380 likes | 537 Vues
Implementing Effective Monitoring and Auditing Activities and Program Assessments. HCCA’s 2000 Compliance Institute New Orleans September 26, 2000
E N D
Implementing Effective Monitoring and Auditing Activities and Program Assessments HCCA’s 2000 Compliance Institute New Orleans September 26, 2000 Michael C. Hemsley, Esq., Vice President, Corporate Compliance and Legal Services, Catholic Health East, Newtown Square, PA Tel: 610-355-2047 mhemsley@che.org David W. Rogers, C.P.A. - Partner, Deloitte & Touche LLP, Boston MA Tel: 617-437-2366, darogers@dttus.com
Table of Contents I. Presentation Objectives II. Monitoring and Auditing A. What are Monitoring and Auditing? B. Objectives From the Organization’s Perspective C. Objectives From the Auditor’s Perspective D. Who Should Perform? E. Impediments to Effective Monitoring and Auditing F. Successful Strategies G. Responding to the Results III. Compliance Program Assessments A. What Is a Compliance Program Assessment? B. Why Perform a Program Assessment? C. Assessment Objectives D. Program Assessment Structure E. Assessment Process F. Assessment Results G. CHE Interpretation of the Results H. Use of Results/Future Assessments
I. Presentation Objectives Implementing Effective Auditing/Monitoring Activities and Compliance Program Assessments • OIG Guidance Statements make clear that monitoring and auditing are obligations of an effective compliance program and extend to the periodic assessment of the compliance program itself, as well as operational risk areas. This program addresses strategies for implementing auditing/monitoring activities that are effectively designed with a risk priority focus and are conducted on a day-to-day basis by the organization’s clinical and operational managers and employees. • This program also presents the methodology used by a large, multi-state not-for-profit healthcare System to assess the overall status of compliance program implementation at its various controlled affiliates, and the complexities of conducting corporate-level assessments of such.
II. Monitoring & Auditing A. What are Monitoring and Auditing? • Monitoring • Monitoring is analyzing data on a large volume of transactions against benchmarks and historical trends to identify unexpected results/trends for further analysis • Focuses on the characteristics of overall populations • Generally will not provide specific information on the reasons behind what is being observed • Examples: • DRG Frequency Analysis • Physician Billing Code Profiles • CPT/HCPCS Procedure/Test Volume Analysis • Denial Reason Trending • 72-Hour Edits • Zero-pay APC Reporting • Annual Employee Feedback Surveys • Risk Assessment Results
II. Monitoring & Auditing A. What are Monitoring and Auditing? • Below is an example of a monitoring analysis Certified Nurse Midwives New Patient E/M Utilization E/M Utilization Expected Utilization CMN #1 CMN#2 CMN#3 CMN#4 CMN #5 99201 10% 9% 5% 15% 4% 6% 14% 15% 11% 20% 20% 9% 99202 99203 38% 42% 30% 35% 30% 34% 99204 34% 25% 42% 25% 30% 35% 8% 8% 8% 15% 5% 18% 99205
II. Monitoring & Auditing A. What are Monitoring and Auditing? • Auditing • Auditing is the detailed testing of individual transactions for compliance with applicable policies, procedures, rules and regulations. • Focus is on individual transactions • Requires extrapolation to evaluate overall population • Examples: • Test a sample of Medicare inpatient DRGs • Test a sample of specific physician claims • Test claims submitted by certain specific coders • Test claims processed during certain time periods
II. Monitoring & Auditing B. Objectives From the Organization’s Perspective • OIG Compliance Guidance for Hospitals • Auditing and Monitoring: “An ongoing evaluation process is critical to a successful compliance program. The OIG believes that an effective program should incorporate thorough monitoring of it’s implementation and regular reporting to senior hospital or corporate officers…One effective tool to promote and ensure compliance is the performance of regular, periodic compliance audits by internal or external auditors who have expertise in federal and state health care statutes, regulations and federal health care program requirements.” • At the System level … “regular auditing and monitoring of the compliance activities of an individual hospital must be a key feature in any annual review. Appropriate reports on audit findings should be periodically provided and explained to parent organization’s senior staff and officers.”
II. Monitoring & Auditing B. Objectives From the Organization’s Perspective • Furtherance of the Board’s duty of care and attention in connection with ongoing operation of the organization’s business (See In re: Caremark International, Inc. Derivative Litigation 698A.2d. 959 (Del. Ch. 1996)) • Meet Government’s expectations for ongoing monitoring of compliance program implementation and for periodic compliance audits. (See, i.e. OIG Compliance Program Guidance for Hospitals at pages 42-45; @ http://www.hhs.gov/progorg/oig/modcomp/index.htm) • Provide management with comfort/early warning that compliance processes and policies are or are not being correctly utilized and providing opportunity for early intervention
II. Monitoring & Auditing B. Objectives From the Organization’s Perspective • Provide early screening of processes for more effective use of scarce internal audit resources • Reliability and integrity of information • Assure compliance with policies, plans, procedures, laws and regulations • Accomplishment of established objectives and goals for operations and programs
II. Monitoring & Auditing C. Objectives From the Auditor’s Perspective • Monitoring • Focuses on the big picture (i.e. the forest, not the trees) • Functions as an early warning system (i.e. radar) • Identifies areas of activity that may require further analysis • Challenges of monitoring: • What and how to monitor • What is the overall picture telling us? • What are the characteristics of the transactions that are shaping the overall picture? • Generally insufficient information is obtained to determine whether specific compliance violations are occurring
II. Monitoring & Auditing C. Objectives from the Auditor’s Perspective • Auditing • Focuses on individual transactions (i.e. trees, not the forest) • Can tell you a lot about the individual transactions tested, however, what the results say about the population of transactions can be less clear • Statistical sampling techniques are often employed to facilitate projection of audit results to an overall population • Challenges: • What is the appropriate definition of the audit population? • How do individual transactions results relate to the overall population or subpopulation? • What is the appropriate population/subpopulation to relate the audit result to? • Monitoring can help determine what populations should be audited. • What do we do with results? (haphazard variances or systemic problems?)
II. Monitoring & Auditing C. Objectives from the Auditor’s Perspective • Using monitoring to identify areas of exposure and then auditing a sample within these areas can be very effective. Certified Nurse Midwives New Patient E/M Utilization E/M Utilization Expected Utilization CMN #1 CMN#2 CMN#3 CMN#4 CMN #5 99201 10% 9% 5% 15% 4% 6% 14% 15% 11% 20% 20% 9% 99202 99203 38% 42% 30% 35% 30% 34% 99204 34% 25% 42% 25% 30% 35% 8% 8% 8% 15% 5% 18% 99205
II. Monitoring & Auditing D. Who Should Perform? • Monitoring • Often performed by operations/departmental personnel • Department Managers • Patient Accounts Managers • Director of Medical Records • Physician Practice Billing Director • Personnel reporting to each of above • Finance and/or Compliance Office and Internal Audit can also be effective points for monitoring activity • If performed by operations/departmental personnel, results should be periodically reviewed by compliance/internal audit • In essence review the monitoring activity to ensure it is occurring as planned and designed
II. Monitoring & Auditing D. Who Should Perform? • Auditing • Often performed by audit-oriented personnel • Internal Auditors • Compliance Auditors • Personnel independent of the area being audited • Outsourced to external consultants • Combination of Internal/External resources • Strong operations knowledge is important to effective auditing • Critical for proper audit design, execution and interpretation • Often requires combining individuals with operations knowledge with audit personnel • Complex to execute but can be very effective
II. Monitoring and Auditing E. Impediments to Effective Monitoring and Auditing • Not enough qualified personnel with technical skills in the area of review (e.g. clinical inpatient/outpatient coding expertise, laboratory expertise) • Lack of operations understanding • Lack of regulatory knowledge • Failure of risk identification process to identify the significant risk areas • Monitoring tools can be difficult to design
II. Monitoring and Auditing E. Impediments to Effective Monitoring and Auditing • Monitoring generally won’t provide specific information without further analysis (i.e. auditing) • Auditing generally won’t provide accurate direct knowledge of the overall population without monitoring information • Lack of independence of auditor(s) • Concern about possible disclosure (employees, government, public) • Inability to recommend effective solutions to issues identified • Lack of institutional readiness to deal with findings • Not involving legal counsel early in the process for issues that would benefit from attorney-client privilege
II. Monitoring & Auditing F. Successful Strategies • Monitoring • Use monitoring to help identify risks areas for further auditing • Use risk assessments to guide the design of monitoring activities • Auditing • Combine operations personnel and compliance/audit specialists • Powerful combination of specialized skills and knowledge • Reduces risk of departmental rejection • Promotes teamwork • Improves morale and sense of contribution • Improves overall quality of the audit process • Provides deeper knowledge of risk areas • Enhances awareness of compliance at operational levels
II. Monitoring & Auditing F. Successful Strategies • Monitoring and Auditing • Adequate and timely communication • Share results of monitoring so that auditing or other action steps can be conducted if warranted • Share results of audits quickly and openly, if possible, so that departments can respond and take action as appropriate • Cross-training • Auditors should be trained in many operational areas so that they can provide coverage for each other and assist as needed on particular projects • Having operations personnel “trained” in conducting audits can add to their knowledge and effectiveness • Self-assessment • Periodically evaluate how well the monitoring and auditing programs are working • External assessment • Periodic external assessments can add valuable perspectives on monitoring/auditing effectiveness and best practices
Design Evaluate Implement II. Monitoring & Auditing F. Successful Strategies • Build Results into Continuous Process Improvement
II. Monitoring & Auditing G. Responding to the Results • Influencing credible monitoring results in advance: • Establish monitoring protocol including documentation and reporting requirements • Include monitoring responsibility into job description or performance plan for involved managers • Include monitoring in internal audit plan • Utilize cross-trained teams in monitoring process • Acting on the results: • Organizational commitment to deal appropriately with results internally and with third parties • Recognition of auditor’s professional responsibilities and program policies or protocols relative to reporting of results • Documented protocol to direct process; referred to counsel • Documented evaluation and response to results with reasonable rationale for decisions made… the “20/20 Rule”.
III. Compliance Program Assessment The CHE Program Assessment • Corporate Profile • Organized 1997 • Governance: Corporate Membership Model • Size: • 15 Regional Health Corporations (RHC’s) • 3 Joint Operating Agreements • Over 93 facilities in 10 states • Compliance Program History • CHE plan adopted April 1998 • RHC’s to adapt and adopt plan • System support, coordination, monitoring of RHC programs • Quarterly reports to CHE from RHC/JOA compliance officers • Compliance program assessment commenced fall of 1999
III. Compliance Program Assessment A. What is a Compliance Program Assessment? • An appraisal or evaluation of the extent and quality of compliance program design and implementation measured against the following criteria or standards: • U.S. Sentencing Guidelines for Organizations (1991) • Relevant OIG Compliance Program Guidance • CHE’s Compliance Plan • RHC’s adapted Compliance Plan • RHC’s representations regarding plan implementation
III. Compliance Program Assessment A. What is a Compliance Program Assessment? • The Deliverables: • Reports that evaluate the compliance culture at each RHC and benchmark their developmental stage relative to related and unrelated organizations • A baseline for measuring improvement through subsequent assessments or audits • Prioritized recommendations for RHC specific program improvements • Recommendations on System-level program improvements to address common needs in a cost-effective manner and/or where greater consistency or uniformity is warranted
III. Compliance Program Assessment B. Why Perform a Program Assessment? • Imperatives for Assessments: • Board fiduciary duty - a natural step beyond Caremark • CHE Compliance Program responsibilities • OIG expectations • Reduction of direct and potential vicarious liability exposure • Benefits to System and RHC outweighs risks to each: • Major benefit - Reality check for RHC/System Boards and management resulting in refocused and prioritized compliance efforts • Major risk: Failure to act on results • Major tension: How to address program shortfalls with increasingly scarce resources
III. Compliance Program Assessment C. Assessment Objectives • System Objectives • Due Diligence • Process Verification – the extent to which each RHC is implementing activities as set forth in each RHC program • Confirmation of Essential Features – Assessment of RHC compliance efforts in light of USSG; OIG Guidance, CHE’s program • Process Documentation – Document and understand RHC program development and operationalization throughout the System • Identification of System Needs – Identify and prioritize System compliance objectives, allocating System resources and develop cost effective System solutions • System-Wide Audit Function – Commence process to structure and operationalize internal audit function
III. Compliance Program Assessment C. Assessment Objectives • Shared Objectives • Facilitate accumulation of documentation • Facilitate compliance process monitoring of the RHC’s • Development of compliance benchmarking • Identification of best practices • Development of priorities and action plans • Facilitate measurement of process improvement
III. Compliance Program Assessment D. Program Assessment Structure • Collaborative process with RHC’s • Common justification for process • Joint benefits • Scheduling and resources • Awareness of privilege and other sensitive issues • Scope of Assessments • RHC input on draft report • Management response • Selling points
III. Compliance Program Assessment D. Program Assessment Structure • Issues • Independent consultant or self assessments • Limitations on scope of engagement • Confidentiality and privileges • Assessment priorities • Level of review • RHC liaisons and use of internal staff • Assessment process tools: • Request for production of documents • Compliance officer questionnaire • Employee survey (scope, distribution, timing) • Interviews (scope and distribution) • Assessment reports • Not privileged • Uses and audiences • Disclosures
III. Compliance Program Assessment E. Assessment Process • Combination of document review, interviews and employee surveys, designed in the context of an industry specific risk focus, proved to be very effective • Employee surveys reinforced observations and added depth to the overall process • Interviews need to be numerous to avoid inaccurate perspective • The assessment process was only partially effective at validating the quality of monitoring and auditing activities • Process visibly reinforces the organization’s commitment to compliance
III. Compliance Program Assessment F. Assessment Results • Common Compliance Program Strengths • Overall program design • Establishment of Board oversight • Designation of Compliance Officer • Outline of compliance program activities and objectives • General compliance training
III. Compliance Program Assessment F. Assessment Results • Common Compliance Program Weaknesses • Not enough resources • Negatively impacts the amount and quality of program activity • Lack of integration of detail departmental policies and procedures with the compliance program • Risk assessment activity lacked sufficient depth • Lack of auditing and monitoring activities • Need for more specialized training • Difficulty incorporating physicians into the compliance plan • Difficulty integrating subsidiary organizations into the compliance structure • Lack of ongoing employee input on knowledge of and effectiveness of compliance program
Assessment Areas ABC Heath System Design Implementation Written Compliance Standards, Policies and Procedures Compliance Structure and High-Level Oversight Compliance Program Implementation Process Communication, Education and Training Compliance Enforcement and Discipline Screening, Contracting and Compliance-Related Due Diligence Monitoring, Auditing and Evaluation Compliance Disclosure Mechanisms, Investigations and Reports Evaluation Scale Low Moderate High III. Compliance Program Assessment F. Assessment Results • Example assessment tool
Evaluative Criteria (See Section VII) Employee Policy Code of Policy Policy Use & Awareness & Formation & Conduct Integration Access Understanding Enhancement Northeast Division ABC Health System Design Implementation CDE Corporation Design Implementation EFG Health System of Design Implementation GHI Health Design System, Inc. Implementation JKL Health Design System Implementation Mid-Atlantic Division MNO Health System of Design Implementation PQR System Design . Implementation STU System Design Implementation III. Compliance Program Assessment F. Assessment Results • Example assessment tool
Assessment Areas Written Compliance Compliance Communica- Enforcement & Screening, Monitoring, Disclosure Compliance Infrastructure & Program tion, Training Discipline Contracting & Auditing & Mechanisms, Standards, High-Level Implementa- & Education Compliance Evaluation Investigations & Policies & Oversight tion Process Related Due Reports Procedures Diligence Division Name III. Compliance Program Assessment F. Assessment Results • Example Assessment Tool Design Entity # 1 Implementation Design Entity # 2 Implementation Design Entity # 3 Implementation Design Entity # 4 Implementation Design Entity # 5 Implementation
III. Compliance Program Assessment G. CHE Interpretation of the Results1 • Although significant progress is evident, many important program elements lag (i.e., operational risk assessments, benchmarking, monitoring and auditing) • Significant financial and manpower strains largely contribute to the most underdeveloped programs • Adequacy of program resources is and will remain a tension in program implementation • Largely unquantified with few meaningful benchmarks • Compliance Officers with multiple responsibilities • Program elements may need to be revisited; If organization cannot operate program to the level of program standards; can programs for struggling organizations be simplified and remain “effective”? 1Tentative conclusions as system assessment process is incomplete as of August 2000.
III. Compliance Program Assessment G. CHE Interpretation of the Results • Need to determine most cost effective means to ensure that all RHC advance meaningful risk assessment, monitoring and auditing of compliance with substantive legal requirements • Challenge to integrate program with medical staff
III. Compliance Program Assessment H. Use of Results/Future Assessments • The peril of failing to act on the results • The nature of required action relative to: a) Program design and implementation; b) Any disclosed compliance issues • Uses: • Document evidencing System and RHC due diligence for auditing and monitoring • Document evidencing exercise of Board’s fiduciary duties • Reality check for Board and Management on program progress and performance • Benchmark for future assessments • Basis for RHC action plan to address assessment recommendations • Advocacy document to support compliance program among competing organizational priorities at System/RHC • Identification of compliance initiatives appropriate for System approach
III. Compliance Program Assessment H. Use of Results/Future Assessments • Process • RHC Management to submit response to assessment report with action plan and timeline • Action plans reviewed by System Compliance and Audit Committee resulting in agreed upon plans • Development of Assessment/Internal Audit work plan for 2001 focused largely upon RHC action plans