Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Compliance Effectiveness Assessments

1 652 vues

Publié le

PYA Principal Shannon Sumner, guest speaker at the GHA Compliance Officers Retreat, discussed "Compliance Effectiveness Assessments."

Publié dans : Santé
  • My personal experience with research paper writing services was highly positive. I sent a request to ⇒ www.HelpWriting.net ⇐ and found a writer within a few minutes. Because I had to move house and I literally didn’t have any time to sit on a computer for many hours every evening. Thankfully, the writer I chose followed my instructions to the letter. I know we can all write essays ourselves. For those in the same situation I was in, I recommend ⇒ www.HelpWriting.net ⇐.
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Have you ever used the help of ⇒ www.HelpWriting.net ⇐? They can help you with any type of writing - from personal statement to research paper. Due to this service you'll save your time and get an essay without plagiarism.
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • I have found your program really helpful. It is so easy to understand. It makes far more sense than school teachers ever did. I desperately need a 'C' grade and with your package, I am bang on this pass rate. With a bit more revision, it will be a comfortable pass. Thanks Jeevan! ♣♣♣ http://t.cn/AirrSv7D
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Compliance Effectiveness Assessments

  1. 1. Compliance Effectiveness Assessments Page 0 September 3, 2014 Georgia Hospital Association Compliance Officers Retreat Compliance Effectiveness Assessments September 3, 2014 Shannon Sumner, CPA Prepared for Georgia Hospital Association Compliance Officers Retreat Principal
  2. 2. Page 1 Presentation Objectives • Leading Practices in Compliance Programs • Self Assessment Process • Highlight Leading Practices in the Seven Elements • Self Assessment Resources September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  3. 3. Page 2 Audience Questions – • New to Compliance Role (less than 1 year) • In Honeymoon Phase (1-3 years) • In Formative Years (4-5 years) • Hitting Your Stride (6-10 years) • Been There, Done That (>10 years) September 3, 2014 Compliance Effectiveness Assessments Experience Prepared for Georgia Hospital Association Compliance Officers Retreat
  4. 4. Page 3 Audience Questions – Size of Compliance Team • Me, Myself, and I (1 person) • Just the Two of Us (2 people) • See No Evil, Hear No Evil, Speak No Evil (3 people) • We are Family (4-5 people) • Seriously? (>5 people) September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  5. 5. Audience Questions – Duties Page 4 • Vanilla - Compliance Only • Swirl - Internal Audit and Compliance • Rocky Road - Everything!! September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  6. 6. Hospitals must address employee fraud reports with procedural fairness Page 5 September 3, 2014 Compliance Effectiveness Assessments Headlines Prepared for Georgia Hospital Association Compliance Officers Retreat
  7. 7. Page 6 Self Assessment Process • There is not one single best Compliance Assessment Tool! • Collaborate with Internal Audit where possible. • Partner with another Compliance Officer – peer review. • Recommend Scoring Tool: - Facilitates Education and Training. - Facilitates Trending by Area. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  8. 8. Page 7 Key Questions to Ask • How would you rate your own Compliance Program (Scale 1 – 5, 5 Highest)? • When was the last time your Compliance Program was September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat audited? • Have you called your organization‘s Compliance Hot Line? • If someone in your organization is asked “Who is the Compliance Officer?” would they know what to say? • Does your Audit/Compliance Committee ask tough questions? Are they engaged? • Are you aware of (maintain a listing) all outsourced services and vendors?
  9. 9. Page 8 Key Questions to Ask • Are you aware of all of the joint ventures within your organization? • Are you copied on all internal audit reports? • Does your organization have a Fraud Policy and investigation protocol? • Are you involved in exit interviews for all senior executives and other high-risk areas? • Do you receive a copy of the external audit Management Letter Comments? • How comfortable are you that all Conflicts of Interest have been disclosed by Management, Governance, and Physicians? September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  10. 10. Page 9 Effectiveness Red Flags • The Compliance Work Plan has a lot of “Plan to…” line items • Little-to-no Hotline Activity • No history of Compliance Effectiveness Assessments by outside parties • No questions are asked by Compliance/Audit Committee members • Auditing error percentages consistently high (>5%) • Compliance Risk Assessment is conducted in a vacuum • The Compliance Officer is not aware of the organization’s risk appetite/tolerance • The Compliance Team has not received compliance specific education • Action plans are consistently past due • Risks identified through risk assessment are not addressed (internally or September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat externally) • Compliance is not advised of what may appear to be “routine” thefts or other human resource issues
  11. 11. What is a “Leading Practice?” Page 10 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  12. 12. Boards May Use Compliance as a Defense Strategy; Feds Expect More Oversight “Board members are increasingly entering the compliance fray, and five years from now compliance will have the same level of board oversight as the organization’s finances, a former federal prosecutor says. As regulators, prosecutors, stockholders and other stakeholders demand more from boards, they are asking management, including compliance officers, for more evidence that the compliance program is accomplishing its goals instead of merely rubber-stamping reports.” – Report on Medicare Compliance, August 4, 2014 Page 11 High Level Oversight September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  13. 13. Page 12 I - High Level Oversight Compliance Officer (CO) is not a member of senior management and does not have access to the Board of Directors. This could jeopardize the effectiveness of the Compliance program. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat CO Reports Directly to the CEO or equivalent (i.e., President) and has unfiltered access to the CEO. Organization must demonstrate that the CO’s reports reach the CEO. Lack of management understanding, involvement, and support of the compliance program – an organizational culture that does not put a priority on compliance. Industry Best Practice – The CEO’s incentive compensation is tied to the effectiveness of the compliance program.
  14. 14. I - High Level Oversight (Cont.) Page 13 Risk areas within the organization go undetected. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Industry best practice - The compliance risk assessment is part of a broader enterprise wide risk assessment that includes input from departments such as internal audit, legal, quality, IT, risk management, etc. to ensure adequate coverage. Industry best practice - The risk assessment includes the potential for fraud.
  15. 15. I - High Level Oversight (Con’t) Page 14 Governance’s lack of support and knowledge of the Compliance Program. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat The Audit Committee has at least one member knowledgeable of healthcare compliance. The activities of the Audit Committee are reported to the full Board and the Compliance Officer presents at least an annual report to the Board. CMS Best Practice – Governing Body Resolution supporting the Compliance Program and adherence to compliant, lawful and ethical conduct. CO has executive session with the Board (without the CEO Present) on an annual basis. Assessments include feedback from the Audit Committee Chairperson, CEO and CO regarding the completeness of the compliance reports, the knowledge of committee members, the appropriateness of the committee discussion.
  16. 16. II - Policies and Procedures Page 15 Lack of policies and procedures that document the framework of the compliance program jeopardizes the effectiveness of the compliance program, and could lessen the ability to demonstrate to regulatory bodies the presence of an effective compliance program. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Assess the extent to which policies and procedures are written clearly and include “real-life” examples. If Conflict of Interest disclosure statements are not obtained from each trustee, officer, Board or other committee member and key management and employees, unidentified conflicts of interest could exist that could compromise, or appear to compromise judgment. Review minutes of meetings from the appropriate governance body for the past 12 months to determine whether conflicts of interest were disclosed in accordance with policies and/or procedures.
  17. 17. II - Policies and Procedures (Con’t) Page 16 Departments that are impacted by regulatory changes are not aware of them, which results in denial of claims and potential allegations of false claims. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat There are documented mechanisms to monitor regulatory updates, including National Coverage Determinations (NCD) and Local Coverage Determinations (LCD), and communicate them to the associates and medical staff members impacted by them. Associates might leave the organization with knowledge of potential compliance issues and subsequently become whistle-blowers. If exit interviews are completed for any associates, there is at least one question regarding knowledge of potential compliance exposure and a mechanism to inform the CO if any are identified.
  18. 18. Open Lines of Communication Page 17 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  19. 19. III - Open Lines of Communication Page 18 Compliance issues could be occurring without being reported to management. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Volumes of reports received are tracked and compared to prior periods and to industry norms. A leading practice is to have the capability of reporting to the hotline anonymously on-line. Exit interviews are conducted by the CO for high-risk/leadership associates.
  20. 20. IV - Training and Education Page 19 New associates lack understanding of the compliance program and their related rights and responsibilities. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat CMS Best Practice - Mechanism to measure effectiveness of training. Industry Best Practice – Compliance Quizzes provided to Physicians/Medical Staff . CMS Best Practice - Training is provided in various formats to keep associates engaged (in person, on-line, games, etc.). Industry Best Practice - Connect headlines and case studies to real issues within organization. Industry Best Practice - Demonstrate linkage between organization’s strategies and a strong ethics and compliance program.
  21. 21. IV - Training and Education (Con’t) Page 20 Medical Staff lacks understanding of the compliance program and their related rights and responsibilities. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Compliance education and information specific to regulatory changes that directly impact them is routinely provided to the Medical Staff. Compliance department staff are not kept current regarding compliance risk areas or leading practices for compliance programs. Compliance department staff attend conferences and webinars, subscribe to publications and the OIG’s email list, monitor the OIG’s website and network with peers to stay up-to-date and get ideas. Governance lacks understanding of the compliance program and their related rights and responsibilities. Compliance education and information specific to the entity’s compliance program is provided to the Board members at least once every 24 months and the Board Audit Committee, if applicable, at least annually.
  22. 22. V - Monitoring and Auditing Page 21 False claims could be submitted if auditing and monitoring by qualified independent auditors does not occur. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat CMS - The compliance plan must include an independent assessment of the compliance program and be shared with the Board. CMS - The auditing/monitoring element must include “first tier” entities. This includes entities where the organization has outsourced key elements of their processes (i.e. billing, collections, quality, safety).
  23. 23. VI - Response to Deficiencies Page 22 Responses to deficiencies do not effectively address the deficiencies. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Periodic reviews of problem areas were conducted to verify that the corrective actions successfully reduced or eliminated existing deficiencies. Deficiencies are not addressed on a timely basis. Corrective action plans are implemented within agreed-upon timetables.
  24. 24. VII - Consistent Enforcement Page 23 Inconsistent disciplinary or other actions are taken in response to compliance policies. September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat CMS – Must maintain evidence of disciplinary action for a period of 10 years. • Date violation reported • Description of violation • Date of investigation • Summary of findings • Disciplinary action taken • Date disciplinary action taken CMS – If the HR function is responsible for conducting disciplinary actions there must be a formal process for communicating with the CO on actions taken. CMS - Publish de-identified disciplinary actions taken to demonstrate that the Sponsor acts on violations of the Standards of Conduct.
  25. 25. Self-Assessment Resources Page 24 https://www.cms.gov/Medicare/Compliance-and-Audits/Part-C-and-Part-D-Compliance-and- Audits/Downloads/Compliance-Program-Effectiveness-Self-Assessment-Questionnaire.pdf September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  26. 26. Self Assessment Resources Page 25 http://oig.hhs.gov/compliance/compliance-guidance/ September 3, 2014 Compliance Effectiveness Assessments docs/Health_Care_Directors_Compliance_Duties.pdf Prepared for Georgia Hospital Association Compliance Officers Retreat
  27. 27. Self Assessment Resources Page 26 Health Care Compliance Association http://www.hcca-info.org September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  28. 28. Page 27 Questions? September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat
  29. 29. Page 28 Shannon Sumner, CPA ssumner@pyapc.com September 3, 2014 (865) 673-0844 Compliance Effectiveness Assessments Thank You! Principal Prepared for Georgia Hospital Association Compliance Officers Retreat

×