2020 Top Three Compliance Officer Priorities

The following are results from the report for the 2020 SAI Global Healthcare Compliance Benchmark Survey (Survey) developed with, and analyzed by, Strategic Management:

1. HIPAA Security and Privacy. This was the top-rated challenge for Compliance Officers for 2020. Nearly 60 percent of respondents identified HIPAA as a top priority with a similar percentage of respondents indicating their organization had encounters with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) over breaches within the last three years. Also, 75 percent of respondents in the Survey reported that their Compliance Officer had HIPAA Privacy as part of their compliance duties. A complicating factor and major driver for this was cyber-security issues and data breaches.

2. Arrangements with Physicians. A large number of civil fraud cases by the Department of Justice (DOJ) and HHS Office of Inspector General (OIG) involve physician arrangements, including enforcement actions that result in OIG Corporate Integrity Agreements. To avoid implicating the federal Anti-Kickback Statute (AKS), hospitals must ensure that physician relationships are not simply a means to obtain payments for physician referrals. Arrangements do not have to involve the exchange of money to violate AKS but can also occur when parties provide free or discounted services. Safe harbors under the AKS can protect certain payments and practices that would otherwise implicate the law. Legal Counsel often develops the written agreements for physician arrangements. However, very few enforcement actions are focused on the written agreements themselves. The problems usually arise from the decision-making process for entering the agreement, the physician selection process, and the actual performance of the services.

3. Claims Processing. The OIG has identified this as a high-risk area in its guidance and devotes more information on this subject than any other. Both the DOJ and OIG have claims processing fraud as their number two fraud enforcement area. Patterned error rates can quickly come to the attention of the OIG auditors and Centers for Medicare & Medicaid Services (CMS) contractors who are using various data analyses and mining methods to identify fraud. Results of these efforts can lead to enforcement actions.

The following include other reported compliance priority areas in descending order:

• Physicians at Teaching Hospitals. This involves accurate hospital Medicare documentation and billing by physicians at teaching hospitals and was cited by the OIG as a high-risk area.

• Chargemaster Accuracy. This hospital risk area involves maintaining the Chargemaster that directly affects the reimbursement received for services. The government and other third-party payers use this information to determine future reimbursement rates.

• Cost Reports. The OIG in its compliance guidance cites this as another high-risk area for hospitals, skilled nursing facilities, and home health agencies.

• Executive and Board Behavior. This issue relates to all health care organizations. Its priority depends upon how well executive leadership and Board members, professionally and personally, embrace support of the compliance program.

• Research Compliance. This encompasses a wide variety of issues that involve many different federal agencies, including, but not limited to, the Food and Drug Administration, National Institutes of Health, CMS, Office of Research Integrity, Agency for Healthcare Research and Quality, DOJ, and OIG.

• Emergency Medical Treatment and Labor Act (EMTALA). Medicare requires participating hospitals providing emergency services to appropriately screen, stabilize, treat, and/or appropriately transfer emergency patients regardless of their insurance status. CMS and the OIG cite this as a compliance high-risk area.

• Email and Social Media Communication. This issue area is greatly influenced by concerns of protecting data, including Protected Health Information (PHI), against cyber-attacks in a variety of scams and practices.

• Conflicts of Interest. This involves ensuring that patient care and business activities are conducted objectively and not motivated by desires for personal or financial gain.

• Opioid Crisis. In 2017, this was declared a public health emergency and has been a major topic at the Health Care Compliance Association (HCCA) conferences. However, for Compliance Officers, it is not a top priority unless their areas of responsibility in their organization extend to pharmacy services or drug diversion from patient care.

Strategic Management compliance consultants have over 40 years of experience in providing research, analysis, and program support for privacy and security rule compliance. Call us at (703) 683-9600 or contact us online for a tailored assessment of your organization’s particular needs.