related information

Services
Health Law
Industries
Health Care
Related Publications
 publications full of ideas
 
Keeping Your Compliance Program Healthy – Essentials of an Effective Evaluation Process 
Corridors - News for North Carolina Hospitals

08.01.2007

Hospitals have important responsibilities relating to corporate compliance requirements that are unique to the health care industry. Today’s operational environment, which requires hospitals to navigate the complex laws and regulatory requirements governing health care business practices, underscores both the necessity of having an effective compliance program in place and the risks associated with failing to implement and maintain such a program. These risks include the laws against fraud and abuse, the False Claims Act, Sarbanes-Oxley, and tax and securities laws, among many others.

A compliance program incorporates standards and comprehensive strategies designed to ensure the organization’s compliance with applicable laws, regulations and policies. In the health care context, its primary objectives are (1) to ensure that claims submitted to federal, state and private payors are consistently accurate and defensible and (2) to maintain quality of care and patient safety. In today’s regulatory environment, it is not sufficient simply to put a good program in place without following up at regular intervals with monitoring and auditing that continue to test and confirm compliance.

Design and Implementation - The Health Care Compliance Association’s resource titled “Evaluating and Improving a Compliance Program” suggests that an effective compliance program should be designed in a manner which:

  • Addresses the organization’s business activities and consequent risks;
  • Educates those persons whose jobs could have a material impact on those risks;
  • Includes auditing and reporting functions designed to measure the organization’s actual compliance and the effectiveness of the program, and identifies problems as quickly and as efficiently as possible;
  • Provides for the prompt remediation of problems that are identified; and
  • Contains enforcement and discipline components that ensure employees take their compliance responsibilities seriously.

Responsibilities within a Hospital Organization - The hospital compliance officer has the primary responsibility for developing and implementing the compliance program. Executive management should support the efforts of the compliance officer by providing adequate resources and by ensuring that a well-designed compliance program is effectively implemented. In exercising both its duty of care and oversight functions, the Board of Directors has the obligation to monitor and provide guidance during development of the compliance program and to ensure that an effective plan is adopted.

Recent Developments

Ongoing Evaluation and Assessment - While design and implementation are obviously the critical first steps in building and operating an effective compliance program, government enforcement and oversight agencies have recently indicated an increased focus on the importance of continuous evaluation and assessment and, when appropriate, taking steps to enhance an existing compliance program. This includes the following:

  • The U.S. Department of Justice’s consideration of compliance-related factors in making charging decisions, including “efforts to implement an effective compliance program or to improve an existing one;”
  • Compliance-related changes to the organizational Federal Sentencing Guidelines include “ongoing active oversight and monitoring of the compliance and ethics program;” and
  • The 2005 Supplemental Compliance Program Guidance for Hospitals from the Office of the Inspector General (OIG) strongly advises hospitals to “regularly review the implementation and execution of their compliance elements” and provides guidance to assist hospitals “in identifying significant risk areas and in evaluating and, as necessary, redefining ongoing compliance efforts.”

DRA and Ethical Components - Whether designing and implementing a new program or monitoring and revising an existing one, hospitals that qualify as “covered entities” should comply with the Deficit Reduction Act of 2005 (DRA). The DRA requires all health care providers that “make or receive” annual Medicaid payments of $5 million or more (“covered entities”) to provide their employees, contractors, and agents: (1) detailed information in written policies about the federal False Claims Act and any state laws pertaining to civil or criminal penalties for making false claims and statements to the government or its agents; and (2) information regarding the organization’s compliance plan for detecting and preventing fraud and abuse. Also, consistent with the latest changes in the Federal Sentencing Guidelines, the compliance program should include a significant ethics component. In its 2005 Guidance, the OIG recommends that hospitals include a statement of the organization’s “ethical and compliance principles” to guide its operations.

Quality of Care - The OIG suggests in recently released guidance that an “effective” compliance program should not only detect and deter legal violations but must be designed to assess and maintain compliance in the quality of care arena as well. In its recent guidance, titled “Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors” (released jointly with the American Health Lawyers Association), the OIG states that hospital directors have a “concomitant duty to recognize the emerging legal and compliance issues associated with quality of care initiatives, and to direct executive leadership to address these issues.”

Evaluation and Assessment are Critical

The recent emphasis and importance given by government oversight agencies to the evaluation and assessment of a health care organization’s compliance program should serve as a mandate for every hospital to conduct regular, in-depth examinations of its program to determine whether it is operating effectively and accomplishing its intended goals. The OIG recommends such a review “be conducted at least annually and should include an assessment of each of the basic individual elements, as well as the overall success of the program.” One goal of the evaluation should be to identify deficiencies and problem areas and correct them before they create a significant risk to the hospital.

Evaluation Process - Regardless of the hospital’s decision to use internal or external resources to perform auditing and monitoring functions, the persons assigned should be well-trained and independent from the areas to be audited and must be given the authority and access necessary to conduct a successful review. A primary objective should be to look for concrete evidence proving that the key elements of the hospital’s compliance program are functioning effectively. Methods to accomplish this may include interviews with department managers and staff, analysis of documents and records, employee questionnaires, and on-site reviews.

Role of the Compliance Officer - The compliance officer plays the key role in the evaluation and assessment of the hospital’s compliance program. The compliance officer not only must establish and oversee the auditing and mentoring plan but must continuously review its effectiveness and make changes to the plan when necessary. It is also the responsibility of the compliance officer to report audit findings to management and the Board of Directors and to work with them to ensure that appropriate corrective actions are implemented to address any identified weaknesses or deficiencies.

Conducting a Risk Assessment

A good place to begin is by conducting a risk assessment to identify weaknesses or deficiencies that may pose a significant danger to the hospital. Among other things, the assessment should include a review of the following: (1) issues previously discovered and thought to be corrected; (2) information gleaned from employee and consumer complaints and surveys; (3) findings of any recent audits conducted by outside agencies; (4) new regulatory guidance from oversight agencies and how effectively it was communicated and implemented; and (5) available data demonstrating how well the hospital complied with its own internal policies and procedures, as well as those mandated by outside authorities. Once risk areas have been identified and objectively prioritized, the hospital can better design its evaluation process to focus on and address the areas of greatest risk.

Monitoring Key Elements

In addition to the areas identified by the risk assessment, the hospital’s evaluation should examine the following key elements of its compliance plan.

  • Policies and Procedures Including Standards of Conduct
  • Are they clear and understandable, and have they been adequately distributed and communicated to staff?
  • Are they being followed in actual practice?
  • Are violations being detected and corrected?
  • Are responses and disciplinary actions appropriate?
  • Are there systems in place to identify needed modifications and updates, and are those systems working?

Training and Evaluation

  • Have adequate training sessions been conducted by qualified trainers covering appropriate topics, including changes in internal and external policies and procedures?
  • Does the hospital have systems in place to measure the effectiveness of its training programs?
  • Does the Compliance Department keep track of employee education to ensure employees have completed required training and maintain documentation to show that trainings were completed?

Effective Lines of Communication

  • Have enforcement and disciplinary standards been clearly and effectively communicated?
  • Has the hospital created and fostered an environment that encourages employees to report their concerns without fear of retaliation?
  • Have adequate mechanisms been provided for employees to communicate concerns?
  • Are reports of suspected non-compliance adequately tracked and documented to ensure they are fully and timely investigated and addressed?
  • Are executive management and the Board of Directors provided information on a regular basis regarding reports, inquiries, and results of any investigations and corrective actions taken?

Response and Enforcement

  • Are reports of suspected non-compliance promptly and thoroughly investigated?
  • Are employees, contractors, and medical and clinical staff adequately screened and checked against appropriate databases?
  • When non-compliance is confirmed, is appropriate corrective action taken, including measures to prevent recurrence?
  • Are disciplinary standards fairly and consistently enforced, and enforcement actions thoroughly documented?

Benefits of an Effective Compliance Program

Allocation of resources to an effective compliance program is a good business investment. A hospital that has developed and implemented an effective evaluation and assessment plan for its compliance program will not only benefit from having met government oversight requirements, but it will also reap the many benefits of a successful compliance program. These benefits include:

  • Getting claims paid more promptly and efficiently by improving claims accuracy and reducing denials;
  • Reducing exposure to federal and state criminal, civil and/or administrative liability for fraudulent or false claims, and reducing the likelihood of whistleblower lawsuits;
  • Reducing exposure to collateral consequences such as exclusion, disbarment or similar sanctions at the federal and state level;
  • Enhancing quality of care and patient safety;
  • Improving communication within the hospital system and avoiding duplication of effort;
  • Improving employee performance and morale by establishing and enforcing high standards of operational and ethical behavior; and
  • Enhancing the hospital’s reputation in the community and promoting public and investor confidence.

For a hospital to design, implement and maintain an effective compliance program requires significant energy and resources. However, a program that prevents submission of false claims, addresses employees’ concerns before they resort to whistleblower lawsuits, avoids the monetary and non-monetary consequences of government enforcement actions, and improves the quality of patient care represents a truly worthwhile investment.

If you are interested in obtaining copies of the resource materials referenced in this article, please contact Chris Brewer, who will be happy to provide information on how they may be easily accessed. Available resources include: (1) Health Care Compliance Association’s “Evaluating and Improving a Compliance Program – A Resource for Health Care Board Members, Health Care Executives and Compliance Officers,” April 2003; (2) USDHHS-OIG and American Health Lawyers Association’s (AHLA) “An Integrated Approach to Corporate Compliance: A Resource for Health Care Organization Boards of Directors,” July 2004; (3) USDHHS-OIG and AHLA’s “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors;” (4) USDHHS-OIG’s “Supplemental Compliance Program Guidance for Hospitals,” January 2005; (5) AHLA’s “IRS ‘Good Governance’ Practices Analysis and Annotations,” May 2007; and (6) USDHHS-OIG and AHLA’s “Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors,” June 2007.

Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601
Communication Agreement

I understand and agree that Poyner Spruill LLP will have no obligation to keep confidential the information that I am now sending to the firm.