Corporate Compliance Programs in Home Healthcare
The government is escalating investigations through Recovery Audit Contractors (RACs), Medicare Recovery Contractors (MACs), Medicaid Integrity Contractors (MICs), Zone Program Integrity Contractors (Z-PICs), and now, the Health Care Fraud Prevention and Enforcement Action Team (HEAT). Home Health agencies are at a critical crossroads. It is essential that agencies take control, review processes, and proactively identify and address vulnerable areas.
The MACs will be looking at current claims filed. The RACs will take a retrospective look at claims back to October 1, 2007.
The RAC auditors have been authorized to recover “improper payments” of preapproved areas of risk. In the demonstration project, high areas of risk include incorrectly coded records, therapy appropriateness, and medically unnecessary services. The RACs use public information from the Office of Inspector General (OIG) and the General Accounting Office (GAO) to focus on improper payment audits.
RACs have recovered over 96% of all audited claims resulting in take-backs of 1.3 billion dollars. Is it any wonder that the home health industry is concerned about their new focus?
RACs are contingency based so, they are motivated to seek out variances. They can audit 1% of the average monthly Medicare episodes of care (maximum 200) every 45 days per NPI. They will soon be heaviliy involved with home health.
The HSS and the U.S. Department of Justice will team up to create the new Health Care Fraud Prevention and Enforcement Action Team (HEAT) to investigate and work to eliminate fraud in healthcare. They will use technology as a key tool for their mission. Their initial focus will be directed toward Durable Medical Equipment, as well as services paid for by Medicare Part C (Medicare Advantage) and Part D (Prescription Drug Programs)
To have assurance that one could withstand a RAC/MAC/MIC etc audit, agencies should be reviewing samples of past claims, scrutinizing present processes, educating personnel, and updating the Corporate Compliance Plan. The OIG believes that effective compliance programs should include the following components, which are based on the seven steps of the Federal Sentencing Guidelines.
Components of a Compliance Plan:
- Compliance Policies and Procedures to include Written Standards of conduct
- Designation of a Compliance Officer and Compliance Committee
- Ongoing Education and Training
- Effective Lines of Communication; Process for Reporting Concerns, such as a Hotline
- Enforcement of Standards
- Development of an Auditing and Monitoring System
- Corrective Action Process for Correcting Compliance Problems
The Corporate Compliance Plan should represent the enterprise-wide initiative designed to detect and prevent problems of noncompliance and include:
- An Introduction and Purpose Complete with Expectations
- Directives
- Key Personnel
- Standards
- Reporting
- Confidentiality
- Response and Corrective Action
- Enforcement and Discipline
- Standardized Conduct
- Standards for Business Conduct
- Code of Conduct
- Code of Ethics
- Employee Open Communication
- Agreement with the National Hotline Service
- Tracking all Calls including Interventions
Effective programs have strong internal controls to promote adherence to applicable federal and state laws. They will also include internal auditing components of agency processes, services, and products with feedback mechanisms. There is a well defined agency code of conduct with a compliant culture and frequent employee training. An infrastructure includes a Corporate Compliance Officer who, in addition to other duties, will monitor industry areas audit focus. The agency can then explore their vulnerabilities.
The OIG Top Medicare PPS Compliance Issues include:
- Reporting additional visits not made in order to exceed LUPA and therapy thresholds
- Providing additional visits to avoid LUPA and therapy thresholds
- Upcoding and downcoding on the OASIS
- Duplicate bills and timeliness
- Returning credit balances promptly
- Routine waivers of copays
- Billing for services without physician orders
The RAC Demonstration Project issues include:
- Incorrectly coded patient records 35%
- Lack of medical necessity found in the patient records 40%
- Insufficient documentation in the patient record 10%
Besides the above areas that might bring about adverse financial impact and raise questions regarding potential fraud and violations of the False Claims Act (False Claims Act 31 U.S.C. 3730), Home Health Corporate Compliance Officers must also be aware of HIPAA compliance, Patient Freedom of Choice 1802, Conditions of Participation (CoP) and licensure violations as well as monitoring referrals to prevent referral kickback violations (Stark II, Phase III, SSA 1877) and Civil Monetary Penalties, SSA 1128(a)(5).
Home health agency compliance officers should expect to remain on the frontline of risk assessment and enforcement of health care regulations. The RACs, MICs, MACs, Z-PICs, and HEAT are only just beginning.
A positive by-product of an organization that effectively implements a Corporate Compliance Plan is the emergence of a renewed vision of the future. In this age of government audits, a forward thinking organization will create or update their program for all of the right reasons. However, corporations will soon realize that they can leverage their compliance programs as public relations tools, which not only affirms their role as solid community citizens, but, also as business associates who share commitment to integrity and ethics.