Kusserow on Compliance: Fifteen tips for a more effective hotline program

Having an effective hotline program is a must for any effective compliance program. The operative word is “effective.” Laurel Eakes at the Compliance Resource Center has worked with many hotline operations. She notes from her experience that “the hotline needs to be seen by employees and management as a priority to bring complaints and allegations of wrongdoing in house. The alternative is to drive such information externally to government agencies, litigating attorneys, media, etc., and that can only spell trouble. As such, not acting promptly on information received can result in potential liabilities, headaches, and a lot of remedial work. It is important to make employees comfortable in raising concerns internally and lessening the perceived need to resort to ‘whistleblowing’ to external parties.” Eakes offered the follow tips she has found with her clients for ensuring a more effective hotline program:

  1. Implement related policies (e.g. hotline Operations, Duty to Report, Non-Retaliation, Anonymous and Confidential Reporting, Investigations, etc.)
  2. Log and track all complaints/allegations received through resolution
  3. Set time frames for completion and resolution of complaints and verify they are followed
  4. Be sure those investigating hotline allegations have been trained how to do it properly
  5. Document all steps in the process of resolving hotline complaints/allegations
  6. Have posters on employee bulletin boards for the availability and use of the hotline
  7. Ensure hotline number and its availability is included in new employee orientation
  8. Ensure the hotline program is part of annual compliance training
  9. Have information about the use of the hotline made part of the Employee Handbook
  10. Consider having a flyer go out to all employees on the availability of the hotline
  11. If there is an Intranet for employee use, include information about the hotline
  12. If there is an organization newsletter or intranet, use it to promote the hotline
  13. Maintain a document management system for compliance records
  14. Ensure records are kept in a secure limited access area
  15. Develop summary reports for management and Board on results from the hotline program

 

For more information on this subject, contact Laurel Eakes (leakes@complianceresource.com)

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG reports top unimplemented recommendations

The HHS Office of Inspector General (OIG) Top Unimplemented Recommendations: Solutions to Reduce Fraud, Waste, and Abuse in HHS Programs is an annual OIG publication. These recommendations, if implemented, are ones that would most positively impact HHS programs in terms of cost savings, program effectiveness and efficiency, and public health and safety. All were derived from audits and evaluations issued through December 31, 2019, which predated the COVID-19 public health emergency. Fourteen of the 25 were related to Medicare and Medicaid. The recommendations called for CMS to:

  1. Take actions to ensure that incidents of potential abuse or neglect of Medicare beneficiaries are identified and reported.
  2. Reevaluate the inpatient rehabilitation facility payment system, which could include seeking legislative authority to make any changes necessary to more closely align inpatient rehabilitation facility payment rates and costs.
  3. Seek legislative authority to comprehensively reform the hospital wage index system.
  4. Seek legislative authority to implement least costly alternative policies for Part B drugs under appropriate circumstances.
  5. Provide consumers with additional information about hospices’ performance via Hospice Compare.
  6. Continue to work with the Accredited Standards Committee X12 to ensure that medical device-specific information is included on claim forms and require hospitals to use certain condition codes for reporting device replacement procedures.
  7. Analyze the potential impacts of counting time spent as an outpatient toward the three-night requirement for skilled nursing facility (SNF) services so that beneficiaries receiving similar hospital care have similar access to these services.
  8. Provide targeted oversight of Medicare Advantage organizations (MAOs) that had risk adjusted payments resulting from unlinked chart reviews for beneficiaries who had no service records in the 2016 encounter data.
  9. Require MAOs to submit ordering and referring provider identifiers for applicable records in the encounter data.
  10. Develop and execute a strategy to ensure that Part D does not pay for drugs that should be covered by the Part A hospice benefit.
  11. Ensure that States’ reporting of national Medicaid data is complete, accurate, and timely.
  12. Collaborate with partners to develop strategies for improving rates of follow-up care for children treated for attention deficit hyperactivity disorder (ADHD).
  13. Develop policies and procedures to improve the timeliness of recovering Medicaid overpayments and recover uncollected amounts identified by OIG’s audits.
  14. Identify States that have limited availability of behavioral health services and develop strategies and share information to ensure that Medicaid managed care enrollees have timely access to these services.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Evidencing compliance culture is a major focus of the DOJ compliance guidance

“Has the company surveyed employees to gauge the compliance culture”

The DOJ 2020 Evaluation of Corporate Compliance Programs calls for prosecutors to “assess whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operation.” The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top. Additionally, “beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company.” Prosecutors are told to review the company’s culture of compliance and give consideration to the following questions:

  1. “Has the company surveyed employees to gauge the compliance culture”
  2. “How often and how does the company measure its culture of compliance?”
  3. “What steps has company taken in response to its measurement of compliance culture?”

The challenge is finding the best method by which a compliance culture survey can be administered, analyzed, and evidence a positive compliance culture. This also means having results which are convincing and credible to both those surveyed and those who review the results. One answer is to employ the Compliance Benchmark Culture Survey© which has been employed since 1993 by hundreds of health care organizations and entities with survey population of over three quarters of a million employees. It is the only such survey focused exclusively on the health care sector. It is time tested, reliable and provides credible results meeting the tests of validity in the accuracy of measurement and reliability with the quality of the data obtained and overall survey viability. Unlike the Compliance Knowledge Survey© that uses dichotomous “yes-no” answers, a culture survey uses a Likert Scale where respondents specify their level of agreement or disagreement to a question or statement, thus capturing the intensity of their feelings for a given item. As such, using this type of survey applies when trying to gauge attitudes and perceptions of employees regarding the compliance program.

 

Compliance Benchmark Culture Surveys© are a very cost-effective method and excellent way to gather lots of information from many people. The cost of a most surveys is approximately $5,000 – 7,000.  This includes a 30 page plus report that provides a “deep-dive’” data analysis and interpretation of results for individual questions, panels, or overall scoring with suggested actions for making improvements. It can also be used for internal benchmarking of current results as a baseline against which future surveys can be benchmarked, as well as for external benchmarking against the universe of organizations using same using the same survey instrument.

 

For more information on this topic, contact Richard Kusserow at rkusserow@strategicm.com.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OCR continues enforcement involving HIPAA breaches

 2020 Survey found 60 percent of health care organizations had recent OCR encounters

Lifespan to pay $1,040,000 to Settle Unencrypted Stolen Laptop Breach

Although many agencies have taken the Pandemic into consideration when pursuing enforcement actions, this does not mean they have stopped altogether. Everyone was reminded of this with the announcement that Lifespan Health System Affiliated Covered Entity has agreed to pay $1,040,000 to the HHS Office for Civil Rights (OCR) and to implement a corrective action plan with OCR monitoring for 2 years, in order to settle potential violations of the HIPAA Privacy and Security Rules related to the theft of an unencrypted hospital employee’s laptop containing electronic protected health information affecting 20,431 individuals. OCR’s investigation found:

  • Lack of policies and procedures to encrypt all devices used for work purposes.
  • Failure to encrypt ePHI on laptops
  • Lack of device and media controls
  • Failure to have a business associate agreement in place

Going forward, Lifespan must designate at least one individual to ensure that the organization enters into business associate agreements with its business associates. It must also develop a process for evaluating business relationships and determining which vendors should be considered business associates.

It is noteworthy that the 2020 Healthcare Compliance Benchmark Survey Report found respondents reporting more enforcement encounters with OCR than with the OIG or DOJ.  Nearly 60 percent of respondents reported having encounters with the OCR regarding HIPAA breaches in the last few years. The question is no longer whether there will be a HIPAA Breach problem that draws OCR attention, but when it will occur.  The Survey also found was that three quarters of compliance offices now had responsibility for HIPAA Privacy.  This lays the compliance challenge at the feet of Compliance Officers.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.