MANAGE HIGH-RISK AREAS WITH EFFECTIVE · PDF fileKnew and Disregarded = Liabilities ......

11/14/2013

1

N O V E M B E R 1 4 , 2 0 1 3

MANAGE HIGH-RISK AREAS WITHEFFECTIVE COMPLIANCE RELATED

POLICIES AND DOCUMENTS

Presented By

Richard P. Kusserow, former HHS Inspector General and CEO of CRCJillian Bower, MPA, Vice President of Business Development of CRC

TOPICS TO COVER

1. Documents management is essential to an effective CP

2. Core compliance program related policies/documents

3. Identification of high risk areas for policy development

4. Best practices on developing policies/documents

5. Ongoing maintenance & management of policies/ documents

2

Compliance Resource Center, LLC

ESSENTI AL TO AN EFFEC TI VE C OM PLI ANC E PROGRAM

Compliance Documents3


11/14/2013

2

WHY DO WE NEED COMPLIANCE DOCS

Compliance documents are necessary under: HHS OIG compliance guidance U.S. Sentencing Commission guidelines Affordable Care Act mandates Joint Commission Laws, regulations, ordinances, standards, etc.

Compliance documents promote: Sound business practices Reduction in costly errors and mistakes Patient safety Employee protection Teaches employees duties and responsibilities

4


CRITICAL ELEMENT OF CP

“Every compliance program should require the developmentand distribution of written compliance policies that identifyspecific areas of risk to the hospital. These policies should bedeveloped under the direction and supervision of the chiefcompliance officer and compliance committee, and, at aminimum, should be provided to all individuals who areaffected by the particular policy at issue, including thehospital’s agents and independent contractors.”

DHHS Office of Inspector General “Publication of the OIG Compliance Program Guidance forHospitals.” Fed. Reg. Vol. 63, No. 35. ( February 23, 1998)

5



“Due diligence and the promotion of an organizational culturethat encourages ethical conduct and a commitment tocompliance with the law within …minimally require… Theorganization shall establish standards and proceduresto prevent and detect criminal conduct.”

U.S. Sentencing Commission. “2012 Guidelines Manual.” Chapter 8, Part B, Section 2.1(b)(1). (Effective Nov. 1, 2012).

6


11/14/2013

3


“A provider of medical or other items or services or supplierwithin a particular industry sector or category shall, as acondition of enrollment in the program… establish a complianceprogram that contains the core elements established …”

ACA § 6401(a)(7) Compliance Programs

7


WORST CASE SCENARIOS

Implementing policies consistent with law and regulation but not following them. Knew and Disregarded = Liabilities

Implementing similar/multiple policies that are differing or inconsistent in its guidance. Conflicting Guidance = Liabilities

Implementing policies but not training the staff. Uninformed and Miscommunication = Liabilities

Revising policies without rescinding the previous version. Conflicting Guidance = Liabilities

8


COST FOR POLICY DEVELOPMENT


9

Average cost to develop a new policy is $5,000.00

Whether done internally or with outside assistance

Copying policies found elsewhere can be dangerous

Will address ways to reduce costs later in this presentation

11/14/2013

4

LOWER POLICY DEVELOPMENT COSTS


10

Standardize the policy development process

Standardize the form and format for all policies

Use a header block to control policy development

Ensure all related policies are cross referenced

Limit all policies to a single issue

Ensure that the policy document is only a couple pages in length

Keep the document simple, easy to understand

Write the text to be understandable to all who must follow it

ONE SIZE DOES NOT FIT ALL11

P&P and compliance documents must: Be consistent with organization’s mission and vision

Conform to existing culture and organization

Address the nature of activities

Follow established form , format, and structure

Vendors or consultants to assist in P&P development

Free P&P templates online or from friends Take care in copying someone else’s policies

Look for copyrights

Ensure they fit your organization and business sector


DOCUMENT MANAGER


12

Central repository for all organization’s policy and compliance documents

Accessible to those involved in document development and covered persons

Maintains current and rescinded versions Prevent conflicts, inconsistencies on same topic Be cross referenced to similar documents Include evidencing of user training Note when implemented Track when reviewed, revised Archive rescinded documents

11/14/2013

5

RELATED TO YOU R C OM PLI ANC E PROGRAM

Core Compliance Documents13


COMPLIANCE DOCUMENTS

Written guidance (Code of Conduct, policies/procedures) Charter and committee documents Key position/ job descriptions Agreement s/contracts (Business Associate Agreements) Form and attestations (Conflict of interest) Auditing and monitoring plans CP oversight documents (Budget, plans, requests Response to compliance alerts Compliance reports to executive and board leadership Compliance communications (Hotline reports, etc.)

14


POLICIES AND PROCEDURES DEFINED15

Policy refers to an organization’s position aboutwhat should or should not be done based on laws,regulations and the organization’s perspective

Procedure refers to sequential steps that enablesomeone to accomplish something

Policies and procedures thus refer to the principlesand methods that enable people affiliated with anorganization to perform in a predictable, repeatableand consistent way


11/14/2013

6

CORE CP POLICIES16

Compliance oversight Compliance management Policy development Code of conduct Record management Confidentiality/ Anonymity Non-Retaliation Duty to report Investigation/ Remediation Education/ Training Hotline management

Sanction screening Compliance issue resolution Compliance as an element of

performance Auditing & monitoring Risk assessment Conflict of Interest Visits by government agents Protocols with Legal Counsel Protocols with HR


I DENTI FYI NG AREAS FOR POLI C Y DEVELOPM ENT

Compliance High Risk Areas

17


HIGH RISK AREAS FOR P&P

Anti-Kickback Statue /Stark Law Gifts Joint ventures Physician arrangements Physician recruitment Professional courtesy Safe harbors Vendor relations

False Claims Act Claim development Claim submission Billing and coding Billing auditing and

monitoring

HIPAA Patient privacy Security measures Use and disclosure of PHI

EMTALA Medical screening Physician on-call response Leaving the ED Administration Stabilization Transfer

18


11/14/2013

7

HIGH RISK AREAS FOR P&P

Claims Development/Submission ABN Billing & coding Medical records Document retention Drugs DME Long-Term care Hospital-Based physician Charge description master Incident To Observation stays Rehabilitation

Quality of Care Medical necessity Plan of care Accuracy of quality reporting

Cost Reports Bad debt Credit balance

Clinical Research Human subject research Time & effort reporting

Human Resources Unlawful harassment Use of social media

19


GOVERNMENT ACTIONS


20

New Legislation (ACA, DEFRA, HIPAA, FCA) CMS, OIG, FDA regulations and manual changes OIG Compliance Guidance Documents OIG Annual Work Plan OIG Audit and Evaluation Reports OIG Advisory Opinions DOJ and OIG enforcement actions Government contractors (RACs, MACs, etc.)

SPECIFIC TO THE ORGANIZATION

Internal audits

Organizational vulnerability Assessments

Policy gaps that result in problems

Hotline reports alerting to potential policy gaps

Questions raised during compliance training

Independent compliance program reviews

Government or contractor findings of deficiencies

21


11/14/2013

8

POLI C Y AND C OM PLI ANC E DOC U M ENT DEVELOPM ENT

Best Practices22


POLICY DEVELOPMENT


23

Several options based on available resources:

Create new policies from scratch (internal)

Outside assistance, such as consultant or law firm

Copying policies found online or by other healthcare organizations

Documented and cited policy templates through service provider

www.ComplianceResource.com

24Compliance Resource Center, LLC

11/14/2013

9


BEST PRACTICES TO DEVELOP DOCS26

Must develop a standardize process1. Adopt a common form and format2. Perform adequate regulatory/legal research3. Get involvement from those who will have to follow them4. Make it understandable to all covered persons


WHAT SHOULD DOCS LOOK LIKE?27

1. Header box to date approval, by whom, etc.2. Standardize form and format3. Explain purpose and context for the policy4. Define scope in terms of people and functions5. Limit to a single issue6. Short declarative statements7. Written in the active voice8. Succinct, focused and simple9. User friendly, written in simple terms10. Consistent with Code of Conduct11. Not conflicting with other policies or guidance12. Cross referenced to similar policies13. Define all key terms14. Anchor in cited authority


11/14/2013

10

SPECIFIC P&P ELEMENTS28

Header BlockBackground Introduction Purpose/Objectives StatementScope of the Policy Definitions SectionPolicy StatementsProceduresRelated PoliciesReferences/Citations


Header Block



11/14/2013

11



Compliance Resource Center, LLC 33

11/14/2013

12

POLI C Y AND C OM PLI ANC E DOC U M ENTS

Maintenance and Management 34


DOCUMENT & POLICY MANAGEMENT


35

Managing P&P and other key compliance documents through all stages of the document life cycle is criticalto an effective CP, this includes: Control and storage of all P&Ps and compliance documents Develop and standardize document form and format Establish a need for new documents Manage work flow in creation of new/revised documents Take action when needed Track when documents should be reviewed and updated Maintain an archive of retired versions Ensure document access control and security Facilitate distribution to covered parties

DOCUMENT & POLICY MANAGEMENT


36

A document management system is needed to track, administer, and store policy documents in their development, approval, revision and rescission. It must: Be accessible to all the covered persons Prevent conflicts, inconsistencies on same topic Be cross referenced to similar documents Include evidencing of user training Note when implemented Track when reviewed, revised Archive rescinded documents

11/14/2013

13

WHO SHOULD BE INVOLVED IN DEVELOPMENT?

37

1. Proposing Party

2. Drafting Party

3. Review Committee

4. Approval Authority

5. Policy Coordinator


1. PROPOSING PARTY38

Individual(s) most knowledgeable on the subject

Identifies need for new written guidance

Proposes new policies and needed revisions

Recommends update schedule for the action


2. DRAFTERS39

Individuals most knowledgeable on the subject

Can ensure practicality and “buy in” for P&Ps

You may consider outside assistance

Expert consultant Subject matter expert Attorney

Note: They can write policies relating to law and regulation but not necessarily the procedures


11/14/2013

14

3. REVIEWER(S)40

Determined by the approval party to review P&Ps

Members can also be part of the Proposing Party

Comment, review & propose timely revisions to drafts

Documents can be reviewed multiple times before sending on to the Approving Authority


REALITY TESTING41

Sound practice to involve those who will have to abide by the P&P (i.e., covered persons) Do they understand what is expected of them Identify any needs for clarification.

Often P&Ps are written without considering unintended or possible consequences of implementation


PRESENTING DRAFTS FOR APPROVAL42

Review Committee should:Distribute proposed P&P with justification in

advance of presentation

Present compliance issue in question

Describe how P&P would address such issue

Provide implementation plan (e.g. distribution and education to covered persons)


11/14/2013

15

4. APPROVING AUTHORITY43

Individuals in leadership positions to make decisions and approve operations for organization Board Corporate Compliance Committee C-Suite: CEO, COO Operations or Department Management

Comments/proposed revisions returned to Drafting Party to address

Must review and approve P&P on a timely basis


5. POLICY COORDINATOR44

Corporate Compliance Officer or Operational/ Department Manager should coordinate the process Ensure new/revised P&P are reviewed and approved timely Work with Drafting Party to ensure all appropriate parties

receive the P&P for review and approval Organize, categorize and assign numbers to all P&Ps Periodically report to senior management on the status of

P&Ps updates Arrange for printing, posting on intranet and/or distribution

of all P&P


IMPLEMENTING P&P45

Policy Coordinator, along with Corporate Compliance Officer and Departmental Managers should ensure: Proper dissemination or electronic access Education/training on new/revised P&Ps for all covered

persons

Important to evidence covered persons were trained Also that:

They understand what is expected Are prepared to follow the P&Ps

Test their knowledge using questions and scenarios


11/14/2013

16

RESCINDING POLICIES46

Rescind old versions when: A new version is approved The current version is outdated with current regulations, rules or

guidance

Archive old versions by date to a section designated for retired P&P Maintain as part of the records management system Don’t delete rescinded/revised P&P from the records system or

manuals but archive them.

Responsible Operational/Department Manager should make a written request to rescind or update the P&P and the reason for the proposed action


ONGOING POLICY MONITORING47

Each department should annually review compliance P&P relevant to their area of responsibility

Ensure covered persons have been trained

Verify the P&Ps are operating as designed

Identify needs for new training or clarification

Establish metrics to evidence effectiveness and report results

Propose revisions or new policies


ONGOING MONITORING & AUDITING48

Part of P&P management and administration

Applies to both CP and operational compliance P&Ps

Ongoing monitoring by Department Managers to verify P&P are being followed

Ongoing auditing by Corporate Compliance Officer to verify monitoring by management and to validate P&Ps are effective


11/14/2013

17

P&P AUDIT STANDARDS49

1. Are there protocols establishing responsibilities for P&Ps development/implementation?

2. Are P&P disseminated and/or easily available?

3. Are polices regularly reviewed and updated?

4. Are there policies regarding creation, retention, management, storage, retrieval destruction?

5. Are P&Ps written at a reading level for all covered parties?


P&P AUDIT STANDARDS50

6. Have P&Ps related to CP structure & operation been developed and implemented?

7. Are there P&Ps that address: High-risk areas

Compliance office records management

How individuals may report anonymously or in confidence

Protect anonymity of complainants and protect whistleblowers from retaliation

Adherence to compliance as an element in evaluating managers and employees


SU BM I T A QU ESTI ON TO THE PRESENTERS

Question and Answer51


11/14/2013

18

CONTACT US

Richard P. [email protected] x 411

Jillian [email protected] x 405

52


ADDITIONAL COMPLEMENTARY MATERIAL

Free policy document - Compliance Policy and Procedure Development and Administration Policy

Published article - Compliance 101. Developing Sound Policies and Procedures Specific to Potential Risks

Copy of the PowerPoint

53


THANK YOU.

54


MANAGE HIGH-RISK AREAS WITH EFFECTIVE · PDF fileKnew and Disregarded = Liabilities ......

Documents

Transcript of MANAGE HIGH-RISK AREAS WITH EFFECTIVE · PDF fileKnew and Disregarded = Liabilities ......