For the full version of this article, please access it here: Long-term care requirements in COSMOS

The heart of any effective compliance program is the compliance committee. Compliance meetings can run the gamut from an occasion for donuts and coffee, to highly sophisticated analysis and discussions that would make the compliance gods smile. Whether you are just starting your journey in compliance or are a seasoned organization, here are some “lessons learned the hard way” to conduct successful compliance meetings.

• Why? Compliance Committees aren’t a requirement, but they are definitely a best practice. The committee ensures review and action stay top of mind, and compliance is maintained.
• Who? The OIG recommends a cross-functional group with enough seniority to have visibility and to take action. Led by the corporate compliance officer, the small (8-10 member) committee should know what is going on at all levels of the organization, and a clear grasp of their role and the goals of the committee. We recommend a “welcome packet”!
• What? The mission of the committee is to advise the Compliance Officer. Creating a charter that gets the team on the same page is a best practice, along with a performance dashboard that is understood by all members. The evaluation and the decisions made on Compliance should always start with the data.
• Where? Where should the focus of the committee lie? In each organization, the risk may be different for each area of practice. A best practice is to first measure your baseline and set goals and targets based on what you uncover.
• When? Unless you are under a Corporate Integrity Agreement (CIA), the OIG doesn’t dictate meeting frequency. It’s best to choose a schedule that works best for the members and for the mission of the committee.
• How? Running effective meetings may seem obvious, but it pays to evaluate your current process to see if there are opportunities to save time and energy without sacrificing quality. The full article in COSMOS outlines several best practices from other successful Compliance Committee meetings.

To access the full article with the complete list of best practices and takeaways, go to the COSMOS version and read it for free!

Copyright 2019 Compliance Today Magazine, a publication of the Health Care Compliance Association (HCCA).

The OIG maintains a list of individuals or entities that cannot participate in any federally funded healthcare program. Are you checking your new employees before they’re hired?

This post is one in a multi-part series on Compliance Program Success Factors. Start at the beginning: Compliance and Policy Procedures with OIG

We have covered the first four elements of developing a compliance program (Policy & Procedures Requirements; Developing Policies & Procedures; Training & Education; Enforcement & Discipline).

There’s one recurring theme that I keep stressing: your Compliance Program must be relevant, meaningful, and transparent.

The compliance program you put into place in your organization must have “teeth.”   Your compliance program begins at the top, with buy-in and participation from the top of the organization down.  The main purpose is to no longer have our “head in the sand,” so to speak.  We are looking for organizational issues, and we’re assessing, correcting, and disciplining when necessary.

Employees must be made aware of the organization’s compliance expectations when they are hired. You set the tone immediately by providing staff the code of conduct.  As part of the hiring process, accountability for compliance must be clearly articulated in employee job descriptions and performance evaluations.

The OIG recommends your organization conducts exclusion checks upon hire and monthly. I’m often surprised to learn that facilities are not completing exclusion checks or confusing these checks with background checks. Exclusion checks are in addition to employee screening required by your state agency.

What is an exclusion check? The OIG maintains a list of individuals or entities that cannot participate in any federally funded healthcare program. This list is known as the LEIE or the List of Excluded Individuals and Entities and it is updated by the OIG monthly. Examples of OIG excluded individuals and entities can include MDs, RNs LPNs, therapists, nursing home/hospice/ DME operators, among a host of others.

Why are individuals or entities excluded? There are two types of exclusions: Mandatory exclusions and Permissive exclusions.  According to the Office of Inspector general (www.oig.gov):

Mandatory exclusions: OIG is required by law to exclude from participation in all Federal health care programs individuals and entities convicted of the following types of criminal offenses:

• Medicare or Medicaid fraud,
• Patient abuse or neglect;
• Felony convictions for other health care-related fraud, theft, or other financial misconduct; and
• Felony convictions relating to unlawful manufacture, distribution, prescription, or dispensing of controlled substances.

Permissive exclusions: OIG has the discretion to exclude individuals and entities on several grounds, including (but not limited to):

• Misdemeanor convictions related to health care fraud other than Medicare or a State health program;
• Fraud in a program (other than a health care program) funded by any Federal, State or local government agency;
• Misdemeanor convictions relating to the unlawful manufacture, distribution, prescription, or dispensing of controlled substances;
• Suspension, revocation, or surrender of a license to provide health care for reasons bearing on professional competence, professional performance, or financial integrity;
• Provision of unnecessary or substandard services;
• Submission of false or fraudulent claims to a Federal health care program;
• Engaging in unlawful kickback arrangements;
• Defaulting on a health education loan or scholarship obligations; and
• Controlling a sanctioned entity as an owner, officer, or managing employee.

As you can see, something as seemingly benign as defaulting on a student loan can get someone on the exclusion list, restricting them from working in any federally funded program.

The effect of hiring an excluded individual or entity can be very serious. It’s simple; if you participate in Medicare, Medicaid, or any other federal health care programs, all employees/vendors/subcontractors are required to be checked against the exclusion list upon hire and monthly thereafter.

The OIG has increased its focus on checking for excluded individuals. Make no mistake— if the task force finds that you have employed or contracted with excluded individuals or entities, you could face fines and penalties. Companies or facilities that participate in government health care programs may not employ an excluded individual.

A recent example posted on the OIG website recent, on January 4, 2019, Baptist Village of Owasso (BVO), Owasso, Oklahoma, entered into a $96,020.92 settlement agreement with OIG. The settlement agreement resolves allegations that BVO employed an individual who was excluded from participating in any Federal health care program.

OIG’s investigation revealed that the excluded individual, an admission specialist, provided items or services to BVO’s patients that were billed to Federal health care programs. This single individual cost the facility close to $100,000 in fines that could have been avoided with an exclusion check. As you can see, this “recommended” check is STRONGLY recommended!

Ask yourself:

• Are you screening all employees before hire and monthly thereafter?
• Is your screening process monitored by your compliance committee?
• Do employees know that they should inform you if they become excluded or are removed from the exclusion list?
• Is compliance a measure on the annual review process?

I just returned from the Health Care Compliance Associations 23^rd Annual Compliance Institute.  It’s always the highlight of my year to spend 3 days immersed with over 3000 compliance professionals and representatives from the OIG and DOJ learning the next areas of risk.

To summarize many sessions, coffee dates, OIG keynote speakers and brainstorming sessions, there was really one reoccurring theme:

KNOW.  YOUR.  DATA. 

Several sessions stressed that the government has more and more access to your data and they are focusing on outliers.

The OIG keynote address was presented by Joanne Chiedi, Principal Deputy Inspector General OIG, HHS.  Her message was that the OIG has four keys areas that they are focusing on internally as an organization and how these areas should be integrated into our SNF organizations.

If it’s an OIG priority, it probably fair to say it should be a priority in your organization as well.

The four key areas of focus for the OIG expressed by Chiedi are:

• Agility and Adaptability: A key internal goal for the OIG is to become nimble and able to adapt to change. This is a pretty bold statement coming from a government agency.  What does this mean to us as the provider? Chiedi recommends that organizations make sure they have full access to their data. This will help you identify compliance soft spots and liabilities before they come to the government’s attention and potentially become bigger, more expensive issues.
• Continuous Prioritization: The OIG has a priority “to scan the environment early and often and with multiple lenses—looking around at the current state of play and at the horizon for emerging issues.” It is critical to ask ourselves as an organization if we have a process in place for scanning and prioritization of our compliance activities. Do we understand our areas of risk and how we are trending as an organization?  Do we have tools to place to find out these areas of risk quickly and in real time?”
• Compliance Leadership: The OIG stresses that compliance and oversight must be ”forethoughts, not afterthoughts.”  This is certainly not a new concept for us in LTC. We seek leadership that is always proactive in their mission and not reactive.  A specific compliance leadership recommendation from the OIG was to seek a meeting with the people planning your data or technology function.  Ability to have real-time access to facility data will be pivotal to effective leadership.
• Strategic Partnerships Per Chiedi, partnerships are more vital than ever in this complex, disruptive healthcare world. Working with mission partners who share your passion for effective oversight makes a huge difference. Now is the time to look at your partners, specifically your tech partners, to make sure as an organization your partnerships are assisting your goal to remain the compliant, proactive organization you are meant to be. Chiedi made one statement that really resonated with us: “We can’t oversee what we don’t understand— those that don’t will fall behind.”  Do the tools you use help you stay ahead?

Finally, the Chiedi stressed that as providers, we can’t shy away from technology. We must learn to embrace it— after all, the OIG is.

[This article is Part 1 of a 7 Part Series on Compliance Programs for SNFs, for the rest of the articles in the series, go HERE]

We’ve conquered the first four elements of a compliance program in earlier blogs. The next components of developing a compliance program are often forgotten or ignored:  enforcement and discipline. Like any effective program, there must be consequences for violating the facility’s code of conduct and policies and procedures. Think of the parent that threatens and threatens with no true follow up and enforcement of the house rules. The result? A house that’s up for grabs!

We all know we’re only as good as our weakest link, so it’s essential for staff to know there are ramifications and this program isn’t just “checking a box.”

Key elements of an effective enforcement and disciplinary system include:

• Make discipline even-handed. Corporate officers, managers, and supervisors must also be held accountable for failing to comply. In addition, managers and supervisors need to know they’re responsible for disciplining employees appropriately and consistently.
• Consider discipline on a case-by-case basis. Appropriate disciplinary actions could range from a reprimand with additional training to a demotion to termination. To be effective, the incentive or disciplinary action should be proportional to the conduct. Ensure that your organization defines the procedures for handling disciplinary problems and those who will be responsible for taking appropriate action.
• Catch them doing something right. The program should be more than punitive; positive reinforcement goes much further than punishment for improving behavior. Incentives could include rewarding them when they raise appropriate concerns, acknowledging excellent quality of care, and rewarding helpful recommendations for improving the compliance program and/or its implementation.
• Make resolution swift. It’s important that the compliance officer or other management immediately investigate allegations to determine whether a violation of the compliance program has occurred and, if so, what steps have been taken to correct the issue. If the staff feels unheard or management is unresponsive, they’ll hesitate to report because “no one will do anything anyway.” Also, be sure to emphasize the facility’s non-retaliatory policy.
• Reroute: Look carefully at your systems based on issues that arise. In long-term care, we know “stuff” happens; however, the guidelines make it clear that a “recurrence of similar misconduct creates doubt regarding whether the organization took reasonable steps to” achieve an effective program (Guidelines, §8B2.1 Commentary App. Note 2[D]). It’s necessary to take appropriate remedial measures and analyze the root cause to determine why something happened. This may include anything from disciplining the person responsible for the improper conduct to modifying the compliance program.
• Screen employees: We must take reasonable steps to ensure that our staff hasn’t engaged in illegal activities or conducted themselves in a manner inconsistent with the compliance program. This requires that, as an organization, we implement employee screening procedures to check a person’s background and criminal history. This would include exclusion checks (more on that later), background checks, licensure checks, and following up with previous employers and references.
• Document, document, document: Enough said

Now comes the fun – finding our problems and correcting them!

[This article is Part 3 of a 7 Part Series on Compliance Programs for SNFs, for the rest of the articles in the series, go HERE]

We’ve covered the first three elements of developing a compliance plan:

• Corporate compliance officer/designee
• Compliance policy and procedures
• Developing effective lines of communication

Now on to my favorite: training and education.

In 2004, I entered into a corporate integrity agreement with the OIG (more on that later). Requirements included developing an exhaustive training and tracking system for over 800 employees across 600 miles. And I’m not exaggerating when I say exhaustive! I like to say I ‘made lemonade from lemons’; based on these requirements, we developed an online platform for e-learning that eventually went to market and became the core learning mechanism for many LTC employees.

Why am I telling you this? So you know I UNDERSTAND training and feel your pain.

The fourth element of a corporate compliance program is training and education.  This includes training of  the board of directors, corporate staff, and facility staff –  basically staff at all levels within the organization.  According to the OIG recommendations, compliance training must include sessions summarizing the organization’s compliance program, fraud and abuse, and Federal healthcare program and private payor requirements.

As far as specific training,  you wanT to be sure it is  relevant  to the job description. For example, employees who work in admissions must learn about reimbursement coverage and eligibility requirements.  Other topics, including HIPAA/privacy, sexual harassment, discrimination, and marketing practices fall under the purview of the compliance department.

Who creates the training calendar? Compliance training should complement the facility’s in-service training schedule.  The compliance committee – under the direction of the corporate compliance officer – should make specific recommendations based on their findings. The committee should look at facility trends and patterns using dashboards, data analysis, complaint surveys, hotline calls, etc., and develop targeted training based on those findings.

There’s more than one way to do training – the important part is that it’s meaningful, relevant, and based on the employee’s skill level.  Of course we have certain mandatory  training that is a “must”   but how do we make it relevant? As I mentioned, I planned online training that was developed by subject matter experts and tracked easily. That, combined with competency checks and more traditional classroom training, rounded out our program.

Some points to remember based on the OIG recommendations:

• Train new hires soon after starting work
• Provide training for temporary employees before assigning them to resident care
• Take language and cultural diversity into account when developing training
• Assess the success of training programs with post-tests
• Make training programs a condition of continued employment
• Retain adequate records, including attendance logs and materials distributed
• Provide vendors and outside contractors the opportunity to participate in the compliance and training programs – particularly agency staff that provide temporary direct care
• Have knowledgeable staff available to answer questions and provide discussion if video-based or online training is used

The number one complaint I hear from conducting exit interviews with staff is, “I wasn’t properly trained.” Use your compliance team to help you develop an effective, meaningful program and make the OIG proud!

Ask yourself:

• Is there an effective way to track and trend data at the facility to determine areas where training may be necessary?
• Is there a mechanism to ensure all staff, including agency staff, are trained and records are maintained?
• Is there specialized training for certain positions, such as those responsible for billing, coding, and submitting reimbursement data?
• Is training appropriate for staff levels and available in other languages?

Next up: enforcement and discipline.

[This article is Part 2 of a 7 Part Series on Compliance Programs for SNFs, for the rest of the articles in the series, go HERE]

The last blog reviewed the requirement for developing compliance policy and procedures; now we’ll tackle the next requirement: communication!

As we’re seeing, an effective compliance program is a team sport – truly a group effort. From the team owners lending support and creating a positive atmosphere down to every member of the team (even the beer vendors!). How can your organization create a mechanism that gives all staff, visitors, vendors, etc. a safe way to express their concerns?

The third component of an effective compliance program is developing effective lines of communication. You’re creating a culture that values ethics and doing the right thing. For your program to be effective, employees must be able to ask questions and report problems; you want an environment that encourages and rewards communication within the organization. The corporate compliance officer is the point person to develop your communication systems.

The organization must determine an effective mechanism or combination of approaches that allows employees, residents, visitors, etc. to report their concerns, including an option to report anonymously.  Best practices for anonymous reporting include establishing a hotline, outsourcing the hotline, a suggestion box, emails, or establishing a written method of confidential disclosure.

A word about hotlines: they work! A hotline allows employees to report their concerns 24/7 and gives them a place where they’re always heard. As managers, we often feel like our heads are spinning with everything that must get done, and we may not be as accessible to our staff as we’d like. A hotline gives employees a safe place to report their concerns – even concerns about the manager with the spinning head!

To be effective, the hotline must be well-publicized in the facility and made readily available to employees, contractors, residents, and family members. It must be clear that there are non-retaliation policies to encourage communication. You can do this with conspicuous postings of the number throughout the facility with a picture of the compliance officer on it. (I like including a picture to remind the caller there is a REAL person on the other side listening and helping resolve issues.) Other ideas include circulating a wallet card with the information, including it in the admission packet, reminding residents at council meetings, and/or including it with pay stubs.

When does a hotline NOT work? When there isn’t appropriate follow up. The OIG recommends creating an intake form for all compliance issues identified through the reporting mechanism. The compliance officer should maintain a log of calls, including the investigation and its results. The intake form could include the date the potential problem was reported, the results of the internal investigation, the corrective action implemented, the disciplinary measures imposed, and outcomes.

The Grievance Log on the SNF Metric portal is a great tool to meet the criteria for tracking compliance and grievance issues. This simple-to-use app allows you to record all grievances in one place with an easy way to track resolution and follow up. This can be done per facility or as an overview of your entire organization, with the ability to drill down to each grievance and view its status. However your organization chooses to track, just be sure you have a policy and procedure for being accountable!

One last thought on confidentiality. That’s always a tricky one when investigating complaints and grievances – and we’re often tempted to avoid investigating those. While the nursing facility should always strive to maintain the confidentiality of the employee’s identity, the OIG states, “It should be clarified that there may be a point where the individual’s identity may become known or may have to be revealed in certain instances … The OIG recognizes that protecting anonymity may be infeasible for small nursing facilities.”

Ask yourself:

• Is my communication plan available and being used effectively?
• Are the findings of the compliance hotline shared with the compliance committee with recommendations for follow up?
• Do my employees know of the organization communication plan and do they believe their concerns are being addressed promptly?

Onward to the next element of an effective compliance program: training and education.

Now – go play ball!!

[This article is Part 1 of a 7 Part Series on Compliance Programs for SNFs, for the rest of the articles in the series, go HERE]

So, we chose our corporate compliance officer, we determined who’s on the compliance committee, and we’re all set to rock and roll with our compliance program. Now what?

Let’s look and the next element of the OIG compliance program, compliance policy and procedures.

Compliance Policy and Procedures:

You’re thinking, “Please, noooooo! The stack of policies in my office is taller than my son on the high school basketball team!”

Let’s start at the beginning. The first thing: do we have a code of conduct? What is a code of conduct? Think of it as the facility’s constitution – a document that expresses the fundamental principles of the organization, including how employees should conduct themselves, the facility philosophy, what constitutes a breach in compliance, and how violations are reported.

The facility code of conduct should be short, easy to read, and accessible to all staff. The board of directors should regularly review it with employees; the OIG recommends that even small nursing facilities should “obtain written attestation from its employees to confirm their understanding and commitment to the nursing facilities’ code of conduct.” Do this when you hire a new employee, yearly, and whenever there’s a revision to the code of conduct.

Just as a memory jogger – policies are clear statements of rules employees must follow and procedures are methods used to put policies into action. The OIG recognizes that most facilities have a comprehensive policy and procedure manual and that most facilities have procedures to prevent fraud and abuse. You may not need to develop a new set of policies as part of your compliance program if your existing policies effectively cover operations and relevant rules. Be sure your policy and procedures are reflecting the most current regulations and address your facility’s assessed risk areas.

What are high-risk areas? The OIG provided a preliminary risk area, including quality of care and residents’ rights, employee screening, vendor relationships, billing and cost reporting, and recordkeeping and documentation. What are high-risk areas you may want to explore?

• Billing
• Compliance hotline
• Compliance reporting/investigation
• Conflict of interest
• Medical director contracts
• Cost reporting
• Discrimination against residents and payment provisions
• Employee screening
• False claims act
• Gifts
• Marketing practices
• Medicare-prospective payment systems
• Non-retaliation/non-retribution
• Overpayment reporting
• Rehab services
• Resident inducements
• Resident referrals

This assessment is to ensure that your employees, managers, and directors know of these risk areas and take steps to minimize issues. The first step is identifying potential issues; the second step is creating policies and procedures to ensure compliance.

It’s critical for your organization to understand the risk areas in YOUR facility. Are you reviewing your annual survey and updating your policies based on the deficiencies? Are the concerns of the compliance committee reflected in policy review? Are policies and procedures reflecting the trends noted in your data analysis?

Ask yourself:

• Do essential compliance policies and procedures exist?
• What do we do as a facility to regularly review and update the policy?
• How do we ensure our policies are relevant and effective?
• How is staff notified of policy changes?
• What mechanism does the compliance officer use to review data/trends and ensure we’re proactive in our risk assessment?

On to the next element – tackling effective lines of communication!