Reprinted with permission from Birmingham Medical News
In the year ending September 30, 2023, federal False Claims Act settlements and judgments totaled more than $2.5 billion, much of it from the healthcare industry. The largest amount, more than $487 million, resulted from a finding by a federal jury in Minnesota that an eye care product provider violated anti-kickback laws, resulting in 64,575 false claims being submitted to Medicare. do. So what should healthcare organizations do to minimize compliance risks? One smart step is to make sure your compliance program (you have one, right?) is up to date and effective. is. To assist with this, on November 6, 2023, the Office of Inspector General (“OIG”) published a 91-page Compliance Reference Guide containing compliance advice, recommendations, and guidance for healthcare organizations. .
OIG’s General Compliance Program Guidance (“GCPG”) is a user-friendly resource manual applicable to all individuals and entities involved in the healthcare industry. It not only addresses the seven elements of an effective compliance program, but also addresses the various fraud and abuse laws that affect healthcare organizations, particularly the Anti-Kickback Act, the Stark Law, the False Claims Act, and the Civil Code. It also provides an overview. Penalty Laws, Exclusionary Powers Laws, and HIPAA. Although healthcare organizations are not required to maintain a compliance program, it is helpful to have an “effective” compliance program tailored to the organization and used as a “self-monitoring” tool if the organization is the subject of a fraud investigation or prosecution. It may be helpful. Reduce any penalties.
Starting in 2024, OIG plans to issue industry-specific compliance guidance for various types of healthcare providers and suppliers. Notably, GCPG recognizes the growing importance of private equity in the healthcare industry, stating that private equity firms must “comply with federal fraud and abuse laws and provide quality service.” Their operations and incentive structures need to be carefully scrutinized to ensure they are delivering the same benefits.” Safe care for patients. ” GCPG can be found here.
GCPG reiterates the OIG’s position that an “effective” compliance program includes seven elements.
element 1 Written policies and procedures:
This element includes codes of conduct and related compliance policies to address common risk areas such as billing, coding, sales, marketing, quality of care, patient incentives, and arrangements with other healthcare providers. Includes instructions.
element 2 Compliance leadership and oversight:
These elements include appointing a compliance officer with clear responsibilities, a compliance committee (depending on the size of the organization), and establishing oversight of a governing body.
element 3 Training and education:
This element includes annual compliance training for all owners, employees, and selected contractors. Training should address the specific needs and risks presented by healthcare organizations.
element 4 Effective communication lines:
This element includes developing and publicizing ways for individuals within the organization to bring compliance questions and concerns to the compliance officer or other individuals in leadership positions.
element 5 Enforcement of standards (consequences and incentives):
For a compliance program to be effective, healthcare organizations must establish appropriate consequences for noncompliance and incentives for compliance. Consequences may include remediation, sanctions, or both, depending on the facts. Incentives may be used to encourage compliance performance and innovation.
element 6 Risk assessment, auditing and monitoring:
Risk assessment is an annual process to identify, analyze and respond to risks. Your compliance program should include a schedule for audits to be conducted based on the risks identified in your annual risk assessment. Examples of routine monitoring of known risks include monthly screening of federal and state Medicaid exclusion lists. Periodic inspection of state licensing and certification databases. Annual review of your organization’s policies and procedures.
element 7 Responding to detected violations and developing corrective action efforts:
An effective compliance program includes thoroughly investigating compliance concerns, taking the necessary steps to remediate any legal or policy violations found, and reporting them to government program agencies and law enforcement as appropriate. It should include processes and resources for root cause analysis, such as: ) We will strive to prevent recurrence of any misconduct that is discovered.
GCPG recognizes that compliance programs may be structured differently depending on the size and financial resources of a health care organization. GCPG states:[s]Mall entities, such as individual or small group physician practices, and other entities with a small number of employees may face financial and staffing constraints that other entities may not have. ” Among its recommendations for small entities, the GCPG suggests:
For smaller organizations that cannot support a compliance officer on a full-time or part-time basis, consider designating an organizational compliance officer and making that person responsible for ensuring that the organization’s compliance activities are completed. is needed. This person should not have any responsibility for performing or supervising legal services for the organization, and should, to the extent possible, not be involved in legal services.Create, code, or submit claims.
SMall organizations may provide compliance education through a variety of means, including during meetings, email, on the website, or posted in physical or virtual common areas.
Small organizations should use user-friendly methods appropriate to their size and environment to facilitate communication about compliance concerns and potential issues. This may include an explicit “open door” policy for personnel to raise concerns with the compliance officer, owner, or CEO. Creating user-friendly processes (such as anonymous dropboxes) to effectively report false, inappropriate, or fraudulent activity. A policy stating that there will be no retaliation if you report conduct that a reasonable person, acting in good faith, would believe to be wrong, inappropriate, or fraudulent.
Small organizations should assess their compliance risks at least once a year. This includes annual reports to identify potential risks such as insurance claim denials, overpayment recoveries, medical necessity disputes and patient safety data (drop rates, product return rates, complaints, etc.). Includes audit.
Small organizations must ensure enforcement and disciplinary mechanisms are in place before violations of compliance policies, government health requirements, or other applicable laws occur. When implementing a compliance program, small organizations should anticipate that the program may uncover potential legal violations or other compliance violations. For smaller organizations, designate someone, such as a compliance officer, organizational leader, or another designated employee, to determine whether a violation exists and the steps needed to correct the problem. you need to be prepared to do so.
Effective compliance programs help healthcare organizations reduce errors, improve the quality of patient care and patient safety, and prevent, detect, and address fraud, waste, and abuse. The GCPG is a must-read for all healthcare organizations seeking to address these compliance risks, providing easy-to-understand examples and helpful “tips” that highlight key areas identified by the OIG.
[View source.]