Healthcare compliance program policies and procedures – that is the subject your boss has just asked you about. You realize while you have heard about this topic, you aren’t really on top of it enough to give a credible answer. Also, please understand that “HIPAA Security Standards or privacy rules” are related but not the same!
What is a compliance program in a healthcare organization? You decide to begin an intensive research project into healthcare compliance program policies and procedures.
Regulations that apply to Healthcare Compliance Program policies and procedures
The first question that comes to mind is, “what regulations apply to healthcare compliance program policies and procedures?” The short answer is: not many! In fact, the only healthcare organizations that are required by regulation to have a compliance program are skilled nursing facilities. Other health care organizations – including hospitals, home health agencies, laboratories, physician groups, third-party billing services, and ambulance companies – have guidance from the Office of Inspector General (OIG) on compliance programs.
Guidance from a regulatory agency is not the same as laws or regulations. Implementing a compliance program, even one based on the OIG guidance is voluntary. But in this day and age, it could be considered managerial malpractice not to rely on the OIG guidance for your type of healthcare organization. After all, you want to implement an effective compliance program in a healthcare organization.
And more compliance programs required by regulation may be on the way. The Affordable Care Act (ACA) of 2010 required the Health and Human Services Department (HHS) to issue regulations on healthcare compliance programs. The regulations would describe the requirements for compliance programs for any healthcare service billing Medicare for claims for services or supplies. The ACA is also the source of the compliance regulations issued for skilled nursing facilities.
OIG Guidance and Compliance Policies and Procedures
So what is the OIG guidance on healthcare compliance program policies and procedures? No matter the type of organization, all of the guidance issued by the OIG refers to the same seven elements of an effective compliance program in healthcare. And written standards of conduct along with written policies and procedures are one of those elements.
Content of Healthcare Compliance Program
One of the foundational policies of a compliance plan in healthcare is a policy describing the compliance program of the organization. This policy will usually contain the key elements of the program such as:
- The commitment of the organization to compliance with all federal and state laws and regulations. It should also describe the organization’s commitment to avoiding fraud and abuse with respect to billing and claims activities.
- The roles and responsibilities of those accountable for oversight of the compliance plan. This usually includes the governing body, the Compliance Officer, and the Compliance Committee.
- The risk areas of the healthcare organization. For most healthcare organizations participating in Medicare and/or Medicaid, submitting correct claims is a major risk area. But there are others. (1) Any Designated Healthcare Service that has a financial relationship with a physician who also refers patients to that Service has a risk related to the Stark Law and the Anti-kickback Statute. (2) Medicare Cost Reports are a risk area for hospitals. (3) Returning credit balances or overpayments is a risk area for all organizations submitting claims. (4) Employing staff members who have been previously excluded from participating in government healthcare programs is a risk area for all organizations submitting claims.
- Periodic training. Training is required for all staff members on the compliance standards of the organization. (1) Training for governing body members and executives must address their specific roles in the oversight of the compliance plan. (2) Managers, employees, and clinical providers should receive training appropriate to their roles as clinicians, other professionals, and support staff.
- Effective lines of communication. One of the consistent features of situations where an organization ran afoul of laws and regulations related to claims is the existence of whistleblowers. These individuals knew or suspected someone was making mistakes in the preparation or submission of claims to government programs. But there was no effective way for them to voice these concerns. Sometimes the concerns were voiced but were ignored.
More Content of Healthcare Compliance Program Policies and Procedures
- Enforcing policies through well-publicized Disciplinary Guidelines. A great deal is at stake for healthcare organizations if professionals or other employees are making mistakes in medical record documentation or billing/coding of claims. Staff can feel removed from the consequences of mistakes that result in repayments of previously-received funds. And the stakes go up considerably if there is actual wrongdoing in the management of processes of the various risk areas of the organization. This means it is important for leadership at all levels to take mistakes and actual misconduct seriously – and to communicate the seriousness of these situations. Disciplinary actions should be fair and consistent when required. And failure to report mistakes or misconduct should also lead to disciplinary action.
- Auditing and monitoring. To paraphrase the OIG Compliance Program Guidance for Hospitals: The OIG believes that an effective compliance program in healthcare should incorporate thorough monitoring of its implementation and regular reporting to senior hospital or corporate officers. Auditing is a formal process to determine if a process is working as expected in a given risk area. Monitoring is a self-assessment performed by a department or division, often following a plan of correction after an issue was discovered. In any event, gear audits to address the risk areas of the organization, and report the results to the governing body.
- Responding to Detected Offenses. The seventh element of an effective compliance program in healthcare is investigating failures to comply with federal or state laws. Describe when investigations will be initiated and how they will be managed. Address the role of the Compliance Officer and use of Legal Counsel. When there is potential evidence of misconduct or violations of law, specify how and when to report to governmental authorities. And report the results of all investigations to the governing body.
The Code of Conduct
A code of conduct is one of the other important documents when implementing healthcare compliance program policies and procedures. This policy addresses the requirement for compliance standards in the OIG Compliance Program Guidance for healthcare services. Use your code of conduct (or code of ethical conduct) to emphasize standards that may already be covered in greater detail in other policies. Consider getting your code of conduct professionally printed. They have photos or graphics not usually found in institutional policies. This approach can convey a positive message about the organization’s values while still reminding staff of their responsibilities.
Scope of the Code of Conduct
The scope of the code of conduct will vary depending on the nature of the healthcare organization. Hospitals and other providers may have sections on environmental compliance that are very different from a third-party billing service. But most codes of conduct cover common issues.
- Compliance Program and duty to report
- Quality of Care and Services
- Patient Confidentiality
- Safeguarding the Organization’s Assets
- Physician and Provider relationships
- Billing for Services
- Compliance for Employees, e.g., gifts, conflicts of interest, kickbacks or bribes
- Non-discrimination environment
- Confidentiality of the Organization’s Information
- Environmental Compliance
- Marketing and Advertising
- Financial Reporting and Records
- Disciplinary Actions
Like all policies, update the Code of Conduct should as needed, and include it in periodic training for employees.
Implementing healthcare compliance program policies and procedures is not a task for the fainthearted. This is especially true in an organization with little or no history of honest self-examination and dedication to improvement. However, many healthcare organizations have developed and implemented healthcare compliance program policies and procedures. These organizations develop a culture that supports always doing the right thing. This type of culture is also more likely to strive for excellence in patient care, too.
Download this free guide to Measuring an Effective Corporate Compliance Program, this may be the next best step for you.