Kusserow on Compliance: Nine tips for compliance officers—addressing high-risk areas

Carrie Kusserow is an expert on conducting compliance risk assessments and has been called upon by compliance officers to meet their challenge of addressing the numerous compliance high-risk areas. She notes that there are more than 40 high-risk areas identified by the OIG in its Compliance Guidance for hospitals. Guidance for other health care sectors has a similar set of compliance high-risk areas and the number of identified compliance risk areas continues to grow every year. To meet this challenge, compliance officers must stress to program managers their ongoing monitoring responsibility to identify and manage compliance risks within their areas of operations. This includes keeping informed of current rules and regulations; ensuring changes are incorporated into policies and procedures; training staff on following that written guidance; and verifying staff adherence to new policies. Ongoing auditing of operational high-risk areas has two primary objectives, including verifying that managers meet their obligations, and validating that the process achieves the desired outcomes. Audits need to be conducted by parties independent of the operational areas being audited, and may include compliance office staff, internal audit, outsider consultants and auditors, or any combination thereof. She offered the following tips for consideration by compliance officers:

 

  1. Work with management to identify operational high-risk compliance areas as set forth in the OIG Work Plans, Fraud Alerts, Advisory Opinions, audits, and enforcement priorities and in Medicare contractor activities, industry news, PERM reports, and PEPPER data.

 

  1. Implement specialized training programs for program managers on what they need to do to meet their ongoing monitoring of high-risk areas in their operational area.

 

  1. Ensure that program managers have identified and listed all compliance high-risks areas related to their operational areas; have developed/implemented monitoring plans for identified risk areas as part of meeting their ongoing monitoring responsibilities. This includes testing and reviewing adequacy of the internal controls (e.g. policies/procedures) to reduce likelihood of that an unwanted event will occur in high risk areas.

 

  1. Rank high-risk areas in terms of vulnerability and impact or damage from a risk incident, including calculating the potential damage from a compliance risk failure, including the magnitude of direct and indirect financial and reputational consequences; and the likelihood of a compliance risk event by considering whether the area is a current enforcement priority based on risk assessment results.

 

  1. Develop and implement an audit plan based on risk assessment results, giving highest priority to the highest risk areas. The audits should test and continuously review current internal controls for adequacy in mitigating risk and reducing the chance of an unwanted risk event.

 

  1. Ensure corrective action plans have been instituted for all risk area deficiencies identified by ongoing monitoring or auditing.

 

  1. Have a follow-up review of any areas where there had been findings requiring remedial action to ensure corrective measures have been taken and are working as intended.

 

  1. Consider engaging compliance experts to independently evaluate the effectiveness of a compliance program.

 

  1. Present results of risk assessment, monitoring and auditing as regular agenda items for management and board level compliance committees.

 

For more information on compliance high-risk assessment, contact Carrie Kusserow, Strategic Management Managing Senior Consultant (703-535-1453) or at ckusserow@strategicm.com

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: GAO calls for CMS to mitigate program risks in managed care

·       Medicaid enrollment in managed care rose in three years from 35 to 55 million beneficiaries

·       $170 billion Medicaid managed care is half of total federal Medicaid expenditures

·       CMS is not doing enough to ensure accuracy in payments

 

Congress called for the Government Accountability Office (GAO) to conduct a study of the Payment Error Rate Measurement (PERM), which  measures the accuracy of capitated payments for managed care, including CMS’s and states’ oversight. Driving this inquiry was the rapid growth of Medicaid managed care enrollment, which increased by 56 percent in three years, jumping from covering 35 million beneficiaries to 54.6 million beneficiaries. Federal Medicaid managed care expenditures last year were $171 billion, almost half of the total for Medicaid. The GAO focused on weaknesses in oversight, given the recent rapid growth. The GAO reviewed program integrity risks reported in 27 federal and state audits and investigations over a five year period; federal regulations and guidance on the PERM; and the CMS’s Focused Program Integrity Reviews. The GAO also contacted program integrity officials in the 16 states with a majority of 2016 Medicaid spending for managed care. The GAO found:

  1. Ten of 27 federal and state audits and investigations identified about $68 million in overpayments and unallowable MCO costs, not accounted for by PERM estimates.
  2. Another investigation resulted in a $137.5 million settlement.
  3. CMS does not have a process to track managed care overpayments and cannot determine whether states considered those overpayments when they set capitation rates.
  4. CMS is not doing enough to ensure that states are adequately paying managed Medicaid companies and that the plans are making correct payments to providers.
  5. The managed care component of the PERM neither includes a medical review of services delivered to enrollees, nor reviews of MCO records or data.
  6. CMS and states have updated regulations, focused reviews, and used federal program integrity contractors’ audits of managed care services, however, some of this is only recent, and it may not fully address risks across all states.
  7. CMS does not ensure identification and reporting of overpayments to providers and unallowable costs by MCOs.

The GAO called for CMS to consider and take steps to mitigate the program risks that are not measured in the PERM, such as overpayments and unallowable costs. Such an effort could include actions such as revising the PERM methodology or focusing additional audit resources on managed care. The GAO also recommended CMS expedite the release of planned guidance and requirements for states to report to the CMS overpayments made between managed-care providers and plans.

 

 

 

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ Policy for continued antitrust enforcement DOJ

At the American Bar Association’s Anti-Trust in Healthcare Conference, Deputy Attorney General Barry Nigro provided a wide ranging presentation regarding DOJ efforts to combat rising health care fraud. He noted that, in 2016, health care spending in the United States accounted for $3.3 trillion, or $10,348 per person—approximately 18 percent of Gross Domestic Product (GDP). At this level of spending, the economy can ill afford fraudulent activity to increase the cost of health care. Inasmuch as health care involves critical care, it means the DOJ is giving it a higher priority. DOJ is continuing to give this area a priority that includes rigorous investigation and prosecution of those engaged in Medicare provider fraud and price gouging by drug makers. The DOJ will carry on with questioning mergers and potential collusion among health systems and payers. This includes market allocation agreements, price fixing, and naked market allocation. Some of the topical areas covered in his address included the following:

  1. Criminal prosecutions related to price fixing and market allocation agreements
  2. Parties circumventing generic drug regulations
  3. Market allocation and no-poach agreements
  4. Limitations on exemptions and immunities from anti-trust laws
  5. Continued reliance on the Clayton Antitrust Act
  6. Urging states to consider negative effect on competition when passing laws
  7. Support for certificate of need provisions
  8. Urging states to consider laws that impose occupational licensing requirements
  9. Professionals being able to advertise receiving board certification to patients

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Staffing of interim compliance officers

Serious risks arise when there is a gap in compliance officers. Not having someone managing the day to day compliance program is begging for problems. Filling a gap by having someone designated to manage the program until a permanent replacement is found is a bad idea. They likely will do as little as possible in an area they don’t know or could be expected to recognize and address problems in a timely and professional manner. Currently, on average, it takes a minimum of 3 to 5 months to find and bring on board a permanent replacement; and that is far too long to leave the program without active professional management. One solution to consider is using an expert as an interim compliance officer. Managed correctly, it can provide high-value service that is cost effective. Depending on the size and complexity of an organization, an expert may be able to manage the day-to-day operation and deal with emerging compliance issues at less than full time.

Kash Chopra, JD, MBA, has provided highly experienced and knowledgeable consultants as temporary and interim compliance officers to fill a compliance officer gap. Interim compliance officers can make significant improvements for any compliance program in a relatively short order. She noted among the benefits an interim compliance officer expert can bring to an organization is an objective assessment on the status of the program without being invested in any prior decisions. This added value of providing an independent compliance program effectiveness evaluation is a real bonus and this value by itself should save the cost of the engagement. Incorporating this in the terms of a temporary compliance officer engagement can produce the added benefit of gaining an independent assessment of the status of the program by outside experts that are independent. They can provide a road map action plan for the permanent office to improve program effectiveness. As far as the day-to-day management of the program, interim compliance officers bring the expertise in knowing how to respond to identified problems, as well as educating the Board and executive leadership on changes in the regulatory and enforcement environment. Her final advice on the use of the interim compliance officers is to remember that they are temporary compliance officers serving for a period of time until a permanent replacement can be found. As such, the agreement should set time frames of 60 to 90 days with the option to extend on a month to month basis.

For more information about engaging compliance experts to serve as Interim Compliance Officers, Chopra can be reached at KChopra@strategicm.com or (703) 535-1413.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.