CREATING A COMPLIANCE PROGRAM FOUNDATIONS FOR INTELLECTUAL DISABILITY PROVIDERS

GOALS Overview of the Environment, a case study of Elwyn and their local authority working through a July 2011 Office of Inspector General Audit. Provide a general orientation & framework for thinking about compliance Provide the Pittsburgh Mercy perspective of fusing compliance, risk, and quality together

OUR SUBJECT Elwyn Center in Vineland, New Jersey A Subsidiary of the Elwyn Center in Philadelphia - Total operating budget of $34m - Accepts federal Title XIX funds through a waiver - NJ Community Care Waiver (CCW) is distributed by a local authority - The local authority (the county department) claimed $69.7m for services provided by Elwyn during the review period (January 1, 2005 to December 31, 2007) - Each beneficiary must have an individual plan of care AND a level of care assessment completed each 12 months - Elwyn of NJ accepts reimbursement for their Intellectual Disability Services (including residential, day programs, and employment service)

THE AUDIT Conducted by the Office of Inspector General Look Back period was between January 1, 2005 and December 31, 2007 Fieldwork completed at both Elwyn Offices & the local authority in Trenton, NJ OIG selected a stratified, random sample of 110 beneficiary-months of service Audit Tested; - If the each beneficiary was assessed by a qualified specialist - If the program services were provided in accordance with the individual plan - If the staff providing the service meet the qualification & training requirements - If the documentation supported the program service billed - If the services provided were in accordance with federal & state standards

THE FINDINGS OIG Concluded that Elwyn & the local authority improperly claimed federal reimbursement for HCBS Waiver services Total Payback in claims $903,375 (the lower control limit of the sample) Elwyn did NOT ensure they only claimed documented & allowable service - Claims for service paid that were not adequately documented to support the claims for payment - Local agency claimed reimbursements for services that were not provided; records at Elwyn did not support that some respite care and community support services were provided - Local agency claimed reimbursements for services that neither Elwyn nor the agency could provide individual plans for service Local Authority did not ensure that all beneficiaries were properly assessed in accordance with standards Local Authority did not ensure that program services were completed and approved

AGGRESSIVE APPROACHES RESULT IN RECOVERIES Both the local authorities (the county) & providers are subject to reviews Local authorities requested adjustments to the OIG findings (requesting disqualification of three samples) OIG maintained all findings!

WHAT CAN WE LEARN EFFECTIVE Compliance programs ARE important!! Pressures are shifting in new directions (from just existence of programs to more robust approaches to security, privacy, detection and prevention of wasteful spending) Intellectual Disability funding CAN be high risk target for recoveries Reform (regardless of the fate of PPACA) will push providers beyond just meeting statutory requirements Providers (and local authorities) must prove that services are reasonable & necessary DOCUMENTATION IS KEY!! Another example of the shift toward use of federal money to pay for value

A FOUNDATION IS CRITICAL TO A GOOD COMPLIANCE PROGRAM Cornerstones include Compliance & Ethics Leadership & Culture Legal & Regulatory Accountability & Responsibility

FOUNDATIONS OF COMPLIANCE COMPLIANCE & ETHICS Balances your approach Rules Based Focuses on preventing and punishing violations of laws Integrity Based Defines organizational values and encourages employee commitment to ethical aspirations LEADERSHIP & CULTURE Starts at the TOP The leadership team creates and maintains the ethical framework for the organization The board and management create the cultural and ethical framework for managing risks

FOUNDATIONS OF COMPLIANCE LEGAL & REGULATORY Understands the legal requirements Federal Sentencing Guidelines for Organizations (FSGO) - Determines monetary fines for serious organizational offenses - Establishes components for organizational fines, restitution, and remedial orders; lower sanctions levies for organizations with compliance programs - Focuses on governance ACCOUNTABILITY & RESPONSIBILITY The buck stops with YOU Encourage employees to ask questions Adopt statements of values and ethics Establish mechanisms for reporting misconduct Sarbanes-Oxley Act 2002 (SOX) - Defines a higher level of responsibility, accountability, and financial reporting transparency

AVOID RATIONALIZATIONS In an April 21, 2007 interview in the Wall Street Journal, Ben Gibson, the convicted former Enron treasurer, notes rationalizing ones behavior is an easy, dangerous practice and fraught with risk It s easier to get here than you would think. It s easier to wind up on the wrong side and get involved in something that you shouldn t. Then you craft a rationalization as to why it s OK. People, me specifically, can rationalize a great deal. And at Enron, there were a lot of different flavors of rationalizations. Ben Gibson, Former Enron Treasurer

WHAT ARE THE ELEMENTS OF COMPLIANCE The FSGO identifies (7) elements Written Standards & Procedures Board & Leadership Oversight Education & Training Systems Communication Systems Audit & Monitoring Approach Response & Prevention Enforcement Activities

ELEMENT 1: WRITTEN STANDARDS & PROCEDURES Establish a code of conduct for those representing the organization (including the board & volunteers) Establish Specific Policies for High risk areas including security, privacy, business associates, releases of information, etc. Claims submission & documentation management Managing cost reporting procedures Assuring services are both reasonable & necessary Managing anti-kickback and self-referral concerns (such as contracting policies) Managing credit balances Documentation retention Embedding compliance standards in performance evaluations of managers, directors, & supervisors

ELEMENT 2: PROGRAM OVERSIGHT Designate a Compliance Officer Reports directly to the board Provides education Monitors regulations & laws Coordinates internal & external reviews Independently investigates and acts on matters Implements a operational compliance management committee Board Oversight Fiduciary Duty Duty of Care Duty of Loyalty Duty of Obedience

ELEMENT 3: EDUCATION & TRAINING Content should be directed to the board, corporate officers, managers, supervisors, and staff Content should overview of the Compliance Program (Seven Elements) Content should summarize laws on fraud and abuse (including the elements of the False Claims Act & Managing Mandatory Overpayments) Communicate standards of conduct Provide clarification on policies including Conflict of Interest, documentation expectations, etc. Define practices for managing Privacy & Confidentiality Define Employee responsibility to report misconduct & how to do so Require training for new employees within 90 days of hire & annually as a condition of continued employment

ELEMENT 4: COMMUNICATION SYSTEMS Implement an Anonymous Hotline Develop Whistleblower Policies Promote to all employees, board members and corporate officers open access and communication to the Compliance Officer (through direct contact) Post Compliance Program information conspicuously in facilities

ELEMENT 5: AUDIT & MONITORING Investigate systemic problems such as standard procedure reviews & claims submission audits Monitor/coordinate Internal & External Audit Procedures Investigate fraudulent billing practices Review & document policy violations Review claims processing, documentation, and coding practices Review cost reporting functions Review marketing functions Review lobbying & advocacy functions Complete Policy/Procedure reviews and assure practices adhere to those standards

ELEMENT 6: RESPONSE & PREVENTION Respond to Allegations of Improper or reported Illegal Activities Detect violations of the compliance program Initiate investigations when conduct is in question Clearly identify and articulate Disciplinary Action expectations and procedures relative to issues of wrong doing Report & self-disclose when credible evidence of misconduct has been substantiated after a reasonable investigation Return any and all overpayments for federal and/or state health program dollars

ELEMENT 7: ENFORCEMENT ACTIVITIES Coordinate sanction screening procedures (for the board, new employees, licensed employees, and staff) Provide guidance regarding disciplinary action for corporate officers, managers, employees and other professionals representing the organization Provide guidance on what a reasonable and prudent background investigation should entail (including reference checks as part of the employment process).

COMMON RISK AREAS Each program should assess, identify and respond to key risk areas Distinguishing the difference between erroneous & fraudulent claims for service Developing systems to detect and prevent fraud, waste, and abuse Coding and billing for service (including reporting and claiming funds from the state and county authorities) Assuring that services provided (and claimed) are both reasonable & necessary Documenting services provided (eligibility, assessment, supports plans in accordance with PA bulletin 00-07-01) Avoiding improper inducements (antikickback statutes DO apply to intellectual disability Providers through contractual relationships)

FRAUD, WASTE, & ABUSE Fraud Defined by BPI as any type of deception or misrepresentation by an entity or person with the knowledge that the deception could result in some authorized benefit or payment Waste Intentional or unintentional, thoughtless or careless expenditure, consumption mismanagement, or squandering of government resources to the detriment or potential detriment of public programs. It includes incurring unnecessary costs as a result of inefficient and ineffective practices, systems, or controls Abuse Any practice that is inconsistent with sound fiscal, business, or clinical practices and result in unnecessary cost to the Medicaid programs OR reimbursement for service that is not necessary or fails to meet professionally recognized standards or contractual obligations

ERRORS VS. FRAUD OIG Guidance can be found in 65 CFR 59436 Providers & organizations are not subject to criminal, civil, or administrative penalties for innocent errors An EFFECTIVE compliance program should sort-out errors from fraud which is reckless disregard or deliberate ignorance of the falsity of claims. When errors are discovered, you must return funds improperly or inappropriately claimed Each provider has a duty to reasonably ensure that claims for service are true and accurate & must engage in a good faith effort to work cooperatively (with the payer) on voluntary compliance to minimize errors and prevent potential penalties for improper billing before they occur.

IN PLAIN TERMS ERRORS Legitimate mistakes made & corrected FRAUD Deception or misrepresentation of claims for reimbursement not prevented or detected WASTE Inefficiencies in the delivery of service (not reasonable & necessary) & rationalized ABUSE Bending the rules such as bundling costs or improper billing & overlooked

NOW, WHAT DO YOU DO How do you approach compliance & all the complexities associated with it when resources are limited?

CONSIDER REORGANIZING

BENEFITS OF A FUSION PROGRAM Coordinating these efforts can mitigate any potential penalties when errors are uncovered or allegations of fraud, waste, or abuse are founded Compliance efforts can be an opportunity for demonstrating the organizations commitment to risk management and quality improvement The fusion model focuses on reducing costs and assuring best practices and in the end this may increase revenues Overall operations can improve if the focus is more on how to detect issues and correct systems rather than solely focusing on preaching rules.

SOME IMPLEMENTATION OPPORTUNITIES Assess your highest risk areas; target interventions for improving compliance (maybe begin with your budget) Develop & Document your work plan; include areas for continuous quality improvement for identified targeted risk areas Be proactive; create a culture of new values that seek to uncover and correct problems and build standards and expectations rather than waiting for them to be dictated Memorialize your program; document the elements of the program along with the work plan, pull policies together Track & measure contacts (both direct & hotline); implement a logging process for your compliance officer to track and respond systemically to concerns

WHAT ABOUT THE FUTURE What can we expect in the coming years when it comes to compliance?

MORE OVERSIGHT Federal government, through the Office of Civil Rights, will be conducting audits of HIPAA covered entities - Testing privacy, security, and breach notification Increased state Medicaid integrity audits & state fraud control units will be implemented - Medicaid contractors will be assigned regionally to look-back on Medicaid claims submitted (looks backs may expand between three and five years New standards of payment for value will become more of a reality - Developing standards for automation of documentation, requirements for automated standards for exchanges of information, pressures for improved decision support at the service delivery level, & consistent documentation standards & practices driven by plan

FOCUS ON OUTCOMES Integration of services provided & concrete measures of Health Related Quality of Life Outcomes (HRQOL) - May be disease specific and require use of instruments that measure healthy days, healthy activity levels, activity limitations, physical & social well being, etc. Continued focus on quality measurement activities that will shape ongoing policy - Improvement domains include safety, effectiveness, timeliness, efficiency, equability, and person-centered care Focused accountabilities for high-quality care & continuous improvement - Consistent, standard measures for outcomes and process, deeper incorporation of health technology, integration of care and service, and managing by data (benchmarking)

QUESTIONS & COMMENTS FEEL FREE TO CONTACT ME IF YOU HAVE ANY QUESTIONS!

ADDITIONAL RESOURCES Dispelling the Top 10 Myths of HIPAA/HITECH Compliance (Available at Session) By John 'J' Trinckes Jr., CISO/EVP/Founding Partner of Mulholland Information Security www.hitechassessment.com 2011 Federal Sentencing Guidelines, Chapter 8 Effective Compliance & Ethics Programs http://www.ussc.gov/guidelines/2011_guidelines/manual_html/8b2_1.htm HIPAA Survival Guide http://www.hipaasurvivalguide.com/ OIG FY 2012 Work Plan & the OIG Semiannual Report to Congress (Fall 2011) http://oig.hhs.gov/reports-and-publications/semiannual/index.asp Federal Register Compliance Resources; Program Guidelines for Individual & Small Practices http://oig.hhs.gov/authorities/docs/physician.pdf OIG Compliance Resources; including self-disclosure & safe-harbor regulations http://oig.hhs.gov/compliance/ PA Medicaid Fraud & Abuse Program(s) http://www.dpw.state.pa.us/learnaboutdpw/fraudandabuse/index.htm MediRegs ComplyTrack Suite http://www.mediregs.com/files/1007-1/mediregsct.pdf ComplianceConcepts; resource for both sanction screening & establishing a hotline http://www.complianceconcepts.com/corporate/services.asp