CARF requires all organizations that receive
Federal funding to have a formal resolution
on corporate compliance that has been adopted
by the organizations' leadership, which
includes a written designation of the organizations'
"point person," commonly referred
to as the Corporate Compliance Officer (CCO),
who is responsible for monitoring and reporting
on corporate compliance matters. CARF does
not require a formal corporate compliance
plan, although most organizations utilize
such a plan to demonstrate conformance to
actually having a corporate compliance program.
CARF does look for certain written procedures
that are related to corporate compliance
on investigating allegations of fraud, abuse,
and/or other wrongdoing, and on addressing
violators of the organization's corporate
compliance system in a fair and consistent
manner.
Maintaining a corporate compliance program
is evidence of an organization-wide commitment
to creating and maintaining a culture of
compliance with applicable state and Federal
healthcare laws. Corporate compliance programs
are designed to establish and maintain a
system of internal mechanisms that are intended
to prevent and detect unethical, illegal,
and/or poor business practices and violations.
Mechanisms include written policies and
procedures, operational practices, designated
employees charged to monitor practices,
and management personnel charged with oversight
and correction.
In recent years, the U.S. Department of
Justice and the U.S. Department of Health
and Human Services, Office of the Inspector
General, have called for implementation
of corporate compliance programs to help
prevent fraud and abuse in health care.
The government is scrutinizing high-risk
areas related to compliance and fraud. These
areas include Medicaid and the Health Insurance
Portability and Accountability Act of 1996
(HIPAA). The government has been clear in
its communication to all healthcare providers
that the best response to the current enforcement
environment is an effective and comprehensive
compliance program. Many healthcare organizations
nationwide have responded by designing and
implementing formal corporate compliance
programs.
Accreditation Requirement(s)
A comprehensive corporate compliance program
for organizations receiving Federal funding
requires the following components:
Provision of initial and ongoing training for appropriate staff
on billing and coding procedures;
Written procedures for staff to respond to subpoenas, search
warrants, investigations, the media, and other legal matters;
Formal governance authority resolution on corporate compliance
that demonstrates the organization's commitment to corporate compliance;
and
Written designation of the staff member responsible for corporate
compliance matters often referred to as the CCO.
Benefits
of an Effective Corporate Compliance Program
Provides guidance to ensure practices
are provided in an ethical and legal manner
Emphasizes shared common values among
staff members of the organization
Provides resources to help resolve questions
about appropriate conduct in the work
place
Gives management an accurate view of
the internal functioning of the organization
Establishes a structure to disseminate
legal and policy changes
Reduces the likelihood of civil liability
Greatly reduces the risk of criminal
prosecution and discontinuance of services
Basic Components of an Effective Corporate
Compliance Program
A Written Statement of Intent.
This is typically done as an organizational
compliance resolution that provides an
overview of the organization's intent
and basic levels of authority and responsibility
for the program. It is reviewed and signed
by the governance authority. In addition,
it is typical that the leadership drafts
a memorandum
(DOC
| HTML)
or letter to employees introducing the
basics of the program, which communicates
the value and worth to the organization.
Compliance Standards. Policies
and procedures guide the organization
in establishing and providing an effective
corporate compliance program.
Code of Conduct. An organizational
Code of Conduct that specifically delineates
expected practices and behaviors within
the organization is at the core of a corporate
compliance program. All staff members
should have a clear understanding of the
code, and the organization should have
a procedure in place that verifies and
ensures that all staff members acknowledge
their understanding of the code and their
responsibility to follow all standards.
Oversight Responsibility. A
corporate compliance director/officer
and a corporate compliance committee oversee
the program. The corporate compliance
director/officer typically reports to
the Chief Operating Officer, who reports
to the governance authority of the organization.
Employee Education/Training.
Organizations should provide to all staff
members a full array of educational and
training programs designed to ensure understanding
of laws, code of ethics and conduct, and
procedures in monitoring, evaluating,
investigating, and correcting corporate
compliance systems and practices. Training
should be ongoing and include a variety
of approaches.
Monitoring and Auditing. Organizations
should have concrete procedures in place
to evaluate, identify (unearth), and address
suspected violations. The greater the
specificity and clarity of these procedures,
the greater the ability of the organization
to maintain compliance with all Federal
and state regulatory requirements.
Reporting System. Organizations
should develop reasonable and efficient
methods to provide confidential reporting
of suspected violations of the corporate
compliance standards. The organization
should make multiple methods of reporting
available to staff members to allow them
to select a method they perceive as providing
the greatest level of confidentiality.
Enforcement and Discipline.
Organizations should develop reasonable
methods and procedures to respond to detected
offenses. The organization should clearly
define roles, responsibilities, and methods
related to the investigation of alleged
violations. In addition, the development
of consistent disciplinary responses to
violations or fraudulent reporting is
essential. Any disciplinary procedure
should be consistent with Human Resources
policies that already exist within the
organization.
Response and Prevention. Organizations
should establish an ongoing, internal
examination of the efficiency, effectiveness,
and legality of the organization's operations,
and fully utilize the entire process of
corporate compliance programming and the
information obtained from resultant investigations
to minimize and prevent potential future
problems and losses.
Common Misconceptions
The following are common misconceptions
related to corporate compliance programs.
Corporate Compliance Programs are
Required by Law. Corporate compliance
plans and programs are voluntary. There
are no current statutes or regulations
that mandate such a program or plan. However,
many accreditation organizations do mandate
them as part of the process of obtaining
national accreditation. In addition, with
the increased scrutiny by regulators and
the public, high profile reports of fraud
in the healthcare industry, and a congressional
belief that fraud is rampant in the healthcare
industry, effective corporate compliance
programs appear essential in doing business
in today's market.
Corporate Compliance Policies and
Procedures = Corporate Compliance Program.
An administrative manual in and of itself
is only a dormant corporate compliance
program. Written policies and procedures
are only a beginning. Organizations should
also implement ongoing educational programs,
internal reporting mechanisms, and internal
audit procedures, among others, to create
a true compliance program. And most importantly,
organizations should facilitate an overall
sense of value in the environment that
establishes a culture of compliance.
Corporate Compliance Plans Impose
New Laws and Requirements. The establishment
of an organizational compliance plan simply
creates a promise by the organization
and procedures to comply with existing
laws; however, the horizon is broad. The
Office of Inspector General has indicated
to the healthcare industry that it expects
compliance with a variety of existing
laws ranging from quality of care requirements
to laws governing financial and contract
arrangements.
Tips for a Strong Corporate Compliance
Program
Begin the process where your organization
is today. Be aware of inventory processes
already in place and policy and procedures
that are directly and indirectly related
to corporate compliance as you create
your program to eliminate inconsistencies
or redundancies with areas where you already
have practices that can fit easily into
your plan.
Ensure that policies and procedures
are tailored to your organization.
Organizations should cover the basic elements
in their compliance plan, and the use
of templates can be very useful in ensuring
that the organization has a "punch
list" of all the essential components
of the process. However, the plan that
works for a large multi-facility provider
may not work well for smaller organizations.
Develop a code of conduct that
is easy to understand. Write your
code in a manner that can be reasonably
understood by anyone who works in the
organization. Make it graphically appealing,
and seek staff member input in developing
the content of the document.
Ensure that policies and procedures
have functional detail. This is especially
important in areas that you identify as
"high risk."
Hold interesting training sessions.
Try to utilize as many interactive training
formats as possible. Formats that present
specific problems/cases regarding the
process are recommended.
Train staff members in all risk
areas. Make sure that the training
methods provide a comprehensive review
of all risk areas.
Implement the program consistently.
Ensure that the procedures described in
the corporate compliance plan/manual are
fully implemented. Adopting a compliance
plan that the organization doesn't or
can't follow is probably worse than adopting
no program at all.
Establish the role of a CCO and
ensure that accountability exists in this
position. Make sure the CCO has specifically
outlined duties and responsibilities,
especially if this position is being combined
with other job responsibilities, and that
the duties are outlined clearly in the
job description and annual evaluations.
Avoid dividing compliance duties among
several people. The CCO should be able
to articulate standards, create awareness
of standards, and monitor compliance with
those standards. When the role is divided
up, for example, in assigning the setting
of standards to the legal counsel, delegating
the awareness to Human Resources, and
assigning the monitoring to the internal
audit department, it is highly unlikely
that this fragmentation of duties will
produce an integrated program.
Develop a strong reporting system.
The reporting system should be well publicized,
responsive to reports of violations, clear
in its response to the allegations, consistent
in disciplinary actions, and ensure confidentiality
and non-retaliation.
Utilize professional consultation
in the initial stages of development.
Most organizations will want professional
help in the initial stages of setting
up their program, educating staff, and
ensuring that their program is comprehensive.
However, over time many of these activities
can and should be managed internally.
One area that the organization may want
ongoing outside help is determining how
to address reports of suspect activity
in a manner that provides maximum protection
from outside, unintended discovery by
third parties. In other words, it is important
to ensure that disclosure of problems
occurs only when it is planned and provided
by the organization.
Communicate that corporate compliance
is a core value of the organization.
Staff members take their cues from the
organization's leadership. If they see
that the organization's leadership is
concerned when someone violates the code
of conduct and a strong and firm action
is taken, they are likely to believe in
and support the program.
Overview of Reporting Mechanisms
Federal sentencing guidelines ask that
organizations implement and publicize
a reporting system whereby staff members
and other agents can report, without fear
of retribution, criminal conduct by others
within the organization. Reporting misconduct
by fellow staff members can create stressful
conflicts of interest. Staff members tend
to come forward based on the types of
reporting mechanisms available rather
than based on a requirement to report.
Systems that ensure confidentiality and
anonymity without the fear of retribution
are important in assisting staff members
to come forward and report alleged violations.
Many times the reporting mechanisms utilized
by an organization focus on the needs
of the organization rather than the needs
of its staff. Inexpensive and easy-to-implement
systems do not build trust because they
cannot guarantee confidentiality or anonymity.
The following is a review of reporting
mechanisms and their strengths and weaknesses
Answering Machines
Strengths:
Simple
Easy to set up
Inexpensive
Weaknesses:
Fear of identification due to recording
of the caller's voice
Background noises and poor recording
Unclear speech
May not leave name for follow-up
interview
No one to ask follow-up questions
May leave messages that are inappropriate
for investigations
Inefficient system raises questions
with employers
Caller ID may identify the caller
Voice Mail, Fax Machines, and E-mail
Strengths:
Easy to set up
Inexpensive
Weaknesses:
Voice mail similar to answering
machine
Fax machine and e-mail can record
the source of data
No follow-up without leaving name
Lack of follow up questions
Inappropriate use of system
Internal Hotline
Strengths:
Organization control over the ability
to respond quickly and to provide
appropriate advice to callers
More cost efficient than outside
system
Greater degree of confidentiality
than answering machine, fax, or e-mail
Increased confidentiality increases
incident of reporting
Weaknesses:
Who answers calls?
Lack of availability 24/7 for most
organizations
Perception of organizational control
External Hotlines
Strengths:
Independent firm handling calls
24/7 option
Experienced personnel to handle
calls
Not subject to organization's politics
Most confidential method of reporting
Record allegations objectively
Follow-up with the caller without
breaking confidentiality within the
organization
Weaknesses:
May place the organization at risk
due to employee manipulation or unskilled
personnel taking calls
Management loses "control"
over the process
Most expensive option for reporting
Organizations implementing corporate
compliance programs must utilize effective
reporting mechanisms that ensure confidentiality
and anonymity. No organization wants to
be placed in a position where a staff
member tells investigators he or she knew
of criminal activity but did not report
it because of a distrust of the reporting
mechanism or a fear of retribution. Reporting
systems should focus on providing accurate
reports through the use of experienced
operators while meeting the needs of staff
members relative to confidentiality and
anonymity. Implementing a streamlined,
inexpensive reporting system—such
as an answering machine or in-house contact—may
not provide the best results.
Significant risks arise when a staff
member discloses misconduct in a manner
that does not include notifying the organization.
Organizations should proactively compete
with alternative methods available to
staff members, and thus make sure that
reporting methods and systems do not compromise
the needs of staff members in providing
a system that is convenient and confidential,
and provides a consistent response to
reports of violations.
