Medicare Compliance & Reimbursement

New guide stresses compliance in healthcare organizations as a ‘way of life.’

Want to know what the HHS Office of Inspector General (OIG) expects from your organization in terms of compliance? Now you have a blueprint for exactly what you need to do. 

On April 20, the OIG released “Practical Guidance for Health Care Governing Boards on Compliance Oversight,” a joint guidance document developed with the American Health Lawyers Association, the Association of Healthcare Internal Auditors, and the Health Care Compliance Association. Published in the Federal Register, the OIG’s guidance is specifically targeted for healthcare governing boards to understand what the OIG expects of them as they oversee their organization’s regulatory compliance.

Thankfully, the OIG followed up the lengthy 200-page Federal Register publication with a nicely condensed, 15-page document providing the basic information that boards need, according to Michael Gennett, a Miami-based healthcare attorney and partner with Akerman LLP.

“For compliance professionals, there’s nothing new here,” Gennett says regarding the document. “The guidance identifies the usual primary areas of concern: appropriate billing, evaluating referral relationships, determining whether the organization is billing for medically unnecessary services or services not provided at all, and privacy concerns.”

Does Your Organization Have a ‘Culture of Compliance’?

Still, the OIG’s guide is worth paying close attention to. “The guidance comes at a time when the OIG is beginning to scrutinize boards and their members who are not taking an active role in identifying compliance issues, or who are not actively evaluating the effectiveness of the organization’s compliance program and the people involved,” Gennett points out. And the guidance does emphasize the board’s role in establishing a culture of compliance in a healthcare organization.

And the guidance is a weighty reminder for healthcare organizations that analyzing compliance concerns and evaluating the company’s compliance program is a function that they should perform regularly, not just when there’s a problem, Gennett notes. “Boards are responsible for assuring that staff within the organization or outside compliance consultants are staying abreast of changes in reimbursement and licensing requirements, and communicating those requirements throughout the organization.”

The guide focuses on four areas:

1. Roles of, and relationships between, the organization’s audit, compliance, and legal departments;

2. Mechanism and process for issue-reporting within an organization;

3. Approach to identifying regulatory risk; and

4. Methods of encouraging enterprise-wide accountability for achievement of compliance goals and objectives.

1. Define Roles & Relationships

The OIG’s first expectation for board oversight of compliance program functions focuses on defining the interrelationships of your organization’s audit, compliance, and legal functions in charters or other organizational documents. The OIG expects boards to define the structure, reporting relationships, and interaction of these and other functions, along with departmental roles and responsibilities. The OIG’s guide outlines the following functions:

• Compliance — The compliance function promotes the prevention, detection, and resolution of actions that do not conform to legal, policy, or business standards. This includes developing policies and procedures, creating incentives to promote employee compliance, developing metrics to measure execution, implementing corrective actions, and developing reports and dashboards that help management and the board to evaluate the program’s effectiveness.

• Legal — The legal function advises your organization on the legal and regulatory risks of your business strategies, providing advice and counsel to management and the board about relevant laws and regulations that govern, relate to, or impact the organization. 

• Internal audit — The internal audit function provides an objective evaluation of the existing risk and internal control systems and framework within your organization.

• Human resources — The human resources function manages the recruiting, screening, and hiring of employees, as well as coordinates employee benefits, and provides employee training and development opportunities

• Quality improvement — The quality improvement function promotes consistent, safe, and high-quality practices within your organization. This function improves efficiency and health outcomes by measuring and reporting on quality outcomes and recommends necessary changes to clinical processes to management and the board.

Boards should also evaluate and discuss how management works together to address risk, including the role of each in:

• Identifying compliance risks;

• Investigating compliance risks and avoiding duplicative efforts;

• Identifying and implementing appropriate corrective actions and decision-making; and

• Communicating between the various functions throughout the process.

2. Institute Compliance Reporting to the Board

According to the OIG, your board should set and enforce expectations for receiving particular types of compliance-related information from various members of management. Your board should receive regular reports regarding your organization’s risk mitigation and compliance efforts, from a variety of key players like those responsible for audit, human resources, compliance, legal, quality, and information technology.

Boards may consider conducting regular “executive sessions,” which would involve leadership from the compliance, legal, internal audit, and quality functions, to encourage more open communication, the OIG says. “Scheduling regular executive sessions creates a continuous expectation of open dialogue, rather than calling such a session only when a problem arises, and is helpful to avoid suspicion among management about why a special executive session is being called.”

3. Identify & Audit Potential Risk Areas

Your organization’s board and management should have strong processes for identifying risk areas, the OIG stresses. In particular, risk areas include referral relationships and arrangements, billing problems like upcoding and submitting claims for medically unnecessary services, privacy breaches, and quality-related events.

Boards should identify risk areas from both internal and external sources, the OIG instructs. Internal sources may include employee reports to an internal compliance hotline or internal audits. External sources may include professional organization publications, OIG-issued guidance, consultants, competitors, or news media.

4. Encourage Accountability & Compliance

“The guide reminds boards to develop and encourage a compliance ‘way of life,’” notes Elinor Murarova, a Chicago-based associate attorney with Duane Morris LLP. Suggestions for doing this include:

• Assess employee performance in compliance;

• Implement annual incentive programs contingent on meeting certain compliance goals;

• Encourage self-identification of compliance failures and voluntary disclosures; and

• Evaluate whether, and ensure that, compliance systems and processes encourage effective communication.

Resource: The condensed document, “Practical Guidance for Health Care Governing Boards on Compliance Oversight,” is available at oig.hhs.gov/compliance/compliance-guidance/docs/Practical-Guidance-for-Health-Care-Boards-on-Compliance-Oversight.pdf.