Compliance TODAY February 2014 a publication of the health care compliance association www.hcca-info.org Congratulations, Brian! an interview with Brian Patterson the 6,000 th person actively certified by the CCB See page 16 23 An emerging frontier: The Accountable Care Organization compliance program Meg Grimaldi 29 The Anti-Kickback Statute: A continuing compliance challenge Suzanne Dallas Castaldo 34 Stark s non-monetary compensation exception: A comprehensive analysis Robert A. Wade and Mark T. Morrell 43 Branding on a budget Kristi Barnd This article, published in Compliance Today, appears here with permission from the Health Care Compliance Association. Call HCCA at 888-580-8373 with reprint requests.
by Meg Grimaldi, CHC, CCEP An emerging frontier: The Accountable Care Organization compliance program ACO sponsorship and culture are the drivers of compliance innovation. Achieve success by leveraging existing compliance programs and structures. Involve ACO participating organizations in your program design. Engage clinicians to forge a link between quality and compliance. Be willing to go back to the drawing board. Meg Grimaldi (mgrimaldi@emhs.org) is the Compliance Officer for Eastern Maine Healthcare Systems & Beacon Health LLC in Brewer, ME. Grimaldi After years of aligning healthcare compliance programs to the seven elements of an effective compliance program, the arrival of the Accountable Care Organization (ACO) has created an expectation that compliance programs become more innovative. The type of ACO sponsorship and the culture of participating organizations will drive compliance innovation. Although the form of this innovation is yet to take shape, all ACO compliance programs will be expected to meet requirements that go beyond the minimum standards of a traditional healthcare compliance program. Traditional compliance program guidance Compliance officers have long used the Office of Inspector General s (OIG) compliance program guidance as the model for developing compliance programs that would, at a minimum, protect their organizations from the risks associated with fraud, waste, and abuse. Except for risks specific to different segments of the healthcare industry, compliance program guidance has been relatively uniform and aligned with the so-called seven elements: Written policies and procedures Compliance officer, Compliance Committee and high-level oversight Regular and effective training and education Effective lines of communication Well-publicized disciplinary standards Internal monitoring and auditing Prompt response to compliance issues Although these core elements still form the basis for the ACO compliance program, compliance officers who accept the challenges of ACO compliance may feel unsettled. How do we implement an effective compliance program as different ACO models shift the compliance landscape from the familiar 888-580-8373 www.hcca-info.org 23
territory of the covered entity to one that is less charted, where competitors now work together to achieve the Triple Aim 1 of better care, better population health, and reduced costs? Start with the basics as your foundation, then build from there. Compliance requirements for the ACO Under the Patient Protection and Affordable Care Act of 2010 (Pub. L. 111 148), as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L 111 152), collectively known as the Affordable Care Act (ACA), ACOs are required to implement a compliance plan with specific elements. 2 These elements include: a designated compliance official who is not legal counsel to the ACO and who reports directly to the ACO governing body (this person can also be the compliance officer from the ACO sponsor or a participant); mechanisms for identifying compliance problems relating to ACO operations and performance; a method for ACO employees or contractors, ACO participants, and suppliers to report suspected problems related to the ACO; compliance training for ACO/ACO participants and ACO providers/suppliers; and a requirement that ACO, ACO participants, and individuals or entities that perform services related to ACO activities report suspected violations to an appropriate law enforcement agency. Other key compliance program requirements include development of policies on: Marketing restrictions Conflict of interest policy Document retention policy ACOs participating in the Medicare Shared Savings Program (MSSP) also have certain waivers from the physician self-referral, kickback, gain-sharing, and beneficiary inducement prohibitions. These are not discussed in this article. Although some of these requirements look familiar, the government incorporated two requirements featured often in its compliance guidance and commentary. By requiring the compliance officer to be someone other than legal counsel, the conflict of interest that arises when the general counsel also serves as the entity s compliance officer is removed. In addition, the compliance plan is clearly expected to identify problems relating to operations and performance which presupposes compliance involvement in quality matters. Until fairly recently, quality and compliance have tended to coexist in different silos. This element supports the continued integration of quality with compliance. Another difference in the ACO compliance requirements is that suspected violations are to be reported to an appropriate law enforcement agency. ACOs still have a responsibility to investigate alleged violations, but this provision was included to strengthen other program requirements and remedies that are intended to reduce the risk of fraud and abuse. In this regard, the responsibility to report is akin to other self-disclosure measures. The compliance/quality challenge Many healthcare organizations have integrated compliance and quality, but not all have started on this journey. One of the first challenges an ACO compliance officer might face is how to break down the silo that still exists between the traditional compliance role and oversight for quality. Success in this area depends on how well the compliance officer integrates into the operational structure of the ACO organization. If your clinicians have not yet discovered that quality is a compliance concern, and you are not included in discussions and decisions 24 www.hcca-info.org 888-580-8373
relating to quality measures and performance, it will be important to address this gap at the beginning. Forging a strong relationship with clinician leaders and engaging them in the compliance-quality discussion is a must. Ensure that compliance has a role in quality reviews of ACO operations and ACO providers and suppliers. asking participants to revise their Notice of Privacy Practices to include ACO care management and care coordination activities; having all participants modify their document retention schedules to include ACO documents; and using a single compliance line to report suspected problems. Developing the compliance plan Another challenge for the ACO compliance officer role is how to create a working compliance plan for the ACO while recognizing that many ACO participants likely have both an existing compliance officer and a compliance plan. The cultures of the ACO participants may make integration within the ACO compliance plan easy or more difficult. Some participant compliance officers will welcome the opportunity to create an integrated compliance plan for ACO activities; others may feel a loss of control over their own compliance programs. There are ways to take a balanced approach to the ACO compliance plan to ensure active support from participants. Depending on the structure of the ACO, an ACO compliance plan can leverage the existing compliance programs and structures of participants. Areas where leveraging is possible include: What is new is the likelihood that more conflicts will emerge in ACOs, because some participants will be competitors. creating a compliance committee of participant compliance officers to keep them informed and involved; using participant compliance officers to provide oversight for ACO activities within their entities, and create a structure that includes regular reporting directly to the ACO compliance officer; This approach can be complemented by gaining agreement from participants on certain overarching ACO compliance policies as approved by the governing body. The main benefit of this approach is that it creates shared responsibility and accountability for measures that will determine the effectiveness of the ACO compliance program. Conflict-of-interest policy Developing a workable conflict-of-interest policy will also be a challenge. A conflict-ofinterest policy requires each member of the governing body to disclose relevant financial interests, provides a process for determining and handling conflicts, and includes remedial actions for failures to comply. This isn t anything new. What is new is the likelihood that more conflicts will emerge in ACOs, because some participants will be competitors. Start with your own conflict-of-interest policy and disclosure statement as a foundation for your ACO policy. If you work in a tax-exempt non-profit, remember that your policy will have to be changed to meet the needs of the ACO. In addition, remember that ACOs inherently create risk to the tax exemption status of participating non-profits, because they are not operated exclusively for charitable purposes. 3 For guidance, review the five-part test used by the Internal 888-580-8373 www.hcca-info.org 25
Revenue Service to address issues relating to private inurement or impermissible private benefit for tax-exempt participants in ACOs. 4 Compliance education If you have struggled for years to find the right balance between information and effectiveness in your compliance education, this will be another area high on your list of challenges. Again, the structure and culture of the ACO and its participants will shape your approach. Some employees may be dedicated to the ACO, but others may perform dual functions with part of their time devoted to the ACO and part of their time devoted to non-aco activities. Many employees have difficulty understanding that different standards will apply to their different roles. In addition, you are obligated to train not only ACO employees, but also ACO providers and suppliers. Your education plan will need to incorporate the specific regulatory and policy requirements of your ACO, and still cover some familiar ground, such as HIPAA Privacy and Security. Even that is not so simple. As many ACOs are finding, the Centers for Medicare and Medicaid Services (CMS) Data Use Agreement (DUA) poses new security challenges for data sharing, because CMS information is also protected under the Federal Information Security Management Act (FISMA). Even a moderate level of compliance with FISMA requirements will impact your information security policies and practices. Make sure you take this into consideration when developing your compliance policies and compliance education. Be ready to go back to the drawing board I have had calls from more than one ACO compliance officer asking me about setting up an ACO compliance program. The first thing I tell them is, I ll share what I am doing and then Earn Your HEALTH CARE COMPLIANCE CERTIFICATE ONLINE Award-winning program Taught by world-class faculty Now offered in a flexible online format Competitive tuition Complete the program in just one year Designed for working professionals Offered by Hamline University School of Law For more information: law.hamline.edu/ohcc 26 www.hcca-info.org 888-580-8373
maybe we can talk about your program. The fact is, many compliance officers are eager to accept the challenges of working with ACOs. They just are not sure about what ACO compliance will look like and how different this will be from what they currently do in their non-aco roles. Again, this is where ACO structure and culture come in, as many ACO participants work side-by-side with traditional fee-for-service healthcare. Don t worry if you haven t figured it out yet. Participants in your ACO are also trying to figure out how things will work best. As an employee of an ACO participant shared with me, I still can t understand why we are in an ACO. I mean we are a hospital. Why would a hospital want to adopt a model of care that keeps people away from the hospital? I just don t get it. The benefits of starting with your own compliance program as a foundation for ACO compliance is that you will be grounded in something that is familiar. Decide how you will meet the requirements of the ACO regulations and your ACO compliance risks; this is the beginning of your compliance program. All that is missing at this point is the innovation. Make that your next goal. ACO sponsoring organizations and the culture of the participating organizations will have a lot of influence on how innovative your compliance program will be. Take heart If we can find new ways to improve patient care, achieve better health outcomes, and reduce our costs, it is probably time to rethink the design of healthcare compliance programs. One thing I am sure of is that you will have to go back to the drawing board more than once to get your ACO compliance program right. 1. Institute for Healthcare Improvement, IHI Triple Aim Initiative. See http://bit.ly/19dhuyc 2. 76 FR 67952-67958 3. Sarah Swank: ACOs Present Different Versions of Traditional Compliance Challenges, Report on Medicare Compliance, June 17, 2013. Available at http://bit.ly/jqgu0k 4. IRS Fact Sheet: Tax-Exempt Organizations Participating in the Medicare Shared Savings Program through Accountable Care Organizations. FS-2011-11, Oct. 20, 2011. Available at http://1.usa.gov/1d4qgmt Law360 has named King & Spalding s healthcare practice as a Health Care Practice Group of the Year for 2012. We achieved this by delivering value and security to our clients every day. www.kslaw.com/health 888-580-8373 www.hcca-info.org 27