Plan for Compliance

Plan for Compliance

When the OIG enacts ACA provisions, will you be ready?

The Patient Protection and Affordable Care Act (ACA), section 6401, requires the U.S. Department of Health & Human Services (HHS) to establish core healthcare compliance elements. When these core elements are implemented, medical providers will be required to establish a compliance program that contains the core elements as a condition of enrollment in Medicare, Medicaid, and Children Health Insurance Program (CHIP).

Although an implementation date has not yet been set for this particular provision, it’s not too early for practices to prepare. Already, many providers who participate in Medicare Part C programs must annually attest to having compliance policies, procedures, and employee training in place to various Medicare Advantage plans.

Certified Professional Compliance Officer - CPCO

On April 20, the Office of Inspector General (OIG) in collaboration with the American Health Lawyers Association, the Association of Healthcare Internal Auditors, and the Health Care Compliance Association announced an education outreach program, in regards to communication with healthcare boards. The program’s aim is to assist healthcare organizations establish compliance plan oversight and communication.

Start with Core Elements of Compliance

The “OIG Compliance Program for Individual and Small Group Physician Practices,” published in the October 5, 2000 Federal Register, is an excellent guide for practices looking to develop a compliance plan. The seven, basic elements of healthcare compliance defined by OIG include:

  • Conducting internal monitoring and auditing
  • Implementing compliance and practice standards
  • Designating a compliance officer or contact
  • Conducting appropriate training and education
  • Responding appropriately to detected offenses and developing corrective action
  • Developing open lines of communication
  • Enforcing disciplinary standards through well-publicized guidelines

Include Specific ACA Requirements

The ACA discusses specific requirements for practices to consider when designing a compliance program. For example:

The ACA will require policies and procedures for conducting assessments of compliance/fraud, waste, and abuse risk areas. The efforts must be ongoing to identify and minimize potential risks.

Compliance is regulatory guidance to which employees can turn if there are questions and concerns about coding, billing, reimbursement, HIPAA, ethical or code of conduct questions, etc.

Training employees about compliance and providing them with compliance policies, procedures, and standards of conduct should be done within 90 days of hire, and at least annually, thereafter. Training and education doesn’t have to be burdensome. Consider using games and other incentives to help employees learn more about compliance.

The ACA will expect healthcare providers/organizations to have a standard of conduct, so employees can report violations of laws to CMS/Medicare Coverage Database/CHIP.

A code of conduct protects your healthcare organization and informs employees of expectations. To create an ethical culture, discuss with employees expectations of honesty and integrity in the workplace, and set an example by following the recommendations of compliance professionals.

The ACA suggests involving leaders in the plan (senior management, board members, etc.). Compliance professionals need to be able to have access to senior leaders to present sensitive information that needs to be acted on in a timely manner.

Ensure your compliance professional is well supported. Many respondents to the Health Care Compliance Association’s November 2014 Survey stated that they thought management saw compliance as a hindrance. In the January 2012 issue of Compliance Week, 60 percent of compliance professionals surveyed stated, “they have considered quitting their jobs in the past 12 months due to work-related stress.” This is unfortunate and unnecessary.

Today’s compliance professional wears many hats. Make sure the person in your organization who wears the compliance hat is knowledgeable and approachable. Don’t place a person in the compliance chair who does not understand the basic components of compliance. Compliance professionals should also be familiar with risk management, credentialing, and licensure issues.

The ACA says that you must be able to demonstrate “through written materials,” a strong ethical culture and commitment to compliance with all applicable laws, regulations, and requirements.

It’s important to set the tone for your compliance program. Compliance means following rules, but it does not need to be unpleasant. Good soft skills and quality communication will yield better results than threats. Look at the culture of your organization, plan to add and organize what it’s lacking, and decide how you can use your skills to make your organization compliant.

The ACA will require Medicare/Medicaid overpayments to be repaid within 60 days, accompanied with an explanation of why/how the overpayment occurred (even if the overpayment was received by accident). Individual states might have stronger rules regarding Medicaid dollars. Pay close attention to new False Claim Act cases in progress to learn more about the 60-day rule (for example, New York qui tam suit, Kane v. Continuum Health Partners who allegedly failed to take necessary steps to identify over 900 overpayments).

Have a Plan for when Violations Occur

Your compliance plan should include steps to take when a violation occurs. Does your organization have legal counsel, and do your compliance personnel have access to these legal sources? Consider giving your compliance staff a budget for legal counsel advice.

Designing a compliance plan does not need to be costly. Know where to find free resources. Sit down today with these tools and design your compliance plan. Make sure it’s readable and manageable. Never write something that you do not plan to follow.


Jacqueline Nash Bloink, MBA, RHIA, CHC, CPC-I, CPC, CMRS, has worked in the healthcare industry for 20 years in professional roles such as director of compliance, corporate responsibility auditor, coding manager, practice administrator, and health information management educator.


Leave a Reply

Your email address will not be published. Required fields are marked *