Part 1: Compliance by the Data – Three Areas of Focus
Covering the Bases of Federal and State Laws, Standards Setting Organizations, and Best Practices
Health care organizations typically base compliance on practices that ensure patient safety, privacy, and quality of care. In addition to those primary factors, organizations must consider billing practices that avoid fraud, waste and abuse.
To achieve compliance goals the entire organization must understand what compliance means and how to enforce it. Despite differences in compliance requirements across health care sectors, there is a common denominator—the actions taken to reduce risk are often the same actions that protect patients.
In this series, we will explain the three areas where organizations need to focus their attention and identify the common data gaps that go unnoticed until a problem arises. We will discuss how closing these gaps mitigates regulatory, legal, and financial risk improving performance and efficiency to support the audit process.
Our aim is to show how compliance can be achieved through technology—automation and aggregated platforms that use data science and complex algorithms to deliver an accurate, real-time view of every individual and entity associated with an enterprise.
Three Areas of Focus
When considering the complexity of effective compliance, a good rule of thumb is to begin with the end in mind. Organizations can begin by aligning compliance programs with internal audit frameworks in order to introduce a systematic, disciplined approach that reinforces internal controls. This process will support applicable regulatory demands and standards boards while simultaneously promoting customized best-practice policies and procedures.
Regulatory Demands – The first area requiring health care organization alignment is with regard to established regulation. Compliance in this area avoids fines and penalties from State and Federal reimbursement programs, up to and including exclusion. Regulatory programs work to ensure that reimbursement happens only for licensed practitioners and health care entities in good standing.
A provider or entity faces mandatory exclusion from all Federal health care programs if they have engaged in any of the following: “Medicare or Medicaid fraud, as well as any other offenses related to the delivery of items or services under Medicare, Medicaid, SCHIP, or other State health care programs; patient abuse or neglect; felony convictions for other health care-related fraud, theft, or other financial misconduct; and felony convictions relating to unlawful manufacture, distribution, prescription, or dispensing of controlled substances.”
In addition to offenses that result in mandatory exclusion from government programs, there are permissive exclusions. These actions don’t necessarily result in automatic exclusion, but the Office of the Inspector General (OIG) at the U.S. Department of Health and Human Services (HHS) can choose to exclude for any number of reasons.
Unfortunately, exclusion actions can take years to come to a final conclusion and be published on the OIG’s List of Excluded Individuals and Entities (LEIE), and the burden is on health care organizations to make sure they don’t employ anyone who has been excluded. Looking for red flags during screening and continued monitoring after hiring can prevent ongoing association with a high-risk provider.
Standards Boards – In addition to staying compliant with regulation, health care organizations need to be mindful of the standards-setting bodies that issue certifications and accreditations. These certifications are typically based on quality and processes and organizations need to meet specific criteria in order to qualify.
Some examples of programs based on quality include the Centers for Medicare and Medicaid (CMS), Healthcare Effectiveness Data and Information Set (HEDIS), Sustainability Tracking Assessment & Rating System (STARS), Consumer Assessment of Healthcare Providers and Systems (CAHPS), The Joint Commission (TJC), the National Committee for Quality Assurance (NCQA), Det Norske Veritas (DNV GL), Utilization Review Accreditation Commission (URAC), National Patient Safety Foundation (NPSF), Institute for Healthcare Improvement, and dozens of others.
Many standards-setting organizations are activity specific, catering to hospitals, practice groups, research, pharmaceutical marketing, or other specialized programs. These standards groups address the unique challenges and risks of different aspects of health care based on the inherent exposure of each type of organization.
Best Practices – On top of regulatory and standards-based compliance, health care organizations also have a duty to ensure patient safety and quality care. They must also reduce the risk of fraud through internal policies and procedures that satisfy laws, regulations, and standards yet go further still to add transparency to the whole organization while addressing specific areas of vulnerability.
In some cases, such practices may mean more frequent drug testing, checking against the preclusion list, or adding any DEA checks, malpractice history, felony convictions, and controlled-substance suspicious-order monitoring. Ultimately, organizations have a responsibility to do whatever it takes to protect patients and institutions against exposure to risk.
In order to remain in compliance organizations must be diligent in creating and sustaining transparency through screening, verification, and continuous monitoring of every staff member—from the board and C-Suite, to licensed providers, volunteers, and everyone in between including contractors, vendors, investors, and supplier entities.
|Written by Susen Sawatzki
Verisys Marketing Consultant