compliance and your board: equipping them for...
TRANSCRIPT
Compliance and Your Board: Equipping Them for Effectiveness
Melaney Scott, MBA, CIA, CHC
Today’s Topics
• Background and Update
• Board of Directors’ Responsibilities
• Questions Board Should Ask
• Effective Compliance Program
Background and Update
OIG Resources for Boards
The OIG has several resources with information on board effectiveness, including:
• Practical Guidance for Health Care Governing Boards on Compliance Oversight
• A Toolkit for Health Care Boards
• Corporate Responsibility and Health Care Quality – A Resource for Health Care Boards of Directors- https://oig.hhs.gov/compliance/compliance-guidance/compliance-resource-material.asp
Fraud Prevention System Used to Identify Fraud
2017 GAO report found:
• 22% of Medicare fraud investigations were
based on leads from FPS
• FPS speeds up investigative processes such
as identifying and triaging suspect providers
• FPS uses prepayment edits to deny claims
that violate Medicare rules or polices
HHS/DOJ Health Care Fraud Prevention and Enforcement Action Team's ("HEAT")
Measuring Effectiveness
• Develop compliance program with benchmarks and measurable goals.
• Set up a system to measure how well you are meeting those goals.
• Involve the Board in creating the program .
• Regularly update the Board regarding compliance risks, audits, and investigations.
• If one or more goals are not met, investigate why and how to improve in the future.
• Assess whether the compliance program has sufficient funding and support.
https://oig.hhs.gov/compliance/provider-compliance-training/
• Individual Accountability for Corporate Wrongdoing Memorandum – 2015
• DOJ released a document titled “Evaluation of Corporate Compliance Program” - 2016
Purpose:
Questions they would ask in making an individualized determination in a criminal investigation
https://www.justice.gov/criminal-fraud/page/file/937501/download
Department of Justice
Components of an Effective Compliance Program
Patient Safety
Oversight
Education
Communi-cation
StandardsMonitoring
and Auditing
Enforce Standards
Prompt Response
and Corrective
Action
Internal Controls
Goal of Compliance Program
Prevent
Detect
Correct
OIG has suggested that an “effective” compliance plan is put in place to
detect, prevent and correct violations
• Definition and standards for “effective”
• Reference to effectiveness—but not guidance
• Initiation of plan, unable to sustain = no compliance plan
• Consistent and open communication
• Establishes expectation to operate ethically and consistently with fiduciary
and legal obligations
• Focuses on behavior, attitudes, and culture
• Action oriented
• Builds on and reinforces existing compliance-related activities and
procedures
“Effective” Compliance Plan
10
Board of Directors’ Responsibilities
Expectations for Board Oversight
“A Board must act in good faith in the exercise of its oversight responsibility for its organization, including making inquiries to ensure:
(1) a corporate information and reporting system exists and
(2) the reporting system is adequate to assure the Board that appropriate information relating to compliance with applicable laws will come to its attention timely and as a matter of course.”
https://oig.hhs.gov/compliance/compliance-guidance/docs/Practical-
Guidance-for-Health-Care-Boards-on-Compliance-Oversight.pdf
Key Roles
Per Office of the Inspector General (OIG)
• Compliance oversight
• Structuring your compliance program
• Evaluating effectiveness of standards and processes
https://oig.hhs.gov/newsroom/video/2011/heat_modules.asp#hcb-guidance
OIG Guidance
OIG Guidance to Boards - Video
Key Elements to Board Oversight
• Asking management the right questions.
• Asking questions regarding the performance of those who develop and execute the compliance program.
• Making compliance a responsibility for all levels of management.
Board Role
• Engage in oversight responsibilities
• Diversify areas of expertise
• Stay informed on risk areas and compliance issues
• Attend compliance training and speak to staff
• Adapt to changing health care delivery and reimbursement risks
Key Questions
• Does your compliance officer report directly to the Board?
• Does the compliance officer have sufficient authority to implement the compliance program?
• How is the compliance program structured?
• Who are the key employees responsible for its implementation and operation?
• How do you know if your compliance plan is effective?
https://oig.hhs.gov/newsroom/video/2011/heat_modules.asp#hcb-guidance
Questions –Compliance Infrastructure
• How is the Board structured to oversee compliance issues?
• What are the inherent limitations in the compliance program?
• How does your organization encourage communication between compliance and rest of staff?
• Does the Compliance Officer have the autonomy and sufficient resources necessary to perform assessments and respond appropriately to misconduct?
https://oig.hhs.gov/newsroom/video/2011/heat_modules.asp#hcb-guidance
Questions –Compliance Infrastructure
• How does the Board encourage compliance in daily decision-making?
• Have compliance-related responsibilities been assigned across the appropriate levels of the organizations?
• Are goals periodically adjusted?
https://oig.hhs.gov/newsroom/video/2011/heat_modules.asp#hcb-guidance
As board members, how can they ensure the compliance plan is effective?
Compliance Accountability
Information Systems
• Assure the governing board appropriate
information regarding compliance with
applicable laws will come to attention within a
timely manner and as a matter of course
Compliance Program Size and Structure
• Each health care entity’s compliance program
must be tailored to the specific needs, size,
and complexity of the organization.
Compliance Accountability
Audit, Compliance and Legal Functions• Clearly define the roles, structure, and
reporting relationships of the audit,
compliance, and legal functions within the
organization
Board Reports• Receive regular reports regarding the
organization’s risk mitigation and compliance
efforts
Compliance Accountability
Auditing Process• Work with management to ensure the adequacy
of the organization’s auditing process
Compliance Culture• Exercise creativity in implementing programs to
ensure that compliance is a “way of life”
What is an effective compliance plan?
OIG Effective Compliance Questions
• What metrics are used to evaluate compliance?
• How does your organization identify gaps in quality?
• Is the organization conducting internal audits?
• Is the organization’s response to problems sufficient?
• Has your compliance officer identified hurdles to promoting compliance?
• Does the Board receive reports about compliance?
https://oig.hhs.gov/newsroom/video/2011/heat_modules.asp#hcb-guidance
4. Policies and Procedures
a. Design and Accessibility
Designing Compliance Policies and Procedures – What has been the company’s process for designing and implementing new policies and procedures? Who has been involved in the design of policies and procedures? Have business units/divisions been consulted prior to rolling them out?
Applicable Policies and Procedures – Has the company had policies and procedures that prohibited the misconduct? How has the company assessed whether these policies and procedures have been effectively implemented? How have the functions that had ownership of these policies and procedures been held accountable for supervisory oversight?
Example
https://www.justice.gov/criminal-fraud/page/file/937501/download
January 17, 2017
• Measuring compliance program effectiveness is recommended by several authorities
• What and how to measure by each element
• Remember – “One size truly does not fit all”
Measuring Compliance Program Effectiveness
https://oig.hhs.gov/compliance/101/files/HCCA-OIG-Resource-Guide.pdf
• Standards, Policies, and Procedures
• Compliance Program Administration
• Screening and Evaluation of Employees, Physicians, Vendors and other Agents
• Communication, Education, and Training on Compliance Issues
• Monitoring, Auditing, and Internal Reporting Systems
• Discipline for Non‐Compliance
• Investigations and Remedial Measures
Compliance Program Elements
• Periodically undertake reassessment of its compliance program to identify changes necessary to reflect changes within the organization and its facilities.
• Data mining
Two Additional Elements
• Take one element and compare to your program
• Update policies, procedures and work flows
What does the OIG Recommend?
Topic Example of Self-Assessment Questions
Analysis and Remediation
of Underlying Misconduct
Is the company prepared to explain whether there were
prior opportunities to detect the misconduct in question? If
such opportunities were missed, why?
Senior and Middle
Management
Is the compliance expertise available on the Board? Is the
Board and executive management receiving information to
exercise oversight of risk areas?
Policies and Procedures Are company policies and procedures accessible to those
who need to follow them? Is usefulness being evaluated?
How do those with approval authority know what to look for
to detect potential misconduct?
Example of Self Assessment
What to measure How to Measure
Accessibility • Review link to employee accessible website/intranet that
includes the Code of Conduct
• Survey ‐ Can you readily access or reference policies
and procedures? (Yes/No/Don't know)
• Survey ‐ How and where do employees actually access
policies and procedures?
• Test key word search (searchable)
• Audit and interview staff to show policies
Actual Access • Audit how many actual "hits" on policies and procedures
Accessible language for
code, standards & policies
• Flesch Kincaid measuring standard – no more than 10th
grade reading level
Compliance program
awareness and
communication
• Survey employees to determine the extent to which the
code of conduct and other compliance communications
are available to employees
• Review to ensure the standards, policies, and awareness
material is updated and distributed within organization’s
guidelines
Conclusion
• Provide education to your boards on their accountability
• Help boards with providing the information to support the questions
• Review the effectiveness of the compliance program
• Give your board information to help meet their responsibilities
The material appearing in this presentation is for informational purposes only and
should not be construed as advice of any kind, including, without limitation, legal,
accounting, or investment advice. This information is not intended to create, and
receipt does not constitute, a legal relationship, including, but not limited to, an
accountant-client relationship. Although this information may have been prepared by
professionals, it should not be used as a substitute for professional services. If legal,
accounting, investment, or other professional advice is required, the services of a
professional should be sought.
Assurance, tax, and consulting offered through Moss Adams LLP. Investment
advisory offered through Moss Adams Wealth Advisors LLC. Investment banking
offered through Moss Adams Capital LLC.