Compliance Commitment from the Top

Establishing Commitment From the Top of the Organization

An important and often overlooked aspect of developing a compliance program is the need to obtain commitment from the top of the organization.  Many times in a physician practice this will mean the physician owners of the practice.  It is important that the physician have a clear understanding of the need and benefit of establishing a focused compliance program.

There will inevitably be initial expenditures involved with establishing a compliance system.  In some cases it may even necessitate retaining additional staff.  There will almost certainly be fees to outside attorneys and consultants if the organization is not large enough to hire the needed expertise internally.  It is important that sufficient resources be allocated to compliance and that the physicians and administration understand that in the long term, these expenditures will pay off by reducing the risk of institutional compliance problems.  The difficulty is that if the compliance program works to reduce risks, there will never be a serious event that proves the benefit of the expenditures.  However, if an event occurs in the future and there is no compliance program in place, the regrets will be very deep because compliance issues are much more difficult to solve if there is no compliance plan in place.

As a practical matter, the institutional “buy-in” is often the most difficult hurdle to overcome.  It is somewhat easier now that compliance plans are becoming mandatory.  Yet there is still risks associated with under-funding compliance activities or providing enough resources to do the “bare minimum” when it comes to compliance due to a reluctant attitude on the part of physician leaders who are now being forced to develop compliance programs that they have not fully embraced.

Certain groups may be in a position that they have not been dependent upon institutions who have implemented compliance programs.  Some practices completely reject policies and procedures of any kind that could bind the physicians in their practices.  These organizations present the greatest challenges and unfortunately the greatest potential risk of violations of federal and state laws occurring due to the low level of leadership embracing appropriate compliance activities.  Even as these groups are forced to adopt compliance programs, they present the greatest residual risk because of a low level of physician commitment.

We suggest that physician practices begin the process of implementing formal compliance programs immediately to provide more time to gain physician commitment and appropriately assess the risks associated with the specific practice.  It takes a great deal of time to develop a system for establishing compliance programs, perform a “gap analysis” or other baseline analysis, perform employee interviews and take other steps to identify specific risk areas.  Developing a compliance program is much more than simply adopting a form compliance program.  Even though the precise effective date that compliance programs will become mandatory for physician practices has not yet been set, providers should consider this time a gift to permit them to develop appropriate policies rather than a reprieve.

Compliance Officer and Legal Counsel Roles – Should GC Be Compliance Officer?

Compliance Officer and Legal Counsel Relationships

I am often asked for my opinion on whether a general counsel can also serve in the role of compliance officer. At first blush, it seems like the general counsel would be a perfect fit for the role because of general knowledge of regulations that are applicable to the organization. Clients are often surprised when I tell them that it is not appropriate to assign the compliance role to general counsel. In fact, there is a lot of support for the proposition that assigning these responsibilities to legal counsel makes a compliance program less effective. It also runs the risk of making the general counsel less effective in the legal counsel role.
The reason why legal counsel should generally not fill the compliance role arises from differences in the roles that each of these professionals play within an organization. Legal counsel is an advocate for the organization. When compliance issues come up, legal counsel advocates the position of the client. The compliance officer on the other hand, is responsible for proactively looking for compliance problems and designing appropriate ways to correct the discovered problem. The roles go hand in hand in many ways. But what happens when it is legal counsel who structured a deal in a manner that it does not comply with applicable regulations? In cases like this, legal counsel is in an inherent conflict of interest.
In all but the very smallest organizations that clearly cannot absorb the cost of two separate functions, it presents increased compliance risk to the organization for the legal counsel to also be the prime individual responsible for compliance within the organization. Dividing the compliance and legal counsel functions is clearly the “best practice” when it comes to organizational compliance.
This conclusion is supported by comments from the Office of Inspector General (OIG), a consistent reading the Federal Sentencing Guidelines (FSG), the position taken by the government in Corporate Integrity Agreement fraud and abuse settlements, and by the general ethical standards that apply to the general counsel.
The case for dividing the functions of legal counsel and compliance officer and creating a separate Compliance Office with direct line of authority to the Board or a Committee of the Board is quite compelling. In fact, many organizations who had previously run the compliance role through the office of general counsel are now reviewing that practice and are making changes to their organizational structure and compliance plans.
A study done by the American Health Lawyers Associations and the Office of Inspector General in 2004 found that at that time, only 20% of the health care organizations that were polled had their compliance function under the authority of the Legal Counsel’s office. It is safe to say that in view of more recent pronouncements by the OIG and by comments made in the Supplemental Compliance Guidance for Hospitals that was released in 2005, the percentage of “dual role” organizations is now less than that figure.
The first source to be examined when defining the role of the compliance officer within an organization is the Federal Sentencing Guidelines. The FSG do not specifically mention a compliance officer per se, but require that the compliance and ethics program be assigned to “high-level” personnel. When organizations first began creating compliance programs in response to the Federal Sentencing Guidelines, oftentimes the responsibility was assigned to the legal counsel. This seemed to be a natural outgrowth of the function of the office of legal counsel. In that regard, it made organizational sense because the office of legal counsel had resources and personnel in place to implement the compliance program without creating an entire new organizational division.
Over time, the assignment of compliance functions to the legal counsel began to raise questions. Concerns were raised as to whether the legal counsel was in fact a “high level” personnel. Additionally, questions were raised as to the degree that giving the legal counsel the dual role of compliance officer and legal counsel sufficiently conveyed the appearance of the importance that the organization placed on compliance. As a result, some lawyers and compliance experts began to question whether creating a “dual role” compliance officer put the organization at risk of not receiving the benefits afforded under the Federal Sentencing Guidelines if the organization was ever in a position to need these benefits.
The Office of Inspector General has made its position clear that legal counsel should not exercise a dual role. An examination of many of the recent Corporate Integrity Agreements that have been entered between providers and the OIG clearly demonstrate the OIG’s position on this matter. Most CIAs outline the role and position of the compliance officer in the organization. The standard language being used by the OIG is as follows:
“The Compliance Officer shall be a member of senior management of [Provider], shall make periodic (at least quarterly) reports regarding compliance matters directly to the Board of Directors of [Provider], and shall be authorized to report on such matters to the Board of Directors at any time. The Compliance Officer shall not be or be subordinate to the General Counsel or Chief Financial Officer. [Emphasis Added]
Although the Sentencing Guidelines do not affirmatively address dual role situations, Commentary to the Sentencing Guidelines state that “applicable industry practice or the standards called for by any applicable governmental regulations” are factors to be considered. Failure to follow these standards “weighs against a finding of an effective compliance and ethics program.”
At the same time, both the Sentencing Guidelines and the OIG Compliance Guidance recognize that the size of the organization is a factor in judging the level of compliance. This recognizes that in cases where the organization is small and fewer resources are available, the organization can meet its obligations without necessarily creating a structure that separates the roles between the legal counsel and the compliance office. However, there is no precise definition as to whether an organization is a “small organization” that can fulfill its compliance functions in less formal ways or a “large organization” which will be expected to devote suitable resources to create a completely separate compliance function.
This uncertainty leave an organization’s board of directors without precise guidance concerning an appropriate structure given the size and nature of its organization. At the same time, best practices, given available resources, is to separate the compliance and legal counsel functions. The potential consequences of failing to use an appropriate structure for the size of the organization is increased penalties in the event of an event of organizational criminal misconduct; so the consequences can be quite serious.

Certified Compliance Attorney Health Care Compliance Certification

Certified Compliance Attorney – CHC Compliance Lawyer

Expert Compliance Representation – Health Care Compliance

Attorney John H. Fisher leads the Health Care Compliance Practice at Ruder Ware.   John is a practicing health care attorney who has substantial expertise in the compliance area.  He is certified in both Health Care Compliance and Corporate Compliance and Ethics.

Aggressive Governmental Fraud and Abuse Investigations

Government enforcement practices and ever changing regulatory requirements require health care providers of all types and specialties to function in a highly complex environment.  Government enforcement operates under a “return on investment” mentality which leads to extremely aggressive and sometimes unfairly overbroad enforcement actions.  This leaves even the most well intentioned health care provider feeling targeted and overburdened with regulatory requirements.

Attorney Fisher Provides a Full Range of Compliance Services

Attorney Fisher has provided a broad range of compliance related legal services to a variety of health care providers including hospitals, mental health programs, skilled nursing facilities, ambulatory surgery centers, a variety of medical groups, diagnostic facilities, home health care providers, personal care agencies, clinically integrated provider groups, accountable care organizations.  Each provider has unique features and characteristics that require creative approaches to mitigate the impact of overzealous governmental enforcement and private whistleblowers.

Preparation for an Eventual External Examination of Your Compliance Process

Our compliance practice functions under the philosophy that all providers will eventually be called upon to defend their compliance programs.  This may come through a self-disclosure after an infraction that is discovered through self assessment or audit.  A challenge to the effectiveness of a compliance program can arise as a result of a whistleblower claim or at the hands of a government criminal or civil prosecutor.  Regardless of the source of challenge, at some point in the future, a compliance program will be put to the test.  When this happens, it must be effective to detect and correct potential compliance problems.  This requires a well designed plan as well as a showing that the plan is actively operating to identify risk areas, audit for anomalies in areas where risk may be present, and comes full circle to take appropriate action to correct potential problems that are identified.  If this is happening when your time comes; when your compliance program is put to the test, you will have gone a long ways toward mitigation of potential negative consequences.

Penalties Are Increasing and the Scope Activity Considered Abusive Continues to Expand

Some may wonder how the government plans to pay for changes in the health care system.  One of the primary sources of payment in the future will be through enforcement of actual or perceived fraud and abuse.  Currently, the Federal government received an 800% return on every dollar that it invests on pursuing health care fraud and abuse.  With increased penalties and more draconian enforcement systems in place, the government is poised to turn the enforcement business into an even more lucrative proposition.  The stage is set with laws that increase penalties to such an astronomical level that even a minor case will be settled rather than risk being dragged through a proceeding that could expose a provider to damage that are many times the amount of settlement.

The Danger of Whistleblower Claimants

Whistleblowers also are incentivized to file cases as they seek to benefit personally from provider activity that may not fully conform to regulatory expectations. No provider is immune, no matter how effective its corporate responsibility program. For these reasons, all providers need experienced Compliance Counsel to assist them in trying to prevent regulatory violations, to determine the scope of and assist with correcting identified compliance issues and to defend them in the event they do become a target of government investigative activities.

Whistleblowers can come from a number of different places.  Disgruntled employees are a prime candidate to bring a whistleblower complaint.  How these complaints are handled is extremely important to minimizing their potential negative impact on you operations.  Once a Whistleblower attorney becomes financially committed to a case, they tend not to let go easily.  Settlement can be very difficult to attain on reasonable terms.  It is fair to say that in many cases the government gives more latitude to settle cases if the provider cooperates.

There are some reasonable government enforcement individuals who appropriately utilize their discretion when a provider cooperates and has not intentionally bilked the system.  Whistleblowers on the other hand, have their sites set on the full maximum amount of calculated False Claims Act damages.  They are looking for a pay day.  We can help you avoid this type of situation altogether by helping establish an effective compliance program that takes appropriate action to mitigate exposure if infractions are discovered.

Compliance Officer and Legal Counsel Dual Roles

Compliance Officer and Legal Counsel Relationships

Most organizations have divided their legal counsel office from their compliance office.  This has clearly become best practices in recent years.  In fact, dual role compliance officers can create risks as to whether your compliance program is effective.

There is a current debate within the compliance industry about the relative roles of the Chief Compliance Officer (CCO) and Legal Counsel. More specifically, questions are raised regarding whether the Legal Counsel should serve the dual role of legal counsel and compliance officer and whether the primary compliance officer can report through legal counsel. This is an extremely important issue to many organizations. I will be devoting several articles to the various aspects of this issue over the next several weeks.

In all but the very smallest organizations that clearly cannot absorb the cost of two separate functions, it presents increased compliance risk to the organization for the legal counsel to also be the prime individual responsible for compliance within the organization. Dividing the compliance and legal counsel functions is clearly the “best practice” when it comes to organizational compliance.

This conclusion is supported by comments from the Office of Inspector General (OIG), a consistent reading the the Federal Sentencing Guidelines (FSG), the position taken by the government in Corporate Integrity Agreement fraud and abuse settlements, and by the general ethical standards that apply to the general counsel.

The case for dividing the functions of legal counsel and compliance officer and creating a separate Compliance Office with direct line of authority to the Board or a Committee of the Board is quite compelling. In fact, many organizations who had previously run the compliance role through the office of general counsel are now reviewing that practice and are making changes to their organizational structure and compliance plans.
A study done by the American Health Lawyers Associations and the Office of Inspector General in 2004 found that at that time, only 20% of the health care organizations that were polled had their compliance function under the authority of the Legal Counsel’s office. It is safe to say that in view of more recent pronouncements by the OIG and by comments made in the Supplmental Compliance Guidance for Hospitals that was released in 2005, the percentage of “dual role” organizations is now less than that figure.

The first source to be examined when defining the role of the compliance officer within an organization is the Federal Sentencing Guidelines. The FSG do not specifically mention a compliance officer per se, but require that the compliance and ethics program be assigned to “high-level” peronnel. When organizations first began creating compliance programs in response to the Federal Sentencing Guidelines, oftentimes the responsibility was assigned to the legal counsel. This seemed to be a natural outgrowth of the function of the office of legal counsel. In that regard, it made organizational sense because the office of legal counsel had resources and personnel in place to impliment the compliance program without creating an entire new organizational division.

Over time, the assignment of compliance functions to the legal counsel began to raise questions. Concerns were raised as to whether the legal counsel was in fact a “high level” peronnel. Additionally, questions were raised as to the degree that giving the legal counsel the dual role of compliance officer and legal counsel sufficiently conveyed the appearance of the importance that the organization placed on compliance. As a result, some lawyers and compliance experts began to question whether creating a “dual role” compliance officer put the organization at risk of not receiving the benefits afforded under the Federal Sentencing Guidelines if the organization was ever in a position to need these benefits.

The Office of Inspector General has made its position clear that legal counsel should not exercise a dual role. An examination of many of the recent Corporate Integrity Agreements that have been entered between providers and the OIG clearly demonstrate the OIG’s position on this matter. Most CIAs outline the role and position of the compliance officer in the organization. The standard language being used by the OIG is as follows:

“The Compliance Officer shall be a member of senior management of [Provider], shall make periodic (at least quarterly) reports regarding compliance matters directly to the Board of Directors of [Provider], and shall be authorized to report on such matters to the Board of Directors at any time. The Compliance Officer shall not be or be subordinate to the General Counsel or Chief Financial Officer. [Emphasis Added]

Although the Sentencing Guidelines do not affirmatively address dual role situations, Commentary to the Sentencing Guidelines state that “applicable industry practice or the standards called for by any applicable governmental regulations” are factors to be considered. Failure to follow these standards “weighs against a finding of an effective compliance and ethics program.”

At the same time, both the Sentencing Guidelines and the OIG Compliance Guidance recognize that the size of the organization is a factor in judging the level of compliance. This recognizes that in cases where the organization is small and fewer resources are available, the organization can meet its obligations without necessarily creating a structure that separates the roles between the legal counsel and the compliance office. However, there is no precise definition as to whether an organization is a “small organization” that can fulfill its compliance functions in less formal ways or a “large organization” which will be expected to devote suitable resources to create a completely separate compliance function.

This uncertainty leave an organization’s board of directors without precise guidance concerning an appropriate structure given the size and nature of its organization. At the same time, best practices, given available resources, is to separate the compliance and legal counsel functions. The potential consequences of failing to use an appropriate structure for the size of the organization is increased penalties in the event of an event of organizational criminal misconduct; so the consequences can be quite serious.

 

Creating A Compliance Program That Fits Your Organization

Creating a Compliance Program That is Right for Your Organization

An important part of developing an effective compliance program is to make the program scalable and effective for the operations of the specific provider.  In some ways, creating compliance program for a large health system is the easiest because you have the resources and breadth of operations to recommend everything; also known as the “kitchen sink” model.  The real art in my opinion comes when developing programs for smaller hospitals, physician groups and other organizations that do not have the resources to “do it all.”  Taking an overbroad approach to compliance with smaller organizations can actually create additional risk because you are creating a “roadmap” of items that are not being done and which you will never have the resources to complete.

Our job as compliance attorneys is to recommend systems that are workable within the resources and specific risk areas that are relevant to the provider.  This takes a level of judgment that is not necessary where the size and resources of the organization permit the “kitchen sink” approach to be taken.

The development of compliance programs for smaller organizations take a surgical approach.  Care must be taken to develop systems for identifying the risk areas that are specific to the organization.  Risks should be scored and prioritized and the results of this process should be included into a plan to accomplish audits, reviews or monitoring of the various identified risk areas.  Small organizations cannot hit every risk area during every budgeting cycle.  A longer term approach is called for with the most urgent risks requiring closer and faster review.  This all ties into the budgeting process.  The work plan needs to be adequately budgeted.  The size of the organization will have an effect on the amount that is budgeted for compliance.

The point of a compliance program is not that every problem area will be found.  It is most important that a logical system be developed that prioritizes risk and addresses risk areas in a logical fashion.  The other side of the coin is that a substantial organization should not hide behind lack of resources for not addressing significant risk areas.  A small physician practice is at one end of the spectrum.  A hospital system with several facilities, attached physician network, and an array of ancillary services would have little excuse for not allocating sufficient budget amounts to compliance to enable the organization to meet its compliance needs.

Issues of scalability also come into the general structure of the compliance program.  A small physician practice will not have the resources to hire a chief compliance officer.  Rather, a small practice might designate a partner or administrator as a “compliance responsible individual.”  On the other hand, a substantial hospital system should implement a robust structure including a full-time chief compliance officer, a compliance committee and compliance staff.  The compliance officer should not serve a dual role in positions that create an inherent conflict of interest such as general counsel, chief financial officer or chief operating officer.

Issues of scope and scalability are at the center of most compliance efforts.  These issues require careful and judiciously made decisions.  These decisions are important and must be faced by providers of all size, from the smallest medical practice through the largest health system as mandatory affective compliance programs become a requirement.

Mandatory Compliance Programs In The Health Care Industry

Mandatory Compliance Programs for Health Care Providers

Compliance programs were made mandatory for all providers as a condition of participation in the Medicare program under the patient protection and affordable care act of 2010. With the recent Supreme Court decision upholding the affordable care act,  any uncertainty as to whether the mandatory compliance programs will become a reality has been lifted.

The affordable care act also required the CMS to promulgate regulations that establish the core elements for providers and suppliers to meet with respect to the mandatory compliance programs. CMS is authorized to determine the timing and core elements of the required compliance programs. The first industry segment that are required to adopt compliance programs are nursing facilities which must comply with mandatory compliance program requirements by March 23, 2013. However, CMS missed it statutory deadline (March 23, 2012) for promulgating detailed regulations to guide nursing facilities in the creation of compliance programs. It is expected that these regulations as well as the requirements for other providers will be forthcoming soon now that the Supreme Court has upheld the Affordable Care Act.

The Office of Inspector General has in the past issue compliance program guidance for various industry segments.  We can expect at least some of these requirements to be part of the regulatory clarification coming from CMS under its authority to enforce mandatory compliance programs. We can also expect additional requirements to be added based upon a parallel recent promulgation from CMS that is applicable to Medicare advantage managed-care plans and prescription drug part D plan entities. Although not directly applicable to organizations other than Medicare Advantage Programs and Part D prescription drug programs, the regulatory proposals are instructive of the current thinking of CMS with respect to required elements of compliance programs.

Some key elements of the recent regulatory proposal which were not included in previous OIG compliance program guidance include:

  •  A strong recommendation that there be standardized process for the governing body to review the compliance program documents at least annually. Current guidance is much more permissive and only suggests periodic reviews. The new regulations would require a complete effectiveness review and a detailed “gap analysis” to the Board of Directors on an at least an annual basis.
  • More details concerning distribution of standards of conduct and policies and procedures to new employees. The new proposed regulations required distribution of these materials within 90 days of initial hire and at least annually thereafter.  Distribution of policies and procedures will be an “obligation” rather than simply a “suggestion” once the new proposed regulations are finalized.
  •  The proposed regulations contain the clearest statement to date from CMS that “dual role” compliance officers, where the compliance officer is also the CFO, CEO or General Counsel, present a built-in conflict of interest and are not permitted. This has been a controversial topic in the past as many organizations still maintain their general counsel as their compliance officer. If the recent proposed regulations are any indication, many “dual role” compliance officers will be the way of the past. It appears that it will still be permissible for divisional  managers, such as quality assurance managers, to act in a dual role. However, operational management will not be permitted to act in his rules. This clearly includes CFOs, COOs and General Counsel who are specifically mentioned in the proposed regulations

There are many additional details that are contained in the most recent proposed regulations. There’s every indication that these proposed regulations are a foreshadowing of the eventual requirements that CMS will release under the mandatory compliance program authority that will be applicable to other providers such as nursing homes, physician groups, hospice, DME providers and other health care providers.

In view of these pending requirements and in light of the apparent expansion of compliance program requirements that is being hinted at by CMS,  providers should conduct an effectiveness review of their compliance programs now and begin the ongoing process of conducting such reviews on an at least an annual basis.  Reviews should be conducted with the requirements of the new proposed regulations in mind.

Small organizations, such as physician practices and smaller healthcare organizations should begin immediately to implement scalable compliance program structures that are focused on the specific risk areas that affect their organizations and begin to create an infrastructure for an effective compliance program.

 Organizations who still have their General Counsel, CFO, or COO acting as their compliance officer should begin to set the stage to undo that structure.  A separate office of Chief Compliance Officer should be created and separately budgeted.  The CCO should have autonomy from other operational offices and should have direct access to the Board of Directors, a Compliance Committee and the CEO.  This issue can be politically difficult within an organization and should be addressed soon rather than later.  Ultimately, this is an issue that must be firmly addressed by the Board of Directors under its responsibility to oversee the compliance program.

OIG Compliance Program Video Series

OIG Video Series – Effective Compliance Program Development

The Office of Inspector General (“OIG”) has released a series of videos relating to compliance issues.  Recent videos cover compliance program/type and basic elements of compliance programs.  Access OIG Compliance Videos

Recent OIG advice includes:

  • Foster a culture of compliance
  • Devote adequate resources to compliance
  • Create useful policies and procedures
  • Train your staff
    • Offer training often
    • Be creative with training to foster interest
    • Stay current on compliance issues
    • Promote communication
      • Be visible within your organization
      • Communicate the hotline
      • Communicate and reinforce non-retaliation for making complaints
      • Take appropriate corrective action
  • Team approach to investigations
    • Investigate to resolution
    • Create appropriate corrective action
    • Use results to improve compliance process
  • Conduct regular audits
  • Determine risk areas
    • Coding
    • Contracts
    • Quality of care
    • Review compliance program regularly

 Access OIG Compliance Videos

Compliance Legal Practice and Effectiveness Review

Compliance Program Development and Effectiveness Review

A significant part of our health law practice involves the creation, implementation, and review of compliance programs for health care providers and other businesses.  Some of our compliance practice is devoted to institutional provides such as hospitals, health systems and nursing homes.  We are increasingly advising our smaller health care clients, such as physician groups, home health agencies and other providers on establishing appropriate compliance programs.  The entire industry is trending toward the adoption of compliance programs spurred on by a true desire to reduce risk as well as recent legal changes that mandate the adoption of compliance programs for most health care providers.

We have made a major firm committment to our compliance practice.  Health care attorney John Fisher recently obtained national certification in health care compliance through the Health Care Compliance Association.  We have assembled a team attorneys with various legal backgrounds, including health law, employment law, non-profit tax law and other areas to complement Mr. Fisher’s focus on compliance issues faced by health care providers.

We provide compliance program development and review services to hospitals, individual physicians and group practices, dental groups, chiropractic groups, home health agencies, skilled nursing facilities, durable medical equipment suppliers, ambulance providers, therapy clinics, ambulatory surgery centers, and behavioral health care providers.  We assist providers in conducting internal audits, internal investigations, compliance program gap analysis and effectiveness reviews. We have also assisted providers who are the subject of reviews by institutions where they may be employed or have staff privileges.

Examples of some of our compliance program related involvement in the health care area include:

  • Conducting effectiveness reviews and making suggestions for enhancements to existing compliance programs.
  • Working with governing bodies to develop initial compliance programs.
  • Advising compliance officers and governance with respect to ongoing monitoring and auditing.
  • Assisting providers to conduct internal audits and assessments.
  • Assisting providers to focus on specific risk areas that may affect their practices.
  • Assisting providers in the reacting to compliance reports including investigations and corrective action plan development.
  • Conducting detailed compliance related research in the course of acquisitions of other providers.
  • Creating programs that leverage existing resources and expertise into an enterprise management system addressed at compliance issues.
  • Compliance Programs Are An Essential Element of Health Care Operations

Effective compliance programs have become an essential element of an effective regulatory risk reduction program.  The importance of compliance programs have been repeatedly emphasised by government officials over the past decade.  Recently, Marilyn Tavenner, Acting Administrator of the Centers for Medicare & Medicaid Services (CMS) released a brief article on the CMS Blog emphasizing the use of “predictive modeling” technologies to identify specific providers that warrant further investigation.  The Acting Administrator touts that predictive modeling has already identified 2,500 leads for further investigation, 600 preliminary law enforcement cases, and 400 direct interviews with providers that have taken place due to the use of predictive modeling.

The 2012 Office of Inspector General Annual Work Plan also referred to new methods and programs to detect potential billing anomolies.  The OIG states that it will be using data matching programs to identify not only providers who are at a high risk of having incorrect billings, but also providers who have low risk.  The OIG claims that it will be examining both types of providers to determine the impact that compliance program operations have on the accuracy of billings.  This is alarming because it means that the OIG will be eamining the operations of compliance programs who show low risk of billing anomolies.

The Coming of Mandatory Compliance Programs

The PPACA created the concept of mandatory compliance programs for most providers.  Nursing homes are first on the list and must certify that they have an effective compliance program by 2013.  We are expecting additional regulations on what constitutes and effecive compliance progam as well as specific timelines defining when other provider types will be required to adopt compliance programs as a condition of participation in the Medicare and Medicaid programs.

Compliance Programs – One Size Does Not Fit All

The OIG Guidance on Compliance Programs as well as the Federal Sentencing Guidelines make it clear that one size does not fit all when it comes to compliance program development.  An effective compliance program needs to be strategically developed based on identification of the risk factors that are specific to the size and nature of the organization.  It is not prudent to simply copy the policies of another organization and adopt them as your own.  You should create a structure as well as topical policies that reflect the nature of your particular organization; sometimes right down to the personalities that are involved in the various aspects of your operations.

There are certain core principals that will be common to all compliance programs.  However, your program should be appropriately scaled to the size and resources of your organization.  I am not suggesting that you fail to allocate sufficient resources to compliance.  Decisions regarding allocation of resources are difficult but must be addressed.  At the same time, you do not want to develop policies that you will never have the resources to appropriately follow.  This carries the risk of creating a “Roadmap” that demonstrators to investigators the things that you are NOT doing.  Policies that you do not follows are argueably worse than having no policies at all; at least in some areas.