NYS OMIG Bureau of Compliance Identified Compliance Program: Best Practices Element (1)
Written policies and procedures
1.
Publication of code of conduct and/or compliance plan document on the provider’s intranet and/or public Web site.
2.
Language in the compliance plan document outlines the benefits of a corporate compliance program as a way to obtain buy-in from the provider’s constituency.
Element (2)
Designate an employee vested with responsibility
1.
The compliance officer reports directly to the governing board, with dotted line responsibility to a member of senior management.
2.
The chief executive officer receives regular reports from the compliance officer if the compliance officer does not report directly to the CEO.
Element (3)
Training and education
1.
Use of an electronic training and education system that tracks mandatory compliance education of employees via an electronic system which: a. is customized to the organization; b. sends an individualized e-mail to employees to announce upcoming required and elective training; and c. tracks each employee’s required compliance training and educational needs.
2.
Results of online compliance education quiz scores are analyzed and tracked to identify areas of weakness for both the education program and for those being trained. Additional training and education is provided based on this analysis. Results of the online post-test quizzes are utilized to identify risk areas and assess the need for internal monitoring and auditing.
3.
The compliance training and educational materials are tailored to the needs of differing organizational levels as well as the educational backgrounds of all employees.
4.
Issuance of a brochure to consumers, partners, and vendors that highlights the provider’s quality initiatives and commitment to performance and quality improvement. The brochure includes a “CONTACT US” section, which identifies contact names and numbers of the compliance staff.
5.
The compliance manual/code of conduct is distributed annually and upon hire.
Element (4)
Communication lines to the responsible compliance position
1.
The compliance program operates in an environment of transparency throughout the organization and which includes communication lines among the president/director, senior management, and employees.
2.
Human resource department’s exit interviews of employees include specific compliance- related questions that are fed back to the compliance function.
3.
Clients/patients receive information on how to identify Medicaid fraud and how any concerns can be reported to management. They also are given examples of Medicaid fraud, and compliance-related issues.
4.
An electronic information board is used for communication as part of compliance education for staff and patients.
*
5.
7/17/2014 Provider issues laminated cards to all employees to wear with their ID badges. The cards include the compliance officer’s contact information; a list of compliance risk areas; and a summary of the provider’s policies addressing the risk areas items. The cards are printed in five different languages.
Element (5) 1.
Disciplinary policies to encourage good faith participation
Employee performance evaluations incorporate compliance as one indicator of performance, as well as an employee’s adherence to applicable laws, regulations, and policies.
Element (6)
*
A system for routine identification of compliance risk areas
1.
The Compliance Program uses a comprehensive self-assessment tool to plan and develop an annual compliance work plan.
2.
A compliance dashboard centralizes information to track and provide reports on compliance activities.
3.
Internal monitoring and auditing systems are used throughout the agency as evidenced by: a. Teams of cross-trained peer reviewers, who conduct quarterly case record reviews in each program area to ensure that documentation complies with established requirements and to ensure quality of service provided. This review is conducted as part of a quality improvement program. b. Monthly reviews of case records are conducted to ensure compliance with admission criteria and continued treatment, as part of a utilization review process. c. A pre-claim review process is used prior to submission of Medicaid claims to address billing and coding errors and weaknesses.
4.
Identified risk areas are tracked month to month, analyzed, and trended to monitor the identified risk area activity. The data is shared with committee members and the governing board with the goal of improving the number of identified risk areas, processes, and outcomes.
5.
An internal audit of 100 percent of the medical records for accuracy of the individual education plans of school programs where physical therapy/occupational therapy staff provides services is utilized as a compliance risk reduction measure.
6.
Individualized sampling of medical records is conducted to assess the accuracy of ordered services and whether the services were actually rendered.
A Compliance Program assessment is undertaken at least six months prior to the December certification period to identify potential Program gaps and maximize the opportunity meet the annual December certification obligation. Element (7)
A system for responding to compliance issues
1.
Review OMIG’s, OIG’s and CMS’s Web sites for regulatory work plans and alerts associated with specific areas of focus; assess organizational risk in those areas; and develop appropriate action plans to address the risk or weakness.
2.
Establish work plans with milestones for action and staff responsibility assignments to address compliance related issues and Compliance Program gap analysis.
Element (8)
N/A
A policy of non-intimidation and non-retaliation
1.
Exit interviews with employees include an interview with the Compliance Officer who inquires about cases of intimidation or retaliation related to the employee that is leaving employment and related to what the departing employee may have observed while employed.
2.
Compliance Officer reaches out to former employees thirty days after former employee’s termination date to inquire of any possible compliance matters observed during employment.
Opportunities for Enhancement 1
7/17/2014 Element (1)
Written policies and procedures
1.
Develop a compliance plan document and policies and procedures that address the eight elements of NYS Social Services Law §363-d and 18 NYCRR Part 521, as well as the Deficit Reduction Act (DRA). The DRA establishes certain requirements for providers who are paid $5 million or more by Medicaid. Please see OMIG’s home page at www.omig.ny.gov under the Compliance Tab for information on the DRA.
2.
Develop the Code of Conduct to more specifically address the issues surrounding compliance under NYS Social Services Law §363-d and 18 NYCRR Part 521.
3.
Develop written policies and procedures that centralize the process used by the compliance officer when conducting investigations.
4.
Develop definitions for constituencies covered by the Compliance Program (e.g. employees and others) so that it is clear who is subject to the requirements of the Compliance Program, the Code of Conduct/Code of Ethics and the Compliance Plan.
5.
Develop and document a process to address appropriate vendors as being within the scope of the provider’s Compliance Program and address compliance expectations and consequences for vendors and vendors’ employees in the provider’s contract with its vendors.
6.
Develop a more specific list of compliance expectations. This may include a statement that refers to the existence of the compliance program and that the provider will operate at all times under the highest standards for integrity in its dealings with its Medicaid business.
7.
Update all references in Compliance Plan and applicable policies to contact information for compliance function (e.g. changes in telephone numbers, email contact and identity of compliance officer, as may be necessary).
8.
Identify the provider’s approving authority and the adoption and revision dates on written policies and procedures that describe compliance expectations.
9.
Develop, document, and implement a grievance policy that includes references to the Corporate Compliance Plan and Code of Conduct policies and procedures dealing with guidance on how potential compliance problems are investigated and resolved.
10.
Amend the Handbook to include references to the Corporate Compliance Plan and Code of Conduct policies and procedures dealing with guidance on how potential compliance problems are investigated and resolved.
Element (2)
Designate an employee vested with responsibility
1.
Develop a cost center and reasonable budget for compliance to ensure that proper resources are devoted to compliance.
2.
Ensure that the identity and contact information of the compliance officer and compliance function are publicized in appropriate, highly visible locations and settings and is current.
3.
If developing a management compliance committee, include a variety of disciplines on the committee.
4.
Ensure that there is an independent reporting structure for the compliance function to the governing body and senior management.
5.
Limit the compliance officer’s duties that are unrelated to compliance to minimize the opportunity that the compliance officer will be overextended and to maximize the opportunity that adequate resources are given to the compliance function.(10/2011)
6.
Include the compliance officer in quality assurance meetings, as opposed to merely receiving reports/memoranda.
7.
Assess the non-compliance duties and reporting structure(s) of the compliance officer regularly to ensure that conflicts do not exist between compliance and non-compliance duties.
2
8.
7/17/2014 Engage the governing board through training, regular reports from the compliance function, and progress reports on work plan issues. This will improve the compliance culture and ensure a “tone from the top” that supports compliance and becomes evident to management, employees, staff, and contractors.
9.
Ensure that the annual certifying person is a member of senior management who oversees the compliance officer’s function. The certifying person and the compliance officer listed on the certification should be different persons.
10.
Develop progress reports with due dates for assignments and responsible parties for delivery of milestones on the compliance work plan.
11.
Develop the compliance officer’s job description so that compliance functions are specific and match the compliance plan’s references to the compliance officer’s duties.
12.
Make the compliance officer’s reporting structure to the governing board clear so that the compliance officer reports to the governing board on more than just specific instances of non-compliance and formalize the “periodic” reporting to the governing board in the compliance plan and other compliance related documents.
13.
Clearly define the compliance program-related responsibilities of both the Medicaid compliance officer and other staff involved with the compliance function. (1/2013)
14.
Offer additional compliance training to the compliance officer as a way of changing the perception that the compliance officer is a clerical position. The compliance officer should be able to make decisions about compliance issues whether they are reported or discovered as a result of risk assessment.
15.
Redefine the organization chart to reflect a reporting relationship by the Compliance Officer to the governing board, board committee or governing board member who sits on the compliance committee.
16.
The organization chart, Compliance Plan, compliance related policies and procedures and compliance officer’s job description should be consistent in the reporting relationships and the duties and responsibilities.
17.
For compliance programs where there are multiple compliance personnel, develop and document the responsibilities at each compliance position and the reporting structures to ensure that compliance issues are reported within the compliance function for appropriate action.
18.
Develop policies and procedures that ensure periodic reporting by the compliance officer to the governing board.
Element (3)
Training and education
1.
Establish employee pre-training benchmarks and compare with post-training to identify an individual’s future educational opportunities.
2.
Provide training materials that refer to both the New York State required compliance elements and the federal Deficit Reduction Act of 2005’s compliance elements, where applicable.
3.
Include definitions of fraud, waste, and abuse for individuals completing compliance training to identify suspicious and noncompliant behavior. This highlights differences for employees and makes identification of fraud, waste, and abuse more likely.
4.
Establish an oversight and tracking system for education so that all constituencies required to undergo training are tracked for meeting the training obligation, as well as measurement of training testing.
5.
Be sensitive to language used in compliance education materials and hotline notices. For example, “We hope that you never have to call the fraud and abuse hotline …” gives the impression that management does not want constituents to use the hotline.
3
7/17/2014 6.
Implement training for employees, persons associated with the provider, executives, members of the governing body, contracted staff, and non-employed medical staff that outline the expected roles that each constituency is expected to play in the compliance function.
7.
Consider utilizing the compliance officer to conduct compliance education and training. This assists constituencies identify the compliance officer.
8.
Develop a training syllabus for compliance.
9.
Maintain a distinction between compliance training and quality training. They should be related and connected, but do not sacrifice one for the other.
10.
Include compliance training with education on disciplinary policies specifically addressing consequences for participating in noncompliant behavior; or encouraging, directing, facilitating, or actively or passively permitting noncompliant behavior, while emphasizing non-intimidation and non-retaliation for good faith participation in the compliance program.
11.
Include information regarding non-intimidation and non-retaliation in training and education program materials.
12.
Include the chief executive officer/administrator as a compliance speaker in the training so that he/she is well-versed in how the compliance program works. This provides a visible support for the compliance officer and the program. This can demonstrate a strong “tone from the top” support for compliance.
13.
Add language in the provider’s policies and procedures to reflect that training is given at the time of orientation for new relevant employees, appointees and associates, as well as other constituencies.
14.
Expand the training program to include more than just the billing and payment issues and document those changes in the compliance plan.
15.
Revise the Compliance Plan or appropriate policies and procedures to define who “affected persons” are in relation to training and education requirements.
16.
Amend the Corporate Compliance Plan to include how often the training is required for all the groups required to receive compliance training (annual is recommended).
17.
Align the training requirements in the Corporate Compliance Program/Plan with actual practice.
18.
After compliance training, implement a testing tool that measures the effectiveness of the training and trainer to improve the content and presentation method on the compliance program.
Element (4)
*
Communication lines to the responsible compliance position
1.
Ensure that the compliance function is supported in the organizational structure: a. Organizational chart includes appropriate reporting structure between the compliance function, the governing board, and senior management. b. Consider that various organizational constituencies interact with the provider in different ways and that not every communication method is effective for all constituencies. This includes ensuring that appropriate anonymous methods are readily available. c. include compliance as a standing agenda item for governing board meetings or appropriate board committee meetings. This can include attendance by the compliance officer to explain current compliance issues and/or a report from the compliance officer.
2.
Use of drop boxes to enhance access for anonymous reporters.
3.
Include compliance function contact information in patient registration materials.
4
4.
7/17/2014 Expand the publication of the compliance officer’s contact information. This could include using a photograph of the compliance officer to assist in identification, publicizing the lines of communication in provider publications, and providing examples of the types of issues to be reported to the compliance function.
5.
Publicize and include in the compliance education materials, all of the compliance officer’s contact information (i.e. address, telephone number, e-mail and other methods of contact, if any).
6.
Revise language used to report compliance matters so that it is positive in approach rather than negative.
7.
Include the governing board in the list of individuals entitled to anonymity.
8.
Implement a back-up plan to allow for compliance issues to be communicated when the compliance officer is not available.
9.
Clarify language regarding “confidential and anonymous” reporting of potential compliance issues.
10.
Add language in provider’s policies and procedures to itemize all of the methods for reporting compliance issues.
11.
Dedicate a specific telephone number as a hotline for compliance issues, rather than using an all-issues hotline.
12.
Improve access to contact information by hanging posters; making the information more obvious on both the provider’s web site and the intranet; publicize the hot line more prominently; and expand access to contact information to public areas, break rooms and administrative offices.
13.
Emphasize in the training, that reports of potential compliance issues go directly to the compliance officer.
14.
Use a compliance-dedicated and secure method for use in confidential and anonymous communication to the compliance function.
15.
Utilize the provider’s internet website to publish compliance expectations and reporting information. (8/2013).
16.
For the voice mail announcement on a phone line used for reporting compliance issues, confirm that the telephone number called is a compliance function number, as well as the number for the Compliance Officer.
17.
Include various communication methods on the provider’s front page of their internet site to maximize compliance program visibility.
18.
To encourage reporting, confirm in the Compliance Plan and supporting policies and procedures that the compliance function respects request for confidentiality and anonymity in any good faith reporting of potential compliance issues.
19.
Publicize how to anonymously report compliance issues.
20.
Include specific language in the Compliance Plan and applicable policies and procedures that supervisors or senior staff must report to the compliance function all compliance-related issues they receive and that they will respect requests for confidentiality or anonymity.
21.
Implement a system to periodically test the functionality and operation of all identified lines of communication to the compliance function.
22.
If a compliance drop box is used as communication method, it should be controlled by the compliance function with the ability to ensure that there is a process to check that all insertions are seen by the compliance officer and not screened by a non-compliance functionary.
Element (5)
Disciplinary policies to encourage good faith participation
1.
Ensure the existence of disciplinary policies that support and encourage good faith reporting and participation in the compliance program and that these are included in the employee handbook or other appropriate publication.
2.
Ensure that policies reflect appropriate disciplinary consequences (potentially up to and including dismissal) for participating in noncompliant behavior, or encouraging directing, facilitating, or actively or passively permitting noncompliant behavior. 5
7/17/2014 3.
Implement disciplinary policies that articulate expectations for assisting in the resolution of compliance issues for affected individuals.
4.
Include in the Compliance Plan specific language addressing disciplinary policies that support good faith participation in the compliance program.
5.
Ensure consistent representations in the Compliance Plan and the policies and procedures that address the specific disciplinary requirements for Element #5.
6.
Include in disciplinary policies and procedures language that administration, staff, governing body members, and all affected individuals have an obligation to report compliance failures.
Element (6)
A system for routine identification of compliance risk areas
1.
Utilize OMIG’s web-site for self-disclosure reporting process, checking the posted exclusion list, and other compliance tools.
2.
Ensure that policies and procedures are in place to address appropriate action against excluded parties, including checks with vendors to ensure that excluded parties are not involved in Medicaid services through the vendor.
3.
Use certified CPT coder(s) to enhance the effectiveness of billing compliance.
4.
Conduct compliance exit interviews for departing employees, staff, management, governing board members and contractors to assist in identification of risk areas.
5.
Include the compliance officer in quality assurance, risk management and utilization management committee meetings, as appropriate.
6.
Prepare an annual compliance work plan that identifies risk areas based upon self-identified weak areas, regulatory advisories, regulatory actions, and outside assessments, among others.
7.
Assess the effectiveness of the provider’s compliance program annually using a self-assessment tool as part of the process that is used to meet the annual certification requirement for the provider’s compliance program.
8.
Develop a process to test the provider’s employees, contractors, grantees and other organizations providing services or billings through the provider for potential violation of the federal False Claims Act or New York’s Fraud Enforcement and Recovery Act.
9.
Develop a system to analyze, trend, and evaluate Medicaid claim denials with the goal of preventing and addressing potential billing errors and inaccurate claim submission.
10.
Incorporate routine documentation checks by someone outside of the compliance function for the compliance officer’s non-compliance program related data entry when the compliance officer has duties other than compliance.
11.
Consider adding specific information to provider’s compliance program outlining how to identify risk areas.
12.
Review 18 NYCRR §504.9 and OMIG’s Webinar #6 to understand the requirements for a service bureau. Consider adding questions addressed in Webinar #6 to provider’s risk assessment when evaluating its biller.
13.
Establish a list of the risk areas as part of the compliance program. This will focus efforts on the areas where weaknesses in the compliance program are most likely to exist and it will assist in the application of resources.
14.
Add language to the compliance program that specifically addresses the evaluation of risk areas as identified in provider’s self-assessments.
15.
Document provider’s self-evaluation efforts to include all compliance risk areas specified under 18 NYCRR 521.3(a).
16.
Check the appropriate exclusions lists at intervals recommended by OMIG and OIG/CMS, 6
7/17/2014 17.
Use a self-evaluation tool on an annual basis such as the Compliance Program Assessment Form available on the OMIG web site that includes the requirements of NYS Social Services Law section 363-d and the seven areas that compliance programs should apply to that are set out in 18 NYCRR section 521.3(a).
18.
Check the list of excluded and debarred individuals on a monthly basis.
Element (7)
A system for responding to compliance issues
1.
Create a policy and procedure to address the Patient Protection and Affordable Care Act’s (ACA) overpayment recovery obligations, specifically addressing the report, repay and explain obligations when provider receives an overpayment.
2.
Establish timelines and milestones for deliverables in the compliance plan, with progress monitored and reported to senior management and the governing board.
3.
Consider expanding the system for exclusions checks of employees and leased employees. This should include performing the search more frequently than annually (i.e., monthly) and also checking medical staff or others who may order services.
4.
Consider giving the compliance officer access to external audit reports.
5.
Consider expanding the reporting obligation to specifically include both the New York State Department of Health and the New York State Office of the Medicaid Inspector General.
6.
Document the procedures used to respond to compliance areas and to correct compliance issues as necessary to reduce the potential for recurrence.
7.
Document clearly in the Medicaid compliance program the specific steps taken to refund overpayments.
8.
Consider adding language to the compliance program that specifically addresses the evaluation of risk areas and that commits the provider to promptly and thoroughly implement resolutions which will also prevent the recurrence of risk areas as identified in self-assessments.
9.
Incorporate a formalized log of compliance-related issues into the system that identifies and responds to compliance issues so there is a summary reference of issues raised and the compliance function can track the progression of resolution.
10.
For a large, multiple location provider, include in the system a clear process for how local, regional, or enterprise compliance issues will be addressed (for example, all local and regional compliance issues will be responded to at the enterprise level, or compliance issues will be responded to at the location where they occur).
11.
The system to respond to compliance issues should operate regardless of how the compliance issues are identified.
Element (8)
A policy of non-intimidation and non-retaliation
1.
Include in all compliance literature language setting out non-intimidation and non-retaliation expectations.
2.
Include in the Compliance Plan, applicable policies and procedures, and training materials references to reporting cases of intimidation and retaliation to officials as provided in New York State Labor Law Sections 740 and 741.
3.
For multi-state providers, ensure that the appropriate references are made to New York law, for New York operations, rather than the law of the state where it has other operations.
7
7/17/2014
Insufficiencies Element (1)
Written policies and procedures
1.
No compliance program, code of conduct, policies, or procedures on compliance exist.
2.
No policy and/or procedure describing how potential compliance issues are investigated and resolved exists.
3.
No guidance is provided to “employees and others” associated with the provider on how to identify and communicate issues to the compliance function.
4.
The compliance program has not been implemented within the provider.
5.
There are no written policies and procedures that provide guidance to non-employees associated with the Medicaid provider on dealing with potential compliance issues, as well as how to identify and communicate compliance issues to compliance personnel.
6.
Policies were not documented that articulate expectations for assisting in the resolution of compliance issues.
7.
A policy of non-intimidation for good faith participation in the compliance program was not evidenced in a written policy and procedure.
8.
Provider does not have written policies and procedures that adequately describe compliance expectations, specifically expectations for routine identification of compliance risk areas specific to its provider type.
9.
The Compliance Program is not operational. (12/2013)
Element (2) 1. a. b. c. d.
2.
Designate an employee vested with responsibility
Compliance Officer Reporting Organization chart indicates a reporting structure to the CEO or other senior administrator, but the actual reporting relationship is to the CFO or other position where a conflict of interest could reasonably be expected to exist. Compliance Officer does not have a periodic report directly to the governing board. There are no documented lines of communication between the compliance function and the non-corporate owner of the provider. Compliance Officer’s reporting structure has the potential to create a conflict of interest for the Compliance Officer. For example, 18 NYCRR §521.3(a) requires the compliance program to be applicable to billing and payments functions, among others. If the Compliance Officer reports to the person who is responsible for the billing and payment function (like the CFO), a conflict of interest relative to the objective operation of the compliance program over those functions will be brought into question. Compliance Officer’s noncompliance functions conflict with pursuit of compliance duties. For example, the Compliance Officer should not also serve as the Chief Financial Officer or administrator over the billing function.
3.
Compliance officer’s job description does not describe any compliance-related duties or functions.
4.
The Compliance Officer has not been trained in compliance and no training resources are available to the Compliance officer.
5.
The Compliance Officer does not have an understanding of the compliance obligations established in the Social Services Law and the accompanying regulations.
6.
The Compliance Officer does not regularly interact with others providing assistance in the compliance function.
7.
The compliance office fails to carry out compliance responsibilities as set out in the Compliance Plan and manuals. 8
7/17/2014 8.
Although the Compliance Plan requires a staff compliance committee, there is no evidence of its existence.
9.
The designated employee’s compliance duties are combined with other duties and the compliance responsibilities are not satisfactorily carried out.
10.
An employee has not been vested with responsibility for the day-to-day operation of the compliance program.
Element (3)
Training and education
1.
Compliance training does not include the governing board, senior management, staff, or other essential parties.
2.
Compliance training does not include “persons associated with the provider.”
3.
Despite the identification in the Compliance Plan that compliance training is performed, no evidence exists that compliance training has ever occurred.
4.
New appointee or associate orientation does not include compliance training.
5.
Compliance training does not describe how the compliance program operates, other than setting out a reporting obligation and the ways to contact the compliance function.
6.
There is no compliance-related training performed.
7.
Compliance training is not part of the orientation for governing body members, executives or new employees.
8.
Training and education are not provided to all governing body members on compliance issues, expectations and the compliance program operation. (9/2013).
9.
There is no training and education provided to all executives on compliance issues, expectations and the compliance program operation.
10.
The compliance training does not occur periodically.
Element (4)
Communication lines to the responsible compliance position
1.
No anonymous method of communication to the compliance function exists.
2.
Little or no meaningful communication between the compliance function and the governing board and/or senior management exists on compliance-related issues.
3.
No dedicated hot line or other communication method that is exclusively monitored by the Compliance Officer or compliance function exists. The hotline phone is accessible to be answered by staff other than the Compliance Officer and designated backup.
4.
Use of a general complaint line that is monitored by the human resources function or noncompliance function does not constitute an anonymous compliance reporting method.
5.
There is no clear direction that confidential disclosures to the compliance function can occur and there are no confidential lines of communication available.
9
7/17/2014 6.
There are no communication methods available to employees or others associated with the provider to communicate to the compliance function.
7.
There are no lines of communication to the designated employee that are accessible to all members of the governing body to allow compliance issues to be reported.
8.
The Compliance Plan and the applicable policies and procedures do not identify accessible lines of communication for members of the governing body to report compliance issues to the Compliance Officer.
Element (5)
Disciplinary policies to encourage good faith participation
1.
No disciplinary policies to encourage good faith participation in the compliance program exist.
2.
Disciplinary policies exist to encourage good faith participation in the compliance program, but those policies are not enforced.
3.
Disciplinary policies are not applied equally. For example, firing or suspending a line staff employee for violation(s) of the code of conduct, but not applying the same sanction to a senior management person for the same or similar violation does not result in equal application of the disciplinary policies.
4.
Disciplinary policies do not encourage good faith participation in the compliance program.
5.
Disciplinary policies address employees, but do not address all other constituencies covered by the compliance program, including the governing body.
6.
Disciplinary policies do not set out expectations for assisting in resolution of compliance-related issues.
7.
Disciplinary policies do not address sanctions for failing to report suspected problems; participating in non-compliant behavior; or encouraging, directing, facilitation or permitted non-compliant behavior.
8.
There are no policies in effect that articulate expectations for assisting in the resolution of compliance issues for all affected individuals.
Element (6)
A system for routine identification of compliance risk areas
1.
No system is in place to routinely identify compliance risk areas specific to the provider’s service type.
2.
No system is in place to routinely conduct self-evaluations and audits specific to its provider type.
3.
There was no system for evaluation of potential or actual non-compliance as a result of self-evaluations and identified by external or internal audits.
4.
There is no evidence of a connection between the compliance function and the results of relevant external audits.
5.
For a large enterprise, there is no system in place at the regional level for routine identification of compliance risk areas specific to the provider’s service type(s).
Element (7) 1.
A system for responding to compliance issues
Failure to respond to matters identified to the provider by OMIG or other NYS or federal regulatory bodies as program deficiencies and/or weaknesses.
10
2.
7/17/2014 There is no evidence that compliance related complaints, hotline calls, drop boxes, e-mails, or in-person disclosures to the compliance function are addressed.
3.
Failure to have a system to respond to compliance issues as they are raised.
4.
Failure to have an operating system that addresses compliance issues promptly and thoroughly and reduces the potential for recurrence of the issue.
5.
Failure to have a system for identifying and reporting compliance issues to NYS Department of Health or OMIG.
6.
Failure to have a system for investigating potential compliance issues.
7.
Failure to have a system to respond to compliance issues identified in the course of self-evaluations and audits.
8.
No system or methodology exists to periodically prioritize compliance oversight of activities that are either most serious or most likely to occur.
9.
In practice there is no system in place for implementing procedures, policies, and systems as necessary to reduce the potential for recurrence.
10.
There is no system in place for refunding Medicaid overpayments.
11.
For a large enterprise, there is no system in place at the regional or corporate levels to investigate potential compliance problems.
12.
The system identified does not provide for prompt correction of compliance problems.
Element (8)
A policy of non-intimidation and non-retaliation
1.
Failure to have a system or process to address allegations of intimidation or retaliation and to fully investigate the allegations.
2.
Failure of the Compliance Plan to adequately address claims of intimidation and the reporting that is required under NYS Labor Law Sections 740 and 741.
3.
A policy was not evidenced for non-intimidation for good faith participation in the compliance program, including but not limited to reporting potential issues, investigating issues, self-evaluations, audits and remedial actions, and reporting to appropriate officials as provided in Sections 740 and 741 of the New York State Labor Law.
11
7/17/2014
Enhancements that are in progress: *Best Practice: Element (3) 2.
Element (5) 1.
Training and education
Results of online compliance education quiz scores are analyzed and tracked to identify areas of weakness for both the education program and for those being trained. Additional training and education is provided based on this analysis. Results of the online post-test quizzes are utilized to identify risk areas and assess the need for internal monitoring and auditing. Disciplinary policies to encourage good faith participation
Employee performance evaluations incorporate compliance as one indicator of performance, as well as an employee’s adherence to applicable laws, regulations, and policies.
* Opportunities for Enhancements: Element (3) 18.
Training and education
After compliance training, implement a testing tool that measures the effectiveness of the training and trainer to improve the content and presentation method on the compliance program.
12
