3/17/2015
1
Ruth Krueger MS, CHC
Enterprise Compliance Program Manager
Cindy Matson CHC, CPC
Vice President, Health Services Compliance
Identify risks associated with lack of standardization of compliance processes
Lessons learned
Auditing complexities and tips
3/17/2015
2
A. Physician Practice
B. Hospital
C. Integrated System
D. Other provider
E. Other (vendor, consultant, etc.)
A. <100
B. 101‐500
C. 501‐5000
D. 5001‐10,000
E. >10,000
3/17/2015
3
Summer 2009:◦ 4 independent healthcare systems in 3 states –each with it’s own compliance functions
Now:◦ 1 healthcare system in 9 states with international clinics in 2 countries and 1 Corporate Compliance Program
Sanford Health is now an integrated health system headquartered in the Dakotas.
◦ Largest, rural, not‐for‐profit health care system in the nation
◦ Locations in 300 communities in nine states
◦ International clinics in Ghana (5) and China (1)
3/17/2015
4
43 hospitals – 6 PPS (3 teaching), 37 CAH
243 clinics – free standing, provider based & RHC
Health Plan covering 167,000 lives
DME, hospice, home health, SNF, IP psych, retail pharmacy, large independent reference lab, air and ground ambulance program….. everything but the kitchen sink!
4 MACs: Noridian, WPS, NGS, Novitas
27,000 employees
1480 employed physicians
Large physician outreach program
42,000 vendors
422 active human research studies with primary PI’s in all 4 regions including animal and bench research study programs
3/17/2015
5
Practices
Language/words
EMR – different systems
More ways to do things
More opinions
More scrutiny?
EMR
Coding
Billing
Utilization Review
Everything Compliance west
South
North
3/17/2015
6
1 Corporate Compliance Program◦ Compliance Policies
◦ Code of Conduct
◦ Audit Tool for each review
◦ Unified Corporate Compliance Reports to Enterprise Wide Executive Management
3/17/2015
7
Policies, Procedures and Standards of Conduct
Compliance Program Oversight
Training and Education
Communication
Auditing and Monitoring
Consistent Discipline
Corrective Actions
Risks of Non‐Standardization◦ Unclear, multiple references or guidance
◦ Everyone continues to “do their own thing” or do nothing
Lessons Learned / Tips◦ Not as easy as it sounds! Policy management…
◦ Consider New Service Policy
Outside Consultants/Auditor Policy
3/17/2015
8
Do you have policies and a Code of Conduct?◦ Clear and concise◦ Regular review◦ Widely distributed & readily available
◦ Acknowledged by employees
Survey employees to determine awareness◦ Do they know how to report (Hotline)?◦ Are they aware of policy on non‐retaliation?
A. Yes – defined by policy
B. Yes – not defined by policy
C. No
D. Don’t know
3/17/2015
9
Risks of Non‐Standardization◦ No clear lines of responsibility or accountability◦ Lack of clarity on priorities◦ Mixed or inconsistent messages
Lessons Learned/Tips◦ Assign day‐to‐day accountability for work done◦ Want one voice across the organization
◦ Educate those who have oversight on what that means and what their role is
Do you have a defined organizational structure?◦ Do you have access to the Board and highest level of executives?
◦ OIG recommends that the Compliance Officer does not report to the CFO or to Legal.
Do you have a Compliance Committee?◦ Does it include high level executives?◦ Do they approve and monitor your work plan?
3/17/2015
10
A. Board of Directors
B. CEO/COO/President
C. CFO
D. Legal
E. Other
F. Don’t have CCO
Risks of Non‐Standardization◦ Piecemeal approach makes it hard to produce accurate records
◦ Inconsistent message and focus
◦ Falsely attesting on those pesky Fraud Waste and Abuse (FWA) forms
Lessons Learned/Tips◦ Being concise is a skill◦ One size fits all is not always the answer◦ Use tools that are out there for you
3/17/2015
11
Percent of employees completing education?
Is the education program reviewed and updated?
Do you provide additional opportunities and target risk areas?
Employee Survey Data◦ Do they remember key points from education?
3/17/2015
12
A. 0‐50%
B. 51‐79%
C. 80‐100%
D. No idea – don’t track completion
Risks of Non‐Standardization◦ Events that should raise a red flag don’t get reported◦ Employees feel lost in the shuffle with growth and changes
Lessons Learned/Tips◦ Experience speaks louder than words◦ You cannot OVER communicate (but use bullets, not books)
◦ Close loops with those who report
3/17/2015
13
Hotline calls◦ How many?
◦ Investigation complete
◦ Follow‐up with reporter, if not anonymous
Other inquires for information/assistance or concerns
Employee Survey◦ Does your manager address concerns you bring forward?
3/17/2015
14
A. Yes
B. No
C. We don’t do an effectiveness review
Risks of Non‐Standardization◦ Identifying a problem in one region or location and not reviewing the entire organization
◦ Different criteria and interpretation if different individuals prepare or conduct the audits
Lessons Learned/Tips◦ An arduous planning process is worthwhile◦ Formal corrective action plans are a must
◦ Controls/monitors are better than auditing
3/17/2015
15
Is a risk assessment performed regularly?◦ Inputs? (OIG, DOJ, Payer, New Regulations…)
Are audits completed as planned and are results reported to stakeholders?
Are corrective action plans put in place to address deficiencies?
A. Compliance
B. Internal audit
C. Combination
D. Outsourced
3/17/2015
16
Risks◦ Your program lacks teeth
◦ Inconsistent treatment for similar violations
Lessons Learned◦ Human Resources is a key relationship
Effectiveness◦ Do you have a policy that outlines expectation of employee behavior?
◦ Have you ever disciplined anyone related to a compliance violation?
Risks◦ Identifying problems but not addressing them
◦ Not getting to the root cause of a problem
Lessons Learned◦ You might throw it against the wall but did it stick?
◦ “To err is human, but to really foul things up you need a computer” – Paul Erhlich
3/17/2015
17
Are formal Corrective Action Plans written?◦ Refunds◦ Operational process changes◦ Education◦ Re‐audit
Implement monitors and controls to manage ongoing, high‐risk areas
A. Absolutely
B. I think so
C. Not sure
D. No
3/17/2015
18
Just because…◦ ..you communicated, doesn’t mean they heard
◦ ..they heard, doesn’t mean they understood
◦ ..they understood, doesn’t mean they acted
Why does it matter to me?
Less is more – bullets not books!
Trust but verify!
Operations must be accountable but….. o sometimes Compliance has to be the one that pulls
the plug/stops the line…and temporarily fills gaps.
Because an investigator, surveyor, payer, auditor, consultant or vendor says it….. o doesn’t mean it is true….do your own research,
know your stuff and get good advice!