Compliance plans are written strategies, adopted by a healthcare provider, to assist in its day-to-day compliance with applicable laws and business policies. While compliance plans have historically been optional for healthcare providers, with the passage of the Patient Protection and Affordable Care Act, Congress has now mandated that healthcare providers who participate in a federal healthcare program implement a corporate compliance plan. Thus, an up-to-date and thorough corporate compliance plan is a necessity for any healthcare provider.
However, a compliance plan that is drafted without further review, revision, or implementation carries the same effect as having no compliance plan at all. Thus, to be effective and beneficial, all compliance plans should be periodically reviewed and revised to address changes in the law, operational changes, and past experiences. Why not make such review and revision your New Year's Resolution?
As you revise your corporate compliance plan, or implement one for the first time, consider the following:
The Office of Inspector General ("OIG") has published guidance on effective compliance plans for many types of healthcare providers (physician practices, nursing facilities, hospitals, hospices, home health providers, DME suppliers, etc.). While the OIG allows flexibility in developing a compliance plan, this guidance provides a good insight into the various areas and topics that might be included in the compliance plan for a particular provider type. The OIG compliance plan guidance can be accessed at https://oig.hhs.gov/compliance/compliance-guidance/index.asp.
A main component of a corporate compliance plan is the written policies and procedures that set forth the day-to-day compliance expectations of the provider. Among other things, the polices should include a review of the applicable laws and regulations (e.g., Stark, Anti-Kickback, False Claims Act, Civil Monetary Penalties, etc.), what is expected in terms of complying with such laws and regulations, the consequences of noncompliance, and ways to report non-compliance to the appointed compliance officer or compliance committee. To avoid confusion, policies should be written in a manner that is easy for the employee and contractor to understand.
Compliance plans should address the risks that are associated with a particular provider. Risk areas that are common to most healthcare providers include coding and billing practices, medically necessary services, proper documentation, record retention, fraud and abuse concerns, and conflicts of interest. At a minimum, these areas should be addressed. Further, your risk areas may change as the law changes and as your business evolves. When reviewing your compliance plan each year, review the OIG Work Plan, which highlights the areas of government focus and enforcement action for various types of healthcare providers. The OIG Work Plan may be accessed at https://oig.hhs.gov/reports-and-publications/workplan/index.asp.
Compliance plans should address monitoring and auditing systems that detect compliance violations and ways to address such violations. Among other things, there should be a mechanism for reporting compliance plan violations, investigating such reports, correcting compliance plan violations, and imposing disciplinary action.
An effective corporate compliance plan should include a training component, pursuant to which employees and contractors are periodically educated and trained on the elements of the plan. Training should occur both when an employee or contractor is hired and periodically thereafter (every year or every six months). Many providers have found monthly "reminders", whether at a staff meeting or via e-mail distribution, to be effective, repeatedly reminding employees and contractors of the provider's compliance efforts.
The corporate compliance plan should be made available to all employees and contractors to which it applies. Rather than make a hard copy, many healthcare providers make the plan electronically available to everyone. If your compliance plan is lengthy, you may want to consider also having a summary available that hits the main points of the plan. As the compliance plan is revised and updated, if necessary, the summary should also be revised and updated.
Once completed, the revisions to the compliance plan should be formally adopted by the Board of Directors or similar Governing Body. Employees and contractors should be updated on the adopted changes to the compliance plan, and the revised compliance plan should be made available them.
Taking time to review and revise your compliance plan each year is one New Year's Resolution that you should keep. Happy New Year!