SlideShare a Scribd company logo

FINAL PDF OF BNA HC FRAUD ARTICLE

Nicholas Merkin
Nicholas Merkin

The document summarizes new compliance guidance from the Office of Inspector General (OIG) for healthcare organization boards of directors. The guidance addresses expectations for the relationships between audit, compliance, and legal departments; mechanisms for internal issue reporting; identifying regulatory risks; and encouraging enterprise-wide accountability. It recommends that boards understand the guidance and invest resources to properly oversee compliance programs through policies and procedures, training, auditing, and regular reporting. Following the guidance can help boards meet their responsibilities, though there is no single approach and healthcare compliance remains challenging.

1 of 3
Download to read offline
Reproduced with permission from BNA’s Health Care Fraud Report, 19 HFRA 443, 5/27/15. Copyright ஽ 2015 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com What the OIG’s New Compliance Guidance Means for Health-Care Organizations’ Boards of Directors NICHOLAS MERKIN H ealth-care organization boards of directors have long been a focus of OIG scrutiny and have been the subject of OIG guidance statements in 2003, 2004 and 2007.1 On April 20, 2015, the OIG issued yet another set of practical guidance advice specifically targeting a board’s oversight of compliance program functions.2 This guidance encompassed and set forth expecta- tions regarding: s the roles of, and relationships between, health- care organizations’ audit, compliance and legal departments; s the mechanism and process for issue-reporting within health-care organizations; s an approach to identifying regulatory risk; and s methods of encouraging enterprise-wide account- ability for achievement of compliance goals and objectives. The result of these heightened expectations—coupled with increased regulatory enforcement and plaintiffs’ attorneys looking for deep-pocketed targets—may mean that health-care organization directors have even greater responsibility and potential liability than those of non-health-care entities. In this environment, it is crucial for health-care orga- nization boards of directors to understand the new OIG guidance and the investment time and resources neces- sary to execute properly their corporate responsibilities and duties. It is crucial for health-care organization boards of directors to understand the new OIG guidance and to invest the time and resources to execute their corporate responsibilities. A closer look at the OIG’s recent statement reveals that its guidance is fairly opaque. So what does the new OIG guidance mean in practi- cal terms? What are its real-life implications to a health- care entity and its board? Set forth below is a summary of the relevant aspects of the OIG’s recent guidance statement, as well as sug- gestions for renewed ‘‘best practices’’ and practical sug- 1 OIG and AHLA, Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors (2003); OIG and AHLA, An Integrated Approach to Corporate Compliance: A Resource for Health Care Organization Boards of Directors (2004); and OIG and AHLA, Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors (2007). 2 OIG, AHIA, AHLA, and HCCA, Practical Guidance for Healthcare Governing Boards on Compliance Oversight (2015). Nicholas Merkin is the chief executive officer of Compliagent, a health-care regulatory com- pliance firm. He can be reached at nmerkin@ compliagent.com COPYRIGHT ஽ 2015 BY THE BUREAU OF NATIONAL AFFAIRS, INC. ISSN 1092-1079 BNA’s Health Care Fraud Report™
gestions for effectively incorporating the OIG’s direc- tives into health-care organizations’ compliance plan oversight. Health-Care Organizations’ Audit, Compliance and Legal Departments According to the OIG, the compliance function in health-care organizations is generally shared among the audit, compliance and legal departments. The OIG views the relationships, reporting lines and divisions of responsibility among those stakeholders to be properly the subject of internal policies and procedures and di- rect board scrutiny. The OIG’s guidance, however, is fairly silent about the manner in which the board’s oversight obligations should be discharged. The OIG admits there is no ‘‘one-size-fits-all’’ solu- tion here that would fit all health-care entities and that elements such as organizational size and resources will dictate the practical application of these requirements. Despite this, the OIG speaks with clear and unequivo- cal instruction in one regard: in demanding that the compliance, legal and audit functions be independent of one another. An entity’s compliance officer or staff should never be the same its legal counsel or department, nor be sub- ordinate to it. In the OIG’s view, legal and compliance are separate functions, with different scopes of respon- sibility. The same is true for the audit department. In the OIG’s framework, the compliance function ‘‘promotes the prevention, detection, and resolution’’ of activities that are inconsistent with legal, policy or business stan- dards, while the legal function advises management and the board with respect to ‘‘relevant laws and regu- lations.’’ The audit department, in contrast, responsible for evaluating ‘‘existing risk and internal control sys- tems.’’3 Issue-Reporting Within Healthcare Organizations The next—and related—area of the new guidance is a focus on the board’s access to an adequate spectrum of information and data necessary to properly engage in compliance oversight. The OIG, while again giving little instruction as to the specifics, recommends an internal organizational re- porting structure that ensures that the board receives regular compliance and risk reports. The OIG proposes separate and independent report- ing from the principal personnel responsible for the au- dit, compliance, human resources, legal, quality and in- formation technology functions. These lines of reporting, according to the OIG, should be addressed in internal policies, procedures, and pro- tocols, as well as by the organization’s compliance plan. Part of this process should be the development of ob- jective metrics and measures by which the compliance health of an organization may be effectively assessed and evaluated. More specifically, in connection with proper informa- tion flow within a health-care organization, the OIG’s guidance charges the board with ensuring the existence of infrastructure and processes effecting timely report- ing of suspected compliance violations and responding with remedial measures. Identifying Regulatory Risk The OIG recognizes that the health-care industry presents an acute set of oversight challenges demand- ing a heightened level of oversight, including referral relationships and arrangements, billing issues, privacy breaches and quality and outcome matters. The OIG’s guidance emphasizes the board’s role in the identification of the risks associated with these ar- eas and that such risks must be addressed though de- tection tools, such as compliance hotlines and internal audits. Three emerging areas of particular interest are dis- cussed in the context of board responsibilities in this area: 1. an increased emphasis on quality; 2. changes in insurance coverage and reimburse- ment; and 3. new forms of reimbursement (including value- based purchasing and bundled and global pay- ments). Encouraging Enterprisewide Accountability The last area addressed in the OIG’s guidance state- ment is the board’s role in enforcing internal account- ability for the compliance program. The OIG’s perspective is that all employees within an organization should be held accountable for an entity’s compliance conduct—not only those members of the audit, compliance or legal divisions. Moreover, health-care boards should set organiza- tionwide compliance goals and measure and communi- cate progress, as well as compliance successes and fail- ures. In this area, the OIG provides specific guidance as to fulfilling these requirements, such as compensation- related rewards and penalties for compliance attain- ments and breakdowns. The OIG also emphasizes the need for adequate self- disclosure protocols and the reporting of compliance violations, as appropriate. Best Practices and Recommendations for Meeting the OIG’s Expectations Understanding and digesting the OIG’s recent guid- ance for health-care boards of directors, while an im- portant first step, is only the beginning of a continuing process of building and refining compliance infrastruc- ture for all health-care organizations. Moving forward into implementation requires trans- lating recommendations into actions in some of the ways described below. Modified Policies and Procedures Written policies and procedures are imperative for addressing compli- ance risk within an organization.3 Id. at pp. 6-7. 2 5-27-15 COPYRIGHT ஽ 2015 BY THE BUREAU OF NATIONAL AFFAIRS, INC. HFRA ISSN 1092-1079
Health-care organizations, in light of the new guid- ance discussed above, should revise their policies and procedures in connection with the strict relationships, reporting lines, and divisions of responsibility among the audit, compliance and legal departments desired by the OIG. Revised policies and procedures should lay out the lines of independent, regular reporting to the board from the audit, compliance, human resources, legal, quality and information technology areas of an entity, as well as effective tools to be used to identify compli- ance risk. The new policies and procedures should also lay out the design of internal disciplinary and accountability structures, including how compliance goals will be set, communicated organizationally, and monitored by the board. Additional Education and Training All staff should educated as to the revised organization’s policies and procedures, as well as the mechanisms by which the policies and procedures are revised and kept current. Specifically, director training should focus on, in ad- dition to the recent OIG guidance, the various fiduciary duties directors have in connection with the compliance function, as well as the primary regulations that relate to organizational compliance, such as the False Claims Act, Stark and anti-kickback laws, exclusion screening requirements, HIPAA and other privacy laws, as well as applicable state laws. Internal and External Auditing and Reporting Re- newed internal and external auditing and reporting mechanisms should be planned and implemented to fo- cus on the areas of concern highlighted by the OIG. All health-care organizations should conduct a yearly compliance effectiveness review and risk analysis, pref- erably conducted by an independent third-party. This analysis should lead to modifications and risk prioriti- zation in their enterprise-wide compliance plans and programming. Reports made to directors arising from newly- conducted audits and an organization’s compliance ho- tline should be substantive and result clear instructions as to remediation and change. Maintenance and Validation The information stream arising from truly effective corporate compliance pro- grams can be overwhelming. In order to realistically discharge the oversight obligations underscored by the OIG, it is crucial for organizations to be able organize and present such data in a meaningful way to directors and management. The manner in which this information is communi- cated must, by necessity, vary by organizational type, size, and the resources available. At the very least, how- ever, whether compliance-focused dashboards, soft- ware, or more low-tech methods, directors must be able to track their organizations’ incidents of non- compliance and how these incidents were addressed. More optimally, directors should have easy and real- time access to evolving procedures and protocols, edu- cational materials, reports related to audits, ongoing litigation, employee background screening, discipline and training, as well as the evolving corporate compli- ance plan and areas of focus. Conclusion Health-care entities are among the most complex or- ganizations to manage and oversee from both a busi- ness and compliance perspective. Directors charged with such oversight responsibility face formidable challenges. Recognizing this, the OIG has provided several guidance statements, the most re- cent of which was issued in April 2015. Simply put, the OIG and other regulatory bodies have set the bar high and imposed demanding expectations upon health-care boards of directors. Although compliance with these burdens requires much in terms of attention and resources, it is not im- possible. Understanding the OIG’s guidance in this area is crucial, as is implementation of the OIG’s recommen- dations. Although, as the OIG has stated, there is no ‘‘one- size-fits-all’’ way in which to address compliance, the implementation of the suggestions set forth above may be advisable way in which health-care boards of direc- tors can discharge their various duties and obligations. 3 HEALTH CARE FRAUD REPORT ISSN 1092-1079 BNA 5-27-15

Recommended

Compliance and-internal-audit-a-dangerous-comb
Compliance and-internal-audit-a-dangerous-combCompliance and-internal-audit-a-dangerous-comb
Compliance and-internal-audit-a-dangerous-combHalimy Abdul Hamid
 
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...PYA, P.C.
 
Sample Hospital Compliance Program
Sample Hospital Compliance ProgramSample Hospital Compliance Program
Sample Hospital Compliance ProgramCraig B. Garner
 
Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...
Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...
Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...PYA, P.C.
 
Non-Governmental Organization Internal Control as a Compliance Mechanism for ...
Non-Governmental Organization Internal Control as a Compliance Mechanism for ...Non-Governmental Organization Internal Control as a Compliance Mechanism for ...
Non-Governmental Organization Internal Control as a Compliance Mechanism for ...inventionjournals
 
Implementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostImplementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostJeff Brevik, PMP
 
Developing a Practice Compliance Plan
Developing a Practice Compliance PlanDeveloping a Practice Compliance Plan
Developing a Practice Compliance Planshelvan1967
 
Preparing & Responding to an OCR HIPAA Audit
Preparing & Responding to an OCR HIPAA AuditPreparing & Responding to an OCR HIPAA Audit
Preparing & Responding to an OCR HIPAA AuditPYA, P.C.
 

Recommended

Compliance and-internal-audit-a-dangerous-comb
Compliance and-internal-audit-a-dangerous-combCompliance and-internal-audit-a-dangerous-comb
Compliance and-internal-audit-a-dangerous-combHalimy Abdul Hamid
 
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...
Managing Organizational Risk: The Mighty Triad of Compliance, Internal Audit,...PYA, P.C.
 
Sample Hospital Compliance Program
Sample Hospital Compliance ProgramSample Hospital Compliance Program
Sample Hospital Compliance ProgramCraig B. Garner
 
Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...
Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...
Managing Organizational Risk: The Mighty Triad of Internal Audit, Compliance,...PYA, P.C.
 
Non-Governmental Organization Internal Control as a Compliance Mechanism for ...
Non-Governmental Organization Internal Control as a Compliance Mechanism for ...Non-Governmental Organization Internal Control as a Compliance Mechanism for ...
Non-Governmental Organization Internal Control as a Compliance Mechanism for ...inventionjournals
 
Implementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostImplementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostJeff Brevik, PMP
 
Developing a Practice Compliance Plan
Developing a Practice Compliance PlanDeveloping a Practice Compliance Plan
Developing a Practice Compliance Planshelvan1967
 
Preparing & Responding to an OCR HIPAA Audit
Preparing & Responding to an OCR HIPAA AuditPreparing & Responding to an OCR HIPAA Audit
Preparing & Responding to an OCR HIPAA AuditPYA, P.C.
 
ComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFPaulette Wunsch
 
Shrm poll health_care2_seniormanagement
Shrm poll health_care2_seniormanagementShrm poll health_care2_seniormanagement
Shrm poll health_care2_seniormanagementshrm
 
Technology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsTechnology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsRichard Cole
 
Certified Compliance Officer - Presentation Slides
Certified Compliance Officer - Presentation SlidesCertified Compliance Officer - Presentation Slides
Certified Compliance Officer - Presentation SlidesAsia Master Training آسيا ماسترز للتدريب والتطوير
 
Occupational health and safety management systems
Occupational health and safety management systemsOccupational health and safety management systems
Occupational health and safety management systemsKassu Jilcha (PhD)
 
Effect of Internal Control on Fraud Detection and Prevention in District Tre...
Effect of Internal Control on Fraud Detection and Prevention in District Tre... Effect of Internal Control on Fraud Detection and Prevention in District Tre...
Effect of Internal Control on Fraud Detection and Prevention in District Tre...inventionjournals
 
Data and Network Security: What You Need to Know
Data and Network Security: What You Need to KnowData and Network Security: What You Need to Know
Data and Network Security: What You Need to KnowPYA, P.C.
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Programlinhcuong
 
Healthcare Analytics Aberdeen Group Research
Healthcare Analytics Aberdeen Group ResearchHealthcare Analytics Aberdeen Group Research
Healthcare Analytics Aberdeen Group Researcheynonglyn
 
Updated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationUpdated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationThomas Bronack
 
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12Barbara Richman, SPHR
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
The relationship between organizational control environments
The relationship between organizational control environmentsThe relationship between organizational control environments
The relationship between organizational control environmentsAlexander Decker
 
Digitizing Corporate Governance
Digitizing Corporate GovernanceDigitizing Corporate Governance
Digitizing Corporate GovernanceJesus Tueme
 
Siagian2013
Siagian2013Siagian2013
Siagian2013Sri Apriyanti Husain
 
CourseCompletionCertificate (14)
CourseCompletionCertificate (14)CourseCompletionCertificate (14)
CourseCompletionCertificate (14)shelly berge
 
Germany
GermanyGermany
GermanyNada solo estudio
 
Workshop part1 – Mobile Apps
Workshop part1 – Mobile AppsWorkshop part1 – Mobile Apps
Workshop part1 – Mobile AppsAmazon Web Services
 
G data internet security 2015
G data internet security 2015G data internet security 2015
G data internet security 2015FVBEERS
 
Audio. Taller # 8
Audio. Taller # 8Audio. Taller # 8
Audio. Taller # 8...
 
What is the procedure of neck lift
What is the procedure of neck lift What is the procedure of neck lift
What is the procedure of neck lift Jennifer Levine
 
Metodologia pacie
Metodologia pacieMetodologia pacie
Metodologia pacieburdany19
 

More Related Content

What's hot

ComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFPaulette Wunsch
 
Shrm poll health_care2_seniormanagement
Shrm poll health_care2_seniormanagementShrm poll health_care2_seniormanagement
Shrm poll health_care2_seniormanagementshrm
 
Technology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsTechnology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsRichard Cole
 
Occupational health and safety management systems
Occupational health and safety management systemsOccupational health and safety management systems
Occupational health and safety management systemsKassu Jilcha (PhD)
 
Effect of Internal Control on Fraud Detection and Prevention in District Tre...
Effect of Internal Control on Fraud Detection and Prevention in District Tre... Effect of Internal Control on Fraud Detection and Prevention in District Tre...
Effect of Internal Control on Fraud Detection and Prevention in District Tre...inventionjournals
 
Data and Network Security: What You Need to Know
Data and Network Security: What You Need to KnowData and Network Security: What You Need to Know
Data and Network Security: What You Need to KnowPYA, P.C.
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Programlinhcuong
 
Healthcare Analytics Aberdeen Group Research
Healthcare Analytics Aberdeen Group ResearchHealthcare Analytics Aberdeen Group Research
Healthcare Analytics Aberdeen Group Researcheynonglyn
 
Updated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationUpdated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationThomas Bronack
 
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12Barbara Richman, SPHR
 
The relationship between organizational control environments
The relationship between organizational control environmentsThe relationship between organizational control environments
The relationship between organizational control environmentsAlexander Decker
 
Digitizing Corporate Governance
Digitizing Corporate GovernanceDigitizing Corporate Governance
Digitizing Corporate GovernanceJesus Tueme
 

What's hot (15)

ComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDF
 
Shrm poll health_care2_seniormanagement
Shrm poll health_care2_seniormanagementShrm poll health_care2_seniormanagement
Shrm poll health_care2_seniormanagement
 
Technology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsTechnology boosts health care compliance, training systems
Technology boosts health care compliance, training systems
 
Certified Compliance Officer - Presentation Slides
Certified Compliance Officer - Presentation SlidesCertified Compliance Officer - Presentation Slides
Certified Compliance Officer - Presentation Slides
 
Occupational health and safety management systems
Occupational health and safety management systemsOccupational health and safety management systems
Occupational health and safety management systems
 
Effect of Internal Control on Fraud Detection and Prevention in District Tre...
Effect of Internal Control on Fraud Detection and Prevention in District Tre... Effect of Internal Control on Fraud Detection and Prevention in District Tre...
Effect of Internal Control on Fraud Detection and Prevention in District Tre...
 
Data and Network Security: What You Need to Know
Data and Network Security: What You Need to KnowData and Network Security: What You Need to Know
Data and Network Security: What You Need to Know
 
An Introduction To Compliance Program
An Introduction To Compliance ProgramAn Introduction To Compliance Program
An Introduction To Compliance Program
 
Healthcare Analytics Aberdeen Group Research
Healthcare Analytics Aberdeen Group ResearchHealthcare Analytics Aberdeen Group Research
Healthcare Analytics Aberdeen Group Research
 
Updated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationUpdated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance Presentation
 
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12
Hr Audit Can Be Beneficial In Todays Compliance Oriented Environment.4.27.12
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
The relationship between organizational control environments
The relationship between organizational control environmentsThe relationship between organizational control environments
The relationship between organizational control environments
 
Digitizing Corporate Governance
Digitizing Corporate GovernanceDigitizing Corporate Governance
Digitizing Corporate Governance
 
Siagian2013
Siagian2013Siagian2013
Siagian2013
 

Viewers also liked

CourseCompletionCertificate (14)
CourseCompletionCertificate (14)CourseCompletionCertificate (14)
CourseCompletionCertificate (14)shelly berge
 
G data internet security 2015
G data internet security 2015G data internet security 2015
G data internet security 2015FVBEERS
 
Audio. Taller # 8
Audio. Taller # 8Audio. Taller # 8
Audio. Taller # 8...
 
What is the procedure of neck lift
What is the procedure of neck lift What is the procedure of neck lift
What is the procedure of neck lift Jennifer Levine
 
Metodologia pacie
Metodologia pacieMetodologia pacie
Metodologia pacieburdany19
 
الإخفاء القسري .. إلى متى ؟
الإخفاء القسري .. إلى متى ؟الإخفاء القسري .. إلى متى ؟
الإخفاء القسري .. إلى متى ؟seg7oryyah
 
Curriculum project power point
Curriculum project power pointCurriculum project power point
Curriculum project power pointkatymcg
 
CourseCompletionCertificate (12)
CourseCompletionCertificate (12)CourseCompletionCertificate (12)
CourseCompletionCertificate (12)shelly berge
 
Effective local strategies to boost quality job creation, employment and part...
Effective local strategies to boost quality job creation, employment and part...Effective local strategies to boost quality job creation, employment and part...
Effective local strategies to boost quality job creation, employment and part...OECD CFE
 
17th Annual NICU Graduate Reunion
17th Annual NICU Graduate Reunion17th Annual NICU Graduate Reunion
17th Annual NICU Graduate ReunionChip LeDuff
 
comercio electronico primer capitulo
comercio electronico primer capitulo comercio electronico primer capitulo
comercio electronico primer capitulo GisselaSanjines
 
Theory
TheoryTheory
TheoryJCA
 
New Policies Needed to Reduce the Global Burden of Ageing Related Pathologies
New Policies Needed to Reduce the Global Burden of Ageing Related Pathologies New Policies Needed to Reduce the Global Burden of Ageing Related Pathologies
New Policies Needed to Reduce the Global Burden of Ageing Related Pathologies India Future Society
 

Viewers also liked (16)

CourseCompletionCertificate (14)
CourseCompletionCertificate (14)CourseCompletionCertificate (14)
CourseCompletionCertificate (14)
 
Germany
GermanyGermany
Germany
 
Workshop part1 – Mobile Apps
Workshop part1 – Mobile AppsWorkshop part1 – Mobile Apps
Workshop part1 – Mobile Apps
 
G data internet security 2015
G data internet security 2015G data internet security 2015
G data internet security 2015
 
Audio. Taller # 8
Audio. Taller # 8Audio. Taller # 8
Audio. Taller # 8
 
What is the procedure of neck lift
What is the procedure of neck lift What is the procedure of neck lift
What is the procedure of neck lift
 
Metodologia pacie
Metodologia pacieMetodologia pacie
Metodologia pacie
 
الإخفاء القسري .. إلى متى ؟
الإخفاء القسري .. إلى متى ؟الإخفاء القسري .. إلى متى ؟
الإخفاء القسري .. إلى متى ؟
 
Curriculum project power point
Curriculum project power pointCurriculum project power point
Curriculum project power point
 
CourseCompletionCertificate (12)
CourseCompletionCertificate (12)CourseCompletionCertificate (12)
CourseCompletionCertificate (12)
 
Effective local strategies to boost quality job creation, employment and part...
Effective local strategies to boost quality job creation, employment and part...Effective local strategies to boost quality job creation, employment and part...
Effective local strategies to boost quality job creation, employment and part...
 
17th Annual NICU Graduate Reunion
17th Annual NICU Graduate Reunion17th Annual NICU Graduate Reunion
17th Annual NICU Graduate Reunion
 
comercio electronico primer capitulo
comercio electronico primer capitulo comercio electronico primer capitulo
comercio electronico primer capitulo
 
Theory
TheoryTheory
Theory
 
New Policies Needed to Reduce the Global Burden of Ageing Related Pathologies
New Policies Needed to Reduce the Global Burden of Ageing Related Pathologies New Policies Needed to Reduce the Global Burden of Ageing Related Pathologies
New Policies Needed to Reduce the Global Burden of Ageing Related Pathologies
 
6 rules for innovation
6 rules for innovation6 rules for innovation
6 rules for innovation
 

Similar to FINAL PDF OF BNA HC FRAUD ARTICLE

Healthcare quality improvement organization.docx
Healthcare quality improvement organization.docxHealthcare quality improvement organization.docx
Healthcare quality improvement organization.docxsdfghj21
 
Legal Aspects of OH Article
Legal Aspects of OH ArticleLegal Aspects of OH Article
Legal Aspects of OH Articlelmk1970
 
Leveraging Corporate Integrity Agreements for Healthcare Compliance
Leveraging Corporate Integrity Agreements for Healthcare ComplianceLeveraging Corporate Integrity Agreements for Healthcare Compliance
Leveraging Corporate Integrity Agreements for Healthcare CompliancePolsinelli PC
 
Billing compliance results management-2013
Billing compliance results management-2013Billing compliance results management-2013
Billing compliance results management-2013nbattah
 
Assessment_2-6_context.pdf1 Assessment 2 Context M.docx
Assessment_2-6_context.pdf1 Assessment 2 Context M.docxAssessment_2-6_context.pdf1 Assessment 2 Context M.docx
Assessment_2-6_context.pdf1 Assessment 2 Context M.docxdavezstarr61655
 
Whs ps building
Whs ps buildingWhs ps building
Whs ps buildingtasnimfaiz
 
New Ethics 5
New Ethics 5New Ethics 5
New Ethics 5ajithsrc
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial ControlsStephen G. Lynch
 
Healthcare Innovations and Regulatory Compliance Initiatives
Healthcare Innovations and Regulatory Compliance InitiativesHealthcare Innovations and Regulatory Compliance Initiatives
Healthcare Innovations and Regulatory Compliance InitiativesTatiana Cornell
 
Dashboard Benchmark Evaluation.docx
Dashboard Benchmark Evaluation.docxDashboard Benchmark Evaluation.docx
Dashboard Benchmark Evaluation.docxwrite31
 
corporate-governance-test-bank.pdf
corporate-governance-test-bank.pdfcorporate-governance-test-bank.pdf
corporate-governance-test-bank.pdfShillaMaeBalance1
 
Compliance Today Article November 2015 Schultz
Compliance Today Article November 2015 SchultzCompliance Today Article November 2015 Schultz
Compliance Today Article November 2015 SchultzJanemarie Schultz, MBA
 
Chapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics ProgramsChapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics ProgramsFirdaus Fitri Zainal Abidin
 
Accelerating Bio-Pharma's Marketing Transformation
Accelerating Bio-Pharma's Marketing TransformationAccelerating Bio-Pharma's Marketing Transformation
Accelerating Bio-Pharma's Marketing TransformationCognizant
 
Capella University MHA5014 Regulatory Environment Executive Summary.pdf
Capella University MHA5014 Regulatory Environment Executive Summary.pdfCapella University MHA5014 Regulatory Environment Executive Summary.pdf
Capella University MHA5014 Regulatory Environment Executive Summary.pdfbkbk37
 
HFG Toolkit Presentation
HFG Toolkit PresentationHFG Toolkit Presentation
HFG Toolkit PresentationHFG Project
 

Similar to FINAL PDF OF BNA HC FRAUD ARTICLE (20)

Healthcare quality improvement organization.docx
Healthcare quality improvement organization.docxHealthcare quality improvement organization.docx
Healthcare quality improvement organization.docx
 
Legal Aspects of OH Article
Legal Aspects of OH ArticleLegal Aspects of OH Article
Legal Aspects of OH Article
 
Leveraging Corporate Integrity Agreements for Healthcare Compliance
Leveraging Corporate Integrity Agreements for Healthcare ComplianceLeveraging Corporate Integrity Agreements for Healthcare Compliance
Leveraging Corporate Integrity Agreements for Healthcare Compliance
 
Billing compliance results management-2013
Billing compliance results management-2013Billing compliance results management-2013
Billing compliance results management-2013
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013
 
Assessment_2-6_context.pdf1 Assessment 2 Context M.docx
Assessment_2-6_context.pdf1 Assessment 2 Context M.docxAssessment_2-6_context.pdf1 Assessment 2 Context M.docx
Assessment_2-6_context.pdf1 Assessment 2 Context M.docx
 
Whs ps building
Whs ps buildingWhs ps building
Whs ps building
 
New Ethics 5
New Ethics 5New Ethics 5
New Ethics 5
 
Four solutions to healthcare revenue losses
Four solutions to healthcare revenue lossesFour solutions to healthcare revenue losses
Four solutions to healthcare revenue losses
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial Controls
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 
Healthcare Innovations and Regulatory Compliance Initiatives
Healthcare Innovations and Regulatory Compliance InitiativesHealthcare Innovations and Regulatory Compliance Initiatives
Healthcare Innovations and Regulatory Compliance Initiatives
 
Dashboard Benchmark Evaluation.docx
Dashboard Benchmark Evaluation.docxDashboard Benchmark Evaluation.docx
Dashboard Benchmark Evaluation.docx
 
corporate-governance-test-bank.pdf
corporate-governance-test-bank.pdfcorporate-governance-test-bank.pdf
corporate-governance-test-bank.pdf
 
Compliance Today Article November 2015 Schultz
Compliance Today Article November 2015 SchultzCompliance Today Article November 2015 Schultz
Compliance Today Article November 2015 Schultz
 
OHSAS 18000
OHSAS 18000OHSAS 18000
OHSAS 18000
 
Chapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics ProgramsChapter 9 Managing and Controlling Ethics Programs
Chapter 9 Managing and Controlling Ethics Programs
 
Accelerating Bio-Pharma's Marketing Transformation
Accelerating Bio-Pharma's Marketing TransformationAccelerating Bio-Pharma's Marketing Transformation
Accelerating Bio-Pharma's Marketing Transformation
 
Capella University MHA5014 Regulatory Environment Executive Summary.pdf
Capella University MHA5014 Regulatory Environment Executive Summary.pdfCapella University MHA5014 Regulatory Environment Executive Summary.pdf
Capella University MHA5014 Regulatory Environment Executive Summary.pdf
 
HFG Toolkit Presentation
HFG Toolkit PresentationHFG Toolkit Presentation
HFG Toolkit Presentation
 

FINAL PDF OF BNA HC FRAUD ARTICLE

  • 1. Reproduced with permission from BNA’s Health Care Fraud Report, 19 HFRA 443, 5/27/15. Copyright ஽ 2015 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com What the OIG’s New Compliance Guidance Means for Health-Care Organizations’ Boards of Directors NICHOLAS MERKIN H ealth-care organization boards of directors have long been a focus of OIG scrutiny and have been the subject of OIG guidance statements in 2003, 2004 and 2007.1 On April 20, 2015, the OIG issued yet another set of practical guidance advice specifically targeting a board’s oversight of compliance program functions.2 This guidance encompassed and set forth expecta- tions regarding: s the roles of, and relationships between, health- care organizations’ audit, compliance and legal departments; s the mechanism and process for issue-reporting within health-care organizations; s an approach to identifying regulatory risk; and s methods of encouraging enterprise-wide account- ability for achievement of compliance goals and objectives. The result of these heightened expectations—coupled with increased regulatory enforcement and plaintiffs’ attorneys looking for deep-pocketed targets—may mean that health-care organization directors have even greater responsibility and potential liability than those of non-health-care entities. In this environment, it is crucial for health-care orga- nization boards of directors to understand the new OIG guidance and the investment time and resources neces- sary to execute properly their corporate responsibilities and duties. It is crucial for health-care organization boards of directors to understand the new OIG guidance and to invest the time and resources to execute their corporate responsibilities. A closer look at the OIG’s recent statement reveals that its guidance is fairly opaque. So what does the new OIG guidance mean in practi- cal terms? What are its real-life implications to a health- care entity and its board? Set forth below is a summary of the relevant aspects of the OIG’s recent guidance statement, as well as sug- gestions for renewed ‘‘best practices’’ and practical sug- 1 OIG and AHLA, Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors (2003); OIG and AHLA, An Integrated Approach to Corporate Compliance: A Resource for Health Care Organization Boards of Directors (2004); and OIG and AHLA, Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors (2007). 2 OIG, AHIA, AHLA, and HCCA, Practical Guidance for Healthcare Governing Boards on Compliance Oversight (2015). Nicholas Merkin is the chief executive officer of Compliagent, a health-care regulatory com- pliance firm. He can be reached at nmerkin@ compliagent.com COPYRIGHT ஽ 2015 BY THE BUREAU OF NATIONAL AFFAIRS, INC. ISSN 1092-1079 BNA’s Health Care Fraud Report™
  • 2. gestions for effectively incorporating the OIG’s direc- tives into health-care organizations’ compliance plan oversight. Health-Care Organizations’ Audit, Compliance and Legal Departments According to the OIG, the compliance function in health-care organizations is generally shared among the audit, compliance and legal departments. The OIG views the relationships, reporting lines and divisions of responsibility among those stakeholders to be properly the subject of internal policies and procedures and di- rect board scrutiny. The OIG’s guidance, however, is fairly silent about the manner in which the board’s oversight obligations should be discharged. The OIG admits there is no ‘‘one-size-fits-all’’ solu- tion here that would fit all health-care entities and that elements such as organizational size and resources will dictate the practical application of these requirements. Despite this, the OIG speaks with clear and unequivo- cal instruction in one regard: in demanding that the compliance, legal and audit functions be independent of one another. An entity’s compliance officer or staff should never be the same its legal counsel or department, nor be sub- ordinate to it. In the OIG’s view, legal and compliance are separate functions, with different scopes of respon- sibility. The same is true for the audit department. In the OIG’s framework, the compliance function ‘‘promotes the prevention, detection, and resolution’’ of activities that are inconsistent with legal, policy or business stan- dards, while the legal function advises management and the board with respect to ‘‘relevant laws and regu- lations.’’ The audit department, in contrast, responsible for evaluating ‘‘existing risk and internal control sys- tems.’’3 Issue-Reporting Within Healthcare Organizations The next—and related—area of the new guidance is a focus on the board’s access to an adequate spectrum of information and data necessary to properly engage in compliance oversight. The OIG, while again giving little instruction as to the specifics, recommends an internal organizational re- porting structure that ensures that the board receives regular compliance and risk reports. The OIG proposes separate and independent report- ing from the principal personnel responsible for the au- dit, compliance, human resources, legal, quality and in- formation technology functions. These lines of reporting, according to the OIG, should be addressed in internal policies, procedures, and pro- tocols, as well as by the organization’s compliance plan. Part of this process should be the development of ob- jective metrics and measures by which the compliance health of an organization may be effectively assessed and evaluated. More specifically, in connection with proper informa- tion flow within a health-care organization, the OIG’s guidance charges the board with ensuring the existence of infrastructure and processes effecting timely report- ing of suspected compliance violations and responding with remedial measures. Identifying Regulatory Risk The OIG recognizes that the health-care industry presents an acute set of oversight challenges demand- ing a heightened level of oversight, including referral relationships and arrangements, billing issues, privacy breaches and quality and outcome matters. The OIG’s guidance emphasizes the board’s role in the identification of the risks associated with these ar- eas and that such risks must be addressed though de- tection tools, such as compliance hotlines and internal audits. Three emerging areas of particular interest are dis- cussed in the context of board responsibilities in this area: 1. an increased emphasis on quality; 2. changes in insurance coverage and reimburse- ment; and 3. new forms of reimbursement (including value- based purchasing and bundled and global pay- ments). Encouraging Enterprisewide Accountability The last area addressed in the OIG’s guidance state- ment is the board’s role in enforcing internal account- ability for the compliance program. The OIG’s perspective is that all employees within an organization should be held accountable for an entity’s compliance conduct—not only those members of the audit, compliance or legal divisions. Moreover, health-care boards should set organiza- tionwide compliance goals and measure and communi- cate progress, as well as compliance successes and fail- ures. In this area, the OIG provides specific guidance as to fulfilling these requirements, such as compensation- related rewards and penalties for compliance attain- ments and breakdowns. The OIG also emphasizes the need for adequate self- disclosure protocols and the reporting of compliance violations, as appropriate. Best Practices and Recommendations for Meeting the OIG’s Expectations Understanding and digesting the OIG’s recent guid- ance for health-care boards of directors, while an im- portant first step, is only the beginning of a continuing process of building and refining compliance infrastruc- ture for all health-care organizations. Moving forward into implementation requires trans- lating recommendations into actions in some of the ways described below. Modified Policies and Procedures Written policies and procedures are imperative for addressing compli- ance risk within an organization.3 Id. at pp. 6-7. 2 5-27-15 COPYRIGHT ஽ 2015 BY THE BUREAU OF NATIONAL AFFAIRS, INC. HFRA ISSN 1092-1079
  • 3. Health-care organizations, in light of the new guid- ance discussed above, should revise their policies and procedures in connection with the strict relationships, reporting lines, and divisions of responsibility among the audit, compliance and legal departments desired by the OIG. Revised policies and procedures should lay out the lines of independent, regular reporting to the board from the audit, compliance, human resources, legal, quality and information technology areas of an entity, as well as effective tools to be used to identify compli- ance risk. The new policies and procedures should also lay out the design of internal disciplinary and accountability structures, including how compliance goals will be set, communicated organizationally, and monitored by the board. Additional Education and Training All staff should educated as to the revised organization’s policies and procedures, as well as the mechanisms by which the policies and procedures are revised and kept current. Specifically, director training should focus on, in ad- dition to the recent OIG guidance, the various fiduciary duties directors have in connection with the compliance function, as well as the primary regulations that relate to organizational compliance, such as the False Claims Act, Stark and anti-kickback laws, exclusion screening requirements, HIPAA and other privacy laws, as well as applicable state laws. Internal and External Auditing and Reporting Re- newed internal and external auditing and reporting mechanisms should be planned and implemented to fo- cus on the areas of concern highlighted by the OIG. All health-care organizations should conduct a yearly compliance effectiveness review and risk analysis, pref- erably conducted by an independent third-party. This analysis should lead to modifications and risk prioriti- zation in their enterprise-wide compliance plans and programming. Reports made to directors arising from newly- conducted audits and an organization’s compliance ho- tline should be substantive and result clear instructions as to remediation and change. Maintenance and Validation The information stream arising from truly effective corporate compliance pro- grams can be overwhelming. In order to realistically discharge the oversight obligations underscored by the OIG, it is crucial for organizations to be able organize and present such data in a meaningful way to directors and management. The manner in which this information is communi- cated must, by necessity, vary by organizational type, size, and the resources available. At the very least, how- ever, whether compliance-focused dashboards, soft- ware, or more low-tech methods, directors must be able to track their organizations’ incidents of non- compliance and how these incidents were addressed. More optimally, directors should have easy and real- time access to evolving procedures and protocols, edu- cational materials, reports related to audits, ongoing litigation, employee background screening, discipline and training, as well as the evolving corporate compli- ance plan and areas of focus. Conclusion Health-care entities are among the most complex or- ganizations to manage and oversee from both a busi- ness and compliance perspective. Directors charged with such oversight responsibility face formidable challenges. Recognizing this, the OIG has provided several guidance statements, the most re- cent of which was issued in April 2015. Simply put, the OIG and other regulatory bodies have set the bar high and imposed demanding expectations upon health-care boards of directors. Although compliance with these burdens requires much in terms of attention and resources, it is not im- possible. Understanding the OIG’s guidance in this area is crucial, as is implementation of the OIG’s recommen- dations. Although, as the OIG has stated, there is no ‘‘one- size-fits-all’’ way in which to address compliance, the implementation of the suggestions set forth above may be advisable way in which health-care boards of direc- tors can discharge their various duties and obligations. 3 HEALTH CARE FRAUD REPORT ISSN 1092-1079 BNA 5-27-15