In 2005, the Department of Health and Human Services Office of the Inspector General (OIG) published seven essential requirements of an effective compliance program. Seventeen years later, these seven elements are still a solid foundation for your compliance efforts.
1. Implement written policies, procedures & standards of conduct.
Every accredited durable medical equipment (DME) organization should already have policies and procedures in place that meet its accreditor’s standards. Additionally, these should promote the organization’s commitment to compliance and address specific areas of risk. All new hires should review these policies at orientation and they should be available for review at any time. Employees should sign off on a standards-of-conduct document at orientation and again annually to ensure compliance.
The OIG recommends that compliance policies and procedures be designed in a way that helps employees remain in compliance while carrying out their job functions. Here are some excerpts from the guidance:
- Are policies and procedures clearly written, relevant to day-to-day responsibilities, readily available to those who need them and re-evaluated on a regular basis?
- Does the organization monitor staff compliance with internal policies and procedures?
- Have the standards of conduct been distributed to all directors, officers, managers, employees, contractors and clinical staff members?
2. Designate a compliance officer & a compliance committee.
In a small organization, the lead members of the staff may wear many hats, but someone should certainly be named the compliance officer. In a larger organization, the compliance officer may head the compliance department and report to the principals of the organization. The compliance officer is charged with operating and monitoring the compliance program.
There should also be a compliance committee that meets at least annually to review compliance activities and the results of any audits or findings that may have occurred during the year. The compliance committee should include members of key functions within the organization, such as legal, information technology and privacy. The OIG suggests organizations should consider these questions:
- Does the compliance department have a clear, well-crafted mission?
- Does the compliance department have sufficient resources (staff and budget), training, authority and autonomy to carry out its mission?
- Is there an active compliance committee made up of trained representatives of each of the relevant functional departments and senior management?
- Does the compliance officer make regular reports to the board of directors concerning different aspects of the compliance program?
3. Conduct effective training & education.
It is imperative that all staff members receive training on fraud and abuse, regulatory requirements and the compliance program upon orientation and education on the relevant factors annually. Your accreditor may have this requirement built into its annual educational requirements.
- Does the organization conduct annual compliance training for its staff, including both general and specific training pertinent to the staff’s responsibilities?
- Does the organization evaluate the content of its training and education program on an annual basis and determine that the subject content is appropriate and sufficient to cover the range of issues confronting its employees?
- Has the organization kept up to date with any changes in federal health care program requirements and adapted its education and training program accordingly?
- Does the organization review the content of its education and training program to consider results from its audits and investigations?
4. Develop effective lines of communication.
The OIG describes open communication as a product of organizational culture and internal mechanisms for reporting instances of potential fraud and abuse. All employees must feel comfortable reporting internally and there should be multiple reporting avenues, such as the compliance officer and an anonymous hotline. All reports must be taken seriously, and the compliance officer should conduct a follow-up with employees, when applicable.
- Does the organization foster a culture that encourages open communication without fear of retaliation?
- Has the organization established an anonymous hotline or other similar mechanism so that staff, contractors, patients/clients, and medical and clinical staff members can report potential compliance issues?
- How well is the hotline publicized; how many and what types of calls are received; are calls logged and traced (to establish possible patterns); and is the caller informed of subsequent actions?
- Are all instances of potential fraud and abuse investigated?
- Are the results of internal investigations shared with the governing body and relevant departments on a regular basis?
5. Conduct internal monitoring & auditing.
This involves an ongoing process of evaluation and assessment to deter bad behavior and ensure the effectiveness of education and corrective action(s). The compliance program should also monitor compliance with privacy and provide a risk assessment of potential privacy issues.
- Is the audit plan a proactive program that reviews processes, such as billing, prior to the claim being billed or shortly thereafter?
- Is the audit program re-evaluated and does it address the proper areas of concern, such as findings from previous years’ audits?
- Does the audit plan include an assessment of billing systems and claims accuracy to identify the root cause of billing errors?
- Is the role of the auditors clearly established and are personnel qualified?
- Is the audit department available to conduct unscheduled reviews?
- Does the audit include a review of all billing documentation, including clinical documentation, in support of the claim?
6. Enforce standards of conduct through well-publicized disciplinary guidelines.
Standards of conduct outline an organization’s rules, responsibilities, proper practices and/or expectations of its employees. Compliance should work with human resources to ensure that the standards and consequences for violations are strictly enforced.
- Is there a response team that may be able to evaluate any detected deficiencies quickly?
- Are all matters thoroughly and promptly investigated?
- Are corrective action plans developed that take into account the root causes of each potential violation?
- Are periodic reviews of problem areas conducted to verify that the corrective action that was implemented successfully eliminated existing deficiencies?
- Are overpayments promptly reported and repaid to the durable medical equipment Medicare administrative contractor?
7. Respond promptly to detected offenses & undertake corrective actions.
Ensure that any detected offenses that are discovered are immediately addressed and that actions are begun immediately to correct the deficiency and ensure that it no longer occurs. Failure to ensure timely and effective remediation for offenses can create additional exposure for the organization.
Your organization, no matter how small, should have an effective compliance program. If you need to, hire a consultant to help you get one in order. Know your areas of risk and make sure your employees are well informed of their responsibilities to ensure that you promote a culture of compliance.