In our January 2022 blog, we talked about fraud, waste, and abuse and touched on compliance programs. The article prompted questions and comments from quite a few organizations and questions of late suggest it might be a good time to do a deeper dive on compliance programs.
Compliance “programs” are sets of policies & procedures specifically designed to help an organization adhere to law and regulation. These policies and procedures are specifically set up to detect, prevent, and correct fraud, waste, and abuse. Medicare requires any provider to have such a program and they have very specific content they want these policies to contain.
To quickly review, let’s define fraud, waste, and abuse:
Fraud is defined as wrongful deception intended to result in financial gain. The key word is INTENDED; for fraud to occur, there must be intent. Fraud is not a mistake or oversight, it is purposeful criminal behavior.
Waste is the careless monitoring of expenditures and other resources (money!) which results in financial loss because of inefficient or ineffective practices and controls.
Abuse is defined as excessive or improper use of something outside the natural or legal use for it. Thus, abuse can be over utilization of a product or service or treatment. Abuse is often financial in nature, but can be non-financial as well.
So, a compliance program’s primary mission is to avoid fraud, waste, and abuse. The Office of the Inspector General (OIG), which is part of the Department of Health & Human Services (HHS), is tasked with policing the portion of the medical industry which bills for services for compliance. In the late 1990’s and into the early 2000’s, the OIG published “guidance” on compliance and compliance programs. The guidance had suggestions for how to establish and administer these programs within various healthcare providers, including durable medical equipment companies. This guidance began as advice, industry best practices, and suggestions, but have essentially become regulation as they are incorporated into accreditation standards.
Interestingly enough, the OIG stated in their guidance that “the existence of an effective compliance program would be a factor in determining sanctions, penalties, and any potential exclusion action to be imposed against an offending provider.” In other words, their strong suggestion that organizations maintain these programs came with an incentive: set up a good, strong program, and if you make a mistake, sanctions and other penalties will be less severe.
So, what exactly does a compliance program look like and how does a DME organization establish and maintain their compliance program?
Think of compliance programs as a set of policies & procedures, in place to keep you legal and help you monitor your operations in a manner that ensures you stay compliant (that is, legal). CMS suggests that your program should contain the following seven elements:
- Implementation of policies & procedures
- Designation of a Compliance Officer (person responsible for the program within the organization)
- Training/education of all staff on compliance related issues
- A process for the investigation of complaints
- Monitoring and auditing activities (indicators within a quality improvement program, for instance)
- Disciplinary guidelines
- A system for prompt and thorough corrective actions when issues are identified.
At a publicly traded corporation, the compliance program might be an entire department of compliance staff, whose job is monitoring the organization for compliance. The policies might be volumes. At a smaller organization, a few simple written policies suffice with the owner designated as the compliance officer. Regardless of size, an organization should strive to maintain a program that has all seven elements.
HQAA standard ORG 5 – COMPLIANCE PROGRAMS address the requirements for a compliance program. Stated quite simply, the standard expects your organization to have a written program that includes all seven elements.
When your organization goes through an accreditation survey, expect the surveyor to evaluate your compliance program by:
- Reviewing the written policies & procedures within your compliance program
- Reviewing training and in-service records for documentation of ongoing staff education about compliance
- Reviewing the complaint log and documentation of follow up to complaints
- Asking staff who the compliance officer is and what he or she does
- Asking billing, marketing, and supervisory staff about compliance related issues such as telephone solicitation, referral marketing, and how they ensure they are not overbilling
- Reviewing the QI program for compliance related indicators
- Asking the compliance officer for more detailed description of how the compliance program works and how they (the compliance officer) receives training on compliance
Keep in mind these programs are required to HELP your organization. Specifically, a compliance program is an opportunity for your organization to “use internal controls to monitor adherence to statutes, regulations, and program requirements” (language verbatim from CMS guidance documents) and police yourself. The goal is that you are able to avoid CMS, the OIG, or any other regulatory authority identifying the problems and resulting fines, sanctions, or penalties.
Be sure to review compliance and compliance related issues at least quarterly, or on an as needed basis more frequently. Many organizations roll this review into their QI program. Be sure to educate and re-educate staff on compliance frequently and document a yearly in-service on compliance. The compliance program will take some time and effort, but it will pay off handily in efficient and timely reimbursement. More importantly, your organization will have the peace of mind that comes from knowing you are doing the right thing and avoiding fines, sanctions, and even loss of your license or billing privileges.
“If you think compliance is expensive, try noncompliance” – attributed to Former US Deputy Attorney General Paul McNulty.