New Healthcare Compliance Guidance from the OIG – an Introductory Overview by Two Industry Experts

00:00:06:20 – 00:00:40:09
Ethan Minkin
Good afternoon, everyone. my name is Ethan Minkin. I’m an attorney at Harris Sliwoski. I primarily practice in healthcare law, as well as, complex civil litigation. And today we are here to discuss the new healthcare compliance guidance that was released by the Office of Inspector General, which is housed in Health and Human Services. It is the first major update to healthcare compliance guidance since the 1990s.

00:00:40:09 – 00:01:17:06
Ethan Minkin
And, we expect in the coming, year and years that we will see, more specific guidance for various industry participants. this year we expect to see something on Medicare Advantage plans and, nursing homes. So before we get started, I’m very happy to have two, presenters with me today. the first is Sheryn Honest, Sheryn is, the principal at The Honest Approach, , which is, healthcare consultancy.

00:01:17:09 – 00:01:50:07
Ethan Minkin
she is an expert in compliance plans, compliance guidance. and when I worked with both Sheryn and Ambika at a healthcare entity, Sheryn was the director of compliance. And she brings a wealth of experience in healthcare. She has, many other specialties as well. We also have Ambika, Kanta. Ambika is a senior director of quality improvement at Astrana Care of Nevada.

00:01:50:10 – 00:02:17:20
Ethan Minkin
She likewise has a wealth, background in the healthcare industry and many, expertise as well, including he this risk adjustment. And I could go on probably for an hour, but I won’t. and so in any event, we are going to get, a perspective I think that is unique from people that do this stuff and have done this stuff.

00:02:17:22 – 00:02:23:00
Ethan Minkin
if we can go to the next slide, please.

00:02:23:03 – 00:02:49:09
Ethan Minkin
This is our agenda. I’m going to, briefly cover fraud and abuse laws and compliance plans and mitigation and I say briefly, because each one of these topics could easily take a full day to discuss, and we just don’t have that amount of time. So in any event, we are going to try to move, quickly through our agenda today.

00:02:49:11 – 00:03:15:11
Ethan Minkin
if we could go to the next slide, please. So to kind of lay the groundwork to get to compliant guidance, and what what’s important, we first have to understand the fraud abuse laws, which really are the backbone of, why we are here today. And so the first is the anti kickbacks statute, which is a criminal statute.

00:03:15:13 – 00:03:45:14
Ethan Minkin
And literally at the highest level, it’s you can’t pay for referrals. Now, the statute has many other things as well that you can’t pay for. And really they use the term renumeration. So it’s not just payment. It can be other types of renumeration as well. The second major law is the stark law that applies to physicians, who have a financial interest in a healthcare entity.

00:03:45:17 – 00:04:13:06
Ethan Minkin
And it also includes their immediate family members that may have, a financial interest in another healthcare entity. And again, at the highest level, you can’t refer to those entities a physician can’t in which he has a financial interest. the Stark law is a civil law for both the anti kickback statute and the stark law.

00:04:13:08 – 00:04:43:02
Ethan Minkin
It there are safe harbors. and so there’s very safe harbors. And if you are able to meet every element of a safe harbor, you are, you are immune from prosecution. The next major law is the False Claims Act. And that that really is what it sounds like. And the, the, probably that the easiest example is a provider cannot submit claims for a patient they haven’t seen.

00:04:43:05 – 00:05:12:09
Ethan Minkin
And some people may say, well, that never happens. It happens. but it gets much more complex. There’s a lot of issues about medical necessity as well, and whether or not a service was necessary. And if it’s not medically necessary, a provider could look at a false claim as well. If you violate the anti kickback statute or the stark law, I can almost guarantee the federal government will bring a false claims, count as well.

00:05:12:11 – 00:05:56:06
Ethan Minkin
The last big law are civil monetary penalties. those are penalties. Financial penalties that are enhancements to the other penalties under the specific statutes. And it gets very expensive. if you violate one of these laws, in general, the civil monetary penalties provide between 10,000 and $50,000 penalty for each violation. So if you submit ten false claims that, say, you could be looking at 100,000 to 500,000, in just simple model monetary penalties, state law also matters and also should be covered under a compliance plan.

00:05:56:09 – 00:06:26:15
Ethan Minkin
State laws vary from state to state, and some actually have corollaries to the Big Four or federal laws. They’re generally a lot more vague, and a lot more specific about what it applies to. But it’s important to be cognizant of those laws as well. And again, when it comes to compliance plans, you typically are going to design your plan around these laws and the risk that you have under those laws.

00:06:26:18 – 00:06:54:26
Ethan Minkin
If we go to the next slide, please. So throughout the OIG, this guide into talks about mitigation, mitigation of risk. And I think we all understand what that means in the 90 page document, though, there is one reference, to the legal implications for mitigation. And I’ve highlighted that, on the slide here. So what does that mean from a legal perspective.

00:06:54:26 – 00:07:01:11
Ethan Minkin
What is mitigation. And if we could go to the next slide please.

00:07:01:14 – 00:07:34:10
Ethan Minkin
There is the United States Sentencing Commission guidelines. And that is used by federal judges to determine the appropriate criminal penalty. and it’s a great you look at the violation and various factors and it gives you arrange for a penalty. Now the penalties can go up if there are aggravating circumstances. And so that’s what we see in the bullet point.

00:07:34:10 – 00:08:10:18
Ethan Minkin
It’s Roman at one through four. And for our purposes it’s the involvement in or toddler of criminal activity, as well as whether the healthcare entity has a history, violating the laws. And again, a compliance plan will hopefully alleviate those type issues. Can we go to the next slide, please? So importantly for our discussion, there are also two factors that can mitigate or lessen the potential penalties.

00:08:10:21 – 00:08:35:28
Ethan Minkin
And the first bullet point is really why we’re here today, the most important of all. And it is the existence of enough effective compliance and ethics program. And what it says effective. It means that you can’t come up with a document that’s your compliance plan, policies and procedures and other things. And then just put it on a bookshelf somewhere and forget about it.

00:08:36:00 – 00:09:01:00
Ethan Minkin
That is not an effective compliance plan that will not lead to mitigation. from a legal perspective, if the feds indict an organization. So why this is why we were here. And I’m going to turn the presentation over to Shari to talk about what a compliance program is.

00:09:01:03 – 00:09:27:15
Sheryn Honest
Thank you so much, Ethan. Appreciate the introduction. Now, to answer that question that you have of what’s an effective compliance program? The only way I can really answer is it depends. It depends on the organization, the size and the scope of the organization, the types of services they provide, how big or small they are. A compliance program or a compliance plan is not a one size fits all program.

00:09:27:18 – 00:09:50:15
Sheryn Honest
it will be based on, you know, like I mentioned, the size, the scope, how big or small that entity is. you know, the work that they’re doing now with the seven elements of the compliance plan that you see listed here, this is kind of the guideline that the OIG has provided to us in order to develop a good compliance, an effective compliance plan.

00:09:50:18 – 00:10:09:12
Sheryn Honest
So, you know, we could sit here, as he mentioned, when he was talking about the big four laws, we could sit here all day to try and discuss the seven elements. But because we are limited on time as we go through the presentation, I’m going to touch, on a couple of different areas for for entities to consider.

00:10:09:14 – 00:10:13:20
Sheryn Honest
Next slide please.

00:10:13:23 – 00:10:31:17
Sheryn Honest
Now this is a list of the seven elements, along with some of the common policies that are associated with those particular elements. I’m not going to read the slide to you, but I will be covering, some of these as we move forward in the presentation. Next slide please.

00:10:31:19 – 00:10:57:10
Sheryn Honest
Element one is your written policies and procedures. Now this is a this is a way having policies and procedures to guide your organization on the standards and requirements that are expected from relevant individuals. And and relevant individuals are in just a general perspective, anyone who works for or does work on behalf of an organization. Now, that could be your employees, your contractors, your vendors.

00:10:57:12 – 00:11:37:23
Sheryn Honest
It could even be a patient. Now, the written policies and procedures can be organization wide. So for example, your code of conduct and your compliance plan will give you what the expectations are as far as the organization’s mission, vision and values the ethical behavior that is expected within the organization. They’ll also list out the federal and state laws, associated with the organization that the organization will be expected to follow, as well, or in in addition to an organizational wide type policy like the compliance plan and code of conduct, you could also have department specific or role specific, policies and procedures.

00:11:37:25 – 00:11:42:06
Sheryn Honest
Next slide please.

00:11:42:09 – 00:12:10:08
Sheryn Honest
Your written policies and procedures need to be accessible to the relevant individuals. And when we say accessible on your intranet, on a website, it could be in a policy management system. It could even be on paper. Well whatever works and fits within that organization. And ideally, before actually implementing that policy and procedure, you want to try and distribute it to those individuals so that they have a view of what is expected of them and what standards that they have to follow.

00:12:10:08 – 00:12:37:00
Sheryn Honest
Once that new policy or updated policy is actually implemented and put into effect, you also want to have one repository for all the policies and procedures to be managed by that policy owner. trust me when I say it’s very difficult to manage different content within a policy or even versions of a policy when those policies are on an individual’s laptop or computer.

00:12:37:02 – 00:13:07:12
Sheryn Honest
there, because you can never necessarily know what the latest and greatest is. So ideally have one repository where all the different policies and procedures are housed. and sometimes it even becomes a fishing expedition, looking for the most recent policy and procedure, if it’s not in one repository. let’s say, for example, if that policy owner has exited the organization trying to find that most recent policy to submit to, an agency or an auditor becomes very difficult.

00:13:07:15 – 00:13:34:23
Sheryn Honest
And whether it’s an internal audit or an external audit, you want to be able to track and document when you have distributed the policies, when they were reviewed by the staff, you. Because those are that’s the type of evidence and auditor will want to have once they are looking at certain, policies being implemented and followed. You also want to test for understanding, is a policy written in a way that everyone can understand.

00:13:35:00 – 00:14:01:11
Sheryn Honest
Is it in an appropriate reading level? Is it written in plain language? And you may also want to consider language translation. If, for example, your population of relevant individuals is, if you have a large population where English isn’t their first language, you may also want to consider actually having some kind of, translation to that policy to help in the understanding of it.

00:14:01:14 – 00:14:29:26
Sheryn Honest
You want to make sure that your compliance officer and your compliance committee are available to the individuals within the organization to answer any questions about any policy that’s just been released. it makes it very, easy to be able to respond to questions. This helps in managing the actual accuracy of the policy, as well as potentially mitigating risks as people ask questions about certain, let’s say, items within a particular policy.

00:14:30:01 – 00:14:59:14
Sheryn Honest
So you want to make sure that your compliance officials are available and accessible to your staff. And definitely you have to review and update your policies and procedures and make sure that they’re maintained, at least on an annual basis, if not more frequently. and more frequently, it, let’s say if a law or regulation has changed or if there’s something that’s been updated within the organization itself, you’ll want to make sure that you look through your policies and make sure that they are updated, to whatever changes have just occurred.

00:14:59:16 – 00:15:03:21
Sheryn Honest
Next slide please.

00:15:03:24 – 00:15:28:16
Sheryn Honest
Now, this is a list of organization wide policies and procedures that are pretty common. again, they’re based on the size and structure of an organization. So you don’t necessarily need to have, every single one of these listed individually. You may be able to have if you’re a smaller organization, you may be able to have your conflict of interest policy and your gift and gratuity policy, rolled into, let’s say, your compliance plan.

00:15:28:18 – 00:15:55:02
Sheryn Honest
You know, it really just depends on whether you know what the size of the organization. And if you really need to have a separate document, to show that you have that policy and procedure available. Now, we’ve already touched on the the code of conduct a little bit, as well as the compliance plan and another important policy and procedure to have, especially for healthcare organizations is your HIPAA, privacy and security, policy.

00:15:55:05 – 00:16:27:08
Sheryn Honest
And this policy sets forth the standards that are expected on how an organization will keep and manage, maintain and protect a patient’s protected health information. So this will allow also in stating how that organization is going to allow the use and disclosure of a patient’s or their protected health information, so that they can get adequate access to care in a quick and timely manner, and that so that they also have quality of care.

00:16:27:10 – 00:16:43:01
Sheryn Honest
So you need to manage how that information is distributed and sent out as well. And your HIPAA policy and procedure privacy security procedure will help with that. Next slide please.

00:16:43:04 – 00:17:15:19
Sheryn Honest
Element two is leadership oversight. Now this policy will set the and and actually reinforce the standards and the culture of ethics and compliance within an organization. They need to be demonstrated by your top leaders, your board your executive team, your managers, your supervisors. Auditors are going to look not just for that policy and the words on the page, but they’re going to look to see and make sure that that policy is being followed and actually demonstrated and that you’re able to track the information within, that policy and the distribution of it.

00:17:15:19 – 00:17:52:22
Sheryn Honest
And you test for understanding. Now, prior to the new compliance guidance that came out, typically the the oversight of the compliance function laid with one person with the compliance officer. now, with the new guidance, it’s not just one person who, you know, has that function and oversight of compliance. The OIG expects the board as well as the compliance committee to have, a much more, accountable, status within the compliance program to help support and make sure it’s implemented appropriately and that it’s running smoothly.

00:17:52:24 – 00:18:14:26
Sheryn Honest
the you want to make sure also that you have adequate resources and budgets, that are assigned to the the compliance function. Now, this is also depends again on the size and scope of the organization. So smaller organizations, you know, may have someone in the compliance function who also has other duties within the organization, a larger organization.

00:18:14:26 – 00:18:35:22
Sheryn Honest
You may have multiple people within that organization in a compliance function. So it just really depends again on the size and scope. And the organization itself will need to determine how many resources and budget is going to be allocated to the compliance department based on on the work, the scope of work, as well as the size of the entity.

00:18:35:24 – 00:19:00:08
Sheryn Honest
And just keep in mind, also, the OIG does look at separation of duties within the compliance, function. They want to make sure that, you know, people who are in the first line of providing healthcare services and or potentially in the revenue cycle area, doing coding, billing, documentation, functions don’t necessarily have, a responsibility within the compliance function.

00:19:00:14 – 00:19:11:26
Sheryn Honest
They want to make sure that that those functions are separate than compliance. Next slide please.

00:19:11:29 – 00:19:34:25
Sheryn Honest
Element three is your training and education. Now this is going to be based on creating your your training and education program. It’s going to be based on your organization’s risks. And the different lessons learned let’s say through audits. So for example, some of the risks that are out there could potentially be, you know, coding and documentation for a healthcare provider.

00:19:34:27 – 00:19:57:18
Sheryn Honest
it could definitely be a data security risk, for a clearinghouse. So we’ve just recently seen the change, healthcare, incident that occurred. So data security is also a risk that, you know, we all in the healthcare industry would face. also, you know, for health plans, it could be their sales and marketing practices that could be a risk.

00:19:57:24 – 00:20:23:01
Sheryn Honest
So you want to train towards whatever the organization’s risks are. And you also want to make sure that within that education and training, you’re also stating what federal and state laws are applicable to the organization so that everyone can be aware of, you know, the potential consequence of noncompliance with them. You want to have targeted training and education for for the people who are within the organization.

00:20:23:03 – 00:20:51:09
Sheryn Honest
So let’s say, you know, based on a position or role, let’s say, for example, you have the board. You want to make sure that they have specific board training. Your your coders and builders. Builders will have specific training, associate to them. They’re going to have the organization wide training. But there should also be targeted training so that they understand specific risks associated to their positions and the work that they do, and that they’re responsible for.

00:20:51:11 – 00:21:19:18
Sheryn Honest
And finally, you want to make sure that that your training is accessible to your diverse, staff, right? Culturally accessible, you know, it can be available in different languages, provided in different formats. You know, it could be in person, videoed. it could be in a training management system, you know, so you want to make sure that it’s accessible to, to the way different people are able to, to view that training and education.

00:21:19:21 – 00:21:25:09
Sheryn Honest
Next slide please.

00:21:25:11 – 00:21:48:29
Sheryn Honest
Element four is an effective communication policy. And this means having an open line of communication. and that could be and should really be having an open door policy for the compliance officer. Everyone within the organization should know how to contact that compliance officer. Know how you know there should be information posted in in places that the staff frequently, are in.

00:21:49:01 – 00:22:07:10
Sheryn Honest
let’s say a break room or around, another nurse’s station. If it’s if you’re in a clinic, you want to make sure that they have access to that compliance officers, you know, email who they can contact by phone. They can, you know, have a compliance portal that they can, access if they want to report a concern.

00:22:07:13 – 00:22:35:10
Sheryn Honest
And you really want to be able to from a from that compliance function, build trust within the organization, make sure people feel safe and understand, you know, there is confidentiality when they come forward with different concerns. so unless there’s a requirement that some information needs to be shared, there is confidentiality. When when someone comes to your compliance officer or compliance department to, to, express a concern that they have now.

00:22:35:10 – 00:23:05:24
Sheryn Honest
And if an individual does come forward in good faith to report a concern, you also want to make sure that they understand that retaliation within the organization will not be tolerated. typically in a non retaliation policy you will state that very clearly. so in good faith, if someone comes in reports and says, you know, I’ve seen X, Y and z, then they should not be afraid that, you know, they’re going to be, let’s say, shunned or, or someone would look to potentially terminate them because of reporting this concern.

00:23:05:27 – 00:23:28:24
Sheryn Honest
There are protections there. And it should also be listed within your non retaliation policy. And another way to continue to build that trust. within the the organization is to make sure that everyone knows how to report concerns, whether it’s internally, you know, with a hotline or, a compliance portal or even externally to federal and state agencies.

00:23:29:00 – 00:23:57:28
Sheryn Honest
They should be given that information so that they should they have the ability and the comfort level to be able to report wherever they they are comfortable reporting, because the main idea is to identify an issue and then mitigate that issue. however you get that information is one thing. I mean, there’s definitely anonymous reporting as well, that you can have through a hotline, where they don’t have to leave their particular details or information, but just express their concern and provide any information.

00:23:58:00 – 00:24:06:01
Sheryn Honest
you know, that can help along with the investigation. Next slide please.

00:24:06:03 – 00:24:31:11
Sheryn Honest
Element five is enforcing standards. Now this is this policy will describe how an organization’s going to handle actions that are non-compliant or don’t adhere to a policy and procedure or standards or laws. You know, it should, you know, describe what steps are going to be taken, how an investigation is going to be handled, and what are the potential remedial actions that are going to be taken.

00:24:31:14 – 00:24:54:28
Sheryn Honest
Consequences of noncompliance, you know, could be based, will be based on the severity of the actual incident. And so, you know, it could be just education and retraining of a staff, a non, punitive type of, consequence. Or it could be all the way through termination and criminal prosecution, depending on if it’s a criminal act.

00:24:55:00 – 00:25:21:10
Sheryn Honest
So there are definitely different consequence cases for noncompliance. And your, your enforcing standards policy should list some of that information as well. And with incentives. You know, this is where your compliance committee as well as compliance officer should develop some type of way to encourage individuals to actively follow that compliance program and support the compliance program. Now, incentives could be, you know, through recognition.

00:25:21:14 – 00:25:45:12
Sheryn Honest
It could be a monetary or compensation incentive. or it could be another small gesture. And in one of the organizations that I, I work with, we developed an annual training competition. So, you know, throughout all the different markets and all the different departments within that organization, we said, okay, here’s the here’s the different training that that you’re responsible for.

00:25:45:14 – 00:26:09:22
Sheryn Honest
You have a deadline day. Everyone within that department who completes that training by that deadline. that department’s name then goes into a hat. We selected three, three different departments out of the hat. And those three departments who everyone within that department had completed the training within that, the target date would receive lunch. So, you know, those are small gestures.

00:26:09:22 – 00:26:31:29
Sheryn Honest
It could be small, like gift cards to Starbucks. You know, you have to consider the monetary value, and you’ll want to work with your compliance team and legal team to to make sure that whatever, you know, compensation is given in recognition and incentives. it is within appropriate guidelines. But but the OIG does encourage incentivizing individuals as well.

00:26:32:02 – 00:26:36:04
Sheryn Honest
Next slide please.

00:26:36:07 – 00:26:52:27
Sheryn Honest
So with element six element six is auditing and monitoring. You want to make sure that, you know you have an appropriate reporting system in place. You know, how can people report their concerns. And we’ve talked about that a little bit. Right. It could be anonymous. It could be a compliance portal. It could be in person to your compliance official.

00:26:53:01 – 00:27:14:21
Sheryn Honest
There could be many different ways an organization decides and determines how that reporting, should should be, should take place. it could even be a drop box. Or somebody could anonymously drop a note into a box where the compliance team, monitors frequently. Then you want to make sure that your policy will describe, you know, how risk assessments are.

00:27:14:21 – 00:27:44:23
Sheryn Honest
They are conducted. risk assessments should be conducted at least annually. And there are really there to identify and prioritize the top risks within your organization. Once those risks have been identified, then you want to develop your auditing and monitoring work plan. you know, you’ll identify at that point, you know, an audit schedule, you’ll create an audit schedule of of those top risks that you want to audit and determine, you know, do I need to audit this risk monthly?

00:27:44:25 – 00:28:05:14
Sheryn Honest
quarterly, yearly, and then develop an audit process which will determine, you know, what’s the scope of the audit? What’s, who’s going to participate in the audit? What data do you need to collect for that audit in order to have evidence towards whether or not, you know, that particular area is being compliant with the audit requirements.

00:28:05:16 – 00:28:28:17
Sheryn Honest
And once that audit is completed, then you want to have, you know, determine whether or not you actually need to have ongoing monitoring. Now, you can change, you know, the frequency of it. You can change the timing of an audit and or and the ongoing monitoring, just depending on what, the findings are. And you may also need to, you know, issue a corrective action plan.

00:28:28:19 – 00:28:52:15
Sheryn Honest
Now, if a corrective action plan is necessary, you know, typically identify what deficiencies were were found with the audit. it’ll request a root cause analysis to be conducted. And, and because going to touch base a little bit further on the root cause analysis. So I’ll just, you know, I’ll move on. You also will have a target date of when the corrective action is going to take place.

00:28:52:15 – 00:29:02:15
Sheryn Honest
And then who’s responsible for that corrective action to, to take place. Next slide please.

00:29:02:17 – 00:29:28:15
Sheryn Honest
Element seven is responding to offenses. Now offenses can be again detected in multiple ways. And we touch base on that. You know through the different different reporting systems. Anonymous patient complaints directly to the compliance officer. But once these issues have been identified, you have to then determine whether or not an investigation is needed. If an investigation is needed.

00:29:28:20 – 00:29:53:06
Sheryn Honest
You’ll interview, the different individuals potentially involved or who have knowledge of of the different issue. You’ll want to then review documents and data and data analytics and then determine whether what that impact is of that and the extent of the offense. Depending on that extent of the offense, you may need to coordinate with your legal department and your legal counsel.

00:29:53:09 – 00:30:22:20
Sheryn Honest
to help you navigate through any legal implications that of that offense. And then you also want to consider whether or not that offense is reportable to the government. did it violate the law? as Ethan mentioned, those big for laws, your anti kickback, your stark, the false claims act, the civil money money, monetary penalties. did any of those, the offenses or the issue that was found throughout the investigation?

00:30:22:23 – 00:30:50:11
Sheryn Honest
Did that violate a law? Is there a patient safety concern? Do you need to report to the government and how do you report that? Now, OIG, what really OIG wants to see is, you know, so an organization properly reporting any kind of offenses utilizing the voluntary self disciplinary program that they have in place, which helps then individuals and organizations to to report concerns or and to self report.

00:30:50:13 – 00:31:08:24
Sheryn Honest
And this really when, when organizations self-report it really shows and demonstrates the clear message of that organization operating at a very high ethical and compliance level. Next slide please.

00:31:08:26 – 00:31:36:02
Sheryn Honest
Now, there have been in general, the compliance program guidance hasn’t changed a lot. However, there have been, some changes. The old this new program guidance provides additional clarity and emphasis on in certain areas. However, there are areas, new areas that the OIG is going to, you know, put a little bit more emphasis on as and look at further into in the future.

00:31:36:04 – 00:32:03:14
Sheryn Honest
So for example, you have new entrance into healthcare. You have, technology companies, you know, who support healthcare providers with different, let’s say, applications or other data analytics services, who are new entrants. You also have private equity, who are, new entrants into the healthcare industry. And and these new entrants may or may not understand the full extent of the regulatory requirements in healthcare.

00:32:03:17 – 00:32:23:00
Sheryn Honest
you know, they may not be familiar with the healthcare landscape. So these are definitely areas that the OIG is going to be looking at, as well as healthcare organizations already in existence, but who maybe are looking at a new line of business. You know, they may be going to a different new service line, which they may not be familiar with.

00:32:23:03 – 00:32:51:11
Sheryn Honest
So they’re also going to the OIG will keep an eye on on these new entrants into the healthcare, industry. The guidance, the new guidance also provides additional clarification within the small and large entity compliance programs. Now, for all intents and purposes, you know, the expectations are similar. But the guidance does acknowledge that there are different resource capabilities between small organizations and larger entities.

00:32:51:13 – 00:33:21:27
Sheryn Honest
and gives some clarification on what’s expected. The OIG resources within the guidance are are phenomenal. I would really recommend everyone take a look at it. And ideally online and online, because within the document, when you pull it up online, there are a plethora of hyperlinks and information to other websites and guidance that will be helpful if, if and when you’re developing or updating your compliance program.

00:33:21:29 – 00:33:39:08
Sheryn Honest
Also new is the quality and patient safety requirements. from a compliance program perspective, I’m going to go ahead and turn the presentation over to MPCa, who will go a little bit further into this area. Thank you.

00:33:39:10 – 00:34:04:17
Ambika Kanta
Thank you so much, Cherien. Appreciate being here with everyone today. so really to touch on the quality component. that have been recently introduced into the new guidance. historically, we haven’t seen that we haven’t seen that published before around quality. but now it’s becoming more evident and by quality really defining it as quality of care and patient safety.

00:34:04:18 – 00:34:30:12
Ambika Kanta
So, these are things that you might see in current regulations like the air Q or Joint Commission. so, you know, slips and falls. things like needle sticks. those are all areas related to and around quality of care and patient safety. Now, traditionally, we’ve seen this, more focused on acute or post-acute facilities and residential care.

00:34:30:14 – 00:34:53:05
Ambika Kanta
And the the guidance of the OIG has also pointed a little bit more towards those facilities. But that doesn’t mean from an outpatient setting, we can’t incorporate that into our compliance plans. And that’s definitely a recommendation I would give to all organizations. making sure that we you do have something in place for quality of care and patient safety.

00:34:53:07 – 00:35:13:19
Ambika Kanta
and first and foremost, that could look like, you know, risk assessment, doing that as, as Sherry mentioned by department. doing that on an annual basis at least. but also another way you could kind of, capture quality of care and patient safety is through tracking and monitoring of grievances. so grievances are also synonymous with complaints.

00:35:13:24 – 00:35:36:15
Ambika Kanta
For purposes of today, I’m going to refer to them as grievances that none of us have. you know, we’re probably not. not to a known about grievances or complaints. We’ve seen them. Patients are very eager to share their thoughts and experiences. I’ve facilities and care. these are also things that end up being published in various platforms.

00:35:36:15 – 00:36:00:03
Ambika Kanta
So, tracking those is a great way to capture, quality and patient safety. So, just for example, you could have a centralized location or centralized person repository, whether that even be a spreadsheet, a could be paper. But, you know, let’s try a little more automated. that could be a spreadsheet of tracking those complaints and then identifying them in categories.

00:36:00:03 – 00:36:24:11
Ambika Kanta
So, you know, was this complaint based on perhaps a delay in medication or as mentioned, you know, was this based on a needle stick or something? that we also need to classify a little bit differently. Perhaps it was a procedure or surgery that occurred on the wrong limb or wrong area. ideally, that doesn’t happen, but it does as we want to track and monitor those.

00:36:24:11 – 00:36:52:15
Ambika Kanta
So categorizing them first and again you can refer to though I guess, kind of a toolkit that’s provided. and then from there sort of sub classifying them as what type of harm event, could this have been preventable? was there severe risk to the patient? was this an event that, was of significance? And then from there, definitely encourage you all or groups to really consider including physicians in the process.

00:36:52:17 – 00:37:18:09
Ambika Kanta
So if, non-clinical staff or even clinical staff are monitoring these grievances, identifying how and when to bring in the physician for review. this, commonly in kind of the antique world is referred to as peer review. but also from the standpoint of grievances, you know, if this is our if these grievances become a trend for a certain provider or certain facility, it needs to be looked into further.

00:37:18:11 – 00:37:42:24
Ambika Kanta
perhaps that could impact contracting or credentialing with those groups. So, really from something that we’re all dealing with, such as grievances, tracking those, having someone responsible, identifying categories for them, bringing in your physician, and then from there kind of creating plans going forward to, negate that risk in the future and prevent it. And then ongoing monitoring.

00:37:42:27 – 00:38:04:00
Ambika Kanta
that’s been discussed today as well. And this really pans into all departments. So not just quality and patient safety though this is paramount that now we’re seeing it, brought in by the OIG. but as you know, Ethan previously mentioned as well, billing and coding that those are areas, false claims that have, continued to be audited.

00:38:04:02 – 00:38:29:23
Ambika Kanta
another area that we’ll probably see in future years, with more focus is going to be risk adjustment related to coding. but in the sense of appropriate coding, just like our fraud, waste and abuse and false claims, really ensuring that organizations are coding and doing diagnosis is appropriately pertaining to that patient, that there isn’t any false information being captured.

00:38:29:25 – 00:38:58:14
Ambika Kanta
Another area department to consider is going to be contracting, right. so your arrangements in your agreements with those groups should include components of offshoring, if they’re if that component is available or something that needs to be, taken a look at further. Is that something that is, authorized or maybe it’s not authorized. So, ensuring that that’s captured in your contract along with renumeration.

00:38:58:16 – 00:39:33:19
Ambika Kanta
so payment for services that if you are having or are entering into a capitation agreement that that is all laid out, clearly specified. it does align with billing and coding regulations at the same time as well. And then from a credentialing standpoint, I touched briefly on peer review, but peer review would tap into credentialing. if the provider or group or facility has, significant number of grievances where there has been patient harm, perhaps that that entity should not be credentialed or part of your network and part of your contracting as well.

00:39:33:21 – 00:39:58:18
Ambika Kanta
So doing those exact checks. and not just doing them once on an annual basis, but having those regular checks in place as well, to ensure you’re staying on top of those, you’re, tapped into anything that could have taken place, and you have a process aligned to support that with any delegated activity, even from the prior authorization and utilization management standpoint.

00:39:58:20 – 00:40:27:06
Ambika Kanta
really ensuring that those services are based on medical necessity. so from here, as Ethan mentioned, kind of the stark law, we don’t want to steer patients into an organization or a facility we have ties with that should also be based on medical necessity. And who is in your network? that is a big piece to to really consider, with prior authorization and, along those same lines, monitoring utilization management.

00:40:27:06 – 00:40:58:14
Ambika Kanta
So perhaps as you’re processing those authorizations, you’re also tracking, you know, the specialty or subspecialty they’re going to from that standpoint, you’re able to see, you know, from the outpatient or PCP perspective, could this service have been provided, provided within that that entity? or are we over utilizing services. So taking a look at that again, bringing in your your physician having that conversation and that could be tied back into contracting or credentialing along with billing.

00:40:58:16 – 00:41:26:25
Ambika Kanta
based on those services. Moving on to considerations for, really a compliance plan of an effective compliance plan. ensuring that you have policies and standards and workflows outlined, doing those risk assessment by department at least annually. as mentioned, that can be, become more frequent based on regulations or updates that are made by the government or even state entities.

00:41:26:28 – 00:41:52:18
Ambika Kanta
Perhaps also, your organization has gone through some changes to, maybe combining of department changes in leadership, perhaps more streamlined workflows. So those are reasons why you might want to we conduct a risk a risk assessment, update your policies and workflows. other things I recommend for, you know, departments and organizations to keep in mind is using the tools you already have available to you.

00:41:52:21 – 00:42:17:21
Ambika Kanta
So if you have any sort of automated system, a lot of them have reporting capabilities. Maybe their canned reports you can use to collect data. perhaps you can, gain or gather more data for a uni or bi directional interface. From the standpoint of care management or even utilization management, being able to get data from the hospital systems or your state health information exchange.

00:42:17:23 – 00:42:40:25
Ambika Kanta
Those are all great ways to maximize your data, and then be able to analyze it closer to identify where there are opportunities or areas for improvement. and then, you know, simply put, monitor, monitor your programs, monitor policies, when you’re doing that risk assessment and you’re analyzing that data, bring in compliance, bring in your quality teams, conduct mock audits.

00:42:40:25 – 00:43:07:16
Ambika Kanta
Those are great ways to get ahead of any audits you’re facing, whether it’s joint commission, a CMC audit. Ideally you’re doing those already. but if you’re not, you know, start out annually, increase those to quarterly and then get them going monthly and looking at your data. Your data is going to tell you and show you ways that, you know, there’s opportunity for growth or maybe you’re succeeding at something and you, you know, that’s a best practice.

00:43:07:18 – 00:43:31:09
Ambika Kanta
You might be able to share. and as you mentioned as well, committee review, having a committee that is going through your policies is going through your data to see, you know, maybe it ties into another area. So, for example, from a monitoring and utilization standpoint, maybe that is actually tied into the way that the contract language is, is proposed.

00:43:31:11 – 00:44:00:11
Ambika Kanta
So, from a committee, having a committee available will allow for, kind of a collection of ideas and groups coming together to solve for those problems and create improved processes. and really, from the corrective action plan standpoint in root causes, if that’s going to happen. Right. We’re all growing. We’re all improving. you might identify something that needs to be stopped or ceased immediately.

00:44:00:13 – 00:44:21:21
Ambika Kanta
to start that investigation. Again, bring in your committee, identify subgroups that can support, create that impact analysis. How many providers or patients who are impacted by the action or activity that was previously occurring? Identify ways to remediate. So maybe you need to put in a plan in place or process in place so that this doesn’t happen again.

00:44:21:24 – 00:44:46:05
Ambika Kanta
You’re preventing or mitigating that risk in the future. Track your effectiveness. Create those audit tools. Again, lean into systems and tools you already have in place. from an AI perspective, as that’s coming to the forefront, perhaps, your data team can support you, and, your eye may be looking at, some of the language you’re using in contract.

00:44:46:05 – 00:45:10:20
Ambika Kanta
Or, maybe your AI can help with, kind of automating some of the reporting coming out of your system. So there’s different ways to tap into that. and then always, first and foremost, if you have identified something that was an opportunity for improvement or something that did cost risk, self disclose that in your audit is a conversation that might not be the most comfortable to have.

00:45:10:23 – 00:45:36:11
Ambika Kanta
But then the auditor or the organization auditing you again, we’ll we’ll be in your organization or your department as one of high esteem because you are monitoring your compliance. You are taking those steps forward, and you’re doing something about the problem or the issue that you found. so an example for this really, are related to, prior authorizations and utilization management.

00:45:36:15 – 00:46:05:16
Ambika Kanta
And it also ties into claims. But entities that are health plans or global risk, for these services have to send out, a denial letter to patients. and so those are, formally termed as, an integrated denial notice or an icon. And those denial letters have to be an easy to understand language. And sometimes that can be a little bit tricky when you have clinical teams may be writing your denial letter.

00:46:05:17 – 00:46:42:21
Ambika Kanta
So in this instance I recommend maybe having a non clinical team member audit your denials for that easy to understand language. You can create a tracking tool and share all of the key points are met. The reason for the denial. You know what criteria was utilized. why it was denied and then, further recommendations thereafter. And that non-clinical person can can continue those audits and give you feedback to track that effectiveness, allowing that organization to move forward and successfully implement or administer, denial notices that are easy to read.

00:46:42:23 – 00:47:07:27
Ambika Kanta
So all in all, we have tools and resources that we’ve touched on today collectively as a group. guidance, as mentioned previously, has been around since the 1990s. this last year saw some, new improvements in guidance and publications. And as Ethan mentioned, this year we’ll likely see some additional, guidance around Medicare Advantage and nursing homes.

00:47:07:29 – 00:47:32:15
Ambika Kanta
so please check out these links and resources available to you. and appreciate going through, the compliance training and education with you today. Our hope is that these tools and resources are useful, and some of these examples allow you and your organization to be successful and providing an effective compliance plan and quality care to your patients.

00:47:32:18 – 00:47:38:24
Ambika Kanta
I will, turn it over to Ethan for any questions from the audience.

00:47:38:26 – 00:48:06:21
Ethan Minkin
yes, I have some questions. we talked about, Sheridan specific policies and procedures and a compliance plan. And, you know, that that that can sound very daunting, to have to put together a program. Have you seen, like, off the shelf, policies and plans that you can start with? and then Taylor from there.

00:48:06:24 – 00:48:27:21
Sheryn Honest
you know, there are some templates, Ethan, that are out there, that kind of give you some of the standard areas that you want to look at, for example, in a compliance plan. You know, it might it might give you the heading topics, but really, writing these policies and procedures, it’s not really it’s not like a book on the shelf.

00:48:27:23 – 00:49:00:09
Sheryn Honest
They have to be really tailored to the organization, because using a standard template may give you the subject headings that you need to include within that policy and procedure, but really it’s based on the risk of the organization, the scope of the organization, and the size, because it might be, you know, 1 or 2 doctor practice may have certain, you know, requirements that they have, whereas a larger entity would have, you know, maybe trouble the the requirements that we need to have.

00:49:00:15 – 00:49:15:29
Sheryn Honest
So it’s really going to be based on that specific organization. So there’s some templates that’ll give you like the topic headings. But you really have to look in depth within each of the, the areas of the policy to tailor to your organization.

00:49:16:01 – 00:49:42:27
Ethan Minkin
Great. I’ve always found that the auditing and monitoring piece is the most difficult, at least as a lawyer, because we’re not as familiar right with how the organization and the specifics. Do you have any, either one of you tips when it comes to identifying, you know, areas to audit it? how that is developed?

00:49:42:29 – 00:50:11:28
Ambika Kanta
Definitely. From that standpoint, I’d probably use past audit audits the organization’s gone through. So if they have any tools or resources that were previous to previously used tapping into those, you know, you don’t have to recreate the wheel using that as a baseline. and also from the standpoint of regulation, if there is, the entities going through an audit from, you know, CMS or Joint Commission or eNCA or Europe.

00:50:12:00 – 00:50:42:21
Ambika Kanta
there are generally some loose templates that are available as far as what will be audited during that time frame. So using maybe if it’s verbiage is taking that verbiage and turning it into an audit tool. and making those into metrics so you can identify from the standpoint of, you know, the auditor, we’re looking for a complete file with demographic information or, from the standpoint of credentialing, you know, looking at it with not just demographics, but a CV.

00:50:42:27 – 00:50:56:28
Ambika Kanta
I know exact, that the licensure was verified. So taking those, existing resources that exist and kind of turning that verbiage into a way or a means of monitoring using a simple spreadsheet.

00:50:57:00 – 00:51:00:08
Ethan Minkin
That’s great. Add to that on.

00:51:00:10 – 00:51:21:09
Sheryn Honest
Yeah. I’ll just add just one more thing. as you mentioned, Ethan, you know it if if you are, an attorney trying to identify, you know, what those some risks are, you may want to see if that organization has conducted a risk assessment and get a look at that, because then that will kind of tell you and lead you towards okay, here are the risks.

00:51:21:09 – 00:51:43:18
Sheryn Honest
And then you’ll be able to, you know, further delve into okay these are the top three risks. And these are the things that we need to make sure are covered. you know, as I’m, as I’m leading the climb towards whatever solution is needed. So if they have a risk assessment that’s been conducted, that that might be an also a good area to to take a look at, to see what they themselves have identified.

00:51:43:20 – 00:52:08:09
Ethan Minkin
Thank you. Yeah. It’s a it’s a hard area. but but obviously an extremely important area, to, to be able to monitor and audit and, you know, make sure you’re not finding any issues, but identifying those areas where there are potential issues, I just, I think that, it’s a it’s a difficult task. And, it’s good to hear the these tips.

00:52:08:12 – 00:52:33:27
Ethan Minkin
Shari, I don’t know how much you can talk about this, but I know that earlier this year, you were part of a workgroup, that was assembled by, Medicare for, to discuss the individualized plans for Medicare Advantage plans, which for people that aren’t familiar, that’s essentially a managed care within Medicare used to be called Medicare plus choice.

00:52:33:27 – 00:52:42:21
Ethan Minkin
Now it’s called Medicare Advantage. so in any event, I don’t want to talk too much. Is there anything you can share from that?

00:52:42:24 – 00:53:04:21
Sheryn Honest
Sure. Yes. so, I mean, I was really honored, the OIG invited me to participate in, in the focus group, that they have around Medicare Advantage and, first year downstream related entities. and what I can say is it was a small group of, individuals that are we do work within the Medicare Advantage space.

00:53:04:24 – 00:53:26:06
Sheryn Honest
there was a, you know, healthcare attorneys, people working in the industry on behalf of health plans, other consultants. So, you know, we discussed and the questions, you know, were really left off in general, you know, to get our input. So, you know, when the OIG, legal team was asking, they were just very open ended questions.

00:53:26:09 – 00:53:47:07
Sheryn Honest
And, you know, we were able to provide the pros and cons of of our past experiences and the things that we had been able to to see. And definitely, you know, a couple of the items that did come up that is, in the the guidance that we just went through are the new entrants. So, you know, they did talk about technology companies and private equity.

00:53:47:10 – 00:54:11:01
Sheryn Honest
So I, I’m pretty confident that at some point those two areas, even though there might not be a specific, you know, industry specific guidance for technology and private equity, I believe that, you know, the other areas that will have those GP’s will have an element of technology and private equity within them, where people will need to who are working.

00:54:11:01 – 00:54:37:11
Sheryn Honest
Let’s say, you know, when they come out with the nursing home or the the clinical laboratory, specific industry specific guidance. They’re going to talk about private equity involvement or technology, company involvement and things that are potential risks to those, different areas. And, so I, you know, I, I’m pretty confident that some information, further information will come out on technology and, and private equity as well.

00:54:37:11 – 00:54:41:11
Sheryn Honest
Those new entrants we talked about earlier in the presentation.

00:54:41:13 – 00:55:02:09
Ethan Minkin
Excellent, excellent. And actually one thing that was mentioned during the presentation specifically was, you know, AI, artificial intelligence. Have either of you worked with an organization previously that use the AI software, and if so, do you have any feedback from what you’ve seen?

00:55:02:12 – 00:55:44:12
Ambika Kanta
I’d say, we were exploring the option of, of AI, and that was related to, utilization management, software nowadays, with AI, can I kind of compute the languages, or verbiage within document? So from a standpoint, for prior authorizations, being able to identify softly, does this documentation meet criteria and medical necessity based on all of the, clinical information provided and then sort of do a soft hand-off there to the clinical team, reducing the time the clinical team needs to spend on delving into the documentation.

00:55:44:15 – 00:56:20:18
Ambika Kanta
And the AI software would pinpoint areas to focus on, such as, let’s say that the patient was going in for surgery and prior to the surgery, they needed to meet certain requirements like physical therapy and MRI joint injection. So knowing the AI software would know what the the criteria it was that was required to be approved, and it would kind of look for that information within the clinical documentation, be able to point it out, allowing the clinical staff to have a little more focus versus having to go through sometimes 100 pages of documentation.

00:56:20:18 – 00:56:30:09
Ambika Kanta
So, I haven’t experienced it quite yet, but there are lots of tools and researchers out there that are are definitely maximizing that potential.

00:56:30:11 – 00:56:52:20
Ethan Minkin
Yeah, I always imagine that it would be an incredible tool to kind of lay over your claim system to to look for potential like fraudulent claims, right? I mean, there’s there are patterns that you can come up with that will help detect whether there is a potential issue. Have you seen anything on the claims side at all with AI or not yet?

00:56:52:23 – 00:57:16:02
Sheryn Honest
No. You know what? Not yet. I know that there are different advances that that let’s say the revenue cycle side is making, you know, there are a lot of things from a coding and documentation perspective that they do have, I’m not sure if the right terminology is like a scraping tool, but it’ll go and review the documentation and look for certain that, let’s say, diagnoses that are risk adjusting that type of thing.

00:57:16:02 – 00:57:47:14
Sheryn Honest
So definitely there have been, for quite a while now. I supported, I think Watson was one of the first that I’d heard of years ago. it was one of the tools, that word was out there, but, you know, it’s it is so I don’t want to say it’s so new, but the emphasis on it and, you know, the new entrants working with AI, just and as it continues to develop, there’s definitely going to be things from a compliance perspective.

00:57:47:16 – 00:58:16:04
Sheryn Honest
You know, anyone working in that I feel will want to make sure, you know that they have a very robust review of, of their program of the things that that that AI is, capturing, making sure appropriate consents are in place. whether it’s, you know, with providers, patients, that type of thing. Did you want to make sure that that information that’s being, you know, scrubbed through or through that AI system comes out with the most accurate, information?

00:58:16:06 – 00:58:21:06
Sheryn Honest
Because ideally it’s going to be there. The bottom line treat a patient and manage a patient’s care.

00:58:21:09 – 00:58:48:06
Ethan Minkin
Interesting. Yeah. I helped a client a couple of years ago negotiate its first AI contract, lay over its claim system, and what surprised me was how expensive the software was. I mean, it was not cheap. And maybe over time, you know, that’ll come down the pricing. But I was actually pretty surprised. so but at the same time, I’m sure it’s a worthwhile investment, for a company.

00:58:48:09 – 00:59:14:00
Ethan Minkin
and so, but, you know, there are risk, as the OIG points out, and that has to be considered as well, not just by the healthcare organization, but by the tech company that’s developing that software. I mean, smart tech companies that work in healthcare, you know, they they work to identify risk as well to, you know, to help the client and, you know, promote software that, you know, actually does a good thing.

00:59:14:03 – 00:59:35:14
Ethan Minkin
well, I think we have one minute left and I’ve got a lot of questions and we’re not going to cover, all of them. So in any event, I think this is a good point to stop. I really appreciate, Ambika and Sherene taking time out of their very busy schedules. I hope this was educational for everyone.

00:59:35:16 – 00:59:57:24
Ethan Minkin
And I’m sure in the coming months, we will have further updates. about the compliance guidance on the individualized side. Thank you very much. And before I forget, I think the slides are available for anyone that would like to download them. and if not, I think it will be posted on our website at some point for download.

00:59:57:29 – 01:00:05:17
Ethan Minkin
So thank you all for attending. we really appreciate it.