Making Corporate Compliance Practical and Manageable in 2021: Webinar Recap
Regulatory compliance is “the adherence to guidelines and requirements which are established by federal, state, and local laws. (Definition: Scranton University)” For Medicare and Medicaid providers, and RHCs, there is both general compliance and facility-specific compliance.
- How to Start: Creating or revamping a compliance plan can be overwhelming. The needs for Facility-Specific Certification may be independent of what is needed for the parent organization/to meet other regulation requirements. The needs for Facility-specific Certification also might not completely encompass everything needed for regulatory compliance.
- Compliance Areas:
- HHS Regulatory Compliance- CMS Conditions of Participation, CMS Facility- specific Conditions for Certification, CMS Guidance (IOMs and Appendices), Office of Civil Rights/HIPAA, and OIG Enforcement
- Other Federal Laws- Labor Laws and OSHA
- Federal Regulations Medicare Program: 42 CFR §405 (Federal Healthcare for the Aged and Disabled), 42 CFR §420 (Program Integrity-Medicare), and 42 CFR §455 (Program Integrity-Medicaid).
- Federal Hospital Regulations: 42 CFR §482 (Conditions of Participation), 42 CFR §412 (Inpatient PPS System), and 42 CFR §419 (Outpatient PPS System).
- Federal Regulations Critical Access Hospitals (CAHs): 42 CFR §485 (Subpart F Conditions of Participation)
- Federal RHC/FQHC Regulations: 42 CFR §491 (Conditions for Certification), 42 CFR §405 (Subpart X), and 42 CFR §413.65 (Provider Based Status).
- State-Specific Laws
- Local Laws (County and City)
The regulations listed above can be used as a compliance blueprint. Federal, State, and Local regulations should be the blueprint for any type of facility’s compliance. Healthcare is a reactive industry by nature. Taking time to be strategic and proactive is difficult but necessary.
Creating Policies and Evidence for Facility-Specific Certification
Facility-specific Conditions of Certification, including CAHs and RHCs, require written policies to meet the Conditions of Participation. A formal Compliance Plan is needed to ensure that there is prevention of fraud, waste, and abuse. However, Accreditation Organizations may have other requirements.
- Tips for Policy Development
- More is not more—do not make policy writing more difficult than it needs to be
- Broad language—use broad language that establishes compliance without locking your facility into rigid processes and procedures that could change.
- Order—organize policies topically or in the order of the survey tags/standards with a standard format, show effective dates/versions
- Policies should be used to ensure practical compliance, not manage people. They should also be numbered.
- Policies: broad statements of compliance which are static unless there is a regulatory change (Definition: Merriam-Webster)
- Processes: usually created internally or in conjunction with other guidance, provide clarity, and can be addendums/supplemental documents (Definition: Merriam-Webster)
- Procedures: specific steps in performing tasks, can be dynamic and promote efficiencies in workflow, ensure quality performance, are used for training/internal guidance, and promote standardization of tasks (Definition: Merriam-Webster)
Compiling Evidence Documents
Identify which “Evidence” Documents demonstrate Compliance and organize them for easy retrieval. Proof of compliance can be difficult if supporting “evidence” documents are not easy to retrieve. Correlating supporting evidence to policy numbers or to survey tags/standards is an easy way to organize the documents. Refer to the SOM Appendices or the AO guidance to settle on what might be needed.
- Examples of Evidence Documents: Licenses, Certificates, Inspection Reports, Correspondence to/from CMS/Medicare Contractor, Correspondence to/from state agencies, Other Agency Correspondence, Quality/QAPI/Risk Documents and Forms, Samples of Notices and Disclosures, and Proof of Education and Training.
Identify supporting evidence documents and keep them up to date.
- Some policy or document management systems have a built-in tickler function organized similarly to the example below:
|10/10/2019||200-C Review PHI Release Forms||200-C Authorization to Release PHI|
- Examples of Tickler Dates: License renewals, inspections, employee training (periodic/annual), policy review dates, program evaluation dates, performance evaluations, updated employee forms, emergency preparedness testing/training, and employee health
- Spreadsheets, calendars, or tickler organizers can all work. Create a format that works for you and your facility.
- Set reminders far enough in advance to allow for processing time, approval time, or scheduling.
- Build in accountability so that more than one person is aware of a deadline.
7 Required Elements of a Corporate Compliance Plan
- Developing and Implementing Compliance Standards
|Written Standard of Conduct Document||Other Written Guidance|
|– Fraud, waste, abuse
– Patient Care
– Job Aids
– Performance Evaluations
- Designating a Compliance Professional
- Can be system-wide or facility-wide, must have independence and authority, can report to Board or Ownership, and must be responsible for maintaining and coordinating compliance plan
- Open Communication
- Open door policy, hotlines, blind email communication, complaint boxes, non-retaliatory policy, and culture of compliance
- Training & Education
- Fraud, Waste, and Abuse Quality of Care, Policies/Processes/Procedures, and roles and responsibilities
- Create buy-in by engaging all staff, substance over form (be creative and interactive), have a training schedule (on hire, whenever there is a change and periodically thereafter), make training specific to role or department, obtain feedback from staff, and document training.
- Respond Promptly to Concerns and Incidents of Non-Compliance
- Take all concerns seriously, have a process for investigation, and know how to handle non-compliance internally versus externally
- Conducting Monitoring and Auditing
- Monitoring is Internal and Auditing is External
- Coding and Billing Reviews (internal/external) for accuracy, NCCI edits, and medical necessity
- Revenue Cycle Functions/Checks and Balances
- Clinical Documentation
- Professional Services Contracts and Employment Agreements
- Medical Staff Functions
- Standard of Care
- Enforce Disciplinary Actions
- Established policies, Consistency, Retraining, Consequences, and Self-Reporting
Keeping Compliance Relevant
Where We Go Wrong with Compliance:
- We fail to create a culture of compliance
- We reduce compliance to an HR checklist, or we have form over substance
- We make policies too complex and difficult to follow
- We distance the compliance function from daily operations
- We do not stay current with regulations, policy maintenance or education
- We assume that everyone knows what to do
Compliance is Both Static and Dynamic
- Redesign your blueprint as needed, keep training methods fresh, re-tool monitoring when you have operational changes, and balance responsibility and authority.
- Do not assume that the written policies or compliance plan you inherited as up-to-date or complete. Even corporate-level policies can fail to meet compliance especially when rural health providers are scarce within the system
- Do not wait for a survey deficiency or a payer audit to reveal a gap in compliance
- Revise and Simplify—making sure that the policies and training are following the regulatory blueprint
Monitoring Changes in Regulations
- Sign up for newsletters, announcements, newsfeeds, and emailing lists
- Set up email folders for these activities
- Allocate time weekly to review updates and clean up the folder
- Attend state, regional, and national meetings
- Develop relationships with other stakeholders outside your organization
- Join professional associations
- The Electronic Code of Federal Regulations (e-CFR) is an updated version of the Code of Federal Regulations. It is not an official legal edition of the CFR but is rather an editorial collection of CFR material and Federal Register amendments produced by the National Archives and Records Administration’s Office of the Federal Register (OFR) and the Government Publishing Office. This site is updated daily.
- Office of Inspector General (OIG) Exclusions– use the Compliance tab for information regarding Accountability Care Organizations, Advisory Opinions, Compliance Guidance, etc.