Healthcare organizations can no longer only focus on coding and billing compliance risks. Over time, compliance risk exposure has grown to include complex issues such as financial arrangements, real estate, cybersecurity, vendor management, and post-acute care services. It takes an active compliance program and effective risk management to survive the transformative shift that has taken place in the compliance landscape.
Call Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
The Shift in the Compliance Landscape
1. Shannon Sumner, CPA, CHC®
Susan Thomas, CHC,® CIA, CRMA, CPC®
March 26, 2018
The Shift in the Compliance Landscape
A2HA Financial Specialist Spring 2018 Meeting
2. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 1
Objectives
Organizational risk –
challenges and oversight
Former emphasis of
healthcare compliance
Current risk focus areas
Other areas of compliance
consideration
The path to enterprise risk
management – the three
lines of defense
Image Source: Creative Commons (2018)
3. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 2
The Challenges of Managing Organizational Risk
Roles and responsibilities of Internal Audit, Compliance, and Risk
Management have not been clearly defined as strategic organizational
functions
Leads to duplication of efforts or gaps in coverage
Compliance officers are often wearing multiple hats
Lack of collaborative and standardized processes for managing
organizational risk across the different functions:
1) Identification and data collection
2) Evaluation and prioritization
3) Action plan with mitigation
Results in inefficiencies due to duplicated or even contradictory projects
4. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 3
Overlapping or redundant reports with similar content to executive
management
Insufficient focus on emerging risks and limited actionable
recommendations for executive management to act on
Challenges in trending organizational issues that may be dispersed
across functional areas
Lack of a centralized system to enable information sharing and
follow-up
Evidenced by dependence on manual processes using spreadsheets,
documents, and databases
The Challenges of Managing Organizational Risk
5. Source: HCCA Oversight of the Health Care Industry Flowchart Found at: https://www.hcca-info.org/Resources/View/tabid/451/ArticleId/4930/Oversight-of-the-Health-Care-Industry-Flowchart.aspx
6. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 5
Previous Focus of Compliance Efforts
1. Medical record documentation
Signatures
Legibility
Timeliness
2. Physician and hospital coding
3. Billing for services
7. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 6
Medical Record Documentation
8. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 7
Billing for Services Rendered
Issues of non-compliance in billing:
Items or services not rendered or not provided
Equipment, medical supplies, and services that are not reasonable and
necessary
Double billing
Billing for non-covered services
Misusing provider identification numbers
Unbundling
Improper use of modifiers
Professional supervision
Clustering
Failing to refund credit balances
Billing a higher level of service than was provided
9. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 8
Current Compliance Risk Focus Areas
10. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 9
Physician Financial Arrangements
Risks
Stark Law violations
Referrals for DHS
Anti-Kickback Statute
Pay, offer, solicit, or receive
remuneration
Use of NPPs
Supervision and productivity
boosts
Shift of responsibility
From hospital to physician
Controls
Fair market value and
commercial reasonableness
No tie to current or expected
referrals
Legal counsel review
Duties and responsibilities
defined
Oversight
Compensation committee
Monitoring and auditing
11. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 10
Real Estate and Leasing
Risks
Inconsistent and variable
execution and management
Stark Law and Anti-Kickback
Statute requirements
Time share/Space share
Provider-based clinic
regulations
Controls
Structured to meet exceptions and
safe harbors
Standardized, systematic processes
Standard lease policies and
documents
Formal review and approval process
FMV Opinion and Market Rent
Study
Walking the leased space and
annual attestations
Reconciliations of operating
expenses
12. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 11
Cybersecurity
Risks
Budget and resource limitations
Legacy equipment in use
Crime as a business – high value,
ease of compromise
Ransomware
Lack of an adequate cybersecurity
response team
Inadequate cybersecurity
insurance coverage
Staff concerns (i.e., patch
management, work-arounds)
Employees are the weakest link
Controls
Invest in qualified information
security personnel with robust
leadership
Use current, fully-supported,
secure operating systems
Secure design and implementation
of connectivity solutions
Identify and address potential
vulnerability that can impact patient
care and organizational operations
Educate, educate, educate
13. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 12
HIPAA Security Risk Analysis and Meaningful Use
Risks
Medical record integrity and
impact on patient care
Patients’ right to privacy
Inappropriate PHI access and
disclosure
Reportable breach
Improper incentive payments
Controls
Implementation of HIPAA
privacy and security standards
Policies and procedures
(review OCR findings)
Robust monitoring and
auditing, including Business
Associate Inventory
Follow through on HIPAA
Security Risk Analysis Action
Plans!
14. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 13
Vendor Management
Controls
Ethical standards and rule of engagement
for all vendors
Assure that no vendors are excluded
entities
Robust procurement process
Accountability
Contract language standardization
Invoice controls
Monitoring and auditing of high-risk vendor
relationships
Contract termination process
Create a third-party or vendor management
checklist:
Reference checks
Financial solvency
Liability coverage
Regulatory compliance
Verification of delivery, service, and expertise
Risks
Conflicts of interest
Excluded vendors
Contractual non-compliance
Management of Vendors as Business
Associates
15. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 14
Post-Acute Care Services
Risks
Improper billing and
reimbursement
Staffing – turnover, scope of
practice
Quality of care issues
Controls
Assurance that patient choice is
provided for the selection of post-acute
care options
Policies and procedures to address
CMS requirements for patient
admissions, care plans, transfers, and
discharges
Documentation, coding, and billing
integrity are a primary focus
Implement processes to audit and
monitor bundled payments
Robust quality reporting
Patient safety, including neglect and
abuse, is an organizational priority
16. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 15
Outsourced Services
Risks
Regulatory requirements
FCA
AKS
Business continuity
Legal liability
Privacy and security
Controls
Vendor/third-party risk
assessment process
Outsourced services inventory
Contract negotiation with
favorable language
Liability insurance
requirements
Audit vendor compliance
Vendor due diligence
17. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 16
Other Compliance Risk Considerations…
Noted by PYA in recent risk assessments
Compliance resources including data analytics
Risk assessment process – comprehensive, prioritization
501(c)(3) Requirements for Hospitals
Integrity of quality reporting
Strategic planning
EMTALA and EMS services
60-Day Overpayment Rule
1557 Nondiscrimination Notice and Language Assistance
CMS Open Payment Registry
18. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 17
Emerging Issues…
On the horizon – worthy of notice
Opioid epidemic and controlled substances
Medical technology
Due diligence for mergers and acquisitions
Workplace violence
Human trafficking
Political activities – federal and state
Medical marijuana
Payment reform and price transparency
Natural disasters
Aging population
19. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 18
Looking Back to the Future . . .
Compliance focus areas may have evolved over time, but the
fundamental issues remain . . .
Know the applicable rules and regulations (and keep up-to-date)
Invest adequate resources into organizational compliance
For every $1 spent on compliance, $5.21 can be saved
(rework, sanctions, reputation, personnel, etc.)1
Culture and conduct at the top matter
Auditing and monitoring are crucial to detect issues before the
oversight agencies find them
Educate, educate, educate
1. Determining the Effectiveness & ROI of Your GRC Program: Bob Conlin, SCCE Regional Conference, 2012
20. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 19
Three Lines of Defense
Source: Institute of Internal Auditors: The Three Lines of Defense in Effective Risk Management and Control
21. Prepared for A2HA Financial Specialist Spring 2018 Meeting Page 20
Questions?
22. PYA, P.C.
800.270.9629 | www.pyapc.com
Thank you!
Susan Thomas
CHC®, CIA, CRMA, CPC®
Manager
sthomas@pyapc.com
Shannon Sumner
CPA, CHC®
Principal
ssumner@pyapc.com
Editor's Notes
Speaker Note: These have historically been important focus areas for healthcare compliance. While some shift of focus has occurred, I want to explain why these basic issues are still important for healthcare compliance programs.