Compliance:
Find 4 More Crucial Elements to Boost Your Compliance Program
Published on Mon Dec 02, 2024
Tip: A log of issues is a means of troubleshooting — and insurance.
CJ Wolf, MD, M.Ed., CPC, COC, CHC, CHPC, CHRC, CIA, described the new, voluntary compliance guidance released by the Office of Inspector General (OIG) during his presentation “Understanding the New OIG Compliance Program Guidance” at AAPC’s HEALTHCON Regional 2024.
Even if you’re already familiar with the seven elements of an effective compliance program, Wolf’s explanations of each aspect can take your organization’s compliance to the next level.
“This guidance is all voluntary, but they’re what the government is going to use if you get into trouble,” Wolf said. If your organization is found to be noncompliant and enforcement action(s) are brought against you, like having to sign a corporate integrity agreement (CIA), then your organization will have to follow this guidance:
- Compliance issue logs. Some organizations have hotlines where people can call or boxes — sometimes in bathrooms, where people ostensibly have privacy — for people to report issues. Making sure folks have a mechanism for reporting is key here, Wolf said — but anonymity can be important, too, especially if people are worried about reporting issues because they fear retaliation.
Having a log is crucial because you then have evidence that your compliance system is working. A log shows people feel comfortable reporting any issues or suspected issues, and that the compliance officer or committee looked into the issues, determined whether it was a valid complaint and/or appropriate for compliance to resolve, and what measures they took after looking into the report(s), Wolf explained.
“You should be able to tell that story years after the fact,” he said, pointing out that such logs can save organizations from larger enforcement actions if they can effectively show, through evidence like a compliance log, that the issues were with a single bad apple.
- Motivation. An effective compliance program should have appropriate consequences for noncompliance, as well as incentives for compliance, Wolf said. Consequences, like firing individual who use technological privileges to access medical records of people who aren’t patients under their care, are perhaps easier to bring to mind, but incentives aren’t too difficult to imagine, like structuring a manager’s bonus so it relies on all of the employees they oversee completing their compliance trainings by a certain time. One could add consequences to underscore the incentives too, like folks who don’t complete their trainings on time having repercussions. It may also make sense for your organization to incorporate compliance into employee or department annual reviews, Wolf suggested.
- Risk assessment. With the latest updated guidance, the OIG has recognized the increasing importance of formal compliance risk assessment processes being incorporated into compliance programs. Wolf said that having a formal policy every year, including naming people responsible for completing the process, is helpful, and that it’s important to do a risk assessment annually; because, for example, the services your organization offers may expand or detract, and thus your risks may change. “If you’re not really doing a formal risk assessment, I would encourage you to do that. It’ll kind of up the level of your compliance program,” Wolf said.
- Medical necessity. In the newest guidance, the OIG says that medical necessity needs more emphasis in compliance programs, beyond common coding and billing audits. One way to think about the difference between coding or billing audits and the determination of medical necessity is not just whether the service or item was provided but whether it was necessary. The OIG is “not saying that the coder auditor has to do it, but somehow the organization needs to somehow involve somebody with some clinical background to at least start that,” Wolf explained. Medical necessity can cover so many kinds of situations in healthcare, from providers performing more and unnecessary or inappropriate surgeries to secure more pay to providers ordering tests that are redundant. Wolf warned that he has “tons of clients who are getting audited and getting nailed to the wall” over medical necessity noncompliance, so make sure your program has systems in place to evaluate whether items and services provided are indeed appropriate.
Rachel Dorrell, MA, MS, CPC-A, CPPM, Development Editor, AAPC