It almost seems silly to have to have a discussion on compliance, or, rather, why every hospital, nursing home, physician’s office, FQHC, etc, needs to have a compliance plan, if not a compliance officer.

eloisa / Pixabay

Yet, after being contacted last week about the possibility of doing a compliance review at a medical facility, having created a compliance plan for a physician’s group a couple of months ago and being reminded of what happened to a compliance officer I knew, I realize that this is a subject that not only has to be brought up again, but one that could have serious ramifications for those facilities that don’t realize just how crucial it is, and just what the heck they’re supposed to do about it.

Why is it important? It’s important for many reasons, but let’s start with these: OIG, RAC audits, Medicare and Medicaid reviews to start with. Both state and federal government’s are now getting billions of dollars in recovery every single year, putting more people in jail and reducing reimbursements to medical entities for their transgressions. Quite often these are errors in judgment for not having a proper compliance plan or processes in place to self audit themselves. The government had collected way more than that from audits triggered by the OIG, and of course each year both Medicare and Medicaid take millions away from all healthcare facilities and physicians.

It’s also important because having an effective compliance plan can keep your facility from being accused of perpetrating fraudulent behavior or get you a reduction in penalties if you’ve got something in place, even if your particular infraction hasn’t been reviewed yet. I’ve seen where compliance committees discover errors, and instead of waiting around for a major payer to come in and do the audit recommend that their facility voluntarily reports themselves and returns invalid payments. I’ve also seen where facilities have discovered the problem, didn’t address it, and then had to take the treble damages hit because they didn’t do the right thing.

Let’s face a fact here. Most facilities are doing the best they can in trying to do the right thing, but not everyone is perfect. The auditing companies that come into your facility expect that, including governmental agencies. However, there are red flags that will perk their ears up.

For instance, the firing of compliance officers and the elimination of their records is a big one. Not having a compliance plan in place that conducts audits is another. Missing or incomplete records always looks suspicious, even if the reason is because one’s processes aren’t solid. And major errors of commission or omission, such as billing for things that either weren’t done or were done without the proper authorizations, the altering of medical records without proper attributions for those changes, or the pervasive elimination of patient or family complaint forms that pertain to treatment or patient care always looks bad whether or not it’s intentional.

No one is immune to this. It seems like weekly we’re hearing about some health care entity that’s been hit with a major fine or put someone under indictment for fraud or some other kind of malfeasance. It doesn’t matter if your facility is large or small; someone’s watching and you’re not going to get away with bad behavior for long.

DarkoStojanovic / Pixabay

Good compliance plans start with a commitment to the truth, and a promise to act when errors are discovered. That has to be the first step, and it has to be in writing, otherwise compliance will fail every time.

Good compliance programs are started by having a compliance officer of some type. There has to be one person who can go directly to either the CEO or the board with the reports. Both need to know what’s happening on a regular basis, even if everything is fine. This person can hold another job within the facility, but if they do, there has to be a reporting separation between what that person does for their regular job and what they do as the compliance officer; auditing yourself won’t be seen as good compliance anywhere.

Good compliance programs have committees, even if they meet irregularly if the practice is small. Those committees are comprised of more than just directors. When I was a hospital compliance officer I had two other directors, three supervisors from other departments (including medical records), two supervisors from my own department (one from billing, one from registration), someone from utilization review, a medical records coder, a nursing supervisor from the nursing home, the billing person from the nursing home, a nurse who worked on one of the hospital wards, and a technician from the lab. That may seem crowded, but I felt it was important to have a cross section of people from the hospital so that, hopefully, every area could be addressed.

Good compliance committees conduct audits. They conduct billing audits, medical records audits, charge capture audits and patient care audits. Some they do on their own; some will require directors of those departments to conduct and present their report to the committee. Everything gets logged and reported so there’s no misunderstanding of what’s going on.

How can compliance committees compel other departments to respond to their inquiries? That’s where the power of having the direct reporting function to the CEO and the board comes into play. Compliance has to be active and action oriented. It has to be accountable to its principles, and it has to hold everyone else accountable.

Good compliance officers make sure to keep good records. During meetings, it’s fine to have someone else take notes, since one hopes the compliance officer is conducting the meeting; it’s hard to do both sometimes. Those notes have to be detailed when necessary and concise when appropriate. A copy of those notes should end up as a report that goes to the CEO, the board, or both. Copies should also go to every member of the compliance committee, so they can be approved as a first measure before every meeting.

Facilities that back up their compliance programs also need to educate their employees on what compliance is, and then have a way for employees to report something confidentially. Once employees trust that a facility is serious about compliance issues, and sees certain things occurring, often they’ll want to report these things, yet not want to suffer possible ramifications from reporting, even though it’s supposed to be illegal to do so.

Some places set up confidential phone lines for employees to call. Some request the compliance officer be contacted directly, with instructions that the compliance officer must keep the name of this person confidential. I had to deal with that as a compliance officer on a few occasions, one that was a very serious matter that almost caused great harm to the facility.

There’s no one specific way that every compliance officer or committee has to operate. Every recommendation mentioned above is imperative if your compliance program is going to have a chance to work, and is something that a health care organization is going to need to treat seriously. Those that don’t… well, the government will always be happy to take their money, some of yours as well and prosecute anyone whose actions they decide were pernicious. Hopefully, that will be the least of your problems; I’d recommend thinking about your compliance process and putting something in place as soon as possible.

Digiprove sealCopyright secured by Digiprove © 2018 Mitch Mitchell