H Contents 2: Did You Know? 3: Member Spotlight 3: Member Feedback 4: News & Updates 6: Upcoming Events
COMPLIANCE WIRE
February 2014
News,
updates and compliance happenings members of the Health Ethics Trust
for
PASTIN’S PERSPECTIVE
Pastin’s Perspectives are just that - perspectives or opinions on compliance issues. The opinions expressed are not necessarily those of the Health Ethics Trust and should not be construed as legal compliance advice.
The Big Compliance Mistake: Secretary of the US Department of Health and Human Services Kathleen Sibelius announced that plans offered through health exchanges will not be considered Federal health plans – and many breathed a huge sigh of relief. Mistake. What the Secretary’s announcement means is that plans purchased through exchanges will not be under the administrative oversight of CMS. As our plan members know, this is a significant burden avoided. But it is creating a false sense of security among those who seem to think that this makes compliance an afterthought for exchange health plans.
EVOLVING GOVERNANCE
continued on p. 2
The Joint Audit and Compliance Committee “JACC” Comes of Age A key part of any governance structure is the oversight of the audit function. In some cases the internal audit department may report to the administration through the Chief Financial Officer or other member of the senior administration team. In other cases the Chief Audit Officer (CAE) may report directly to the President. Health Ethics Trust 214 South Payne Street Alexandria, VA 22314 HealthEthicsTrust.com 703.683.7916
Just as important, is the oversight of the compliance function. Unlike the audit department, compliance operations may be diffused throughout the organization. Tradition and operational control have driven much of this structure. A similar structure is often found at the governance level as well. Times are changing. continued on p. 4
The Big Compliance Mistake, Cont.: In the case of plans purchased through exchanges, Federal dollars in the form of premium subsidies are at issue. When Federal dollars are being spent, the False Claims Act (FCA) applies. The Secretary does not have the authority to suspend the FCA. This means that although health plans offered through exchanges are not Federal health plans, they may have the same exposure to both governmental and whistle blower FCA actions that anyone who bills Medicare or Medicaid has. Not only do exchange plans have this exposure, those who bill these plans also may have FCA exposure. Think about it this way. A company which manufactures bullets for the Department of Defense is not a Federal entity. While DOD may provide oversight, this is a matter of a contractual relationship. But the bullet maker is certainly a potential target of an FCA lawsuit if they bilk the government. I make a point of knowing members of the plaintiff’s bar, and, believe me, they are assuming applicability of the FCA to exchange plans and to those who bill them. It will take a while to see how this plays out but it would be foolish to hug the Secretary Sibelius security blanket in the meanwhile. Do we really expect the government to demure if a plan that receives payments via subsidies does not provide promised coverage? If a plan purposely slow pays beneficiaries as a profit enhancing strategy? In practical terms, this means that plans offered through exchanges have every bit as much reason to have full-blown compliance programs as the hospital down the street. Similarly, those who bill such plans should uphold the same standards as when they bill Medicare.
Other Issues: As you can tell, the Health Ethics Trust has started the year worrying! It is our job to help you hit the ground running. One area in which we have concerns is the possibility of Stark and AKS violations courtesy of ACOs. This is another case in which there is a false sense of security. ACOs are exempt from Stark and AKS violations under conditions (mimicking Stark and the AKS) that most ACO’s satisfy. So there goes a big part of compliance. Wrong. Consider this scenario. A hospital forms a relationship with a physician under an ACO. The hospital pays the doctor richly, too richly, under the ACO to attract the physician’s non-ACO Medicare patients. This is called “pull through.” I wouldn’t expect a waiver to protect such an arrangement. Again, those of us in compliance have spent years making sure that discharge planners and others do not steer patients towards individuals or entities in which the hospital has a financial interest. This is called patient choice and it is the right thing to do. But now there are rewards for steering patients toward other entities within the ACO. Isn’t it still wrong to limit patient choice? Try to train someone to believe that something is wrong and illegal except when it isn’t.
Did YOU KNOW? All HET Certification Intensive Courses not only fulfil all education requirements to apply or re-certify for the CCP/CCE Credentials, but they also carry credit for external credentials too? Compliance Certification Board (CCB) will designate 22.8 CEUs towards the following credentials: Certified in Healthcare Compliance (CHC), Certified in Healthcare Compliance Fellow (CHC-F), Certified Compliance & Ethics Professional (CCEP), Certified Compliance & Ethics Professional Fellow (CCEP-F), Certified in Healthcare Research Compliance (CHRC), and Certified in Healthcare Privacy Compliance (CHPC).
2
Compliance Wire - February 2014
Other Issues, Cont.: Add to this that CMS is already conducting compliance audits of ACOs. These audits include a detailed look at the ACO compliance program. While it is a good idea to have an ACO compliance program piggy back on the program of one of the ACOs members, there must still be an identifiable ACO compliance program. We see a challenging year ahead. Share your concerns with us so that we can research them and comment in these pages or elsewhere.
Add your own Perspective to this article in the Members Only section of the HET website: www.HealthEthicsTrust.com/pastinsperspective. In the next issue, Mark will respond to the comments. Reach Mark directly at: mpastin@corporateethics.com
If there is a topic you would like discussed in Pastin’s Perspectives, please e-mail Karissa Chadwick at: kchadwick@corporateethics.com
Member Spotlight
In each issue, we profile a member of the Trust and ask them five compliance-related questions. This month’s member is John Ciavardone, CCE, SVP for Compliance and Quality at NHS Human Services. John has more than 25 years experience in behavioral healthcare administration. He created, and is responsible for the on-going management of NHS’ Compliance Program, as well as the development of the first corporate quality improvement program at NHS. Before joining NHS, John was the Fiscal Administrator of the Philadelphia Office of Mental Health and Mental Retardation. He later served as Deputy Director and then Acting Director of the Philadelphia Office of Mental Health and Mental Retardation. John has published in the “Journal of Health Care Compliance”. John is a Fellow of the Trust, holds the Certified Compliance Executive designation and serves on HET’s Education Committee.
Member Feedback “Members Matter” - that’s our motto here at the Trust. If there is anything we can do to bring more value to your membership, let us know, and we’ll do our best to help. Do you have a topic you would like covered in an audioconference? Is there a sample policy that could assist you? Would you like to participate in one of our committees or working groups? Reach us at 703.683.7916 or at: mpastin@corporateethics.com drreardon@corporateethics.com kchadwick@corporateethics.com
5 Questions:
HET - How did you get into this crazy profession? JC - In 1998 our outside counsel recommended the creation of a Compliance Program. At the time I was VP for Quality and had a positive reputation within the company and with regulators and payers and was offered the position as an additional responsibility. After a good deal of anxiety and lots of kicking and screaming, I ultimately accepted. Six months later we were the recipient of a Federal probe! HET - What is the biggest change you have seen in the field of healthcare compliance since you began your career? Continued on page 5
Compliance Wire - February 2014
3
News & Updates: New Member Benefits Here at HET, we always strive to bring additional value to your membership. As you may have seen at the turn of the new year, we added several new and updated benefits to our individual and organizational membership programs. These include: Compliance Wire, our new monthly newsletter, an updated “Members Only” section on the HET web site containing current and past Best Practices Forum presentations and a new Resource Library, an increase in the number of free audioconferences per year from 4 to 6, and access to the Trust’s peer consulting process. For a full list of member benefits, visit: http://www.healthethicstrust.com/membership
Evolving Governance, Cont.: Many previously organized audit committees are expanding their portfolio to include compliance operations. This dual oversight responsibility has given rise to the Joint Audit and Compliance Committee or “JACC”. Indirectly, this recognizes the substantial and growing importance of the Chief Compliance Officer (CCO) and places compliance on a level playing field with the audit function.
Non-Profits, Sarbanes-Oxley and the Federal Sentencing Guidelines As a result of the Enron debacle and other similar accounting breakdowns, Congress in 2002, passed the Sarbanes-Oxley Act (SOX). SOX was aimed a publically traded companies with no specific guidance for the nonprofit sector. Many non-profits adopted SOX as a Best Practice and formed or modified the audit committee. Additional SOX Best Practices included: • Assignment of at least one “financial expert” to the audit committee • Audit committee members having experience with internal controls and financial reporting • Audit committee members having knowledge and base line understanding of general accepted accounting principles
4
Compliance Wire - February 2014
Federal Sentencing Guidelines (FSG) As the board’s audit committee evolved to include compliance, so has the need to understand the basic expectations of a compliance function. Chapter 8 of the FSG lays out the elements of an effective compliance program to include culpability scoring for the alleged offense. Additionally, the JACC, as part of its due diligence oversight, should ask for a periodic assessment of compliance operations. Best Practices would recommend an external evaluation approximately every three years. This evaluation should not be made in a silo, focusing solely on “corporate compliance” but rather include all aspects of compliance operations. Particular attention should be given to those areas of compliance outside the CCO’s direct responsibility. These “embedded” compliance operations may carry conflicts of interest. A Best Practice would include establishing a Memorandum of Understanding (MOU) between the embedded compliance officers and the CCO to facilitate open communication and leverage the experience and reporting structure of the “corporate” office.
Natural Linkage between Audit, Compliance and Risk Management There is strong linkage between the internal audit function, compliance operations and the identification and management of risk. While the internal audit function may be evaluating internal controls, they certainly are knowledgeable of regulatory requirements. Additionally, the internal audit function is always mindful of potential fraud.
Natural Linkage between Audit, Compliance and Risk Management, Cont.: Fraud, intentional or not, is a key concern for compliance professionals. Inherent in the compliance responsibilities of “prevent, detect and correct” is evaluation of internal controls, e.g., policies and procedures, to prevent regulatory violations. This demonstrates a clear linkage between audit and compliance. The risk assessment is the key component in the development of the annual audit and compliance plans. Often the CAE and the CCO conduct joint interviews with key administrators. This is critical time to hear directly from operational owners. These key stakeholders represent the” front line soldiers” that know what risks are present, what controls are in place and available resources. The CAE, CCO and the Chief Risk Officer (if available) cannot audit, check or evaluate all known risks. However, through collaboration and coordination, they can help Management inventory, evaluate and develop action plans. This process represents due diligence from the top down-governance, administration and operational owners.
Summary Governance for non-profits is evolving and demanding. Boards must keep pace with these demands through structure, efficiency and coordination. This can be accomplished by combining the oversight of compliance and audit function. This “joint” structure has proven effective in numerous academic medical centers and universities. The JACC is a strategic committee that will help ensure risk are identified, evaluated and action plans put in place to reduce potential loss and maximize opportunities. Adding the compliance function as a full partner with the audit and perhaps risk management, is a wise step toward efficient oversight, coordination of effort and holistic reporting. Mike Walker is Senior Advisor, Risk Management at the Health Ethics Trust and its consultative division, Compliance Resource Group, Inc. Prior to working with the Trust, Mike served nine years as the Chief Audit, Compliance and Ethics Officer for the University of Connecticut (UConn) and the UConn Health Center.
5 Questions, continued: JC - The focus of the compliance field in behavioral healthcare originally was billing issues such as whether the service was provided or not, billed for twice or the required supporting documentation was present and completed, etc. Today the focus is more and more on the quality of the documentation and the quality of care. Different skill sets are required for this which is why at NHS we are partnering with our Quality Improvement/Quality Management program. HET - Compliance Officers have many challenges, what is your most difficult one? JC - Staying on top of internal activities that pose potential risks as well as payer and regulator demands. The latter is especially problematic for us because we have dozens if not hundreds of payers each of whom adds unique expectations for us.
HET - If $50,000 was added to your budget, how would you spend it? JC - Hire a person with skills in analytics, particularly to focus on evaluating the accuracy of outcome data and program performance measurements. HET - Make a prediction of what the next big thing is (good or bad) that is not currently on compliance officer’s radars. JC - Healthcare reform has put a premium on pay for performance and efficacy of the services provided. Measurements of these will eventually be tied to reimbursement and/or profit sharing. To me this represents a new risk area coming to us soon if not already here for some: accurate data collection and reporting.
Compliance Wire - February 2014
5
Upcoming Events
Western Certification Intensive Course
March 3-5, 2014 • San Diego, CA www.healthethicstrust.com/sandiego
Washington Executive Course
April 7-9, 2014 • Washington, DC www.healthethicstrust.com/ecc National Symposium on Quality and Compliance (NSQC) June 9-11, 2014 • Philadelphia, PA www.healthethicstrust.com/NSQC As always, we consider it of prime importance to assist our members who would like to attend our programs and provide partial tuition scholarships on a case by case basis. Don’t be afraid to ask us about this as we want to see you at a program above all!
Health Ethics Trust 214 South Payne Street Alexandria, VA 22314 www.healthethicstrust.com 703.683.7916