Thursday, September 1, 2011

NY Medicaid Compliance Chief Describes Flaws; Reviews Should Stress Outcomes

Reprinted from The HCCA-AIS MEDICAID COMPLIANCE NEWS, monthly news and valuable how-to strategies for identifying and reducing today’s top Medicaid compliance risks.
By Nina Youngstrom, Managing Editor
August 2011Volume 5Issue 8
It’s not a good sign when board members have no clue what their organization’s compliance program is all about, but apparently sometimes that’s still the case. The Office of Medicaid Inspector General in New York state has run into this problem during compliance-program effectiveness reviews.
“It was kind of surprising,” Matt Babcock, assistant Medicaid inspector general at OMIG, tells MCN. OMIG conducts onsite compliance-effectiveness reviews at health care organizations, evaluating each of the eight compliance-program elements. (The Federal Sentencing Guidelines and HHS Office of Inspector General obviously put forth seven, but the state added another, for nonretaliation policies.) The boards’ obliviousness became apparent during OMIG’s evaluations of training, he says. “We look for the tone at the top and say, ‘unless board and senior management are adequately trained, how can they get behind your compliance program?’”
OMIG published compliance-program gaps it identified during onsite reviews and Babcock elaborated on them in an interview. OMIG also published best compliance practices and opportunities for enhancement. “We try to use these as an educational tool,” he says.
Compliance Deficiencies Identified
Compliance officers in all states can use this information during their effectiveness reviews, which former HHS Inspector General Richard Kusserow says should focus on outcomes. “It should be a three-dimensional examination,” he says. “The HHS Office of Inspector General states the goal of an effective compliance program is to reduce fraud and abuse.” For example, consider whether employees learned anything during compliance training — not just whether attendance was 95% versus 99%. Who cares if they went, if they didn’t learn everything, if it didn’t stick or if they don’t know how to apply what they learned? “If you are the CEO signing off on compliance-program effectiveness under penalty of law” — the law that prohibits false statements — “you want proof it is effective,” says Kusserow, president of Strategic Management Systems of Alexandria, Va.
The stakes for effectiveness have shot through the stratosphere with the health reform law, which mandated compliance programs. Providers and suppliers will have to certify they have compliance programs — and that their compliance programs have certain core elements — as a condition of enrollment or re-enrollment in Medicare, Medicaid and the Children’s Health Insurance Program. Essentially, that means proving compliance program effectiveness will soon be part and parcel of the golden ticket of Medicaid, Medicare and CHIP admission. So it’s helpful to know what’s not working in the eyes of Medicare and Medicaid watchdogs. Babcock, head of OMIG’s Bureau of Compliance, describes some of the deficiencies in several other compliance-program elements that OMIG encountered during its onsite reviews:
Sparing Managers Undermines Compliance
(1) Lack of written policies and procedures (including no compliance program, code of conduct or compliance policies/procedures): OMIG won’t have a hard time tracking down conflict-of-interest policies that are AWOL, at least at nonprofit organizations. They are required to complete the IRS 990, which contains questions that essentially cut to the chase of an organization’s integrity. Form 990 has a yes-or-no question asking whether the nonprofit has a conflict-of-interest policy. “We are looking at whether people can use their position for personal gain. So there needs to be an affirmative statement that the provider will not allow that sort of thing to happen,” Babcock says. “We want to make sure there is a policy in place.”
(2) Problems with the compliance officer reporting structure: During its reviews, OMIG found compliance officers who report to CFOs, which is discouraged by HHS OIG. For example, obviously compliance officers may clash with CFOs over repayments because CFOs are struggling to enhance revenue (legally). Compliance officers should report directly to the CEO, with dotted-line access to the board so they can go there directly if there is management monkey business afoot. Also, some organizational charts did not reflect reality. The charts made it seem like the compliance officer reported to the CEO when, in fact, the compliance officer reported to the CFO. “We said, ‘change what you are doing to make sure what is on the chart is what you are doing,’” Babcock says.
(3) Problematic communications: If there’s no way to anonymously report a compliance problem, then the compliance program lacks credibility. OMIG doesn’t care about the nature of the reporting method — it can be a drop box, emails or a dedicated phone line — but the key is the guarantee of anonymity to employees and others who want to file complaints, Babcock says. It’s not good enough to tell employees they can call the compliance officer without revealing their identity, because caller ID will do it for them, more or less, he says. It’s also important to distinguish the compliance drop box from a conventional suggestion box.
(4) Lack of disciplinary policies or letting the powers-that-be off the hook (i.e., policies don’t exist, they aren’t enforced and/or they are enforced inconsistently): During compliance reviews, he says, organizations were asked how they are expected to enforce the compliance program if they lack policies that warn employees they will be disciplined — up to and including termination — for violating compliance policies. Sometimes organizations did punish violators. They were re-trained, reassigned or fired. But guess who got off the hook? Management. “We found disparate treatment when there is a violation,” Babcock says. “Line staff gets fired but no management gets punished.” That undermines the compliance program, he says. “If ‘there’s punishment for me but not for the boss,’ people won’t talk. They know from past experience that nothing happens to [management] for failure of compliance, so they won’t report” compliance problems next time, Babcock says.
(5) Lack of a routine system to identify compliance risk areas: Babcock says some organizations still don’t monitor on a regular basis, either internally or externally. And there may be no system to log errors or complaints. Or when problems are identified through compliance monitoring, “no one pays attention unless there is clear support by the governing board or senior management,” he says. Ideally, he adds, a management committee should be involved in solving problems.
(6) No system to respond to compliance issues identified by OMIG or federal or other state regulatory agencies.
Babcock says ensuring the structural parts of a compliance program are in place is relatively easy. There’s no great challenge to putting in place a training program or disciplinary policies or a hotline. But the “process elements” — a system for routine identification of compliance issues and a system for responding to compliance issues — are where the rubber hits the road.
When health care organizations evaluate their effectiveness or hire outside vendors to do it, they shouldn’t take a checklist approach — yes or no to the presence of each element. The emphasis should be on outcomes, says Kusserow, whose firm has conducted 3,000 compliance-program effectiveness reviews. “Effectiveness is an outcome factor, not an output factor. Effectiveness is a function of outcome,” he says. “There is a huge difference between outcome factors and output factors.” Analogously, output is how many patients the physician sees, not the improvement in their quality of care. The problem, Kusserow says, is that “most people who evaluate compliance programs check process, not outcome.”
Lack of Board Interest Irks OI
If compliance-program effectiveness reviewers are focused only on how many calls your hotline received, they are barking up the wrong tree, according to Kusserow. “The number has no meaning in and of itself,” he says. Suppose there were 25 calls last year and 50 this year. It could mean more fraud, or it could mean more people have confidence in the compliance program. What matters is whether the calls were handled correctly.
Kusserow notes that there have to be concrete standards of effectiveness because of the compliance-program mandate. “You want data. You are going to have to have metrics on which you can rely that the compliance program is reasonably effective,” he says. For example, OIG says the mark of an effective compliance program is one with support from executive leadership and the board. You can tell whether that exists partly by looking at the minutes of board meetings to determine if the board even talked about the compliance program.
“One thing that frustrates the OIG,” he says, is the make-up of many board committees that are responsible for compliance oversight (i.e., audit or compliance committees). The board members typically have financial backgrounds — audit or business — and are financially literate, “but they are not compliance literate,” Kusserow says. “No one at the board-level committee has a background in compliance. When you talk about Stark, claims processing or the anti-kickback statute, they don’t know what it is and they don’t care, so they go to sleep.” It’s a big problem, he says, because it means they can’t provide true oversight of the compliance program.
To view the OMIG compliance-program documents, go to www.omig.ny.gov, and click on “Provider Compliance” under the “Compliance” bar.

No comments:

Post a Comment