CP must include these 7 steps

One: ‘Don’t let the fox guard the chicken coop’

You’ve heard a lot about the seven steps contained in the federal government’s model compliance plan for hospitals. Following is a list of the steps:

1. You have to establish written compliance standards and procedures that are comprehensible and reasonably capable of reducing criminal conduct.

Usually the first step is authorization for the establishment of a compliance program (CP) by the board of directors. After receiving authorization, you should draft compliance policies that clearly address regulatory and licensure issues, as well as reimbursement rules and procedures, such as proper billing and cost reporting. These guides and manuals should be reviewed and revised annually, either by the compliance staff or by outside advisors to the institution.

2. You should assign persons with substantial control or policy-making roles, such as directors or executive officers, to have oversight responsibility for the design and implementation of the CP.

This step should include the appointment of a compliance officer or a compliance team. The CP should be designed to provide senior management and the board itself timely and accurate information sufficient to allow them to reach informed judgments concerning the institution’s compliance performance. Involvement of high-level management and the board of directors in a CP bolsters its credibility. To achieve that goal, there should be regular meetings with the compliance officer and the board or a committee of the board to advise the institution of emerging compliance issues.

3. You should not give substantial discretionary authority to persons the institution knows or should know have a tendency to engage in illegal or questionable activity.

This is a common-sense limitation. For example, the CP may be designed to prohibit physicians who cannot pass routine internal reviews from billing for their own services. In addition, you should consider screening the background of applicants for positions of management responsibility for previous health care fraud violations.

4. You must effectively communicate compliance standards and procedures.

The institution should require employees and outside consultants to participate in mandatory training programs, and should provide practical written materials that explain what is required and expected. This effort should include the circulation of governmental announcements and publications such as the OIG "fraud alert" that identifies practices that the OIG believes to be suspect, and regular educational and training seminars on regulatory and compliance issues.

A code of conduct and ethics manual should be adopted, and issued to all relevant employees. To establish the necessary paper trail, the institution should require its employees and outside consultants to sign a form acknowledging receipt of the policy manual.

5. You must take steps to ensure employees follow the institution’s standards by, for example, designing and implementing auditing systems to detect wrongdoing by either outside consultants or other independent individuals.

The best CP on paper is meaningless unless the institution assures itself through periodic internal and outside audits the program is working as designed. Internal audits may include employee interviews and a review of patient records and billing documentation. In addition, the institution should establish a toll-free, confidential hotline for employees to report infractions, and should document the actions taken in response to complaints.

6. You have to consistently enforce the standards through appropriate disciplinary mechanisms – such as taking action against people responsible for the failure to detect an offense – when appropriate, as well as disciplining those who violate the institution’s compliance policy.

Most people respond quickly when their actions will cost them money. You should consider imposing economic penalties against those who will not follow the compliance requirements.

7. If an offense is detected, you must respond to prevent other similar offenses, including making corrective modifications to the program.

This should be in addition to the annual review.