a 24/7 hotline operated externally by experts in recognizing health care compliance issues.
  3. Reviewing/updating hotline-related polices/procedures (confidentiality, anonymity, non-retaliation, duty to report, etc.).
  4. Making sure that the duty to report suspected wrongdoing is explained in the Code, policies and training.
  5. Having trained and competent people on hand to conduct prompt and competent investigations of matters raised through the hotline.
  6. Moving quickly to use CMS and OIG self disclosure protocols when there is credible evidence of violations; and not wait until the DOJ gets involved.

For more information on this subject, Kashish Parikh-Chopra can be reached at kchopra@strategicm.com or via telephone at (703) 535-1413.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.