Healthcare Requirements Addressed by Compliance 360
The Compliance 360 on-demand solution for healthcare reduces the
overhead and risks of regulatory compliance initiatives, enabling
increased focus on the core business of providing quality health
care. With over 100,000 active users, Compliance 360
is the most widely used compliance, risk and governance solution
in
the
healthcare industry today. Key healthcare industry requirements
addressed by Compliance 360 include:
Preparing for a Joint Commission survey can be challenging process
for any healthcare provider. At a minimum a hospital must be completely
familiar with the current standards, examine current processes, policies
and procedures relative to the standards and prepare to improve any
areas that are not currently in compliance. The Hospital must
be in compliance with the standards for at least four months prior
to the initial survey. The hospital should also be in compliance
with applicable standards during the entire period of accreditation
which means that surveyors will look for a full three years of implementation
for several standards-related issues.
How can Compliance 360 help?
Compliance 360 can help you organize all policies and procedures
in a manner that streamlines the preparation for a survey and expedites
the survey. The solution will also help you track all details
related to incidents to demonstrate adequate processes as evidence
of compliance with the relevant standards and guidelines. As
an example, contracts can be associated with the standards typically
found in the "Environment of Care" section of the Joint
Commission standards. An especially useful feature is the ability
to manage the standards with associated a common taxonomy such as
federal and state regulations. All of this detail can be linked
together and managed through Compliance 360's exclusive Virtual Evidence
Room™.
As of November 1, 2008 hospitals must comply with an additional set
of new rules that pertain to the protection of patient information.
All organizations that issue credit by providing services in advance
of billing (this includes hospitals) must implement an identity theft
prevention program to be in compliance with the Identify Theft Red
Flags provisions of the new Fair and Accurate Credit Transactions Act
(FACT Act or FACTA).
These new "Red Flags" regulations are in addition to the
Administrative Simplification provisions under Title II of the Health
Insurance Portability & Accountability Act (HIPAA) that were
previously enacted to improve the efficiency of healthcare delivery
by establishing guidelines for standardizing electronic patient data
interchange and securing patient confidentiality. These HIPAA provisions
have had broad implications for healthcare providers because the
administrative oversight needed to stay in compliance impact an organization's
time, finances, even reputation.
When you consider the myriad of tasks, projects and assessments
that an organization must undertake to ensure an effective HIPAA
compliance program, you are likely navigating through multiple, independent
IT solutions and manual processes including: policy development,
incident reporting, employee surveys, policy acknowledgements and
risk assessments. Even if fully automated, staff must still expend
enormous effort to tie all aspects together to document evidence
of your overall HIPAA compliance efforts.
How can Compliance 360 help?
Compliance 360 offers a proven, web-based framework allowing you
to collaboratively manage your HIPAA compliance and Identity Theft
Red Flags compliance initiatives using a single, integrated solution.
You can identify the various provisions, show the policies developed
to address the provisions, document any risk assessments performed,
as well as tie employee training, relevant documents, incident reporting
and other remediation efforts back to the individual HIPAA and Red
Flags requirements within an easily accessible, Virtual
Evidence Room. With Contract
Management, you can efficiently achieve the oversight of service
provider arrangements, which is required by the Red Flags rules.
Through email integration, the vast majority of users are not even
required to log into Compliance 360 to collaborate on policy initiatives,
investigate and remediate incidents or participate in compliance
projects. View
On-Demand Red Flags Webinar
Within the context of a dynamic regulatory environment, today’s healthcare CFO’s must manage increasing financial risk to ensure the financial health of their organizations. Regulations such as Sarbanes-Oxley create many new challenges and risk management assessments are now being included in many of the credit and bond ratings conducted by Standard and Poors and the other ratings agencies. Finance executives must be able to efficiently manage compliance and risk reduction efforts working collaboratively with the corresponding line-of-business executives in their healthcare organizations.
How can Compliance 360 help?
Compliance 360 allows healthcare organizations to manage all facets of compliance and audit management within the framework of their overall corporate governance and risk management initiatives. The collaborative tools from Compliance 360 enable healthcare organizations to proactively demonstrate their corporate governance and strategic risk management initiatives by automating processes associated with assessing and monitoring risk, managing the risk response strategy, linking risk management data to compliance activities and providing a global view to all risk-related activities through an executive dashboard. Finance, audit and risk management professionals have the ability to organize and manage projects across the organization, document audit tasks and audit findings, track issues, manage remediation tasks, and record resulting actions.
To ensure the financial health of a hospital, it is critical that compliance is practiced, by all staff, throughout the revenue cycle process. From the beginning of the revenue cycle (patient registration and determination of insurance eligibility) to the completion (billing for services administered to patients), each successful step in the process minimizes the hospital’s A/R days and improves cash flow. Errors made by staff in the revenue cycle process, however, can prove detrimental to a hospital’s financial stability, reputation, and brand.
The requirements for compliance with laws and regulations, providing necessary care, accurately documenting each patient’s hospital experience, and generating clean claims for payment can create an overwhelming amount of overhead and responsibility. These measures are necessary however, to maximize the efficiency of your hospital’s revenue cycle process, protect your financial and reputational welfare, and maintain your organization’s compliance with the law.
How can Compliance 360 help?
The Compliance 360 solution lets you create customizable surveys to
audit for Medical Necessity and proper coding activity for instance. Our
secure, online solution allows for centralization and storage of all
Patient Financial Services documents (including signed ABNs, Acknowledgement
Reports, Remittance Documents, Chargemaster, Coding and Modifier Tables). Through
Compliance 360’s regulatory intelligence features, your hospital
can now track laws and regulations as they relate to EMTALA, HIPAA
Privacy and Security, CMS, the OIG, False Claims Act, and more. Compliance
360 allows you to conduct enterprise-wide project management around
the RAC process: from receipt of letter to reconciliation and recovery. Compliance
360's policy management functionality allows you to associate all
procedure codes with appropriate hospital policies. View
On-Demand Webinar
As of June 2008, RAC audits had already corrected more than $1 billion in improper Medicare payments. The corresponding bounty for RAC auditors amounts to more than $200 million. RAC auditors are highly motivated to stake their next claim in your hospital. You need to be prepared to fight this onslaught - with proactive defenses and appeals strategies – to keep your potential losses to a minimum.
How can Compliance 360 help?
The Compliance 360 solution supports both proactive compliance programs for audit avoidance as well as audit response and appeal initiatives. The system provides robust capabilities for facilitating internal audits and self assessments to proactively identify outlier cases based on standard practices for diagnosis related groups (DRG’s). As a result, hospitals can identify and address claims errors and outliers before they are submitted, thus reducing the number of claims denials and the likelihood of raising the red flag with auditors. The Compliance 360 solution also facilitates audit response and appeal requirements with the workflow needed to collaborate on compliance-related incidents and track the progress of investigations. Learn More
The OIG Work Plan, in many cases, is the bedrock for healthcare provider compliance programs. Released each fiscal year by The Office of Inspector General of the Department of Health and Human Services (OIG), the Work Plan gives healthcare providers visibility into the issues that will receive particular attention from the OIG and provides the necessary guidance to address the related requirements. The Work Plan also serves as a roadmap to future government enforcement activity.
As was the case with previous work plans, the 2008 Work Plan is organized based on HHS programs (Medicare, Medicaid, other Centers for Medicare and Medicaid Services (CMS) issues, Public Health Programs, Human Service Programs, and overarching department-wide issues), and by the type of provider within each category. The OIG Work Plan is an invaluable tool that enables healthcare providers to prioritize risk, focus efforts, and create effective compliance programs.
How can Compliance 360 help?
Compliance 360 provides a single, integrated platform to help healthcare organizations manage complex industry requirements. Compliance 360 provides clients with a content repository, consisting of most healthcare laws, regulations, standards and guidelines. The OIG Work Plan, along with many other regulatory items, is stored and maintained in Compliance 360’s Content Library for easy retrieval, access, and evaluation. Compliance 360’s content workflow engine enables organizations to route content to the appropriate people, build custom risk assessments, prioritize risk and identify compliance shortfalls related to the OIG Work Plan, and create and manage the appropriate policies & procedures affected by the OIG’s guidance. Risk Assessments can be routed to employees via email for easy completion, with Compliance 360 calculating the risk exposure and action plans necessary to remediate any gaps. In addition to identifying key action required by the OIG Work Plan, Compliance 360 has a single repository for all documentation of compliance, called the Virtual Evidence Room™. All activities and documentation are directly linked to the OIG Work Plan and other requirements to demonstrate real-time proof of compliance in an easily accessible view for internal & external audits. The Virtual Evidence Room creates an audit-ready environment and links key policies, incidents, projects, contracts, risk assessments, reports, and surveys back to the OIG Work Plan. In addition, custom reports and dashboards can be designed to monitor compliance with the OIG Work Plan and other regulations.
The imposition of a Corporate Integrity Agreement (CIA) from the Office of the Inspector General (OIG) on any healthcare provider that participates in one of the federal healthcare programs, generally creates significant risk and compliance overhead. These corporate integrity agreements (CIA) generally last for 5 years and include specific compliance stipulations that must be enacted within specified time frames which are often as short as 90 days. These stipulations frequently include verifiable code of conduct attestations and training certifications from all “covered persons” (employees and all contractors and vendors) as well as verifiable distribution of relevant policies and procedures to all appropriate covered persons. Corporate Integrity Agreements (CIA) also frequently mandate specific claims review criteria and reporting of the findings as well as the establishment of processes for managing and reporting on “Reportable Events” that might be criminal or fraudulent in nature.
How can Compliance 360 help?
With little time to react and comply with the mandates of a corporate integrity agreement (CIA), healthcare providers must move quickly and thoroughly to avoid the risk of losing the revenue from a federal healthcare program. Compliance 360 has been proven to be very effective in its ability to help manage many corporate integrity agreements (CIA) to a successful conclusion. The system can be up and running in as little as 60 days and it supports the entire process of managing the code of conduct and policies and procedures, including the dissemination to all covered persons and the verification of all attestations as well as the remediation of any issues that arise during the process. The unique Virtual
Evidence Room™ serves as the collection point for all relevant data and reports needed by the OIG. Some customers even chose to provide online access for the OIG, directly to their Virtual Evidence Room to eliminate the laborious task of compiling and submitting reports manually. This approach demonstrates a cooperative, transparent approach, akin to sharing the books with a financial auditor.
The Incident Management capabilities of Compliance 360 are also particularly useful in compliance with the “Reportable Events” stipulations of a corporate integrity agreement (CIA). The Incident
Management system collects, stores, and allows your departmental personnel to collaborate on compliance-related incident information and track progress of investigations. All incident information can be included in reports and graphically represented to demonstrate trends and correlations. Compliance managers will frequently use this area for audit committee meetings and board meeting presentations. These same reports and trends are highly useful in compliance with a corporate integrity agreement (CIA).
For the many hospitals that treat Medicare and Medicaid recipients, the risk of fraud, waste and abuse violations has increased. The OIG and Inspector Generals across the country have stepped up their audit and inspection efforts to root out fraud and abuse in these government programs. The recent appointment of the Medicaid Inspector General in New York is a good example of the increased focus on identifying and prosecuting fraud, waste and abuse. The bounty for whistle-blowers, ranging from 15 percent to 25 percent can create a very compelling motive and necessitates the establishment of preventative and response measures for healthcare providers. Improving the management and overall outcomes of fraud, waste and abuse claims now harbors a significant financial advantage for most hospitals.
How can Compliance 360 help?
With Compliance 360, hospitals can centrally manage their policies and standard practices as well as the investigation of fraud, waste and abuse claims. All information compiled for each claim is centrally stored in Compliance 360. The review process is set up in the workflow-enabled Incident Management system and the process is efficiently managed with a complete audit trail of actions and signoffs for accountability.
Sensitive investigation data is secured within each department, with central access provided to Regulatory Assurance individuals for identifying issues that may be broader in nature, possibly impacting the entire organization.
The False Claims Act (31 U.S.C. Sections 3729-33) also called the “Lincoln Act”, “Informers Act” or the “Qui Tam statute” allows a private individual or “whistleblower” with knowledge of past or present fraud on the federal government, to sue on behalf of the government to recover civil penalties and damages. Fraud under the False Claims Act means that a contractor has knowingly presented a false claim for payment to the United States. The fraud can occur wherever federal and state monies are directly or indirectly used to purchase services or goods.
On April 15, 2008 The OIG published an Open Letter to Health Care Providers restating the value and purpose of the Provider Self-Disclosure Protocol (SDP). The SDP provides the healthcare provider with a proactive way of notifying the OIG of potential fraud. Through a process of proactive cooperation, a healthcare provider may be able to settle liabilities with the OIG for an amount near the lower end of the damages continuum. Organizations who fail to self report or who do not cooperate can be placed under a Corporate Integrity Agreement (CIA) or Certification of Compliance Agreement (CCA).
How can Compliance 360 help?
Compliance 360 can assist hospitals establish a proactive fraud prevention program with the ability to manage and investigate whistleblower claims. Instituting a methodology that includes evaluation and audits of your top 10-20 DRGs, with the ability to document the review and audit process, is critical to identifying where inappropriate behaviors or training may have occurred. The ability for assessments to be distributed and scored, helping to determine your degree of compliance with proper coding and charging requirements, is a basic tenet of any audit process. You can survey staff to determine if there are incidents of potential fraud and ferret out the potential causes enabling you to work within the SDP guidelines. By integrating your whistleblower hotline with the system’s ability to manage incidents and investigations, you can establish a consistent and documentable process. The system enables your ability to demonstrate evidence of compliance and determine where fraud might occur to help you avoid, or if necessary, manage a Corporate Integrity Agreement.
Assuring that physician contracts do not violate Stark III or The Medicare and Medicaid Patient Protection Act of 1987 (Anti-kickback Statute) is now a critical imperative for healthcare provider organizations. Hospitals can no longer hope that physician contracts are within compliance requirements, they must aggressively and proactively manage these contracts. What was once thought of as contractual add-on (lab coats, specialty equipment leases, vendor inducements) can now jeopardize the compliance of the healthcare organization if improperly managed.
How can Compliance 360 help?
Compliance 360 can manage your physician contracts while enabling your organization to track the status of the laws that affect your contracts and notify the appropriate parties when provisions in those statutes change. Compliance 360 can not only manage your physician contracts but also demonstrate a comprehensive methodology to manage contracts such that physicians are not receiving undue benefit which falls outside of the provisions of the regulations. In addition, contract renewals, cost of living increases for facilities leases and general terms and conditions can be managed proactively throughout the organization. Contracts can undergo a complete compliance assessment documenting the process, questions and results on a routine or renewal basis. Furthermore, all future contracts can be designed and executed in a manner that ensures compliance with federal, state and local laws and regulations.
The new Stark III regulations went into effect on December 4, 2007. As a result of the Stark III regulations, healthcare organizations must review their physicians’ contracts and professional arrangements to make sure they comply with the new self-referral rules. The Stark law prohibits physicians from referring Medicare patients to hospitals or other entities in which they have a financial relationship, unless the arrangement falls under one of several specific exceptions.
One of the law’s most controversial provisions states that
a physician “stands in the shoes” of his or her group
practice for the purpose of determining whether Stark covers the
doctor’s relationship with another entity. Unlike other
regulations, such as those for the anti-kickback statute, the Stark
regulations are not simply agency guidance – they have the
force of law. CMS has clearly signaled that more enforcement
is likely and physicians and health care providers should be prepared. NIH
to Crack Down on Conflicts of Interest (Wall Street Journal)
How can Compliance 360 help?
Compliance 360 can organize all your contracts and specifically identify
physician contracts and all the parties related to the contract.
You can also establish specific review points in time to validate
compliance with respect to certain high risk areas. Additionally,
you can establish new physician contracts with a defined legal review
process that provides assurance of being in compliance with Stark. As
an ongoing audit procedure, you can establish a controls monitoring
process of selected financial (Accounts Payable) transactions and
be fully prepared for any audit that may arise in the future. View
On-Demand Demonstration
The Emergency Medical Treatment and Active Labor Act (EMTALA) is a statute that obligates hospitals to provide screening and institute treatment for patients regardless of their ability to pay. Essentially an anti-discrimination law, EMTALA is given teeth by monetary penalties, liable claims against attending physicians and possible revocation of the CMS provider agreement.
Although the law has seen many revisions since its 1986 adoption, its legal and medical interpretation by hospital administration, physicians and General Counsel can be subjective.
How can Compliance 360 help?
Compliance 360 provides a comprehensive tool for managing and staying
in compliance with EMTALA requirements. You can store and maintain
the various regulations and provisions and create and enforce policies
and procedures to ensure compliance through all levels of your organization. You
can automate proactive assessments of transferred patients to or
from the hospital and then demonstrate proof of compliance in our Virtual
Evidence Room. You can also track and mitigate risk using
our audit and incidents management tools.
There are few other compliance activities that can be as laborious and cumbersome as establishing an effective incident management and reporting process. Whether it is an adverse incident, concern, event, or investigation, a healthcare provider’s ability to create a consistent and effective intake and resolution process is imperative for proper risk management and proof of compliance. Incidents, in many cases, can be managed across multiple departments, with different approaches, and most certainly arrive from multiple sources (hotline calls, emails, verbal communication, hand-written notes, etc.) This creates a burden as organizations try to secure sensitive material, create a consistent process and manage the potential masses of data associated with each item.
How can Compliance 360 help?
Compliance 360 Incident Management enables healthcare providers
to collect, store, manage and collaborate on incidents, events,
cases, issues, and activities. The system includes an exceptional
enterprise security configuration, robust reporting platform, and
the capability to track progress on investigations and gather input
from all parties. Organizations can configure field labels
and selection options and organize incidents by departments, units,
teams, and other categories to ensure that only the appropriate
people are viewing the necessary information. Compliance
360 includes built-in document management capabilities to store
key evidence documents, emails, and logs. Key features include
team collaboration tools, task management, auto-messaging, audit
trails, email integration, document storage and status updating. Users
can also use the Virtual
Evidence Room to link incidents to regulations as proof of
compliance.
In most hospitals, the vast majority of Information Technology
(IT) resources are dedicated to the core business functions tied
to patient records, accounting and billing. As a result, it is
often difficult for non-core business functions to compete successfully
for limited IT resources. Many compliance teams are limited to
the options of surviving without needed resources or they are forced
to hire expensive consultants to build what they want. The end
result is usually increased risk of regulatory sanctions and a
mode of operations in compliance that is more reactive than proactive.
How can Compliance 360 help?
Owing to the design of Compliance 360, which is very well suited to the needs of healthcare providers, compliance teams can manage the system directly. Business professionals who are charged with ensuring regulatory and legal compliance are enabled to do so without solely relying on support from their internal IT departments. This has been proven in the initial system configuration and deployment as well as subsequent changes and enhancements over the life of the implementation. |
