Beware pitfalls of fraud and abuse program

It is a never-ending cycle

By Paula Swain, RN, MSN, CPHQ, FNAHQ

Swain & Associates

St. Petersburg, FL

With the government’s increased vigilance in combating health care fraud, many organizations are making the implementation of a voluntary compliance program a high priority. The following outline will help you if you are considering such a move, or will serve as a review if you have implemented a program.

Put someone in charge.

Designate a chief compliance officer (CO) or other appropriate high-level corporate official to be charged with the responsibility of operating the compliance program. The CO may need to be oriented to the information flow that already exists, the quality control measures, and the scope of the mandatory education programs and reporting forms.

Create a plan.

This will be similar to your current safety or infection control plan but will be tailored to the laws of fraud and abuse. It must include standards of conduct for employees and ensure that areas such as ethical billing practice are included. In addition to your main plan there should be sub-plans for areas such as the laboratory and its unique approach to compliance. If you are accredited by the Joint Commission on Accreditation of Healthcare Organizations in Oakbrook Terrace, IL, you must have a viable and working code of ethics. Go back and review yours against the requirements of HCFA — the agency insists that a code be established and adhered to. Review the section on organizational ethics in the Joint Commission’s chapter on leadership.

Take care in developing a plan. Often its initiation is mandated by an administrator, such as the CFO. This knee-jerk reaction is inadequate and typically results in a focus on only one process, such as upcoding. An attempt is made, the system fails, and a better way is sought. After a few tries it occurs to the executive that this should be a team project or that the plan is related to quality improvement. Only then do the right people become involved. A team is formed and progress is made. A facilitator trained in statistical tools and group dynamics then manages the team, now including a staff person from the quality improvement office. That’s the person who often provides training and support for these positions.

Accountability is built into the federal law. Each step of the compliance process must be measured. While all managers have been responsible for quality, risk, and resource management, their new responsibilities need to be clearly outlined and prioritized for them. The compliance planning law clearly states that every individual is responsible.

Involve the key players.

Many of the key players are already in place with systems up and ready to actively assist with the program. These are systems people, such as quality managers (QM), utilization managers, case managers, and risk managers, to name a few. They are well-versed in developing processes, and ensuring that they merge and end when appropriate. These people can be instrumental in developing interfaces of processes that have historically never worked together, such as the physician who writes the orders and the clerk who processes the patient when he or she arrives for the test. The QM will usually be the first one to realize that data need to be supplied to validate where to begin the improvement process, along with documentation as evidence of compliance. Once the compliance plan is drafted, an assessment must follow that identifies which component of the compliance system needs fixing first. This is an area where data are essential. The QM department can support two of the main features of the improvement process — the format for reporting, and methods and systems for tracking issues.

Develop policies and procedures.

Policies and procedures promote the facility’s commitment to compliance and address specific areas of potential fraud, such as billing, marketing, and claims processing.

Implementing your system

Create education and training programs.

Syllabuses need to be developed and offered to all employees, subcontractors, and vendors in order for you to comply with your plan and code of ethics. Education has to be ongoing — when the program is installed, for new employee orientation, and as a mandatory yearly inservice. Everyone needs to know what ethics violations are and the method for reporting them. In addition to the general education program, there have to be specific programs for core areas, such as educational training in payment for all areas that post charges. Even with a computer program that prevents duplication of billing by flagging instances of the same patient using services within 72 hours, if the charges are delayed in posting, the computer is bypassed and multiple billing errors will occur.

Execute a meaningful reporting system.

The QM department usually is the group that pulls all the measures together and reports them in an understandable format for the CEO and administration. Otherwise, each department involved will be reporting just one measure from its own perspective — the physician who orders a test, the clerk who follows through with the order in the lab or in X-ray, and the clerk in the billing department who makes up the bill without an ICD-9 code for medical necessity. This is information overload. The data must be managed, collected, and investigated prior to delivery to the CEO. This is systems management.

Develop a code of improper and illegal activities.

This should include disciplinary action against employees who have violated internal compliance policies or applicable laws, or who have engaged in wrongdoing, such as accepting gifts or taking kickbacks for referrals. Policies must be be in place for addressing the firing or retention of sanctioned individuals.

Install a hotline.

This and other procedures are necessary to protect the anonymity of complainants.

Involve the corporate attorney.

The lawyer overseeing the organization’s compliance progress has to be involved for the same reasons peer review information goes to the medical staff: It protects the organization from disclosure. (See related article in Hospital Peer Review, October 1997, p. 144.)

Re-examine medical record systems.

The requirements applicable to record creation and retention should be reviewed.

Investigate all problems immediately.

Develop a sense of urgency; investigate and remedy all identified systemic and personnel problems immediately.

Evaluate the results

Monitor compliance.

The evaluation phase focuses on how all the measures come together and are reported to the CEO. No one department can provide this; it must be a central service. The CO may actually have his or her own staff. However, to bypass existing systems in the QA department would be a gross misuse of funds and an extremely redundant system.

Use audits or other evaluation techniques to monitor compliance and ensure a reduction in identified problem areas. For example, components of this program could be performing routine data collection and analysis of patient bills. Those are really quality control activities, but it is likely that data analysis will indicate an opportunity to improve the way charges are sent, billing is handled, and fraud alerts are transmitted throughout the organization and elsewhere.

Include the program in performance appraisals.

Supervisors must promote the program and adhere to compliance requirements as an element in performance appraisals. The compliance program also requires disciplining supervisors who fail to detect ethics violations in their subordinates.

The process of major plan development is never finished. Reviewing and updating is an ongoing process as regulations change and departments update their systems and reporting processes.

[Editor’s note: Priscilla Kibbee, RN, MEd, assisted in the preparation of this article.]