The Important Components of a Corporate Compliance Program

By: Laurie Aloi, CPC, CHC

MedSafe

“The Total Compliance Solution”

7 Elements of a Compliance Program

1. Standards of Conduct/Policies and Procedures2. Compliance Officer/Compliance Committee3. Education4. Monitoring and Auditing5. Reporting and Investigating6. Enforcement and Discipline7. Response and Prevention

#1 Standards of Conduct/Policies and Procedures

Code of Conduct: Promote your commitment to compliance Demonstrate your organizations attitude and

emphasis on compliance and its applicable laws and regulations

Build your program around these elements Code of Conduct is meant for all employees,

representatives of the organization, vendors, suppliers, independent contractors, board members and volunteers

#1 Standards of Conduct/Policies and Procedures

Policies and Procedures: Begin with areas of risk identified within the OIG

workplan: Internal assessmentsSelf DisclosureRegular Medicare sanction checksBilling PoliciesUnbundlingCredit BalancesNo charge visits Incomplete/un-successful surgical procedures

#2 Compliance Officer/Compliance Committee

“Serves as the focal point for Compliance activities”

“Appropriate authority is critical to the success of the program”

Most Compliance Officers/Committees report to the CEO or the Board

#2 Compliance Officer/Compliance Committee

The Compliance Officer/Committee will: Oversee and monitor the compliance program Report to the governing body, CEO Revise the compliance program periodically Develop the education and training program Assist with internal compliance review and

monitoring Independently investigate and act on matters

related to compliance

#3 Education

The most important line of defense for a Compliance Program!

The OIG recommends that all employees be required to have a specific number of hours of training annually.

#3 Education

Ten elements to include in a basic compliance training program: Body of legal and regulatory knowledge guiding

compliance activity Organizations compliance philosophy How to handle compliance communication inside and

outside your organization How to define and report compliance violations Policies regarding patient confidentiality and the handling

of patient information Claims submission

#3 Education

Ten elements continued:

Only qualified personnel may perform diagnosis and procedure coding

Physician documentation is the primary determination for claims submission

Vendors are held to the same compliance standards as staff Employees involved in compliance violations will be

disciplined

#3 Education

Corporate Officers, Managers and other staff should receive Ethics training that includes the following:

Government and private payer reimbursement principals General prohibitions on paying or receiving remuneration to induce

referrals Proper confirmation of diagnosis Submitting claims for physician services when rendered by a non-

physician Signing a form for a physician without the physicians authorization Alterations to medical records Prescribing medications and procedures without proper

authorization Proper documentation of services rendered Duty to report misconduct

#4 Monitoring and Auditing

Ongoing evaluation is critical to a successful compliance program

Functions common to all organizations that should be reviewed; Anti-kickback and self referral issues Credit balances Bad debts Claim development and submission Record retention Cost reporting Marketing Compliance program process

#5 Reporting and Investigating

The OIG stresses the importance of communication:

“An open line of communication between the Compliance Officer and personnel is equally important to the successful implementation of a compliance program and the reduction of any potential fraud, abuse and waste.”

#5 Reporting and Investigating

Policy for no retaliation or retribution. If not, this may create whistleblowers

Confidentiality and anonymity in the reporting process

All complaints and investigations are monitored and tracked

#6 Enforcement and Discipline Compliance program should include a written

policy setting forth the degrees of disciplinary actions that may be imposed for failure to comply with standards

The policy should include the following 5 points1. Non-compliance will result in discipline2. Failure to report non-compliance will result in discipline3. An outline of disciplinary procedures4. A list of the parties responsible for appropriate action5. A promise that discipline will be fair and consistent

#7 Response and Prevention

Violations of compliance programs threaten an organizations status

Failure to respond, or to engage in lengthy delay can have serious consequences

If a problem is found the first step is to meet with your legal counsel to determine the severity and develop a plan of action

OIG requires prompt reporting to the appropriate authority within a reasonable time, but not more that 60 days

#7 Response and Prevention

Thorough documentation of the investigation must be available Description of the potential misconduct and how it was

reported Description of investigative process List of relevant documents reviewed List of employees interviewed Employees interview questions and notes Changes to Policies and Procedures, if appropriate Documentation of disciplinary actions, if any Investigations final report with recommended actions

Voluntary Disclosure