OIG Releases Healthcare Fraud Compliance Program Guidelines
Organizations should evaluate each component of their healthcare fraud compliance program, including policies, administration, employee assessments, and training, OIG said.
Source: Thinkstock
By - The Office of the Inspector General (OIG) recently published guidelines on how healthcare organizations can measure the effectiveness of their healthcare fraud compliance programs.
The resource guide explains how healthcare organizations of all sizes can measure different components of their compliance program. The guide covers how organizations can evaluate standards and policies, administration, stakeholder screening and assessments, training, internal reporting system monitoring, non-compliance discipline, and investigations and remedial measures.
“The purpose of this list is to give healthcare organizations as many ideas as possible, be broad enough to help any type of organization, and let the organization choose which ones best suit its needs,” the federal watchdog wrote. “This is not a ‘checklist’ to be applied wholesale to assess a compliance program.”
Rather than use all the healthcare fraud compliance guidelines, OIG recommends that organizations select a small sample of guidelines to implement in a year. Leaders should choose measures based on the organization’s risk areas, size, resources, and industry segment.
“Any attempt to use this as a standard or a certification is discouraged by those who worked on this project; one size truly does not fit all,” the resource guide stated.
Measuring healthcare fraud law compliance program standards and improving administration
READ MORE: Are Healthcare Fraud and Abuse Rates on the Decline?
The resource guide started by identifying improvement strategies for healthcare organizations to use to align their compliance program with healthcare fraud prevention laws.
Healthcare organizations should develop and maintain the following standards for an effective compliance program:
• Appropriate coding policies and procedures
• Adequate overpayment policies and procedures
• Updated compliance plan
READ MORE: Using Big Data in the Hunt for Healthcare Fraud, Waste, and Abuse
• Non-retribution and/or non-retaliation policies
• Internal and external compliance audit standards and procedures
• Record retention policy
Healthcare stakeholder interaction policies, such as how hospitals and physicians, pharmaceutical and medical device representatives, and vendors should engage with each other
• Gift and gratuity acceptance policy
READ MORE: HHS, DoJ Recovered $3.3B From Healthcare Fraud Cases in 2016
• Standards accountability standards, including how the organization handles incentives, sanctions, and disciplinary policies for employees at all levels
• Compliance Department operations manual
• Co-payment and deductible waiver policies
• Code of conduct
The federal watchdog added that healthcare organizations should integrate their mission and ethical principles with the compliance program’s code of conduct as well as verify the maintenance of policies pertaining to conflicts of interest, confidentiality, privacy, and healthcare fraud and abuse prevention regulations (e.g., anti-kick regulations, the Stark law, and Emergency Medical Treatment and Labor Act).
To ensure an organization has appropriate compliance program policies, OIG advised healthcare organizations to consult a legal entity and perform regular reviews. The reviews should assure that the standards address care quality challenges and that governance policies are being maintained.
Additionally, the resource guide discussed how compliance programs should be managed to ensure healthcare fraud prevention laws are followed. OIG recommended 24 administration improvements, including maintaining a budget, collaborating with other stakeholders in the organization, aligning program scope with industry standards, updating the healthcare fraud prevention law knowledge base, and recognizing the need for outside assistance.
The federal watchdog also defined the responsibilities that different committees should have when it comes to a compliance program. For example, compliance program leaders develop an oversight committee, define the highest authority level, and ensure that the governing body understands its compliance duties.
Assessing employee, vendor, and other stakeholder compliance and implementing education
For an effective compliance program, healthcare organizations should also evaluate how providers, staff, vendors, and other entities involved in the organization comply with healthcare fraud prevention laws.
OIG advised healthcare organizations to consider the following steps to strength their compliance program policies regarding stakeholder evaluations:
• Develop processes to identify and disclose conflicts of interest
• Include compliance responsibilities as part of all job descriptions
• Use compliance accountabilities as part of regular performance assessments
• Verify background and sanction checks are being performed according to applicable regulations, such as employment, promotions, and credentialing laws
• Ensure compliance-sensitive exit interviews are performed
• Monitor government sanction lists for excluded individuals or entities
• Verify that appropriate staff are performing due diligence when conducting third party evaluations
• Assure corrective actions are taken based on background and sanction check findings
In addition to assessing staff and vendors for healthcare fraud prevention compliance, healthcare organizations should also establish a robust training program to inform stakeholders about the facility’s compliance policies, OIG added.
Organizations should start by ensuring that compliance guidance is readily available to all staff members and staff engage in regular training sessions. The educational campaign should also include methods for evaluating an employee’s understanding of the compliance program and verifying that employees attended trainings.
OIG also advised organizations to break down complex healthcare fraud regulations into information that any employee or vendor can understand.
Monitoring and auditing the compliance program and its internal reporting systems
Having a compliance program in place may prevent healthcare fraud and abuse cases, but healthcare organizations should ensure their program is effective by regularly auditing the program and any internal reporting systems.
OIG suggested that organizations aim to audit their compliance program on an annual basis and use each year’s results to analyze and benchmark their performance. The audit process should ensure that the program and any related systems check for healthcare fraud violations based on updated laws and regulations.
Healthcare organizations may also want to consider using a third party to complete a compliance program audit.
Additionally, the federal watchdog recommended that healthcare organizations develop an internal reporting system for employees to identify potential violations. The system should ensure anonymity and confidentiality for reporting and be easily accessible to all employees in the organization.
Taking action to discipline non-compliance and implement remedial measures
Implementing a compliance program may prevent some healthcare fraud violations, but healthcare organizations should also have discipline and remedial policies in place in the event an employee or vendor goes against the program’s policies.
To develop appropriate disciplinary procedures, OIG recommended the following standards:
• Suggest disciplinary action if non-compliance is detected
• Ensure disciplinary actions are appropriate for the violation
• Develop consistent disciplinary policies and procedures
• Verify that disciplinary actions are enforced for all employees
• Establish a consistent documentation process for tracking non-compliance and disciplining violations
• Recommend actions for individuals and entities that have been excluded from government programs
• Ensure that policies are in place outlining non-compliance disciplinary actions
• Coordinate with management staff to ensure timely disciplinary action
• Verify that disciplinary action is reported to appropriate regulatory body if required by law
Another key to establishing effective non-compliance standards is developing corrective action plans to prevent further program violations.
Similar to disciplinary action standards, healthcare organizations should verify that corrective action plans are implemented and followed. To make corrective action plan implementation easier, organizations should also cooperate with outside entities, such as government agencies, legal counselors, and third party auditors.
In addition, documenting corrective action plans and steps taken to follow them are crucial to ensuring healthcare fraud compliance is restored.
