Presented by Richard P. Kusserow CEO Strategic Management/Former HHS IG James Cottos Senior VP...

1

INTERIM, DESIGNATED, AND OUTSOURCED COMPLIANCE OFFICERS

Presented by

Richard P. Kusserow CEO Strategic Management/Former HHS IG

James Cottos Senior VP Strategic Management

June 4, 2014

Copyright by Strategic Management Services 2014

2

PRESENTERS

Richard Kusserow James Cottos


3

1. Explain why outsource COs are part of a trend

2. OIG positive recognition of the concept

3. Why outsourcing all/part of CP may be an option

4. Why using them has been endorsed by the OIG

5. When it may be desirable to use them

6. Different types of outsourcing (DCOs, ICOs, DCMs)

7. Benefits of outsourcing CPs

8. What outside expert can provide/scope of duties

9. Factor to consider in engaging a DCO/ICO

OBJECTIVES OF PRESENTATION


4

ACA mandates CP as condition of participation

CMS standards will contain certain “core elements”

A “game changers” for providers/suppliers

Executive leadership will have to certify their CP

Many are turning to using outside experts

CMS action will follow the USSC and OIG models.

NEW MANDATE FOR CPs


5

For most hospitals, certification/attestation by senior management to having an effective CP will not be a huge problem as many have established programs

For others to establish/certify their CP will be a big problem if they haven't developed one to date

Many nursing homes, home health agencies, hospices, DMEPOS suppliers, emergency transport companies, and physician practices have deferred developing a CP

That decision will no longer be sustainable

MANDATES WILL HIT SMALLER ORGANIZATIONS HARDER


6

Outsourcing functions not directly involved in core business activities a major business trend

Increasingly, organizations are exploring when and under what circumstances it makes sense to outsource their CP

Big considerations are saving time and costs and gaining access to better expertise

Outsourcing CP functions has been a long practice, most notably hotlines and sanction-screening

www.compliance.com/services/interim-compliance-officer/

GROWING TREND TO OUTSOURCE COMPLIANCE


7

Requires careful action to avoid serious problems later

COs no longer can be an add-on duty

Replacing COs more frequent as average tenure under 3 years

CO not recognized profession is law, finance, audit, etc.

Profession still evolving with COs with variety of educational and professional backgrounds

All this complicates time/effort to replace a CO

Dangerous to replace with one lacking experience/knowledge is dangerous

GROWING TREND cont.


8

Hotlines

Sanction screening

Compliance training

Policy development

Auditing/monitoring

CP evaluations/assessments

Compliance surveys

Compliance Training

If possible, look for package arrangements for discounts

www.complianceresources.com

MOST OUTSOURCE PARTS OF THEIR CP


http://www.complianceresources.com/

9

Long understood it may be reasonably to outsource compliance duties and activities

“For those that have limited resources, the compliance function could be outsourced to an expert in compliance.”

“In situations where staffing limitations mandate that the entity cannot afford to designate a person(s) to oversee compliance activities, the practice could outsource all or part of the functions of a compliance officer to a third party, such as a consultant”

“One approach for ensuring compliance in a small health care organization would be to designate a staff person to serve as a liaison with an outsourced compliance officer”

compliance.com/outsourcing/healthcare-compliance-program/

OIG RECOGNIZES OUTSOURCING


http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=-MomgLDS-6mUMM&tbnid=bDBJiljwG15nFM:&ved=0CAUQjRw&url=http://www.hitechanswers.net/oig-2012-report-lists-top-10-challenges-facing-hhs/&ei=0_N0U7u_Oo2aqAbui4DwAw&bvm=bv.66699033,d.b2k&psig=AFQjCNHQ3iq-g2RE1uEIuajG0KuvNAYoHQ&ust=1400259923063212

10

1. Interim Compliance Officer (ICO) to fill gaps between permanent COs

2. Designated Compliance Office (DCO) full or part time CO

3. Designated Compliance Manager (DCM) to supplement CO

4. Designated Privacy /Security Officer (DPO/DSO) IPAA compliance, usually part time/on call

5. Advisory Consultants to provide assistance, guidance, and support (e.g. CP evaluation)

TYPES OF COMPLIANCE OUTSOURCING


11

More focus on core business activities

CO as secondary duty usually has poor results

Dangerous to use unqualified people as COs

May be cost effective full-time CO not justified

Hard for one person to stay current and do all required

Experts have already know how to get the job done

VP level CO at $156,000 to $200,000, plus 25% overhead

May require recruiting outside area with higher costs

WHY OUTSOURCING MAY BE A SOLUTION


12

1. Would it be temporary or permanent position?

2. Is the need for full time or part time position?

3. How much time on site is necessary?

4. What kind of position do you need (ICO, DCO, DCM, PO)?

5. Are there cost benefits to taking this course of action?

6. What advantages are you seeking in an outside expert?

7. What will it take to hire an outsider expert?

8. What do they bring that is not available in house?

9. How can you find the right expert?

QUESTIONS TO RESOLVE


http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=rw2AuuQtJF7uxM&tbnid=pivnGsMzYAjjCM:&ved=0CAUQjRw&url=http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&docid=rw2AuuQtJF7uxM&tbnid=pivnGsMzYAjjCM:&ved=&url=http://www.gograph.com/stock-illustration/confusion.html&ei=tRd5U6utNsaSyASHuIHQCg&bvm=bv.66917471,d.aWw&psig=AFQjCNFxz9RfvXHYU_lpXClgWmpFb4JdIw&ust=1400531254234427&ei=9Bd5U-m3Ec-FqgaB3IG4Bg&bvm=bv.66917471,d.aWw&psig=AFQjCNFxz9RfvXHYU_lpXClgWmpFb4JdIw&ust=1400531254234427

13

More efficient, no learning curve on compliance

Often less expensive than full time employee CO

Avoids costs (recruiting, employee overhead/benefits)

Credibility likely higher than “in house” staff person

Already current legal/regulatory requirements

Benefit of having worked in a variety of settings

Objectivity, no preconceived notions about personnel or programs

Experience in working with leadership and Boards

Brings "best practices" from broader experience

Able to speak with authority

Experience with proven methods to build sounder CP

Risk assessments and claims analysis expertise

Wide range of expertise (coding, claims, physician contracts)

OUTSOURCING BENEFITS


14

Interim Compliance Officers (ICOs) are temporary, serving until a permanent replacement is found

Designated Compliance Officers (DCOs) serve as a full or part time substitute for an employee

Determine costs in salary and overhead for employee versus outsourcing the function?

If cost of outsourcing is less, it is likely a sound decision to follow that route

INTERIM vs DESIGNATED COMPLIANCE OFFICERS


15

Developing/integrating the CP elements Providing overall direction for the CP Developing/updating the Code Drafting/revising CP policies/procedures Overseeing auditing/monitoring Keeping Board/management informed on CP Keeping management up to date on legal/regulatory

environment Providing ongoing compliance consulting support Overseeing sanction screening and resolving any “hits” Developing/delivering compliance training and education Performing an assessment of the effectiveness of the CP Assisting with ongoing auditing/monitoring of high-risk areas Managing the hotline Assisting in investigating and resolving compliance issues Conducting risk assessments

SCOPE OF DUTIES


16

Many COs are retiring or moving to new jobs Filling a CO vacuum quickly Manage CP until a permanent replacement is found Government investigations often lead to hiring a ICOs CIA may result in a need to build a CP quickly/efficiently Most organizations require only a part time ICO as a

placeholder Leadership often turn to proven experts to promote/elevate

CP Can assist in finding a qualified permanent CO Can provide a fresh look and assessment of the CP Should be temporary for a specific term, usually 4-12 months

WHY INTERIM COMPLIANCE OFFICERS?


17

Extensive CP knowledge and experience? Multiple references evidencing of having worked as a CO? A firm with subject matter experts for support? Evidence of working at the executive and Board level? Intimate knowledge of the elements of an effective CP? Knowledge of AKS, Stark Laws, False Claims Act, DFRA, HIPAA, etc.? Experience with managing hotlines and resolution of complaints? A history of conducting internal investigations/inquiries? Experienced with ongoing auditing/monitoring of high risk areas? Ability to develop/deliver compliance education/training programs? Liability insurance coverage for their work?

QUESTIONS FOR SELECTING AN ICODoes the person have…


18

Unlike ICOs, not necessarily temporary

Assume responsibilities for the CP

May be an answer for those with limited resources

Outsourcing to qualified experts worth considering

Long been recognized as a valid option for providers

OIG & HCCA co-sponsored roundtable agreed CP could be outsourced to independent compliance experts

For larger entities and organizations, outsourcing the CP should not be considered a realistic option

Most smaller organizations need only a part time DCO

DESIGNATED COMPLIANCE OFFICER (DCO)


19

1. Ensure properly qualified/experienced

2. Having served successfully as a CO on multiple occasions

3. Experience with several organization is highly desirable

4. Experience in CP development, implementation, management, evaluation

5. Evidence of competence/authority to deal at executive level

6. Preferable to be with an established firm with many SMEs

7. Abundant references to evidence qualifications

8. Should have liability insurance coverage of $1-3 million

TIPS IN SELECTING A DCO


20

Have direct access to leadership and Board

Be able to provide CP certifications to permit reasonable basis to attest the CP is effective

Have a staff liaison to assist coordinating CP activities

Evidence compliance with GAGAS standards for professional independence and objectivity

COMPLIANCE EXPERT SHOULD….


21

Too much responsibility, skill needs, and time commitment Develop/implement/maintain privacy documents Confidentiality consent/authorization forms, notices Keeping current with federal and state laws Promote individual/entity awareness obligations Reaching all covered person not one-time event Oversee monitoring of data access Conduct risk assessment; Investigate breaches Interface and coordinate with the Security Official May require several people for large organizations Smaller organizations may be only part time needs tasks Often makes sense to outsource to experts

KEY PRIVACY OFFICER RESPONSIBILITIES


22

Under HIPAA all covered entities must have a PO Requires wide knowledge and expertise Hard to find internally, or for hire Often made a secondary duty (CO, HIM, HRM) Cost of someone devoted to this may be expensive Few possess needed range of knowledge Work may fluctuate significantly over time Makes sense to use outside experts

www.compliance.com/hipaa-compliance

HIPAA DESIGNATED PRIVACY OFFICER (DPO)


23

1. Expect the unexpected

2. More serious problems exist than disclosed

3. Pockets of hostility from past CO actions

4. Surprising support from almost everyone

5. Entity relief at having a neutral party fixing things

6. Many still need education on CP importance

7. Board and leadership need to invest more in CP

8. Differing roles legal and CO need clarification

9. Must establish credibility and value of a non-revenue generating line item

DCO/ICO LESSONS LEARNED



24

James CottosStrategic Management Senior VP [email protected]

Richard KusserowFormer IG/Strategic Management CEO

[email protected]

mailto:[email protected]

Presented by Richard P. Kusserow CEO Strategic Management/Former HHS IG James Cottos Senior VP...

Documents

Transcript of Presented by Richard P. Kusserow CEO Strategic Management/Former HHS IG James Cottos Senior VP...