(August 2, 2012): Under the Affordable Care Act (ACA), which was recently upheld by the Supreme Court, the Secretary of the Department of Health and Human Services (currently Kathleen Sebelius) may require that all providers participating in federal health care programs implement an effective compliance plan. While regulations covering this issue have not yet been released, compliance will more than likely be mandatory in the near future. As a result, it is important that your organization begin to implement a compliance plan that will protect your business and comply with the requirements of the law. What, then, are the elements of a compliance plan?
I. Seven Compliance Plan Elements — A Refresher:
The elements of a compliance plan include:
- Conducting internal monitoring and auditing;
- Implementing compliance and organizational standards;
- Designating a Compliance Officer or contact;
- Conducting appropriate training and education;
- Responding appropriately to detected offenses and developing corrective action;
- Developing open lines of communication; and
- Enforcing disciplinary standards through well-publicized guidelines.
II. Internal Monitoring and Auditing:
Before engaging in any of the other steps, except perhaps designating an officer to do all of this work, it is important to conduct a baseline audit of your practice’s current operations so that you can ascertain areas that need improvement, or “risk areas.” The first element of a compliance plan – at least, this initial audit – is known as a “gap analysis” and should be conducted by a qualified individual (either an attorney, experienced compliance professional, or a Certified Medical Compliance Officer). Nevertheless, a single initial audit should not be all you do. Instead, audits should be conducted on an ongoing basis, either at a set date (i.e. annually, bi-annually) or in the event of an identified problem, and preferably both.
III. Implementing Standards:
The second element of a compliance plan is to implement standards that effectively convey to your staff and third-parties your goals and expectations with regard to the business. More specifically, you should have written policies and procedures which inform your staff on their own duties and responsibilities, and how your office will conduct its business operations, and coding and billing functions. Standards may vary from practice to practice, but they should all include a code of conduct, mission statement, and policies that demonstrate your effort and commitment to following the law.
IV. Designated a Compliance Officer:
As discussed above, one of the first things to do is designate an appropriately-qualified individual to be your compliance officer. While smaller organizations may require the compliance officer to wear multiple hats (such as also being the office manager), larger organizations should dedicate an individual, or even multiple individuals, solely to compliance-related tasks. We recommend the use of either a Certified Medical Compliance Officer or even an outside Compliance Officer (for example, friend of the firm D.K. Everett).
V. Training your Staff:
You can be as thorough as possible in attempting to remain compliant with applicable laws and rules, but if you staff doesn’t have that same vision and makes a mistake, the entire organization will still likely be held liable. That is why it is so important to provide ongoing, comprehensive training and education to your staff – the third element of a compliance plan. They, ultimately, are the eyes, ears, and hands of your organization, and they need to know their responsibilities not only to your practice, but to the requirements of laws like HIPAA, OSHA, and Stark, and other billing requirements. The method of training may vary, but all training sessions should be documented and signed off on by your employees.
VI. Responding to Detected Offenses:
When something occurs at an office, a natural response may be to cover it up or “fix it and forget it.” The healthcare industry is different. In most cases, covering up a detected problem can lead to severe penalties, up to and including criminal prosecution (i.e. jail time). As a result, the fifth element of a compliance plan – responding to detected offenses – is in many ways what the compliance program is all about. The other elements are there to make sure nothing happens, but if it does, this element guides you in making it right, so that you and/or your practice can limit the future liability of such acts.
VII: Developing Open Lines of Communication:
This element of a compliance plan is all about making sure everyone not only knows the rules, but can report any problems to you so that they can be properly addressed (either by management or corporate counsel). You need to establish effective lines of communication, such as anonymous reporting mechanisms, exit interviews, and an open-door policy, so that you actually find out about any problems and attempt to resolve them. While there are a number of ways to implement these mechanisms, be sure that they will reasonably allow an employee, patient, or family member of a patient to make a complaint or report without the consequences of retribution.
VIII. Enforcing Disciplinary Standards:
No one likes this, but the final element of a compliance plan is enforcing discipline in your office. Correcting the actions of your staff and colleagues can be difficult and uncomfortable, but it has the potential to save your practice. You need to have written guidelines which set out both prohibited conduct and the penalties for engaging in such conduct. Moreover, you should use a sliding scale of discipline – start with a verbal warning, but become progressively more strict as the number or severity of incidents goes up. This needs to include termination of employment.
The seven compliance plan elements serve as a framework and a model. They themselves will not form a complete and effective compliance plan, but they will give you sufficient guidance to being working on a plan yourself. In addition, consider using qualified health law attorneys to conduct a gap analysis, implement an effective compliance plan, and/or provide compliance training to your staff. While a compliance plan, and compliance in general, can seem like a burdensome exercise, it is the ultimate insurance policy considering the myriad statutory and regulatory problems a healthcare provider can run into. As the government and private enforcers increase their funding, skills, and sophistication, you need to keep pace to ensure your business will continue to thrive.
Robert Liles represents providers in Medicare post-payment audits and appeals, and similar appeals under Medicaid. In addition, Robert counsels clients on regulatory compliance issues, performs gap analyses and internal reviews, and trains healthcare professionals on various legal issues. For a free consultation, call Robert today at 1 (800) 475-1906.