View Our Article in PDF×
30 Tips and Ideas for 2015 Compliance Work Plans
2015 begins, it is the right time to take stock of one’s compliance program and to prepare a Compliance Office work plan. Although the following checklist is far from a complete guide, it highlights many points specifically referenced in the OIG compliance guidance documents. The list corresponds to the seven standard elements of an effective compliance program and its purpose is to assist you in making an assessment of what may be needed in the following months. It is also consistent with ongoing monitoring and auditing expectations for all programs, including the compliance program. Wherever possible, compliance offices should focus on developing metrics that evidence compliance program effectiveness . For some of the items listed, there are references to where additional guidance may be found.
Compliance Oversight and Management
1. Review and update all charters and policies related to the duties and responsibilities of the Board and Executive/Management compliance committees. If there is a need for such documents, check out the Policy Resource Center .
2. Examine Executive/Management and Board compliance committee minutes relating to the Compliance Program to determine whether an outside third-party would find convincing evidence that the Board is meeting their duty of care and responsibilities in the oversight of implementation, operation, and management of the Compliance Program.
3. Develop and deliver the annual briefing and training for the Board on changes in the regulatory and legal environment, along with their duties and responsibilities in oversight of the Compliance Program. If needed, a number of different PowerPoint briefing programs may be found at the Compliance Training Center .
4. Develop a Compliance Office budget to ensure sufficient staff and other resources to fully meet obligations and responsibilities.
5. Examine and report on the compliance document management system for the creation, retention, storage, retrieval and destruction of compliance-related documents including those required by law and necessary to protect the integrity of the compliance process. Reaffirm that this is being done properly. Policies and guidance on this can be found at the Policy Resource Center .
Written Compliance Guidance
6. Conduct a gap analysis of compliance-related policies for both the management and operation of the compliance program (numbering 12-20) and operational areas (numbering many more). If needed, more than 600 such templates are available at the Policy Resource Center .
7. Conduct an annual review of the Code of Conduct to ensure that it currently meets the needs of the organization and is consistent with current policies. It should be no more than a dozen pages in length and written at or below a 10thgrade reading level so that all covered persons will be able to understand its contents.
8. Verify that the Code of Conduct has been disseminated to all new employees, supervisors, executives, medical staff, board members, contractors, vendors, and other affected parties. Prepare a summary report of this dissemination for the compliance oversight committees.
Compliance Education and Training
9. Verify that all covered persons have received compliance training and that documentation exists to support the results. Develop a report on the results for the compliance oversight committees. Many vendors offer interactive training programs that track and document those receiving training and use tests or quizzes to evidence knowledge of the materials. More on this can be found at the Compliance Training Center .
10. Ensure all claims processing staff receive specialized training programs on proper documentation and coding. The specialized training should also explain applicable laws and regulations relating to federal health care reimbursement.
11. Conduct a validated knowledge survey that evidences employee awareness and understanding of key elements of the compliance program and other key information provided in compliance training. Surveying employees on their knowledge of the compliance program is specifically recommended by the OIG. An inexpensive survey that is anchored in a large database that can be used for comparative purposes can be found at the Compliance Survey Center .
12. Ensure that the compliance training programs for the year address fraud and abuse laws, coding requirements, claim development and submission processes, general prohibitions on paying or receiving remuneration to induce referrals and other current legal and program standards. Many of these programs can be found at the Compliance Training Center .
13. Review the hotline intake log and prepare a summary report for the compliance oversight committees on the types of issues reported and their resolution.
14. Develop a report that evidences prompt documenting, processing, and resolution of complaints and allegations received by the Compliance Office.
15. Conduct a review of the hotline vendor, including test calling to ensure they are performing according to their terms and conditions. For more information on this, see the Hotline Service Center .
16. Physically verify hotline posters appear prominently on employee boards in all work areas and review all other methods used that promote hotline use.
17. As part of ongoing monitoring, determine that all calls received by the hotline function are properly documented and logged, and all records (electronic and paper) are maintained in a secure manner with adequate access controls.
Compliance Enforcement and Sanction Screening
18. Verify that sanction screening of all employees and others engaged by the organization against the OIG’s List of Excluded Individuals and Entities (LEIE) has been performed in a timely manner, is documented, and certified by a responsible party. Inexpensive sanction screening software tools and services are available that include certification of results.
19. Develop a review and prepare a report regarding whether all actions relating to the enforcement of disciplinary standards are properly documented.
Ongoing Compliance Monitoring and Auditing
20. Develop a compliance audit plan that addresses high-risk areas related to Federal health care program requirements, as well as the OIG compliance guidance, work plan, special advisory bulletins, and fraud alerts. High risk areas include, but are not limited to, arrangements with physicians that may implicate the Anti-Kickback Statute and Stark Laws, EMTALA, cost reports, claims development and submission, laboratory services, HIPAA Privacy and Security, PATH, bad debts, credit balances, and out-patient services. Such audit plans can be found at the Policy Resource Center .
21. Review program managers to verify that they have engaged in ongoing monitoring of their areas of responsibility. These responsibilities include ensuring all regulatory changes have been translated into written guidance, all staff have been trained on these policies, and that these policies are being followed properly. Develop a report on the results of the review for the compliance oversight committees.
22. Ensure there is a database for all arrangements with physicians and others in a position to influence the flow of business to the organization. These arrangements should be supported by policies and procedures that (a) determine the need for services; (b) govern the selection of individuals to fulfill those needs; (c) determine the fair market value for services; (d) enforce written terms for arrangements that meet both the Stark and Anti-Kickback statutory requirements; and (e) verify performance on the agreements. Questionable arrangements remain the number one enforcement priority for the OIG and DOJ.
23. Ensure that high risks associated with HIPAA and HITECH Privacy and Security requirements for protecting health information undergo a compliance review and a new baseline security audit. The HHS Office of Civil Rights will be stepping up on audit and enforcement in 2015.
24. Review and develop metrics to evidence the effectiveness and progress of the compliance program. A wide range of pertinent metrics can be found in the presentation titled: “Using Metrics to Evidence Compliance Program Effectiveness.”
25. Have an independent review of the compliance program conducted by experts to verify the effectiveness of the compliance program, as called for by the OIG compliance guidance.
Response to Detected Problems and Corrective Action
26. Verify that all identified issues related to potential fraud are promptly investigated and documented.
27. Review all corrective action measures taken related to compliance to verify that they have been completed and validated as being effective. Prepare a summary report for the compliance oversight committees.
28. Ensure staff is properly trained on how to promptly investigate and resolve reasonable allegations or indications of non-compliance.
29. Conduct a review and prepare a report which evidences that all corrective action measures taken to prevent the recurrence of identified problems were not only verified as complete but also validated as being effective.
30. Conduct a review that ensures all identified overpayments are promptly reported and repaid. This is done best in connection with an audit of whether the program manager for claims processing has been carrying out their ongoing monitoring duties properly.