Revenue integrity webcast series: Part 4 recap
INSIGHT ARTICLE |
Our final installment in our health care industry Revenue integrity webcast series focuses on corporate compliance effectiveness.
To be effective, a health care organization’s corporate compliance and risk management strategy must be integrated into day-to-day business line activities and corporate decisions. Risk managers must be involved at the onset of strategy-setting processes, and risks associated with new products or services should be considered and communicated to the board and leadership. In addition, ongoing analysis of emerging risks and stress tests should influence business decisions, and this information must be shared across the organization to avoid the same risk challenge or event from recurring.
To mitigate risks, health care organizations should have a robust compliance program. Elements of this plan, based on the Office of the Medicaid Inspector General, New York State, include:
- Written policies and procedures - Critical areas include code of conduct and governance of the compliance program
- Designation of a compliance officer - Competency, seniority and independence in reporting structure
- Training and education - Frequent risks include periodic assessments of training effectiveness, as well as vendor and business associate training
- Open communication lines to compliance officer - Accessibility and avenues for anonymous reporting
- Disciplinary procedures - Policy on sanctions, as well as fair and consistent enforcement
- Identification of compliance risk areas and noncompliance - Periodic quality assessments and included as a key role of internal and external audit
- Compliance issues response process - Prompt, fair, thorough and impartial investigations and a process to identify and refund overpayments
- Policy of nonintimidation and nonretaliation - Appropriate preventive controls in place, such as training on retaliation, avenues to report or exit interview questioning
Another key takeaway from the webcast presentation—health care organizations that do not have an effective compliance program in place could be subject to an audit by the Centers for Medicare and Medicaid Services (CMS), an event that could prove disruptive and costly to the organization. In addition, health care organizations must be mindful of the potential of fraud claims. The False Claims Act (FCA) is in place to impose liability on persons and companies who defraud governmental programs, such as Medicare or Medicaid. It is the government’s primary tool in combatting fraud. As an example of the seriousness of FCA violations, fraud abuse recoveries for 2013 totaled $4.3 billion.
Finally, organizations should leverage the Office of Inspector General’s guidance on annual risk assessments. This work plan should include assessment strategies involving:
- Medicare Parts A and B
- Medicare Parts C and D
- Medicaid program
- CMS-related legal and investigative activities
- Public health reviews
- Human services reviews
- Other Department of Health and Human Services-related reviews
- Affordable Care Act reviews
- The American Recovery and Reinvestment Act reviews
Questions? Contact us for more information.