HIPAA Administrative Simplification

Principle III: Obligation to the Profession

• Compliance professionals should strive to uphold the integrity and dignity of the profession
• Should advance the effectiveness of compliance programs and promote professionalism in health care compliance
• Compliance Officer may be a focal point, but not the only point in a Compliance Program
• OIG urges a Compliance Committee be established to advise and assist the CO
• Committee should include varying perspectives and develop goals and objectives on an annual basis
  • Participating in the identification of risk
  • Regularly reviewing and assessing compliance P&Ps
  • Assisting with the development of the COC and P&Ps
  • Determining strategy to promote Compliance
  • Developing a system to solicit, evaluate, and respond to complaints and problems

Education and Training

• Education and Training are the first and possibly the most important lines of defense for a Compliance program
• Proper education of all officers, managers, and employees, and continual retraining, is a significant element of an effective compliance program
• General Training Topics:
  • Elements of the compliance program
  • The Code of Conduct
  • The reporting system
  • Individual accountability for reporting suspected non-compliance
  • Non-retaliation policy
  • Who is the Compliance Officer
  • Explanation of FWA
• OIG urges a specific number of education hours per year (1-3hrs per yr in corporate integrity agreements)
• General Compliance Education should include:
  • Ethics
  • Code of Conduct
  • Obligation to Report
  • Privacy
• Topics for specific/focused training include:
  • Actions outside scope of practice
  • Government and private payor reimbursement principles
  • Third-party relationships
  • Identification of a privacy breach
  • Stark/anti-kickback
  • Submission of a claim for physician services when rendered by a non-physician
  • Signatures for a physician without the physician's authorization
  • EMTALA
  • Conflicts of interest
  • Proper documentation of services rendered
  • Directions for conducting investigations
• Written annual training plan should outline the training needs, timing, methods, and duration

Enforcement and Discipline

• Discipline will be administered for non-compliance
• Employees have an obligation to report suspected non-compliance
• An outline of disciplinary procedures
• A list of the parties responsible for appropriate action
• A promise that discipline will be fair and consistent
• Failure to report an offense is a serious act of non-compliance and equally deserving of discipline as the actual misconduct
• HR is responsible for working with management in imposing discipline
• Compliance will monitor consistency for fairness and severity
• Intentional or reckless non-compliance = significant sanctions
• Progressive discipline = Multi-step process
  1. Employee's manager to discuss problem with employee
  2. Depending on the situation, next step might be to escalate the issues to a higher authority
  3. A written warning
  4. Next step could be suspension without pay, or a probationary period
  5. Final option is termination, if all other options are exhausted
• OIG Recommends a new employs policy:
  • Background checks
  • Reference checks
  • Reviews of the federal health care sanctions list

Responding to Offenses / CAPs

• If there's a reason to believe misconduct, response must be timely and appropriate
• Detected but uncorrected misconduct threatens an organization's credibility
• Cover-ups usually cause more problems than they solve
• The goal of a Compliance Program is detection
• Depending on severity, you may want to meet with your legal counsel
• OIG recommends an investigation anytime a potential violation is identified
• Internal investigations must be handled by skilled investigators and documented according to your policy
• OIG calls for prompt reporting of [misconduct] within a reasonable period
• If a [repayment] is due to Medicare, it must be made within 60 days of identification