OIG Compliance 101 - Ensuring the Next Generation is Prepared
While most still believe that Office of Inspector General (OIG) Compliance is still voluntary, the truth is it is not. It is actually mandated and the authority to compel health care providers and suppliers to adopt compliance programs is actually a condition of enrollment in Medicare, Medicaid, and the Children's Health Insurance Program. This authority was granted to the Secretary of Health and Human Services (HHS) by Section 6401 of the Affordable Care Act (ACA). To be even more specific, Section 6401 requires health care providers to develop and implement a formal health care compliance program as a condition of enrollment in federal health care programs. The statute requires the secretary, in consultation with OIG, to adopt what is referred to as "Core Elements" for each type of provider/supplier and in each industry segment. Even though as of 2018 the Secretary has not issued core elements or new guidance, it is clear that providers should continue to follow the published guidance outlined by OIG in 2002.
The Seven Fundamental Elements of an Effective Compliance Program (https://oig.hhs.gov/compliance/provider-compliance-training/files/Compliance101tips508.pdf)
1. Implementing written policies, procedures and standards of conduct - Without written policies and procedures you do not have policies. Saying, "This is how we have always done it" is not a policy and is indefensible. Health care organizations should write policies specific to their operations and their culture. There is no one-size fits all when it comes to writing policies, so be smart about what you put in writing and what you are going to do. If you make them too burdensome, you'll be destined to fall short of creating a culture of compliance. Compliance Plans in a box are also not a great option unless you are going to spend the time to customize them to your organization. Simply placing your name in the document and printing it out and placing it in a binder is not a compliance plan. Customization is key with these out-of-the-box solutions.
2. Designating a compliance officer and compliance committee - Regardless of your size, someone has to own compliance within your organization. Whether it is one person or compliance by committee, taking ownership of what is required is a must. A compliance officer needs to be someone who is trust-worthy, strong with their verbal and written communication skills, organized and structured, objective and independent, and able to command the respect of all individuals within their organization from the top down.
3. Conducting effective training and education - Without training and education of the company employees, your compliance program will be ineffective. Spending time to educate your employees on what their responsibilities are as outlined within the compliance program is critical to creating the culture of compliance that is discussed in §8B2.1 - Effective Compliance and Ethics Program:
(a) To have an effective compliance and ethics program, for purposes of subsection (f) of §8C2.5 (Culpability Score) and subsection (b)(1) of §8D1.4 (Recommended Conditions of Probation - Organizations), an organization shall:
(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.
(b) Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following:
(1) The organization shall establish standards and procedures to prevent and detect criminal conduct.
5. Conducting internal monitoring and auditing - Determining the effectiveness of the compliance plan is a must and needs to identify problem areas and assist in the reduction of risks in those areas. These audits can be performed internally or externally and should focus on coding and billing, mock surveys, review of compliance logs, trending and analysis, identifying variances between what the policies require vs. what employees are actually doing.
7. Responding promptly to detected offenses and undertaking corrective action - Responding to accusations of impropriety or potential violations is a must and it needs to be done in a timely manner (and also needs to be outlined in your policy manual). Every investigation should have a written report outlining the specifics of the accusation(s) leveled, who was involved, what led to the claim of wrong-doing, steps of the investigation, and the outcome. I strongly suggest the creation of Corrective Action Plans (CAPs) since these provide the specifics of the complaint and the process by which the compliance officer performed their duties and arrived at a resolution (See my Blog Post on Corrective Action Plans).
If you need help with an audit appeal or regulatory compliance concern, contact us at (800) 635-4040 or via email at info@drsmgmt.com.
Read more about our: Total Compliance Solution
Why do thousands of providers trust DoctorsManagement to help improve their compliance programs and the health of their business?
Experienced compliance professionals. Our compliance services are structured by a chief compliance officer and supported by a team that includes physicians, attorneys and a team of experienced auditors. The team has many decades of combined experience helping protect the interests of physicians and the organizations they serve.
Quality of coders and auditors. Our US-based auditors receive ongoing training and support from our education division, NAMAS (National Alliance of Medical Auditing Specialists). All team members possess over 15 years of experience and hold both the Certified Professional Coder (CPC®) as well as the Certified Professional Medical Auditor (CPMA®) credentials.
Proprietary risk-assessment technology – our auditing team uses ComplianceRiskAnalyzer(CRA)®, a sophisticated analytics solution that assesses critical risk areas. It enables our auditors to precisely select encounters that pose the greatest risk of triggering an audit so that they can be reviewed and the risk can be mitigated.
Synergy – DoctorsManagement is a full-service healthcare consultancy firm. The many departments within our firm work together to help clients rise above the complexities faced by today's healthcare professionals. As a result, you receive quality solutions from a team of individuals who are current on every aspect of the business of medicine.