Kusserow on Compliance: Effective hotline programs

All healthcare organizations need confidential compliance communication channels. First and foremost among them is a hotline. By definition, all effective compliance programs should have a hotline. It is an important avenue of communication between employees and management, in that it permits employees to report sensitive matters outside the normal supervisory channels.  The reality is that developing and monitoring a hotline is a critical part of any effective compliance program. It provides an avenue of communication that permits employees to report sensitive matters outside the normal supervisory channels. The compliance officer bears the responsibility of constantly reviewing and improving the effectiveness of the hotline operation.  The US Sentencing Commission, the HHS Office of Inspector General (OIG), and Department of Justice (DOJ) all call for having a hotline, as well as other authorities, including the Sarbanes-Oxley Act for publicly traded companies and the federal courts in connection with unlawful harassment. Failure to establish positive internal compliance reporting channels often results in reporting externally to the OIG and DOJ from “whistleblowers.” The challenge is establishing effective internal compliance communication. Today, it is the exception to find organizations trying to manage a hotline function internally. The fact is that any advantage of internally operated hotlines is more than off-set by the disadvantages.

From a practical standpoint, it simply is not cost effective to operate a hotline 24/7 internally.  Even those that decide to operate and manage the function in house are confronted with a number of challenges—it is extremely inefficient, costly and seldom meets any minimum standards. Hotline numbers will need to be “backstopped” against tracing and all caller identification systems have to be blocked. People answering the calls in house should not be highly visible to the work force. Confidence comes from neither party being known to the other. Hotline vendors have the training and experience to handle complainants. Callers are generally nervous and afraid and knowing they are providing information to an outside party generally is reassuring. They always raise the question of whether anonymity is truly offered and whether employees will ever sufficiently trust calling an employee. It has become the standard practice for organizations to outsource their hotline to a vendor.  However, evaluating those providing the best service at the right price is a challenge. The following are questions that can be used to determine a properly qualified vendor. Those failing key tests should be avoided as they may prove to be a future liability.

 

Questions for hotline vendors

  1. Cost of Service. Does the vendor charge an established fixed rate or sliding rate based upon number of calls? Seek a fixed, not a variable rate, based upon number or time of calls. A good rule of thumb is that the cost of a hotline service should not exceed $1-3 per employee per year.

 

  1. Industry Focus. Can the vendor evidence having understanding and expertise of issues related to the health care industry? Failing to understand healthcare standards and regulatory matters limits the ability to properly debrief callers. Ask for a breakdown of the types of clients they serve by industries.

 

  1. Hours of Service. Does the vendor provide 24/7 service? If not, don’t use them.

 

  1. Call Centers. Does the vendor provide call services? If so, avoid them completely. Call centers provide outbound calls used to promote services and products. Others answer after hour services for businesses (doctors, plumbers, electricians, etc.) and relate messages to their clients. The people doing this are performing a clerical function and answering hotline calls requires more professional expertise. Furthermore, there is the risk of having calls interrupted by a call for some needing emergency service.

 

  1. Hotline Service Types. Does the vendor provide multiple levels of service for (a) receiving live operator calls and (b) a web-based reporting system that prompts individual complainants? One level alone is not enough.

 

  1. Avoiding Vendor Contract Traps. Does the contract permit cancellation at any time with a simple 30 day notice? If not, don’t use them. Staying with a vendor should be because of good service, not because of being locked into them by contract terms. If you have a current contract, check the termination clauses to see if cancelling a contract is cumbersome. If it is, ask to renegotiate the termination clause. If they decline, then take steps to follow termination procedures in the contract.

 

  1. Hotline Number. Does the vendor want to use their phone number? This is a common vendor trap to lock in users to their service. You advertise their number everywhere and to change would necessitate changing all the places you have advertise the number. Always use and own your own hotline number that can be pointed to a vendor.

 

  1. Language Translation. Does the vendor provide a language translation service to address non-English speakers?

 

  1. Check Vendor Background. What is the level of hotline experience among the ownership, management, and operation of the service?

 

  1. Length of Hotline Experience. How many years of experience can the vendor evidence in the management of hotline operations?

 

  1. Policies, Procedures, and Protocols. Does the vendor provide advice on developing operating protocols for following up an allegations and complaints received through the hotline?

 

  1. Business Associate Agreement (BAA). Does the vendor offer to sign a BAA to meet HIPAA protected health information (PHI) requirements for any patient related information received through the hotline? If they don’t know what that means, forget them.

 

  1. Timelines. Will the vendor agree to provide a full written report within one business day of receipt of the call and for urgent matters, immediate notification?

 

  1. Report Delivery Security. Does the vendor deliver call reports by the most secure means? It is critical to establish a secure call report submission process to a specific responsible party and to an alternate should the primary contact be unavailable? Any delivery of reports via fax or email lack necessary security. It is critical that reports are secured to protect those filing the report, as well as those who are subject of the report or mentioned in them. HIPAA PHI, proprietary and confidential data, and personnel information must be protected. Web-based reporting is the most secure with notification of a report being provided via email.

 

  1. Routine vs. Urgent Reporting. Does the vendor assist in establishing a process that alerts the primary contact to any urgent report received? A delay in reporting a serious issue could result in potential liabilities.

 

  1. Insurance. Does the vendor provide at least one to three million dollars liability coverage? If your vendor does not have this insurance, consider changing over to one that provides this assurance.

 

  1. Caller Contact Information. Does the vendor have procedures for providing callers with a means to call back without disclosing their identity?

 

  1. Personalized Service. Does the vendor provide the identity or identities of individuals available to respond to any issues or question that may arise, whether it relates to call reports, invoice issues, or providing general advice? Not having easy access to someone or having to go through a phone system moving you from one office to another before you find a stranger who may or may not be able to answer your questions can be frustrating. If possible, seek an identified accounts manager who will be responsible for any and all issues that arise under the contract.

 

  1. Training and Assistance. Does the vendor provide guidance on the best way to promote understanding of the hotline?

 

  1. Other Useful Benefits. Are there any other services or benefit provided under the contract? This would include such things as supporting policy and procedures for hotline management, poster templates, newsletters, etc. For smaller organizations, these benefits may exceed even the service fees paid to the vendor. Find out what they offer.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Webinar: What Are the Experts Saying on Health Reform?

Since January, both President Trump and Republican leaders in Congress have talked about a three-step process for repealing and replacing the Patient Protection and Affordable Care Act (ACA). While the first six months of the Trump administration has seen mixed results, its efforts to reign in or hold back regulations, combined with its delay in filling lower-level agency roles, has impacted regulatory review and issuance of new regulations. So, despite Congress’ inability to pass legislation to change parts of the ACA, there is still plenty for providers to be concerned about.

Join Associate Managing Editor Kathryn Beard, JD, on Wednesday, August 2, for this half-hour live webinar covering attempts by the Trump Administration and Congress to delay, deregulate, and derail significant parts of federal health policy. She will discuss the two “repeal and replace” bills, FDARA, and significant executive and regulatory actions taken by the Trump administration which directly impact ACA provisions.

Registration Link:

Before the webinar, download the accompanying White Paper.

Webinar: Delay, Deregulate, Derail — Health Care Roiled by Actions of Trump and Congress

Since January, both President Trump and Republican leaders in Congress have talked about a three-step process for repealing and replacing the Patient Protection and Affordable Care Act (ACA). While the first six months of the Trump administration has seen mixed results, its efforts to reign in or hold back regulations, combined with its delay in filling lower-level agency roles, has impacted regulatory review and issuance of new regulations. So, despite Congress’ inability to pass legislation to change parts of the ACA, there is still plenty for providers to be concerned about.

Join Associate Managing Editor Kathryn Beard, JD, on Wednesday, August 2, for this half-hour live webinar covering attempts by the Trump Administration and Congress to delay, deregulate, and derail significant parts of federal health policy. She will discuss the two “repeal and replace” bills, FDARA, and significant executive and regulatory actions taken by the Trump administration which directly impact ACA provisions.

Registration Link:

Kusserow on Compliance: Human resources management compliance jurisdiction

The great majority of internal investigations arise from complaints filed with the human resources management office (HRM) or through the compliance office hotline. Both functions have their own jurisdiction for dealing with sensitive issues, and this can raise tension and conflict if not addressed properly. HRM has a mission to assist employees in a host of ways, ranging from salaries and benefits to working conditions. It is therefore not surprising that the department is a front-line recipient of questions, concerns, complaints, and allegations related to the workplace. For all practical purposes, the primary responsibility for investigating and resolving personnel-related issues, including unfair labor practices, discrimination and harassment, lies with HRM.

Specific rules must be followed when conducting such investigations and the federal agency providing guidance and oversight is not the HHS Office of Inspector General (OIG) or the Department of Justice (DOJ), but the Equal Employment Opportunity Commission (EEOC). Furthermore, in some states, individuals conducting these types of investigations must undergo a designated number of hours of specialized training on the laws and rules governing employees in the workplace.

The sources of workplace complaints are varied, but their emergence is all but inevitable. With that in mind, it is important to have a clearly communicated and consistently applied policy detailing the specific procedure for reporting complaints. Many organizations encourage employees to utilize the “traditional” chain of command approach to reporting and resolution, while others have established more progressive open door communication policies to encourage unrestricted communication. Direct reporting to HRM is also an option for employees.  Allowing employees to report issues via an employee hotline, generally managed by the compliance officer, is yet another mechanism of reporting.  With most hotline calls have issues that fall under HRM primary jurisdiction, it requires careful coordination to guard against a matter falling between the cracks. This does not necessarily create a bright line of authority between the two functions, as many concerns raised may cross the line from being personnel issues to being compliance issues. It is essential that the compliance office and HRM maintain open communications and establish reciprocal reporting obligations for the purpose of ensuring the appropriate department is apprised of issues that are its primary concern. They must be able to coordinate investigative and resolution activity to avoid unnecessary duplication of efforts.

All of these reporting approaches provide a stream of information that can result in the need for internal inquiry or investigation. It is very important to note that, in order to have an effective reporting program that employees will actually utilize, it must be coupled with a clearly stated anti-retaliation policy. Employees must know that retaliation or attempted retaliation in response to lodging a complaint or invoking the complaint process is strictly prohibited by the organization. In August of 2016, the EEOC issued “Enforcement Guidance on Retaliation and Related Issues”, the EEOC’s first comprehensive review of retaliation since 1998. This was in direct response to the fact that retaliation is now the most frequently alleged basis of discrimination that EEOC receives.

The compliance officer focuses much attention on the Anti-Kickback Statute, Stark Laws, False Claims Act, and other fraud laws with considerable attention given to the OIG, DOJ, and state Medicaid Fraud Control Units. By contrast, the laws that most often occupy HRM interest include Title VII of the Civil Rights Act 1964; the Age Discrimination in Employment Act; the Americans with Disabilities Act; the Family and Medical Leave Act; the Fair Labor Standards Act; the Uniform Services Employment/Reemployment Rights Act; the Employee Retirement Security Act’s governing compensation and benefit plans; and the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) for employer-sponsored health benefits, among others.  The government agencies that oversee these areas are the U.S. Department of Labor, the Equal Employment Opportunity Commission (EEOC), and a variety of state agencies.  Violations can result in serious penalties.

Regarding matters that HRM must investigate and resolve, one area long overshadows (numerically) compliance matters raised to the compliance officer to handle: discrimination and unlawful harassment. Complaints to the federal EEOC and state counterparts number over 100,000 annually.  Many other complaints are received by HRM that never go so far as to be reported to outside authorities.   To meet the challenge of avoiding such complaints, HRM must implement a variety of compliance policies and train everyone on them.  These activities are familiar to compliance officers, who must do the same within their risk areas. However, in the case of some of the HRM-related laws and regulations, federal and state governments establish special rules for standards for related policies and mandatory training.  Special rules extend to the manner by which these types of cases are to be investigated and by whom, when there is a formal complaint.

One example of a compliance risk area requiring care relates to unlawful (sexual) harassment. In a series of Supreme Court cases, the High Court set forth the principle that no employer can mount an affirmative defense to allegations of unlawful harassment unless they can meet three standards: (1) they have zero tolerance policies and procedures in place; (2) all employees and managers are trained on these policies; and (3) the organization has taken steps to identify emerging issues and do not just wait until a complaint takes place.  On this last point, examples of action steps by management include screening hotline calls for any indications of emerging issues, conducting exit interviews and asking about employee work environment issues, and using training on the subject as a means to open discussion of potential problems.  In the latter case, having people stay behind to make further inquiries is more likely to open doors that public statement during formal training.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.