2013 Healthcare Compliance Benchmark Study

Transcription

1 2013 Healthcare Compliance Benchmark Study Presented By: and

2 Executive Summary Beginning in early December of 2012, Compliance 360 (now part of SAI Global), conducted a survey among compliance professionals in the Healthcare Provider industry lasting over a six week period. Respondents were asked questions relating to budget and priority areas for their compliance departments in In all, 1,056 healthcare compliance professionals responded to this survey, representing organizations from all 50 states, and ranging in size from larger healthcare systems with over 1,000 beds to critical access hospitals, as well as a variety of other healthcare provider organizations including physicians groups, behavioral health, laboratories, nursing homes, home health providers, and long term care facilities. Demographics Survey participants were comprised predominantly of individuals in compliance roles - Chief Compliance Officers (24%), Directors of Compliance (14%), and Compliance Managers (12%): The majority of survey participants represented Healthcare Systems (63%) with bed sizes ranging mostly between 251 1,000 beds:

3 Survey participation was greater in the Southeast and Midwest accounting for nearly two-thirds of survey participants:

4 Benchmark Findings 2013 Compliance Program Budget Expectations In 2012, Healthcare providers were faced with a variety of compliance and audit challenges including an increase in the volume and frequency of overpayment audits, the introduction of Medicaid RAC audits, the rollout of new programs enacted by PPACA, e.g., the Readmissions Reduction Program, and the introduction of the HIPAA Privacy & Security Audit Pilot Program by the Office of Civil Rights, just to name a few. When reviewing the budget expectations for 2013 compared to previous years surveys, we see the continuing trend of increasing compliance program budgets: Additionally, we asked survey participants expecting to increase their budget for 2013, in which areas they anticipate allocating the additional budget.

5 As evident by the chart on the previous page, 41% indicated they have plans to hire additional compliance personnel, 40% plan to invest in elearning and Education for their organizations, 37% plan to use the increased budget for consulting and legal services, 28% plan to invest in software and technology to automate and streamline compliance processes, while 13% indicated Other. Among the survey participants that chose Other, one of the more notable answers by one survey participant indicated they intended to use the budget increase as Reserves for payment adjustments from audits Compliance Program Priorities We provided survey participants with a list of the top compliance program areas and asked them to indicate the priority level for each. A ranking of Top Priority would indicate program areas that are most important and most urgent, therefore garnering significant dedication of time and compliance resources toward addressing this issue. A High Priority ranking would indicate program areas that are very important, but not as urgent as a Top Priority and would receive adequate resources to address. A Medium Priority ranking would indicate areas that are less urgent and less important with limited resources dedicated to address the issue while a Low Priority ranking would indicate program areas that are not urgent or important at the moment with minimal resources to address the issue. In comparing the 2013 results to 2012 results, we found that the top three issues were the same, albeit, in slightly different order ) Compliance Self-Assessments, 2) Medicare RAC, 3) Employee Compliance Training & Education. In assessing the primary drivers for our survey participants compliance program priorities, as expected, the vast majority (82%) listed Increasing focus and audits from CMS. Of note, more

6 survey participants indicated Revenue Protection and Brand Protection than Pressure from the CEO or Board. Demonstrating Compliance Effectiveness The Center for Medicare and Medicaid Services (CMS) continues to transition beyond retrospective audits to a proactive focus on compliance program effectiveness. Section 6401 of the Patient Protection and Affordable Care Act (PPACA) mandated that all health care providers enrolled in Medicare, Medicaid, and the Children's Health Insurance Program (CHIP) establish a compliance program as a condition of enrollment. CMS has already issued Compliance Program Guidelines for Medicare Advantage organizations and Medicare Prescription Drug Plans, and most industry pundits believe it is only a matter of time before CMS issues similar guidelines for healthcare providers. Based on this growing trend, we were not surprised to see that 77% of our survey participants indicated that Demonstrating Compliance Effectiveness was either a Top Priority or High Priority compared to 75% that indicated this was a high priority area on our 2012 survey and 40% on our 2010 survey. In our 2013 survey, we asked survey participants to indicate who in their respective organizations would lead the process of determining compliance and ethics program effectiveness. The overwhelming majority (73%) of survey participants indicated that the Chief Compliance and/or Ethics Officer in their organization are responsible for demonstrating compliance program effectiveness. Eleven percent indicated that another individual is responsible for compliance and ethics, e.g., a VP or Director of Compliance/Ethics followed by General Counsel (6%), Internal Audit(6%), and Other(4%) which was comprised primarily of CEOs and board level committees.

7 As in past years surveys, we asked survey participants to indicate the method(s) they use to demonstrate compliance program effectiveness along with their degree of confidence. The results are similar to those of our surveys in past years with 73% of 2013 participants indicating they use Internal Audit and/or assessment results compared to 73% in 2012 and 65% in Internal Audit Results also compare similarly to past years with 45% of 2013 participants, 41% of 2012 participants, and 34% of 2011 participants indicating that they used this method. For our 2013 survey, we provided three new choices Hotline / Incidents / Case Management Data, Training Completion Rates, and Regulatory Audits or Reviews. All of these methods ranked higher than methods indicated in

8 previous years surveys including Manual Scorecard with 39% of 2013 participants, 43% of 2012 participants, and 31% of 2011 participants indicating this method. Additionally, we asked 2013 survey participants to indicate the process they use for conducting compliance self-assessments. Fourteen percent indicated they were using a packaged software system to conduct compliance self-assessments compared to 11% in 2012, 12% indicated they were using internally developed tools compared to 14% in 2012, 27% are using ad-hoc processes compared to 23% in 2012, and 47% are using a manual, but well-defined process for conducting compliance self-assessments compared to 52% in Based on the methods and processes used to demonstrate compliance effectiveness, we asked survey participants to indicate their level of confidence in the method(s) they are using. A combined 38% indicated that their method(s) are already proven through external or internal audits, virtually unchanged from our 2012 survey, and up from 22% in Sixteen percent indicated that they are highly confident in their method(s) even though they aren t proven, which is slightly higher than the 14% of 2012 participants that indicated the same, and higher than the 10% in Twenty-nine percent of 2013 participants are moderately confident compared to 35% of 2012 participants and 27% of 2011 participants. While compliance professionals are continuing to refine their methods of demonstrating compliance program effectiveness, the chart below suggests that there are certain areas that are still challenging.

9 Medicare RAC, Medicaid RAC, and Other Claims Audits and Denials Medical claims audit activity has maintained a steady ascent over the last couple of years. Based on data published by CMS and illustrated in the chart below, the Medicare RAC program continues to build momentum with collected overpayments now totaling $3.9 billion to date. In comparing year over year total dollars, the total overpayments have increased significantly since For October through December of 2012 alone, there were nearly as many dollars recouped as there were in all of FY Based on this staggering increase, it was also of little surprise to see Medicare RAC rank so highly among all compliance program priorities. While the majority of participants in the 2012 and 2013 surveys indicated that Medicare RACs posed the greatest threat, we noticed a slight decline in MIC audits as a compliance priority, due perhaps to the Medicaid RAC program getting underway.

10 Other Top Compliance Program Priorities With the healthcare laws and regulations changing so frequently, Employee Compliance Training continues to rank among the top compliance program areas, having ranked in the top 5 in our 2010, 2012, and 2013 surveys. Our 2010 survey was conducted prior to the passing of the Patient Protection and Affordable Care Act; however, it demonstrates that keeping employees educated on ever-changing laws and regulations is always a challenge and healthcare reform only compounds the challenge. In 2012, the HHS Office for Civil Rights (OCR) began a pilot program to perform proactive audits of covered entities, assessing privacy and security compliance as mandated by the HITECH Act. The program will continue in 2013 and will be expanded to include audits of Business Associates. HIPAA OCR Audits ranked slightly higher among compliance program priorities from in 2013 compared to Documenting and Investigating Incidents also continues to rank high among compliance program priorities. As outlined in the Seven Elements of an Effective Compliance and Ethics Program, responding appropriately to incidents and taking steps to prevent future incidents is essential to demonstrating an effective compliance program. Given the rise in whistleblower cases, it makes sense that healthcare organizations would rather respond directly to incidents and handle them internally, before they become a topic of focus for a regulatory authority or prosecutor.

11 Conclusion SAI Global would like to thank all of the healthcare compliance professionals that provided their valuable input to this benchmark study. As evident by the findings of this benchmark, many healthcare providers have increased their compliance budgets to address a variety of compliance challenges, some old and some new. SAI Global recommends that healthcare providers consider using software applications specifically designed for Risk Management, Regulatory Compliance, Internal Audit and Claims Audit Management to automate and streamline their governance efforts. By leveraging proven applications as many are already doing, healthcare providers will have the visibility needed to identify gaps, remediate issues and ultimately demonstrate the effectiveness of their compliance programs. For more information, please visit