On the 12th Day of Healthcare . . .
Earlier this month your peers joined us for a popular workshop, “12 Days of Effective Compliance” covering key tactics to bring into the new year. We partnered with our newest hire, Chief Compliance Officer Donna Thiel, to come up with a simple, digestible end-of-the-year checklist for your compliance program. There was such a great response to the information, we decided to put together a quick summary for you to skim (and hopefully apply!).
Hopefully it brings you good tidings of great joy!
Days of Effective Compliance
Day 1 – Do you have a compliance plan?
- The OIG has a resource page of guidance and HCCA has several articles on compliance plans that are helpful.
- These need to be more than words on paper because they’ll hold you accountable to the plan you create.
- OIG Enforcement conference: credit to companies that have one. Can help reduce chance of CIA, Corporate Integrity Agreement
- Long-term care providers have a new regulation that raises the requirements of mandatory compliance programs.
2. When is the last time you reviewed your compliance plan and updated it toward new laws and regulations?
- Compliance plans continuously evolve.
- New regulations and best practices should be added.
- Involving multiple stakeholders is the best way to ensure a complete plan.
3. Have you reviewed the 2017 OIG Work Plan as a road map for your compliance focus?
- The OIG takes the time to tell you what they will focus on. Use it as a road map.
- Check out our blog this month from PT on several of the hot topics and …
To receive the full checklist webinar click here!
4. Are you prepared to conduct a training update for all existing staff not just new hires?
- Training becomes stale if there’s not refresher data.
- By making compliance training one of the first things you do in 2017. Remind your staff of the importance of compliance.
- Find ways to make it fun and engaging so that people take it seriously and remember your message.
5. How visible is your CEO to your staff and can you get him or her to highlight the importance of compliance as a part of your culture?
- Be honest. Does your staff even feel connected to your CEO?
- Do they show personality and present the image of your company?
- Hopefully so, but it’s good to remember to take that responsibility on to help him or her to convey the importance of compliance. (We recognize for some of you that it’s hard and for others it’s easier depending on who your boss is, but it’s your role to bring compliance to the forefront).
6. Have you conducted a security audit risk assessment of all of your sensitive information?
- Healthcare is under attack because of the nature of the data that you possess.
- PHI is a treasure trove for thieves.
- A breach of data can cost your company dollars, brand image and penalties or fines.
- Invest in a risk assessment to identify weaknesses and address them as soon as possible.
- Many of the recent OCR HIPAA settlements resulted from failure to complete routine risk assessments.
7. Are you monitoring your vendors and third party consultants in addition to your employees on a monthly basis?
- Monthly monitoring is not only best practice but what the OIG is expecting you to do.
- So far in 2016, OIG issued $7,201,781 in fines.
- Did you know that the OIG now contains over 60K individuals and entities that have been excluded.
- Since the beginning of 2016, there are now 4 new state Medicaid exclusion lists that have been added and should be searched.
- Don’t forget that the OIG excludes companies in addition to people.
8. Have you prepared your board and compliance committee with a year in review summary?
- The DOJ issued a memo in 2016 highlighting the personal accountability of executives for fraud and abuse.
- The intent is to go deep in the organization for those who were responsible and hold them personally accountable. Not only your job and executive team but could also be for the chief compliance officer.
- Make sure your compliance officer has a seat at the table and is given
- sufficient time on the agenda to report on compliance.
9. Is your compliance budget realistic compared to your responsibilities and goals. Do you need training etc?
- Let’s face it. Compliance is tough. However, you should feel confident to have a strong voice to request the tools and resources you need to keep the company compliant.
- Don’t be afraid to ask for a sufficient budget to accomplish your compliance plan.
- It’s cheaper to budget for prevention than to pay fines for non-compliance.·
- Keep it simple. It doesn’t have to be complicated
- You’re not out there alone. There are tools, resources, conferences, webinars to keep you current and most of them are free.
- Find time each month to learn something new and stay current.
- Certain functions can be automated to reduce your risk and allow you to focus on bigger tasks at hand … such as OIG exclusion monitoring, creating dashboards with key metrics to track.
10. How hot is your hotline? Do you have a hotline and safe place for reporting non-compliance to avoid whistleblowing?
- If your staff does not have a safe place to report potential issues then your organization is at risk for a whistleblower action and/or a government investigation.
- If compliance can be seen as a neutral and safe partner, you will help your organization avoid whistleblower actions.
- Hotlines, open lines of communication, and an ear to the ground should be a priority.
- Walk the floors. Put a personality on compliance.
11. Do you have the right resources bookmarked to stay abreast of changing laws and regulations of 2017?
- We love to blog and host free webinars and workshops as education tools. Here is a look at our series for the year.
- How good is your network? Check your HCCA network, law firm websites, OIG sites, McKnights, RAC monitor. Make sure to build your network. Attend HCCA conferences and make friends.
- Join LinkedIn groups and online forums.
12. Relax and enjoy your hard work. Remember, you play an essential role in the overall health of your company and your voice matters.
Make it a great year!
To receive the full webinar discussion click here!
Written by Michael Rosen, ESQ
ProviderTrust Co-Founder, mrosen@providertrust.com
Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as: Inc Magazine’s Inc 500 Award and Nashville Chamber of Commerce Small Business of the Year
Connect with Michael on Linkedin