Stress Testing your Compliance Program

Image of track numbers for a road race

Is there anything like a good workout to get that heart rate up, blood flowing? It’s always better in groups, where you can cheer one another on to keep up the good work. Two examples of this come to mind: on the road, my dear colleague Charro would always be an inspiration to get down to the gym. Another example was when I entered the Tour De Patrick, three 5k races in March, and while my cousin had already finished, it was fantastic to hear “Keep it up, 1308!” from an encouraging stranger in the crowd. Nothing like a good push to get you over the finish line.

During one of my courses at Fordham Law, our professor placed us into groups for a number of assignments. The five of us, from a variety of industries, had to count on each other for our individual grades. In the end, our distinct experiences in compliance ended up serving our assignments very well. (I also came away with glimpses into financial and customs compliance, including examples of reverse false claims!)

I recommend you stress test your compliance controls by asking a trusted colleague to look under the covers. The program is not something you can touch and hold, so it should be in place whether everyone is onsite or you are working remotely. Don’t sit paralyzed waiting for your program audit notice; it is always a good time to put elements of the program through the paces, and document this monitoring effort. Are corrective actions being validated? Has it been a while since your last compliance risk assessment? Have you communicated recent compliance trends? When is the last time a “top-down” message about the commitment to compliance was issued? Perhaps they test the hotline, or they review the delegation oversight committee minutes. You don’t need to buy a Peloton or a wacky mirror with a personal trainer in it to get the blood flowing in your compliance program. As the saying goes: just do it!

How to Easily Promote Fraud Awareness during COVID-19

We may sometimes take for granted the protections we have in place. A well-established compliance program has controls to curb or eliminate instances of fraud, waste, and abuse in the form of a special investigations department, data analytics team, or fraud unit. They are charged with staying current with billing trends, vulnerabilities in systems, and new schemes targeting your membership.

In what I consider a new low, the public health emergency (PHE) has created an environment of new opportunity for scammers to defraud Medicare beneficiaries. Earlier this month, the Office of Inspector General provided new updates on COVID-19 fraud, outlining trends such as:

  • Offers of COVID-19 tests in exchange for personal information
  • A focus on retirement communities, offering COVID-19 tests but instead billing for unnecessary services
  • Fake offers of prescription drug cards
  • Other schemes showcased in OIG video alerts

In light of the PHE, think of how your most vulnerable members have been impacted. Did you increase supplemental benefits last year to assist your frail, confined, lonely members in hopes of improving their well-being? That was before COVID-19. Now imagine how isolated, nervous, and vulnerable they are. Family cannot visit and their social time with friends also has to be limited. We are experiencing a surge in positive cases in Rhode Island, so tougher restrictions were recently implemented. If scammers are aggressively calling, texting, using social media and even going door-to-door, we have to be good neighbors in every sense of the word. 

Even if your fraud unit is up-to-date on these schemes, it is important that this information be shared. Leverage this information to inform your team members, your provider community, and your members. Last month I wrote about culture, so what better way to reinforce that commitment than to hear a leadership reiterate the organization’s commitment to your members, your neighbors? It takes no time to customize messaging for internal distribution, for a provider portal, for on-hold messaging, or for a member newsletter. You care about your community, so spread the word:

  • Be wary of strange, unsolicited phone calls, emails, and visitors
  • Do not share personal information with someone claiming to represent Medicare
  • Work with your physician’s office or your state government on advice for COVID-19 testing
  • Review your Part D Explanations of Benefit for suspicious activity
  • When in doubt, report your suspicion online or by phone at (800) 447-8477

Ask your fraud unit what’s happening in your service area. They should know what local law enforcement has seen and how your members may be vulnerable. Tailor your community messaging with examples so it is relatable and understandable. Promote your own fraud unit’s contact information, and thank them for their extra work during this time. 

Accountability: An Unwritten Element

Last year around this time, we were mulling over the Fall Conference and Webcast delivered by the Centers for Medicare & Medicaid Services (CMS). So much has changed in the way we collaborate and interact with each other, both in our professions and personal lives. With all of us keeping our state and local guidelines in mind, we do our best to keep it compliant so we can stay healthy. The likelihood that we will return to the good old days of Ubering to the CMS Woodlawn office soon are slim.

Since we have a public health emergency that requires us to comply with a set of rules in the spirit of slowing or stopping the spread, I’ve been thinking about accountability. When the unexpected happens, who speaks up? Who takes ownership?

I read a recent compliance and ethics report from LRN which noted that when it comes to compliance failures, a poor culture simply deteriorates standing rules. Culture determines whether policies and guidelines will be followed or ignored. The report also showed that in companies with significant compliance failures, key leaders did not take ownership of the problems. Employees raised concerns and reported either being ignored or pressured to look the other way.

For a policy or a code of conduct to be effective, it cannot simply sit on a shelf. The culture within an organization must promote compliance and ethics to demonstrate accountability. Now that many employees are scattered to the wind, is the corporate culture message getting lost in the fray? If so, I recommend making it a priority to communicate a brief message once a week to remind your team about the organization’s mission, commitment to customers, and culture of compliance. Remember, there is no CMS playbook on culture, but you know it when you see it (and when you don’t!).