Presented by Richard P. Kusserow CEO Strategic Management/Former HHS IG James Cottos Senior VP...
-
Upload
logan-miles -
Category
Documents
-
view
215 -
download
0
Transcript of Presented by Richard P. Kusserow CEO Strategic Management/Former HHS IG James Cottos Senior VP...
1
INTERIM, DESIGNATED, AND OUTSOURCED COMPLIANCE OFFICERS
Presented by
Richard P. Kusserow CEO Strategic Management/Former HHS IG
James Cottos Senior VP Strategic Management
June 4, 2014
Copyright by Strategic Management Services 2014
3
1. Explain why outsource COs are part of a trend
2. OIG positive recognition of the concept
3. Why outsourcing all/part of CP may be an option
4. Why using them has been endorsed by the OIG
5. When it may be desirable to use them
6. Different types of outsourcing (DCOs, ICOs, DCMs)
7. Benefits of outsourcing CPs
8. What outside expert can provide/scope of duties
9. Factor to consider in engaging a DCO/ICO
OBJECTIVES OF PRESENTATION
Copyright by Strategic Management Services 2014
4
ACA mandates CP as condition of participation
CMS standards will contain certain “core elements”
A “game changers” for providers/suppliers
Executive leadership will have to certify their CP
Many are turning to using outside experts
CMS action will follow the USSC and OIG models.
NEW MANDATE FOR CPs
Copyright by Strategic Management Services 2014
5
For most hospitals, certification/attestation by senior management to having an effective CP will not be a huge problem as many have established programs
For others to establish/certify their CP will be a big problem if they haven't developed one to date
Many nursing homes, home health agencies, hospices, DMEPOS suppliers, emergency transport companies, and physician practices have deferred developing a CP
That decision will no longer be sustainable
MANDATES WILL HIT SMALLER ORGANIZATIONS HARDER
Copyright by Strategic Management Services 2014
6
Outsourcing functions not directly involved in core business activities a major business trend
Increasingly, organizations are exploring when and under what circumstances it makes sense to outsource their CP
Big considerations are saving time and costs and gaining access to better expertise
Outsourcing CP functions has been a long practice, most notably hotlines and sanction-screening
www.compliance.com/services/interim-compliance-officer/
GROWING TREND TO OUTSOURCE COMPLIANCE
Copyright by Strategic Management Services 2014
7
Requires careful action to avoid serious problems later
COs no longer can be an add-on duty
Replacing COs more frequent as average tenure under 3 years
CO not recognized profession is law, finance, audit, etc.
Profession still evolving with COs with variety of educational and professional backgrounds
All this complicates time/effort to replace a CO
Dangerous to replace with one lacking experience/knowledge is dangerous
GROWING TREND cont.
Copyright by Strategic Management Services 2014
8
Hotlines
Sanction screening
Compliance training
Policy development
Auditing/monitoring
CP evaluations/assessments
Compliance surveys
Compliance Training
If possible, look for package arrangements for discounts
www.complianceresources.com
MOST OUTSOURCE PARTS OF THEIR CP
Copyright by Strategic Management Services 2014
9
Long understood it may be reasonably to outsource compliance duties and activities
“For those that have limited resources, the compliance function could be outsourced to an expert in compliance.”
“In situations where staffing limitations mandate that the entity cannot afford to designate a person(s) to oversee compliance activities, the practice could outsource all or part of the functions of a compliance officer to a third party, such as a consultant”
“One approach for ensuring compliance in a small health care organization would be to designate a staff person to serve as a liaison with an outsourced compliance officer”
compliance.com/outsourcing/healthcare-compliance-program/
OIG RECOGNIZES OUTSOURCING
Copyright by Strategic Management Services 2014
10
1. Interim Compliance Officer (ICO) to fill gaps between permanent COs
2. Designated Compliance Office (DCO) full or part time CO
3. Designated Compliance Manager (DCM) to supplement CO
4. Designated Privacy /Security Officer (DPO/DSO) IPAA compliance, usually part time/on call
5. Advisory Consultants to provide assistance, guidance, and support (e.g. CP evaluation)
TYPES OF COMPLIANCE OUTSOURCING
Copyright by Strategic Management Services 2014
11
More focus on core business activities
CO as secondary duty usually has poor results
Dangerous to use unqualified people as COs
May be cost effective full-time CO not justified
Hard for one person to stay current and do all required
Experts have already know how to get the job done
VP level CO at $156,000 to $200,000, plus 25% overhead
May require recruiting outside area with higher costs
WHY OUTSOURCING MAY BE A SOLUTION
Copyright by Strategic Management Services 2014
12
1. Would it be temporary or permanent position?
2. Is the need for full time or part time position?
3. How much time on site is necessary?
4. What kind of position do you need (ICO, DCO, DCM, PO)?
5. Are there cost benefits to taking this course of action?
6. What advantages are you seeking in an outside expert?
7. What will it take to hire an outsider expert?
8. What do they bring that is not available in house?
9. How can you find the right expert?
QUESTIONS TO RESOLVE
Copyright by Strategic Management Services 2014
13
More efficient, no learning curve on compliance
Often less expensive than full time employee CO
Avoids costs (recruiting, employee overhead/benefits)
Credibility likely higher than “in house” staff person
Already current legal/regulatory requirements
Benefit of having worked in a variety of settings
Objectivity, no preconceived notions about personnel or programs
Experience in working with leadership and Boards
Brings "best practices" from broader experience
Able to speak with authority
Experience with proven methods to build sounder CP
Risk assessments and claims analysis expertise
Wide range of expertise (coding, claims, physician contracts)
OUTSOURCING BENEFITS
Copyright by Strategic Management Services 2014
14
Interim Compliance Officers (ICOs) are temporary, serving until a permanent replacement is found
Designated Compliance Officers (DCOs) serve as a full or part time substitute for an employee
Determine costs in salary and overhead for employee versus outsourcing the function?
If cost of outsourcing is less, it is likely a sound decision to follow that route
INTERIM vs DESIGNATED COMPLIANCE OFFICERS
Copyright by Strategic Management Services 2014
15
Developing/integrating the CP elements Providing overall direction for the CP Developing/updating the Code Drafting/revising CP policies/procedures Overseeing auditing/monitoring Keeping Board/management informed on CP Keeping management up to date on legal/regulatory
environment Providing ongoing compliance consulting support Overseeing sanction screening and resolving any “hits” Developing/delivering compliance training and education Performing an assessment of the effectiveness of the CP Assisting with ongoing auditing/monitoring of high-risk areas Managing the hotline Assisting in investigating and resolving compliance issues Conducting risk assessments
SCOPE OF DUTIES
Copyright by Strategic Management Services 2014
16
Many COs are retiring or moving to new jobs Filling a CO vacuum quickly Manage CP until a permanent replacement is found Government investigations often lead to hiring a ICOs CIA may result in a need to build a CP quickly/efficiently Most organizations require only a part time ICO as a
placeholder Leadership often turn to proven experts to promote/elevate
CP Can assist in finding a qualified permanent CO Can provide a fresh look and assessment of the CP Should be temporary for a specific term, usually 4-12 months
WHY INTERIM COMPLIANCE OFFICERS?
Copyright by Strategic Management Services 2014
17
Extensive CP knowledge and experience? Multiple references evidencing of having worked as a CO? A firm with subject matter experts for support? Evidence of working at the executive and Board level? Intimate knowledge of the elements of an effective CP? Knowledge of AKS, Stark Laws, False Claims Act, DFRA, HIPAA, etc.? Experience with managing hotlines and resolution of complaints? A history of conducting internal investigations/inquiries? Experienced with ongoing auditing/monitoring of high risk areas? Ability to develop/deliver compliance education/training programs? Liability insurance coverage for their work?
QUESTIONS FOR SELECTING AN ICODoes the person have…
Copyright by Strategic Management Services 2014
18
Unlike ICOs, not necessarily temporary
Assume responsibilities for the CP
May be an answer for those with limited resources
Outsourcing to qualified experts worth considering
Long been recognized as a valid option for providers
OIG & HCCA co-sponsored roundtable agreed CP could be outsourced to independent compliance experts
For larger entities and organizations, outsourcing the CP should not be considered a realistic option
Most smaller organizations need only a part time DCO
DESIGNATED COMPLIANCE OFFICER (DCO)
Copyright by Strategic Management Services 2014
19
1. Ensure properly qualified/experienced
2. Having served successfully as a CO on multiple occasions
3. Experience with several organization is highly desirable
4. Experience in CP development, implementation, management, evaluation
5. Evidence of competence/authority to deal at executive level
6. Preferable to be with an established firm with many SMEs
7. Abundant references to evidence qualifications
8. Should have liability insurance coverage of $1-3 million
TIPS IN SELECTING A DCO
Copyright by Strategic Management Services 2014
20
Have direct access to leadership and Board
Be able to provide CP certifications to permit reasonable basis to attest the CP is effective
Have a staff liaison to assist coordinating CP activities
Evidence compliance with GAGAS standards for professional independence and objectivity
COMPLIANCE EXPERT SHOULD….
Copyright by Strategic Management Services 2014
21
Too much responsibility, skill needs, and time commitment Develop/implement/maintain privacy documents Confidentiality consent/authorization forms, notices Keeping current with federal and state laws Promote individual/entity awareness obligations Reaching all covered person not one-time event Oversee monitoring of data access Conduct risk assessment; Investigate breaches Interface and coordinate with the Security Official May require several people for large organizations Smaller organizations may be only part time needs tasks Often makes sense to outsource to experts
KEY PRIVACY OFFICER RESPONSIBILITIES
Copyright by Strategic Management Services 2014
22
Under HIPAA all covered entities must have a PO Requires wide knowledge and expertise Hard to find internally, or for hire Often made a secondary duty (CO, HIM, HRM) Cost of someone devoted to this may be expensive Few possess needed range of knowledge Work may fluctuate significantly over time Makes sense to use outside experts
www.compliance.com/hipaa-compliance
HIPAA DESIGNATED PRIVACY OFFICER (DPO)
Copyright by Strategic Management Services 2014
23
1. Expect the unexpected
2. More serious problems exist than disclosed
3. Pockets of hostility from past CO actions
4. Surprising support from almost everyone
5. Entity relief at having a neutral party fixing things
6. Many still need education on CP importance
7. Board and leadership need to invest more in CP
8. Differing roles legal and CO need clarification
9. Must establish credibility and value of a non-revenue generating line item
DCO/ICO LESSONS LEARNED
Copyright by Strategic Management Services 2014
Copyright by Strategic Management Services 2014
24
James CottosStrategic Management Senior VP [email protected]
Richard KusserowFormer IG/Strategic Management CEO