Developing an Effective Compliance Process

1
Developing an Effective Compliance Process

• November 2008
• Jeanne Chapdelaine

2
Agenda

• Definition
• Purpose
• Elements
• Implementation
• Work Plan
• Case Studies
• Note All quotes in this presentation are from
  the document
• DHS/OIG OIG Compliance Program for Individual
  and Small Group Physician Practices

3
Can You Prove Effectiveness?

• Do ALL employees know what the compliance program
  is?
• Do they know who their compliance officer is?
• Is your plan document still dated 1998?
• Do the receptionists know their role in
  compliance? Do the nurses?
• Is there an annual work plan?
• Do your reviews routinely show repeaters?
• Is a review actually done (vs. talked about)? 

4
Basic Tenets

• Compliance efforts must be practical.
• Compliance efforts must be achievable.
• 100 compliance is not possible.
• Compliance should be defined in the most
  positive light.
• A compliance plan should be fluid changing with
  time and circumstance.
• A system built around compliance creates optimal
  revenues and operational efficiencies.

5
Basic Tenets

• Compliance plans are simply continuous quality
  improvement (CQI) efforts
• There tends to be a negative perception of them,
  though its really a positive process.

6
The Elements (OIG Recommendations)

• Conducting internal monitoring and auditing
• Implementing compliance and practice standards
• Designating a compliance officer or contact
• Conducting appropriate training and education
• Responding appropriately to detected offenses and
  developing corrective action
• Developing open lines of communication
• Enforcing disciplinary standards through
  well-publicized guidelines

7
First Step The Risk Assessment

• Organizational Sentencing Guidelines
• An essential component of the design,
  implementation, and modification of an effective
  program isperiodically assessing the risk of
  the occurrence of criminal conduct
• Organizations must periodically prioritize their
  compliance and ethics resources to target those
  potential criminal activities that pose the
  greatest threat in light of the risks identified.

8
First Step The Risk Assessment

• A compliance risk assessment follows three steps
• Step 1 Identify risk areas
• Step 2 Identify compliance risks
• Step 3 Prioritize risks.
• Do this once a year, because your risks change
  over time.
• (Caveat Other compliance efforts
• should continue throughout the year)

9
First Step The Risk Assessment

• A risk area is a general grouping of activities
  that could lead to violations for non-compliance,
  such as HIPAA and Coding and Billing, or
  OSHA.
• A compliance risk is a plain-English statement of
  daily activities that, if not performed
  correctly, could lead to a violation.

10
First Step The Risk Assessment
SAMPLE
11
(No Transcript)
12
Risk Areas Identifying Your Risks

• Previous internal audit findings
• Issues that showed errors or confusion
• Pay special attention to recommendations from
  last years audit you should have documented
  your follow through!
• Production reports Look at frequently provided
  services (volume and dollars) dont focus
  solely on E/M services
• Payer information/bulletins/LCDs
• WPS probe reviews

13
Risk Areas Identifying Your Risks

• OIG work plan items, especially repeaters
• OIG work plan findings
• Fraud alerts
• Issues common to specialties
• New circumstances (providers, specialties,
  services, software, tools, staff, etc.)
• Comments (staff, provider, etc.)

14
Risk Areas Prioritizing Your Risks

• Prioritize risks into high, medium, low (or 1, 2,
  3)
• Can be subjectively or objectively determined
  (e.g., points for various aspects)
• High priority issues should have more intensive
  and quicker reviews than low priority issues

15
Risk Areas OIG

• Coding and Billing
• Billing for services not rendered
• Provider number issues
• Up-coding
• Unbundling
• Incident to
• Re-assignment
• Coding process (authorities, policies, etc.)

16
Risk Areas OIG

• Medical Necessity
• Who determines medical necessity (physician,
  coder)?
• Does documentation convey medical necessity?

17
Risk Areas OIG

• Documentation
• (OIG One of the most important compliance
  issues)
• Forms
• EMRs
• Stand alone issue (progress notes must stand
  alone)

18

• COMPLIANCE PLANS
• The Purpose

19
The Purpose

• IOG says A well-designed compliance program can
  
• Speed and optimize proper payment of claims
• Minimize billing mistakes
• Reduce the chance that an audit will be conducted
  by CMS or the OIG
• Avoid conflicts with the self-referral and
  anti-kickback statutes.

20
The Purpose

• We say While not a sexy undertaking, a
  well-designed compliance program can
• Identify appreciable risks
• and opportunities for
• revenue AND compliance
• Identify and resolve operational problems
• Force a continuing improvement program
• Education
• Policies and procedures (development and
  implementation)
• Monitoring.

21

• COMPLIANCE PLANS
• The Elements
• (What the OIG Really Says)

22
The Elements 1 Monitoring

• Conduct internal monitoring through the
  performance of periodic audits. Efforts assess
• Whether the practices standards and procedures
  are in fact current and accurate
• Whether the compliance program is working, i.e.,
  whether individuals are properly carrying out
  their responsibilities and claims are submitted
  appropriately.

23
The Elements 1 Monitoring

• There are two types of reviews that can be
• performed as part of this evaluation
• A standards and procedures review
• It is recommended that an individual(s) in the
  physician practice be charged with the
  responsibility of periodically reviewing the
  practices standards and procedures to determine
  if they are current and complete.

24
The Elements 1 Monitoring

• A claims submission audit
• Ideally includes the person in charge of billing
  and a medically trained person (e.g., registered
  nurse or preferably a physician (physicians can
  rotate in this position).
• Each practice needs to decide for itself whether
  to review claims retrospectively or concurrently

25
The Elements 1 Monitoring

• A baseline review helps monitor improvements
  over time.
• Dont do this when you KNOW problems exist
  attempt to resolve them first otherwise, youre
  documenting your current bad state.
• The OIG recommends that claims/services that were
  submitted and paid during the initial three
  months after the education and training program
  be examined.

26
The Elements 1 Monitoring

• The baseline should also examine the claim
  development and submission process, from patient
  intake through claim submission and payment, and
  identify process elements that may contribute to
  non-compliance or that may need to be the focus
  for improving execution.
• The baseline review also establishes a
  consistent methodology for selecting and
  examining records, which serves as a basis for
  future audits.

27
The Elements 1 Monitoring

• Following the baseline audit, periodic audits
  should be conducted at least once each year
• Although there is no set formula to how many
  records should be reviewed, a basic guide is five
  or more records per Federal payer
• or 5-10 records per physician.
• Of course, the larger the sample size, the
  larger the comfort level.

28
The Elements 1 Monitoring

• Many practices conduct an annual audit and then
  report to providers about where they are failing.
• Better a proactive program that continually
  assesses, educates, and mentors one that
  prevents coding and billing problems before they
  start.

29
The Elements 1 Monitoring

• The OIG is aware that this may be burdensome for
  some physician
• practices, so, at a minimum, we
• would encouragea review of
• claims that have been reimbursed by Federal
  health care programs.
• If problems are identified, determine whether a
  focused review should be conducted on a more
  frequent basis and what efforts will mitigate the
  problem (e.g., education).

30
The Elements 1 Monitoring

• Practical monitoring efforts
• Compare coding/billing to
• Own patterns over time
• Same-specialty peers patterns
• Within/outside the practice
• Create a schedule and stick to it (even if its
  only two cases per month per provider)
• Keep it simple (or it wont get done)

31
The Elements 1 Monitoring

• Ensure your reviews include
• Process
• Outcomes.

32
The Elements 1 Monitoring

• Develop a set of warning indicators. These might
  include
• Significant changes in the number or types of
  claim rejections or reductions
• Correspondence from carriers/insurers challenging
  claims medical necessity or validity
• High volumes of unusual charge/payment adjustment
  transactions
• Illogical patterns or unusual changes in the
  pattern of CPT/HCPCS or ICD9 code utilization.

33
The Elements 1 Monitoring

• Scan CPT frequency reports

34
The Elements 1 Monitoring

• Assess E/M Utilization
• Depending on the size of your practice, this can
  be a time consuming effort do well, but once you
  do it the first time, its easy to update.
• By provider
• By department
• Clinic total

35
The Elements 1 Monitoring
36
The Elements 1 Monitoring
Source CMS National E/M Utilization Summary
Report Surgery, January through December 31,
2005.
37
The Elements 1 Monitoring

• Assess bread and butter services
• Include the services that comprise each
  physicians typical schedule
• Its OK to use the 80/20 rule as long as you
  dont ignore the 20
• Document successes!!

38
The Elements 1 Monitoring

• Caution Consider your comparative data sources
• Payer-specific reports might not be consistent
  with the practices patient or case mixes
• External data includes everyone elses mistakes
  too
• The message benchmarks should not be your goal

39
The Elements 2 Policies Procedures

• Implement compliance and practice standards by
  developing written standards and procedures.
• Document your plan
• Keep it general regarding tactics. Tactics
  should be in your annual work plans, not the plan
  document, which should contain statements like

POLICY It is the responsibility of every
physician and employee to report, through
internal reporting mechanisms, incidences they
believe might be in violation of applicable rules
and laws.
40
The Elements 2 Policies Procedures

• POLICY It is the responsibility of every clinic
  physician and
• employee to abide by applicable laws in this
  Compliance Plan
• and to support our compliance efforts. It is the
  clinics responsibility
• to provide the education and resources to make
  that possible and
• to provide an open door that facilitates
  comments from all.
• POLICY The Clinic will take appropriate action
  regarding
• substantiated claims of wrongdoing, which could
  include discipline,
• termination of employment, and criminal charges.
  No intentional
• violation of Medicare or other applicable law
  will be tolerated.
• POLICY Employees making a report will not be
  subjected to
• reprisal, discipline, or discrimination due to
  making a report.

41
The Elements 2 Policies Procedures

• Follow the 7 elements
• Dont suffer over it so much it gets put off
  just get it done. You can always add
• Document each years Risk Areas (attachment to
  Plan)
• Document each years Work Plan (more later)
• Develop Policies and Procedures for
• Coding
• Revenue Cycle processes

42
The Elements 2 Policies Procedures
The primary compliance documents a practice
would want to retain are those that relate to
educational activities, internal investigations
and internal audit results.
43
The Elements 2 Policies Procedures

• Document your
• Compliance efforts
• Policies and procedures
• Education (including attendance)
• Communication
• Monitoring
• Progress reports (point out successes!)
• Corrective actions and special efforts
• Discipline
• Resources

44
The Elements 2 Policies Procedures

• Maintain files for each provider/department (much
  like a medical record)
• Information to include
• Problem list or log
• SOAP progress notes
• Compliance review results and follow-up efforts
• Intervening communications (phone notes)

45
The Elements 2 Policies Procedures

• E/M statistical reports compared to previous
  results, internal and external benchmarks
  (include the reviewers interpretation)
• Summaries of meetings and discussions
• Action item lists
• The providers
• The reviewers

46
The Elements 3 Compliance Lead

• Designate a compliance officer or contact(s) to
  monitor compliance efforts and enforce practice
  standards.
• Ideally one senior level person (i.e., having
  authority) needs to accept the responsibility of
  developing a plan and overseeing adherence to
  that plan.
• This person can be in charge of all compliance
  activities or play a limited role merely to
  resolve the current issue.

47
The Elements 3 Compliance Lead

• In a formalized institutional compliance program
  there is a compliance officer responsible for
  overseeing the implementation and day-to-day
  operations of the program.
• Resource constraints often make it impossible to
  designate one person to be in charge of
  compliance functions in a smaller clinic.

48
The Elements 3 Compliance Lead

• It is acceptable to designate more than one
• employee with compliance monitoring
• responsibility the practice could describe in
  its
• standards and procedures the compliance
• functions for which designated employees would
• be responsible.
• For example, one employee could be responsible
  for
• preparing written standards/procedures. Another
• could be responsible for arranging periodic
  audits
• and ensuring billing questions are answered.

49
The Elements 4 Training/Education

• Conduct appropriate training and education on
  practice standards and procedures.
• There are three basic steps for setting up
  educational objectives. Determine
• Who needs training (coding/billing and
  compliance)
• The type of training that best suits the
  practices needs (e.g., seminars, in-service
  training, self-study or other programs)
• When and how often education is needed and how
  much each person should receive.

50
The Elements 4 Training/Education

• Training may be accomplished through a variety of
  means
• In-person training sessions (on-site or outside
  seminars)
• Distribution of newsletters
• Webinars
• Online or module training
• Even a readily accessible office bulletin
  board.

51
The Elements 4 Training/Education

• Regardless of the training method used, education
  must be communicated effectively. Make sure
  attendees come away with a better understanding
  of the issues covered. To do this
• Conduct interactive meetings
• Ensure feedback and education builds on itself
  (continuing education, not solo events)
• Ensure education is policy driven (not Sally
  teaching Barb how shes always done it).

52
The Elements 4 Training/Education

• For providers, the best learning tools are
• The results of documentation reviews (their own
  cases)
• E/M utilization reports (with an interpretation).

53
The Elements 5 Responding

• Respond appropriately to detected offenses and
  develop corrective action by investigating
  allegations and disclosing incidents to
  appropriate government entities.
• When a practice detects a possible violation, the
  next step is to develop a corrective action plan
  and determine how to respond to the problem.

54
The Elements 5 Responding

• If noncompliance is suspected, the practice must
  investigate to determine whether a significant
  violation of applicable law (or compliance
  program requirements) has occurred. If so, it
  must take decisive steps to correct the problem,
  which may include
• Corrective action plan
• Return any overpayments
• Report to the government
• Refer to law enforcement authorities.

55
The Elements 6 Communication

• Develop open lines of communication.
• This truly sets the tone for all employees about
  the importance the clinic places on compliance.
  Examples
• Regular staff meeting agenda item (discussions on
  how to avoid erroneous or fraudulent conduct)
• Clinic bulletin boards
• Compliance Idea of the Week

56
The Elements 6 Communication

• Compliance hot lines or email addresses
• Compliance Comment box
• Widespread sharing of payer updates
• Communicate the likelihood of anonymity, but do
  not promise it.
• Ensure safety That there will be no retribution
  for reporting conduct a reasonable person acting
  in good faith would believe to be erroneous or
  fraudulent.

57
The Elements 7 Discipline

• Enforce disciplinary standards through
  well-publicized guidelines.
• Sanctions should be
• Consistent and appropriate
• Flexible enough to account for mitigating
  circumstances.
• Also, consider sanctions for those who should
  have, but did not, detect or report an issue.
• Including disciplinary guidelines in training and
  procedure manuals is sufficient.

58
The Elements 7 Discipline

• Disciplinary actions could include
• Warnings (oral)
• Reprimands (written)
• Probation
• Demotion
• Temporary suspension
• Termination
• Restitution of damages
• Referral for criminal prosecution.

59
The Elements

• as recognized by the OIG and the health care
  industry, there is no one size fits all
  compliance program, especially for physician
  practices. Rather, it is a set of guidelines that
  physician practices can consider

• This suggests its better to do something
  anything than nothing.
• If resources are an issue, consider taking on
  only two of the seven elements the first year and
  adding one each year

60

• COMPLIANCE PLANS
• Implementation

61
Implementation Internal vs. External

• Clinics can conduct much of the internal baseline
  review themselves.
• Involve different staff from different
  departments to conduct different sections of the
  review.
• This helps spread the message across the
  practice.
• Also consider team reviews
• Pro cross functional education and input
• Con can be more costly in time investment.

62
Implementation Internal vs. External

• Outside risk assessment and reviews should be
  done
• To verify the internal process is working
  (review the reviewer studies)
• If the practice does not have the resources or
  expertise to perform baseline or subsequent
  reviews.

63
Implementation Options Work Plan

• Again, focus on your Risk Areas

• To assist physician practices in performing this
  initial
• assessment, the OIG has developed a list of four
• potential risk areas affecting physician
  practices
• Coding and billing
• Reasonable and necessary services
• Documentation
• Improper inducements, kickbacks and
  self-referrals.
• This list of risk areas is not exhaustive, or all
• encompassing. Rather, it should be viewed as a
  starting
• point for an internal review of potential
  vulnerabilities
• within the physician practice.

64
Implementation Options Sample Work Plan
65
Summary

• A positive program gets better results
• Keep it simple (or it wont get done)
• Monitor effectiveness
• Communicate and educate

66

• COMPLIANCE PLANS
• Case Studies

67
Case One Hospital/Clinic System

• Rotating interdisciplinary team conducts
  quarterly reviews of claims
• Lab/nursing/physician/coder (ad hoc members PRN)
• Results shared with compliance committee and
  employees involved with each case themes shared
  in staff meetings
• Pro Education for many
• Cons Lack of consistency, except for coder
  reviews get delayed for scheduling reasons

68
Case Two 30-Provider Clinic

• Coding team conducts quarterly reviews of claims.
  Results are shared with revenue/compliance
  committee (cross-functional team) themes shared
  in staff meetings.
• Pro Education for many
• Cons Lack of objectivity reviews get delayed
  for time reasons different communication
  styles
• Recent alteration Same team, but one person
  focuses on audits and communication others
  handle day-to-day coding issues.

69
For More Information
This presentation was prepared by Jeanne M.
Chapdelaine, Director 952.548.3374 jchapdelaine_at_wi
pfli.com Partners Healthcare Consulting A
Service of Wipfli LLP 7601 France Avenue South,
Suite 400 Minneapolis, MN 55435 952.548.3400
Fax 952.548.3500 www.partnershc.com www.wipfli.co
m
70
2009 OIG Work Plan Table of Contents
Full document http//www.oig.hhs.gov/publication
s/docs/ workplan/2009/WorkPlanFY2009.pdf