An effective compliance and ethics program is outlined in the Federal Sentencing Guidelines, Organizational Guidelines Chapter 8, and is frequently summarized in seven steps. However, a compliance plan is intended to be much more than a book that sits on a shelf. There have been several updates to the laws that govern anesthesia and pain management practices such as the Stark Law and Anti-Kickback law. These changes may require updates to your compliance program. Compliance programs are to be living documents and should reflect changes and updates based on current law and practice management initiatives. As stated in the Application Notes section of the Sentencing Guidelines, “An organization’s failure to incorporate and follow applicable industry practices or the standards called for by any applicable governmental regulation weighs against a finding of an effective compliance and ethics program.” Many organizations struggle with how to demonstrate an active compliance and ethics program. Your practice should have the policy to review the compliance program annually, at a minimum, with additional reviews when significant changes occur. Below are some sample questions you can use to help determine if you have an up-to-date and active your compliance and ethics program.
- Established compliance and ethics standards and procedures that are reasonably capable of reducing the prospect of criminal conduct.
- Are there policies, standards, and procedures in the following areas: 1) Code of Conduct; 2) Conflict of Interest; 3) Compliance Program; 4) Coding, Billing, and Claims Submission; 5) Reasonable and Medically Necessary Services; 6) Medical Documentation of Services; 7) Business Relationships (such as improper inducements, kickbacks, and self-referrals); and 8) HIPAA privacy, security, and HITECH including access through mobile devices?
- When were the last time policies, standards, and procedures reviewed or updated? Is there a regular review process to ensure all are reviewed regularly?
- How are anesthesia or pain management specific risk areas addressed in standards and procedures?
- Have changes to relevant laws been reflected in the compliance and ethics program?
- Has a HIPAA Risk Assessment been performed? If so, was it an internal or external assessment, when was it performed, and what is the status of the recommendations from the assessment?
- Specific individual(s) within high-level personnel of the organization must be assigned overall responsibility to oversee and direct the compliance and ethics standards and procedures.
- Is there an appropriate designation of a Compliance Officer with access to the organization’s Board of Directors?
- Is there appropriate staff and funding based on the size of the organization to reasonably perform the operational responsibilities of the compliance and ethics program?
- When was the last report on the compliance and ethics program given to the Board of Directors?
- When was the last screening of new and existing employees and independent contractors against the Federal exclusions database?
- Is there a log of reported incidents or allegations regarding possible unethical or inappropriate business practices?
- How is the monitoring of subsequent corrective action and/or compliance issues tracked or reviewed?
- The organization must use reasonable efforts not to delegate substantial authority to individuals whom the organization knew, or should have known through the exercise of due diligence, has a propensity to engage in illegal activities.
- Does the leadership selection process include an exercise in due diligence to identify if candidates engaged in illegal activities or other conduct inconsistent with the compliance and ethics program?
- Are the organization’s leadership business relationships and conduct reviewed regularly?
- The organization must take steps to periodically communicate effectively its standards and procedures to all employees and other agents by conducting training programs and otherwise disseminating information that explains what is required.
- Does New Hire Training include training on the compliance and ethics program? How to report a potential compliance issue? Does the training include disciplinary actions for engaging in criminal or unethical activities? Does the training include HIPAA privacy, security, and Hi-Tech requirements?
- How is annual training on the compliance and ethics program tracked?
- Is there specific annual compliance and ethics training for organization leadership, compliance designated employees, providers, and coding and billing staff?
- Is there specific annual training for HIPAA privacy, security, and Hi-Tech requirements?
- The organization must take reasonable steps to 1) ensure the compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct; 2) periodically evaluate the effectiveness of the compliance and ethics program; and 3) have in place and publicize a reporting system whereby employees and other agents can report or seek guidance on potential or actual criminal conduct by others within the organization without fear of retaliation.
- Is there an ongoing monitoring process for business operations and practices? How are items selected?
- Is there an ongoing monitoring process for medical necessity and documentation of services? How are items selected?
- Is there an ongoing monitoring process for coding and billing practices? How are items selected?
- Is there an external audit process? How frequently is it performed? What areas does it cover?
- Is there an “open door” policy approach towards reporting concerns?
- Is there an anonymous way for employees or outside agents to report possible compliance concerns? Is there a log of reported items?
- How are reported items tracked and outcomes communicated?
- How/when are employees updated on compliance and ethics activities?
- How does the organization reinforce the policy to not retaliate or adversely treat an employee who reports suspected erroneous or fraudulent activities in good faith?
- How is the effectiveness of the compliance and ethics program tracked?
- When was the compliance and ethics program last updated?
- Consistently promote and enforce the compliance and ethics program through 1) appropriate incentives to perform within the compliance and ethics guidelines, and 2) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.
- Are there appropriate incentives to perform within the compliance and ethics program?
- Are there appropriate consequences of non-compliance with the compliance and ethics program up to and including termination, restitution of damages, and referral for criminal prosecution?
- What specific incentives/consequences are unique for leadership? For compliance designated employees?
- After an offense has been detected, the organization must take reasonable steps to respond appropriately to the offense and to prevent further similar offenses, including any necessary changes to the compliance and ethics program.
- Have detected offenses been appropriately investigated and responded to in a timely manner?
- What policy/standard/procedure is investigated the most?
- What corrective actions are most frequently utilized? (Retraining, Policy/Standard/Procedure Update, General Communication, Employee Disciplinary Process, Termination)
- If a serious violation was identified, was appropriate legal counsel consulted for advice and to plan the appropriate course of action?
- What revisions were made to the compliance and ethics program as a result of the detected offense?
An active compliance and ethics program can touch every aspect of an organization. It is more than a book on a shelf; if done correctly, it is part of what employees do every single day. Demonstrating active compliance is important to organizations trying to attract high-quality employees. Of course, it is also important if any outside investigations are conducted. Take time now to determine how active your compliance and ethics program is.
2018 Guidelines Manual, Chapter Eight – Sentencing Of Organizations
Part B – Remedying Harm From Criminal Conduct, And Effective Compliance And Ethics Program
2. Effective Compliance And Ethics Program:
Compliance 101, Third Edition; Debbie Troklus & Greg Warner