Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page 0 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Compliance Effectiveness.

Published byMara Mooring Modified over 9 years ago

Similar presentations

Presentation on theme: "Page 0 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Compliance Effectiveness."— Presentation transcript:

1 Page 0 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Compliance Effectiveness Assessments Shannon Sumner, CPA Principal Georgia Hospital Association Compliance Officers Retreat September 3, 2014

2 Page 1 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Presentation Objectives Leading Practices in Compliance Programs Self Assessment Process Highlight Leading Practices in the Seven Elements Self Assessment Resources

3 Page 2 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Audience Questions – Experience New to Compliance Role (less than 1 year) In Honeymoon Phase (1-3 years) In Formative Years (4-5 years) Hitting Your Stride (6-10 years) Been There, Done That (>10 years)

4 Page 3 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Audience Questions – Size of Compliance Team Me, Myself, and I (1 person) Just the Two of Us (2 people) See No Evil, Hear No Evil, Speak No Evil (3 people) We are Family (4-5 people) Seriously? (>5 people)

5 Page 4 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Audience Questions – Duties Vanilla - Compliance Only Swirl - Internal Audit and Compliance Rocky Road - Everything!!

6 Page 5 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Headlines Hospitals must address employee fraud reports with procedural fairness

7 Page 6 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Self Assessment Process There is not one single best Compliance Assessment Tool! Collaborate with Internal Audit where possible. Partner with another Compliance Officer – peer review. Recommend Scoring Tool: ­ Facilitates Education and Training. ­ Facilitates Trending by Area.

8 Page 7 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Key Questions to Ask How would you rate your own Compliance Program (Scale 1 – 5, 5 Highest)? When was the last time your Compliance Program was audited? Have you called your organization‘s Compliance Hot Line? If someone in your organization is asked “Who is the Compliance Officer?” would they know what to say? Does your Audit/Compliance Committee ask tough questions? Are they engaged? Are you aware of (maintain a listing) all outsourced services and vendors?

9 Page 8 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Key Questions to Ask Are you aware of all of the joint ventures within your organization? Are you copied on all internal audit reports? Does your organization have a Fraud Policy and investigation protocol? Are you involved in exit interviews for all senior executives and other high risk areas? Do you receive a copy of the external audit Management Letter Comments? How comfortable are you that all Conflicts of Interest have been disclosed by Management, Governance, and Physicians?

10 Page 9 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Effectiveness Red Flags The Compliance Work Plan has a lot of “Plan to…” line items Little to no Hotline Activity No history of Compliance Effectiveness Assessments by outside parties No questions are asked by Compliance/Audit Committee members Auditing error percentages consistently high (>5%) Compliance Risk Assessment is conducted in a vacuum The Compliance Officer is not aware of the organization’s risk appetite/tolerance The Compliance Team has not received compliance specific education Action plans are consistently past due Risks identified through risk assessment are not addressed (internally or externally) Compliance is not advised of what may appear to be “routine” thefts or other human resource issues

11 Page 10 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat What is a “Leading Practice?”

12 Page 11 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat High Level Oversight Boards May Use Compliance as a Defense Strategy; Feds Expect More Oversight “Board members are increasingly entering the compliance fray, and five years from now compliance will have the same level of board oversight as the organization’s finances, a former federal prosecutor says. As regulators, prosecutors, stockholders and other stakeholders demand more from boards, they are asking management, including compliance officers, for more evidence that the compliance program is accomplishing its goals instead of merely rubber-stamping reports.” – Report on Medicare Compliance, August 4, 2014

13 Page 12 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat I - High Level Oversight Compliance Officer (“CO”) is not a member of senior management and does not have access to the Board of Directors. This could jeopardize the effectiveness of the Compliance program. CO Reports Directly to the CEO or equivalent (i.e., President) and has unfiltered access to the CEO. Organization must demonstrate that the CO’s reports reach the CEO. Lack of management understanding, involvement, and support of the compliance program – an organizational culture that does not put a priority on compliance. Industry Best Practice – The CEO’s incentive compensation is tied to the effectiveness of the compliance program.

14 Page 13 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat I - High Level Oversight (Con’t) Risk areas within the organization go undetected. Industry best practice - The compliance risk assessment is part of a broader enterprise wide risk assessment that includes input from departments such as internal audit, legal, quality, IT, risk management, etc. to ensure adequate coverage. Industry best practice - The risk assessment includes the potential for fraud.

15 Page 14 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat I - High Level Oversight (Con’t) Governance’s lack of support and knowledge of the Compliance Program. The Audit Committee has at least one member knowledgeable of healthcare compliance. The activities of the Audit Committee are reported to the full Board and the Compliance Officer presents at least an annual report to the Board. CMS Best Practice – Governing Body Resolution supporting the Compliance Program and adherence to compliant, lawful and ethical conduct. CO has executive session with the Board (without the CEO Present) on an annual basis. Assessments include feedback from the Audit Committee Chairperson, CEO and CO regarding the completeness of the compliance reports, the knowledge of committee members, the appropriateness of the committee discussion.

16 Page 15 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat II - Policies and Procedures Lack of policies and procedures that document the framework of the compliance program jeopardizes the effectiveness of the compliance program, and could lessen the ability to demonstrate to regulatory bodies the presence of an effective compliance program. Assess the extent to which policies and procedures are written clearly and include “real-life” examples. If Conflict of Interest disclosure statements are not obtained from each trustee, officer, Board or other committee member and key management and employees, unidentified conflicts of interest could exist that could compromise, or appear to compromise judgment. Review minutes of meetings from the appropriate governance body for the past 12 months to determine whether conflicts of interest were disclosed in accordance with policies and/or procedures.

17 Page 16 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat II - Policies and Procedures (Con’t) Departments that are impacted by regulatory changes are not aware of them which results in denial of claims and potential allegations of false claims. There are documented mechanisms to monitor regulatory updates, including National Coverage Determinations (“NCD”) and Local Coverage Determinations (“LCD”) and communicate them to the associates and medical staff members impacted by them. Associates might leave the organization with knowledge of potential compliance issues and subsequently become a whistle- blower. If exit interviews are completed for any associates, there is at least one question regarding knowledge of potential compliance exposure and a mechanism to inform the CO if any are identified.

18 Page 17 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Open Lines of Communication

19 Page 18 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat III - Open Lines of Communication Compliance issues could be occurring without being reported to management. Volumes of reports received are tracked and compared to prior periods and to industry norms. A leading practice is to have the capability of reporting to the hotline anonymously on- line. Exit interviews are conducted by the CO for high risk/leadership associates.

20 Page 19 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat IV - Training and Education New associates lack understanding of the compliance program and their related rights and responsibilities. CMS Best Practice - Mechanism to measure effectiveness of training. Industry Best Practice – Compliance Quizzes provided to Physicians/Medical Staff. CMS Best Practice - Training is provided in various formats to keep associates engaged (in person, on-line, games, etc.). Industry Best Practice - Connect headlines and case studies to real issues within organization. Industry Best Practice - Demonstrate linkage between organization’s strategies and a strong ethics and compliance program.

21 Page 20 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat IV - Training and Education (Con’t) Medical Staff lacks understanding of the compliance program and their related rights and responsibilities. Compliance education and information specific to regulatory changes that directly impact them is routinely provided to the Medical Staff. Compliance department staff are not kept current regarding compliance risk areas or leading practices for compliance programs. Compliance department staff attend conferences and webinars, subscribe to publications and the OIG’s email list, monitor the OIG’s website and network with peers to stay up-to-date and get ideas. Governance lacks understanding of the compliance program and their related rights and responsibilities. Compliance education and information specific to the entity’s compliance program is provided to the Board members at least once every 24 months and the Board Audit Committee, if applicable, at least annually.

22 Page 21 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat V - Monitoring and Auditing False claims could be submitted if auditing and monitoring by qualified independent auditors does not occur. CMS - The compliance plan must include an independent assessment of the compliance program and be shared with the Board. CMS - The auditing/monitoring element must include “first tier” entities. This includes entities where the organization has outsourced key elements of their processes (i.e. billing, collections, quality, safety).

23 Page 22 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat VI - Response to Deficiencies Responses to deficiencies do not effectively address the deficiencies. Periodic reviews of problem areas were conducted to verify that the corrective actions successfully reduced or eliminated existing deficiencies. Deficiencies are not addressed on a timely basis. Corrective action plans are implemented within agreed- upon timetables.

24 Page 23 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat VII - Consistent Enforcement Inconsistent disciplinary or other actions are taken in response to compliance policies. CMS – Must maintain evidence of disciplinary action for a period of 10 years. Date violation reported Description of violation Date of investigation Summary of findings Disciplinary action taken Date disciplinary action taken CMS – If the HR function is responsible for conducting disciplinary actions there must be a formal process for communicating with the CO on actions taken. CMS - Publish de-identified disciplinary actions taken to demonstrate that the Sponsor acts on violations of the Standards of Conduct.

25 Page 24 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Self-Assessment Resources https://www.cms.gov/Medicare/Compliance-and-Audits/Part-C-and-Part-D-Compliance-and- Audits/Downloads/Compliance-Program-Effectiveness-Self-Assessment-Questionnaire.pdf

26 Page 25 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Self Assessment Resources http://oig.hhs.gov/compliance/compliance- guidance/docs/Health_Care_Directors_Compliance_Duties.pdf

27 Page 26 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Self Assessment Resources Health Care Compliance Association http://www.hcca-info.org

28 Page 27 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Questions?

29 Page 28 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Thank You! Shannon Sumner, CPA Principal ssumner@pyapc.com (865) 673-0844

Download ppt "Page 0 September 3, 2014 Compliance Effectiveness Assessments Prepared for Georgia Hospital Association Compliance Officers Retreat Compliance Effectiveness."

Similar presentations

Organizational Governance

Organizational Governance
Issue Identification, Tracking, Escalation, and Resolution.

Issue Identification, Tracking, Escalation, and Resolution.
©2012 CliftonLarsonAllen LLP 1 111 Educating Governance on the Audit Jackie Eckman, CPA Partner CliftonLarsonAllen LLP

©2012 CliftonLarsonAllen LLP Educating Governance on the Audit Jackie Eckman, CPA Partner CliftonLarsonAllen LLP
Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.

Contractor Code of Business Ethics and Conduct Laura K. Kennedy Senior Vice President, Ethics and Compliance SAIC.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Areti Moularas, Senior Manager

Areti Moularas, Senior Manager
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
EMS Auditing Definitions

EMS Auditing Definitions
IS Audit Function Knowledge

IS Audit Function Knowledge
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
CORPORATE COMPLIANCE OVERVIEW David Meisels OSB Corporate Counsel Roundtable April 26, 2012.

CORPORATE COMPLIANCE OVERVIEW David Meisels OSB Corporate Counsel Roundtable April 26, 2012.
Purpose of the Standards

Purpose of the Standards
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Corporate Ethics Compliance *

Corporate Ethics Compliance *
FPSC Safety, LLC ISO 14001 4.5.4 AUDIT.

FPSC Safety, LLC ISO AUDIT.
ASPEC Internal Auditor Training Version 1.0 2013.

ASPEC Internal Auditor Training Version
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
Quality Representative Training Version 1.0 2014.

Quality Representative Training Version
Compliance and Ethics Program NASVH – CFO Forum July 11, 2012 Presented By: Donna R. Burn Medicare Compliance Louisiana Department of Veterans Affairs.

Compliance and Ethics Program NASVH – CFO Forum July 11, 2012 Presented By: Donna R. Burn Medicare Compliance Louisiana Department of Veterans Affairs.

Similar presentations

Ads by Google