There has been much written regarding the “voluntary” nature of instituting and maintaining an “effective compliance program” for healthcare providers. Much of this literature supports the concept of compliance being interwoven into the culture of an organization. Whether compliance programs are truly voluntary is debatable.
While the Federal OIG has not formally stated that maintaining an effective compliance program is mandatory, Arkansas Medicaid has. Ark. Code Ann. § 20-77-2511 states that any provider who receives $750,000 annually from the Arkansas Medicaid program, is required to implement a compliance program. Moreover, CMS provider enrollment forms for certain provider types requires a “yes” or “no” answer as to whether the provider has a compliance program meeting certain requirements.
While there are multiple benefits from implementing and maintaining an effective compliance program, it is very important to recognize that there is no “one size fits all” compliance program for all providers. The specifics of a particular compliance program will vary based on provider type and provider size, just to name two factors. Each provider, whether a hospital, physician group, ambulatory surgery center or other provider type, should tailor its compliance program to reasonably reflect the compliance activities that the provider is able to perform.
Compliance Program Basics
Very generally speaking, an effective compliance program facilitates a healthcare provider’s compliance with federal and state laws, rules and regulations that are applicable to the provider, including, but not limited to, Medicare and Medicaid reimbursement policies and procedures. It is well documented that non-compliance with Medicare or Medicaid reimbursement policies and procedures can have devastating effects on providers, particularly smaller providers with less margin to absorb unexpected losses and refunds.
An effective Compliance Program will not only provide guidelines for a provider to follow in the event of a compliance violation or breach (i.e., voluntary identification and refunding of overpayments), but will also help providers avoid compliance issues by implementing front-end auditing and monitoring processes to detect any would-be issues before they become negative compliance outcomes.
OIG Compliance Program Specifics
The Federal Office of the Inspector General has identified seven essential elements of an “effective compliance program,” all of which are essential to demonstrating the “commitment to compliance” that the OIG expects of all healthcare providers. These seven elements include:
- Developing written policies and procedures.
- Designating a compliance officer and compliance committee.
- Providing effective compliance training and education.
- Establishing effective lines of communication.
- Performing internal monitoring and auditing.
- Enforcement of standards through well-publicized disciplinary guidelines.
- Exhibiting a prompt response to detected problems through corrective actions.
In our practice, we advise clients that the compliance committee should be comprised of individuals with diverse responsibilities that include the revenue cycle, human resources, and information technology, just to mention a few. We have found that the most effective compliance committees meet on a quarterly basis and include on their agenda certain standing items, such as a human resources report to identify any disciplinary actions taken as a result of compliance violations. We often hear our various clients remark that their compliance committee meetings are among the most informative meetings that they attend. In the early stages of organizing and implementing your compliance program, it is crucial to involve legal counsel in order to assure the entire compliance landscape is addressed by the compliance committee in its quarterly meetings.
Arkansas Medicaid Compliance Program Specifics
The Arkansas Legislature, in creating the Office of the Medicaid Inspector General, identified the following elements of an “effective compliance program” for Arkansas Medicaid providers:
Development of written policies and procedures that:
- Describe compliance expectations;
- Describe the implementation of the operation of the compliance program;
- Provide guidance to employees and others with regard to dealing with potential compliance issues;
- Identify a method for communicating compliance issues to appropriate compliance personnel; and
- Describe the method by which potential compliance problems are investigated and resolved.
Designation of an employee charged with responsibility for operation of the compliance program (i.e., a “compliance officer”):
- The employee so designated may have other responsibilities in addition to operation of the compliance program; and
- The employee so designated must report directly to the provider’s chief executive or other senior officer and must periodically report directly to the provider’s governing board on the activities of the compliance program.
Providing periodic training to employees of the provider, including executives and governing board members, with regard to the compliance program operation, compliance issues and compliance expectations. The compliance training should also be a part of the orientation process for these individuals.
Providing lines of communication, including a method to anonymously report potential compliance issues as they are identified by employees, executives and governing board members.
Establishing disciplinary policies to encourage participation in the compliance program by affected individuals, including a policy that sets forth expectations for reporting compliance issues, assisting in the resolution of such issues and outlines sanctions for:
- Failing to report suspected problems;
- Participating in noncompliant behavior; and
Encouraging, directing, facilitating, or permitting noncompliant behavior.
Establishing a system for routine identification of compliance risk areas specific to the provider for:
- Self-evaluation of the risk areas, including internal and external audits; and
- Evaluation of potential or actual noncompliance as a result of these audits.
Establishing a system for:
- Responding to compliance issues as they are raised;
- Investigating potential compliance issues;
- Responding to compliance issues as identified through audits;
- Correcting problems promptly and thoroughly and implementing processes to reduce the potential for recurrence;
- Identifying and reporting compliance issues to the Arkansas Department of Human Services or the Office of the Medicaid Inspector General; and
- Refunding overpayments.
Establishing a policy of non-intimidation and non-retaliation for good-faith participation in the compliance program, including, without limitation:
- Reporting potential issues;
- Investigating issues;
- Performing self-evaluations;
- Conducting audits and remedial actions; and
- Reporting to appropriate officials.
Twenty plus years ago, the concept of compliance programs was introduced as “voluntary.” Arguably, in some cases implementation of a compliance program may still be voluntary. However, as noted in this article, an effective compliance program is legally mandated for some providers advisable for all.
The information provided above is created by the attorneys in the Healthcare Practice Group at Friday, Eldredge & Clark, LLP. This is not a substitute for legal advice and should be considered for general guidance only. For more information or if you have further questions, please contact one of our Healthcare Attorneys.
Lynda M. Johnson has practiced in the health law area since 1986, representing a wide variety of healthcare providers including hospitals, physicians, physician groups, nursing homes, and home health agencies. Recently, her practice has focused on the representation of hospitals and physicians in HIPAA compliance efforts and other areas of regulatory compliance. Her practice also includes issues involving Stark I and II and Anti-Kickback compliance, Medicare/Medicaid reimbursement, corporate compliance issues, physician and hospital organization issues, managed care, healthcare and hospital law, long-term care and home health.
Timothy Ezell practices primarily in the area of healthcare law, representing hospitals, physician groups and other medical service providers in various corporate and compliance matters. His experience covers matters relating to HIPAA, Stark, fraud and abuse, anti-kickback, EMTALA, Medicare reimbursement, compliance, joint ventures, provider sales and acquisitions, medical staff bylaws and credentialing issues.