Stress Testing your Compliance Program

Image of track numbers for a road race

Is there anything like a good workout to get that heart rate up, blood flowing? It’s always better in groups, where you can cheer one another on to keep up the good work. Two examples of this come to mind: on the road, my dear colleague Charro would always be an inspiration to get down to the gym. Another example was when I entered the Tour De Patrick, three 5k races in March, and while my cousin had already finished, it was fantastic to hear “Keep it up, 1308!” from an encouraging stranger in the crowd. Nothing like a good push to get you over the finish line.

During one of my courses at Fordham Law, our professor placed us into groups for a number of assignments. The five of us, from a variety of industries, had to count on each other for our individual grades. In the end, our distinct experiences in compliance ended up serving our assignments very well. (I also came away with glimpses into financial and customs compliance, including examples of reverse false claims!)

I recommend you stress test your compliance controls by asking a trusted colleague to look under the covers. The program is not something you can touch and hold, so it should be in place whether everyone is onsite or you are working remotely. Don’t sit paralyzed waiting for your program audit notice; it is always a good time to put elements of the program through the paces, and document this monitoring effort. Are corrective actions being validated? Has it been a while since your last compliance risk assessment? Have you communicated recent compliance trends? When is the last time a “top-down” message about the commitment to compliance was issued? Perhaps they test the hotline, or they review the delegation oversight committee minutes. You don’t need to buy a Peloton or a wacky mirror with a personal trainer in it to get the blood flowing in your compliance program. As the saying goes: just do it!

You Don’t Need to Drink the Sea: 2021 Program Audit Protocols 30-day Comment

On June 4, 2020, the Centers for Medicare & Medicaid Services released 95 ever-loving pages of industry comments received for the draft 2021 Program Audit protocol. The document includes their responses and actions taken, including what edits they have made to the 60-day package released a few months ago. In my opinion, there is a general feeling of streamlining and simplification to focus on the agency’s areas of priority. 

As I was pulling out clarifications that I am unsure will end up in any FAQ, methodology, or audit process document, I realized the entire responses document should have a proper place on the shelf along with the finalized protocols. Why? Because not all clarifications provided resulted in changes to instructions or data request information. This document can be helpful in communicating expectations to employees and first tier entities alike. 

While it seems like a lot to digest, there was no sign of eliminating an entire review area, or creating a new care delivery branch of review, which is the current focus at the moment due to the public health emergency. If you reviewed the 60-day package thoroughly, the 74-page crosswalk posted with the 30-day package could be your best friend. Therefore, take the comments, hold a meeting, divide and conquer to make sure your business partners and colleagues understand the changes. Comments on this collection must be received by July 6, 2020.

Compliance is the Conscience

I’ve been struggling to consider what might be helpful, applicable information to apply during this health crisis. The questions abound: Should we still do credentialing? Do I need to send written appeal responses? When will program audits start up again? How long do waivers last?

After weeks of reading updates, guidance, the new law signed on Friday, and emails from just about every retail store I’ve patronized, I’ve returned to the foundation to offer advice for my buried audience. It is the first principle as outlined in the Code of Ethics for Health Care Compliance Professionals published by the Health Care Compliance Association

Principle I, Obligations to the Public: “Health care compliance professionals should embrace the spirit and the letter of the law governing their employing organization’s conduct and exemplify the highest ethical standards in their conduct in order to contribute to the public good.”

It is incredibly difficult for even the most astute to read through the CMS Current Emergencies guidance. Who is keeping track of the changes and business decisions your organization and vendors are considering? As CMS said on a recent industry call for PACE and states, they understand the desire for everyone to get more guidance for every specific scenario, but this is a rapidly evolving circumstance. The bottom line: you need to evaluate how to meet your obligations with consideration to health and safety needs. 

The compliance officer is the conscience of the organization. And right now, public health is paramount like I’ve never seen, and like our parents have never seen. Therefore, when reviewing memos, waivers, and fact sheets, please let your obligations to the public, now more than ever, drive your decision-making. The public includes not only your members, but also your employees, contractors, and your surrounding community. Document any modifications and rationale with start and end dates. This is not the time to stop the presses: CMS reminded us on March 10 that business continuity plan requirements are codified. This is the time to get creative.