Does your organization have a designated Compliance Officer? a. Yes b. No c. Don't know

Transcription

1 Developing a Compliance Workplan Uri Bilek Feldesman Tucker Leifer Fidell LLP

2 Does your organization have a designated Compliance Officer? a. Yes b. No c. Don't know

3 Does your organization have an established compliance program? a. Yes b. No c. Don't know

4 Does your organization have an established compliance program budget? a. Yes b. No c. Don't know

5 Has your organization ever developed a compliance workplan? a. Yes b. No c. Don't know

6 Welcome to Developing a Compliance Workplan > Health Reform and Health Care Corporate Compliance > What is Health Care Corporate Compliance? > Process of Developing a Compliance Workplan

7 Health Reform and Health Care Corporate Compliance > Increased funding of program integrity activities > Greater OIG enforcement authorities > Higher risk of False Claims Act liability > Mandatory return and reporting of overpayments > Mandatory compliance programs

8 Health Reform and Health Care Corporate Compliance > Under Health Reform Law: As a condition of enrollment in Medicare, Medicaid, and CHIP, providers must establish a compliance program Core components of compliance program to be established by the Secretary of HHS in consultation with the OIG Will be specific to particular industry or category of the supplier or provider Effective after HHS issues regulations

9 What is Health Care Corporate Compliance? > What is a compliance program? A proactive and reactive system of internal controls, operating procedures, and organizational policies to ensure that the rules applicable to your organization are regularly followed > What is the benefit of a compliance program? Effective compliance programs both prevent violations and reduce the potential for liability should such violations occur

10 What is Health Care Corporate Compliance? > OIG Compliance Program Guidance for Individual and Small Group Physician Practices 65 Fed. Reg et. seq. (October 5, 2000) Seven elements of effective compliance programs: 1. Compliance Officer 2. Internal Monitoring and Audits 3. Written Standards and Policies 4. Training and Education Programs 5. Open Lines of Communication 6. Respond to Detected Problems 7. Disciplinary Standards Identifies high risk areas

11 Developing a Compliance Workplan > Recommended Structure of a Compliance Workplan Tasks Goals / Metrics Timeframe Responsible Party Budget

12 Compliance Workplan Tasks, Goals / Metrics > Many ways to structure a workplan 7 elements Compliance risk areas

13 Compliance Workplan Tasks, Goals / Metrics > Describing the task Level of detail Goals / metrics > Where to start? Compliance risk assessment The OIG considers risk assessment to be a key component of an effective compliance program According to the OIG, organizations should conduct a comprehensive baseline risk assessment or obtain one from a consultant What is risk?

14 Types of Risk > Health Care Provider Specific Risks Clinical staff credentialing, misdiagnosis, dispensing errors, research issues, informed consent, medical records, and other areas that affect patient care and service > Health Care Regulatory Compliance with Federal, State, and local regulations > Legal Liability Statutory responsibilities of employers and employees, liabilities pursuant to contract and tort liabilities under which the organization can be sued for injuries to patients, employees, and others.

15 Types of Risk > Financial Maintaining solvency, grants management issues, appropriate fiscal management standards, reserves and investments, tax issues > Operational Possibility of loss or damage, or impairment of use of buildings, office equipment, personal property

16 Purpose of the Risk Assessment > Reasons for Conducting a Risk Assessment: To identify and prioritize areas of focus of compliance program Conserve resources (both financial and otherwise) Practice sound management Improve operational efficiency

17 Planning a Risk Assessment > Identify who will lead / conduct the risk assessment Each department head Compliance Officer Compliance committee (staff) Legal department Management team Compliance committee (Board)

18 Key Elements of a Risk Assessment 1) Identify risk areas 2) Assess level of risk 3) Rank risk areas

19 Identifying Risk Areas > Internal Sources Past and Current Organizational Activities Known problem areas / Open issues Filed complaints, grievances Audit findings Corporate Integrity Agreements, fines, sanctions Joint Commission surveys State investigations Planned Organizational Activities Areas of growth / contraction Process changes Personnel changes

20 Identifying Risk Areas > External Sources Changes in law, regulation PPACA FFATA Wall Street Reform Government / regulatory / policy guidance Enforcement Activities Changes at an affiliate / contractor / vendor Changes in economy Physical changes Time

21 Identifying Risk Areas > Sources of Information Read the news! Government agency information OIG Compliance Guidances, Work Plans, Fraud Alerts, Bulletins, etc. CMS, SAMHSA guidances FDA alerts State Medicaid agency bulletins IRS publications DOJ press releases FTC announcements Professional sources Trade associations Counsel and colleagues

22 Identifying Risk Areas > Interviews with key departments Risk-prone: finance/billing, coding, nursing, ancillaries (lab/supplies), E.D., clinics, HR Marketing/sales HIPAA privacy person In-house counsel > Review of Key Documents Previous internal and external audit and consulting reports Policies and procedures Contracts with hospitals, physicians, vendors Training course syllabi and attendance records

23 Prioritizing (Assessing) Risk Areas Risk can be analyzed using a simple equation: Probability of occurrence x Consequences of occurrence > Example: Chance that patient will fall down the front stairs Remote / Possible / Likely / Probable / Certain Consequences of patient fall Lawsuit payout Additional care Bad publicity

24 Prioritizing (Assessing) Risk Areas > In the context of health care compliance: Probability of occurrence: 1) The likelihood that risk will materialize Frequency with which activity occurs Whether education / training occurs on routine basis Whether controls are in place Results of any compliance audit Culture of compliance 2) The level of government monitoring and enforcement Whether it is a priority for government agencies Whether enforcement agencies have the capacity to identify the noncompliant activity

25 Prioritizing (Assessing) Risk Areas > In the context of health care compliance: Consequences of occurrence: The impact that noncompliance would have on the organization Legal proceedings Liability and financial loss Public perception / loss of trust

26 Prioritizing Risk Areas Rank risk areas into high, medium, and low categories SEVERITY OF CONSEQUENCES severe serious moderate remote possible probable LIKELIHOOD OF OCCURRENCE/ENFORCEMENT

27 Compliance Workplan Timeframes > Structural Options Include: Annual Quarterly Monthly Specific dates / events > Prioritization > Consider other priorities

28 Compliance Workplan Responsibility > Role of the Compliance Officer > Involvement of Key Personnel > Ownership and Accountability > Conflicts of Interest > Internal/External Expertise

29 Compliance Workplan Budgeting > No correct amount to spend on compliance

30 Developing a Compliance Workplan > Key Recommendations Build in room for the unknown Be flexible Be realistic Be detailed know your audience! Get buy in from upper management, staff

31 Questions? Uri Bilek, Esq. (202) Feldesman Tucker Leifer Fidell LLP th St NW, 4 th Floor Washington, DC 20036