Compliance Myths - Don't Be Fooled

 

Myth #1: I can outsource my compliance program and not be involved or held responsible.

 

The Truth: Compliance is a culture. Culture requires people. An effective compliance program must involve all employees, including management, with a strong commitment from leadership.

 

Myth #2: It doesn't matter if no one checks the compliance hotline-as long as we have a hotline number.

 

The Truth: The hotline can be a tool to help your organization identify non-compliance before an employee blows the whistle-but only if you use it. The hotline should be checked every day, and all calls should be logged, investigated, and reported to leadership.

 

Myth #3: The government will go easy on me if it is my first offense.

 

The Truth: The OIG doesn't give out warnings.

 

Myth #4: The government only targets large chain providers.

 

The Truth: Penalties are regularly issued to stand-alone providers. For example, this year, a single SNF paid $700,000 to resolve false claims allegations involving medically unnecessary rehabilitation therapy services, and a federal jury assessed a $28.1 Million penalty against a single nursing home owner in a Medicare and Medicaid fraud whistleblower action.

 

Myth #5: Because employee screening for OIG exclusion is not mandated by law, I can skip it.

 

The Truth: While it is not illegal not to screen employees against the OIG list, it is illegal to submit a claim to Medicare or Medicaid for services provided by an excluded provider. The OIG issues multiple penalties per month involving the employment of excluded providers, some amounting to hundreds of thousands of dollars. The only way to prevent such claims is by regularly screening employees.

 

Myth #6: My compliance officer is fantastic, so no one else needs to be involved.

 

The Truth: OIG guidance advises that an organization's commitment to compliance should "cascade down through management to every employee and contractor of the nursing facility." If an investigator showed up at your facility and asked the nearest employee about your compliance program, would they get a good response?

 

Myth #7: My only risk is financial.

 

The Truth: While six and seven figure penalties for non-compliance are scary enough, there are other risks: prison, lawsuits, class action lawsuits, exclusion from Medicare and Medicaid, and bad publicity.

 

Myth #8: I implemented HIPAA policies when the law became effective years ago, so I am HIPAA compliant.

 

The Truth: Since HIPAA was enacted, it has been updated multiple times-enforcement of the most recent modifications began in September 2013. Your HIPAA policies and procedures should be reviewed and revised every time there is a change in the law, the OCR issues new guidance pertinent to your facility, or your IT environment changes.

 

Myth #9: The Board/the boss doesn't have time for compliance.

 

The Truth: A compliance program cannot be effective without the involvement of leadership. OIG guidance, Federal Sentencing Guidelines, and corporate integrity agreements make it clear that compliance requires a formal commitment from the governing body to implement and oversee compliance.

 

Myth #10: I don't need an auditing and monitoring plan or strategy. I can handle issues as they come up.

 

The Truth: Without an auditing and monitoring plan, you are unlikely to uncover areas of noncompliance, and your compliance program will soon become outdated. With an auditing strategy, you can identify potential compliance risks and address them before the government does. An auditing plan is also essential to show that you have an effective compliance program-not just a binder of policies gathering dust.

 

MPA can help

 

To learn how MPA can help you avoid these and other compliance pitfalls, contact us at 314 434 4227 or email mcs@healthcareperformance.com.