Kusserow on Compliance: Extending and economizing compliance programs—tools, services and tips

Compliance officers are confronted with a host of ever increasing external regulatory and internal demands with most having inadequate resources to meet all the challenges.  Furthermore, it is becoming increasingly common to add responsibility for HIPAA Privacy to the portfolio of compliance officers’ duties. All of this results in ongoing efforts to find ways to extend capabilities, while being sensitive to limited available resources. There are finite options available. Of course, the preference is to handle all this with internal staff. However, unfortunately for most compliance officers, limitations on increased office staffing limits this option. In some cases, organizations turn to Out-Sourcing their compliance program. This is most often done as a measure to temporarily fill gaps with an Interim Compliance Officer (ICO) when an incumbent leaves, or smaller organizations contracting the function out to an individual or firm to assume responsibility by providing a Designated Compliance Officer (DCO). Co-Sourcing is a third option and “middle ground” between hiring new staff (In-Sourcing) and Out-Sourcing and may prove to be the best strategy available for compliance officers to take huge pressures away, if implemented correctly. It involves using limited vendor services and tools to address key elements in the compliance program.

Co-Sourcing Compliance Services/Tools

The key factor that separates Out-Sourcing from Co-Sourcing is the maintaining control and direction under the compliance officer. It involves using a third-party on an ongoing basis to supplement limited staff resources by carrying part of the workload. It can help bridge the gap without compromising the ability to easily return to a structure where the compliance officer reassumes full operation when staffing issues are resolved. This approach is also recognized by the OIG as a useful solution to where an organization is limited in-house compliance expertise and resources. Compliance Officers are increasingly employing this as a means as a practical solution when confronted with a staffing shortage and offers the advantage of using limited, rather than full time services. It also may permit gaining access to a range of specialist without having them full time on payroll.

Common Types of Co-Sourcing Tools/Services

Co-Sourcing Expert Services

There are a number of advantages of engaging outside experts for limited scope of work, especially to address staff shortage or obtaining technical skills that do not exist in-house. Careful use of vendors to supplement the Compliance Office can not only gain access to experts not available in-house, but can save time, money, and effort; while maintaining flexibility to end an arrangement at anytime, when no longer needed. The following are common examples of Co-Sourced services:

Co-Sourcing Tips

  1. Clearly define duties, tasks, responsibilities, and methodology for vendor to follow.
  2. Ensure the agreement is flexible to expand or contract levels of service as needed.
  3. Look for providers that have industry specific expertise.
  4. Check experience and seek references of the firm.
  5. Ensure individuals provided have the needed skills, experience, and expertise.
  6. Bigger is not always better, as smaller niche firms are more likely to provide better, less expensive services.
  7. If planning to Co-Source for multiple tools and services, consider seeking discounts for a “bundling” arrangement.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Engaging experts to supplement and assist compliance offices

Most compliance offices are swamped with work. Sometimes it is a periodic rush to meet some urgency, while at other times there is just too much to be done with too little to meet all challenges in the ever-changing regulatory and enforcement environment. There are three broad ways to handle the load: (1) insource, so that all compliance office work is handled in-house, using consultants only occasionally for advisory services or evaluation of the compliance program; (2) outsource the compliance program to designated or interim compliance officers as a temporary solution for maintaining continuity, using an expert to be the interim compliance officer; or (3) cosource by using on-call experts to supplement the compliance office with specific duties or assignments.

Suzanne Castaldo, J.D., an expert on the subject, notes that many smaller organizations cannot justify the cost and burdens of supporting the program in-house and outsource it entirely to a designated compliance officer, who most often is a part-time engaged expert. The HHS Office of the Inspector General (OIG) recognized the use of designated compliance officers who may serve in that capacity for several organizations. Taking this approach should entail engaging experts on a part-time basis. If a full-time person can be afforded, then using this approach doesn’t make sense. The benefits include bringing the experience of many organizations to the entity that could ill afford to develop in-house.

Kashish Chopra, J.D., MBA, CHC, has served as an interim compliance officer and makes the point that in this day and age, with such a rapidly evolving regulatory and enforcement environment, health care organizations cannot afford to take the chance on having a gap in the compliance office. Having an expert on a short-term engagement can take over the reins of the program while a permanent replacement is found.

Jillian Bower, a highly experienced consultant has been instrumental in providing supplemental support to compliance officers. She noted that cosourcing has evolved as a “middle ground” between insourcing and outsourcing and has also been recognized by the OIG as a useful solution when expertise and resources are limited. It involves using experts on an ongoing basis to supplement limited staff resources to carry out part of their workload. It offers the advantage of the compliance officer maintaining control and direction of the program. Cosourcing can help bridge the gap in a manner that does not compromise the flexibility to easily return to a position where the Compliance Office can reassume full operation and end cosourcing at any time, when staffing issues are resolved. It is hiring piecemeal as needed. Common cosourcing may be using a consultant as a HIPAA privacy and/or security officer, conducting ongoing monitoring/auditing, performing enterprise risk management/analysis, engaging a statistical data claims analyst expert to determine error rates, hotline operations management, compliance investigations/training, reviewing arrangements with referral sources, and managing the sanction screening operations.

The fact is that there are options for consideration when a compliance program is being stretched beyond its capability to meet challenges or where a gap takes place among key compliance staff.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Tips for getting the most from your CIA

This was the title of a section in a presentation by Laura Ellis, HHS Office of Inspector General (OIG) Senior Counsel, at the recent Health Care Compliance Association (HCCA) Compliance Institute, where she explained that the settlement process is very lengthy, and that compliance officers should spend that time period preparing for what is to come. Even before matters are referred to the OIG for settlement negotiations, the matter will have been with the Department of Justice (DOJ) for a long time.  It is only after the DOJ turns matters over to the OIG that the agency determines whether or not a corporate integrity agreement (CIA) is necessary, and if so, what terms and condition should be included in the agreement.  Ellis stated that negotiations with the OIG may take up to a year before a CIA emerges.   It is during this rather long lead-up period that the compliance officer should be very busy preparing for what is to come.  Ellis offered a number of suggestions for the compliance officer to follow while this process is underway, including:

Thomas Herrmann, J.D., was previously responsible for negotiating CIAs on behalf of the OIG and in providing monitors with a number of years’ consulting experience, working with more than a dozen clients with CIAs and as an Independent Review Organization (IRO). He agreed with the Ellis statement about the long lead time before a CIA is signed, and that the compliance officer should not waste that valuable time.  Once executed, the clock begins ticking and a lot has to be accomplished in a relatively short time.   Among the most important tasks needing immediate attention is finding and vetting potential outside experts to be the IRO and, in some cases, compliance experts for the Board and quality monitors. The responsibility for selecting these experts lies with the organization, not the OIG.  This may take a lot of time and warrants serious consideration as in all likelihood, the organization will have them for five years.  A mistake in selection will come back to haunt the organization and may aggravate matters with the OIG.  The compliance officer should be very much involved in finding and selecting the right experts with the right expertise.   The more experience the firm selected has in performing this type of work, the less likely there will be problems.  An experienced firm won’t have the learning curve of an inexpert firm that oftentimes adds cost to the engagement and results in poor reports to the OIG.  For an organization that is already in hot water with the DOJ and OIG, this kind of complicating matter is not wanted.

Carrie Kusserow has over 15 years’ compliance officer and consultant experience, and was brought in to be the compliance officer to an organization under a CIA while Laura Ellis was the monitor. Kusserow echoes Ellis’ advice to organizations to take steps to “get the most out of the money” expended on these resources. The more expert they are in the health care sector, the better.  The more experience the individuals assigned to do the work have, particularly experience with the OIG, the better.   The one thing to avoid is hiring an IRO and then paying it to learn about the type of work being done by the organization or how to interact with the OIG. Having top-notch experts can impart considerable added value from prior experience of doing this kind of work. She also pointed out that once these outside experts are engaged, there is another lag period before they begin their work and again when they present reports on the results of their work.  It is a huge mistake to allow these gap periods to elapse without doing serious preparation work.  It is important to begin planning at the earliest date for what is needed to meet CIA terms and conditions, which will assist in this effort, and development of a project plan for execution.   The planning process and timelines for meeting CIA requirements will have to take into account when reports by the IRO, and possibly the compliance expert, are due to the OIG.

Steve Forman, CPA, has over 35 years’ experience, having served as both as a compliance officer and as an IRO many times, and as a compliance expert four times under a CIA. He advises compliance officers that one step that cannot be undertaken too soon is getting the Executive/Management Compliance Committee and Board Compliance Committee involved. They need to understand fully in practical and operational terms their personal obligations, along with what is needed from them to meet CIA obligations.   He also strongly recommends at the first indication that a CIA may be in the future to begin reviewing posted agreements on the OIG website, especially those that involve similar types of organizations.   One point of caution is that the OIG has been changing CIAs significantly as to new requirements, conditions, and certifications by board members and executives. Information derived from these reviews should be translated into a plan of action to ensure the organization is in tune with what the OIG will expect.  He strongly suggests that compliance officers consider engage compliance experts to do two things:

  1. Have the compliance program conduct an independent evaluation and act on findings and recommendations. Having such a report with evidence of correcting any deficiencies can be invaluable evidence to the OIG in making a determination as to whether a CIA is necessary and, if so, mitigating terms and conditions. It will be looking for this evidence.
  2. Once a CIA is executed, immediately engage experts to conduct a mock audit to test the terms and conditions that must be met under the CIA and to have them addressed before the IRO or compliance expert under the CIA begins work.

Taking these two steps can avoid a lot of problems, expenditures and complications under a CIA. The OIG takes evidence of independent experts serious. That is why they rely upon them as IROs, Compliance Experts, and Quality Monitors.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on
Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.