Part by part
breakout of what must be covered by the compliance plan.
This is from the
HHS OIG at
http://oig.hhs.gov/fraud/docs/complianceguidance/thirdparty.pdf. This is
an excellent guide on what a compliance plan is and what is expected. If you
simple replace Billing companies with school district you have an excellent
guide and template to follow. This guide include the following over view of
the required elements.
Elements for an Effective Compliance Program
experience, the OIG has identified 7 fundamental elements to an effective
compliance program. They are:
written policies, procedures and standards of conduct;
• Designating a
compliance officer and compliance committee;
effective training and education;
effective lines of communication;
standards through well-publicized disciplinary guidelines;
internal monitoring and auditing; and
promptly to detected offenses and developing corrective action
The guide go into
the following detail on the elements and what they should include;
At a minimum,
comprehensive compliance programs should include the following seven elements:
development and distribution of written standards of conduct, as well as
written policies and procedures that promote the billing company’s commitment
to compliance (e.g., by including adherence to the compliance program as an
element in evaluating managers and employees) and that address specific areas
of potential fraud, such as the claims submission process, code gaming and
financial relationships with its providers;
(2) The designation of a chief compliance officer and other appropriate
bodies, e.g., a corporate compliance committee, charged with the
responsibility of operating and monitoring the compliance program and who
report directly to the CEO and the governing body;
(3) The development and implementation of regular, effective education and
training programs for all affected employees;
(4) The creation and maintenance of a process, such as a hotline, to receive
complaints and the adoption of procedures to protect the anonymity of
complainants and to protect callers from retaliation;
development of a system to respond to allegations of improper/ illegal
activities and the enforcement of appropriate disciplinary action against
employees who have violated internal compliance policies, applicable statutes,
regulations or Federal, State or private payor health care program
(6) The use of audits and/or other risk evaluation techniques to monitor
compliance and assist in the reduction of identified problem areas;18 and
(7) The investigation and correction of identified systemic problems and the
development of policies addressing the non-employment of sanctioned
State Reg - 521.3
Compliance Program Required Provider Duties. (Excludes first part of
Every required provider shall adopt and implement an effective
compliance program. The compliance program may be a component of more
comprehensive compliance activities by the required provider so long as the
requirements of this Part are met. Required providers’ compliance programs
shall be applicable to:
(3) medical necessity and quality of
(5) mandatory reporting;
(6) credentialing; and
(7) other risk areas that are or
should with due diligence be identified by the provider.
Comment: Plan must cover every
facet of what leads to and supports the right to a Medicaid payment.
(b) Upon applying for enrollment in the medical
assistance program, and during the month of December each year thereafter, a
required provider shall certify to the department, using a form provided by
the Office of the Medicaid Inspector General on its website, that a
compliance program meeting the requirements of this Part is in place. The
Office of the Medicaid Inspector General will make available on its website
compliance program guidelines for certain types of required providers.
(c) A required provider’s compliance program
shall include the following elements:
(1) written policies and procedures that
describe compliance expectations as embodied in a code of conduct or code of
ethics, implement the operation of the compliance program, provide guidance
to employees and others on dealing with potential compliance issues,
identify how to communicate compliance issues to appropriate compliance
personnel and describe how potential compliance problems are investigated
This is a very important
part. All employees must be made aware of the school district policy
concerning compliance with the Medicaid requirements. Here is what we have
in our plan as the policy statement. The Board must adopt a board policy.
Policy: Each employee, contractor, or vendor involved with
providing or obtaining reimbursement for medical services, supplies, or
equipment from or on behalf of our clients is responsible for submitting
honest and accurate bills to Medicaid, Medicare, and other Federal and
state health care programs. In addition to complying with Kinney's
Standards of Conduct, all employees, contractors, and vendors are expected
to comply with Federal and state laws and administrative remedies designed
to prevent fraud, abuse, and waste in Federal and state health care
(2) designate an employee vested with
responsibility for the day-to-day operation of the compliance program; such
employee's duties may solely relate to compliance or may be combined with
other duties so long as compliance responsibilities are satisfactorily
carried out; such employee shall report directly to the entity's chief
executive or other senior administrator designated by the chief executive
and shall periodically report directly to the governing body on the
activities of the compliance program;
In the education setting the
person designated to be the compliance officer must report directly to the
superintendent or their designee and periodically to the
board on the ongoing compliance activities. Those reports obviously
include any allegations being investigated as well as activities to ensure
ongoing compliance with the Medicaid program requirements. It should cover
things like training of new employees on their responsibility, periodic
training of existing employees, changes in program requirements, etc.
(3) training and education of all affected
employees and persons associated with the provider, including executives and
governing body members, on compliance issues, expectations and the
compliance program operation; such training shall occur periodically and
shall be made a part of the orientation for a new employee, appointee or
associate, executive and governing body member;
The training must cover all
involved. It must include who the compliance officer is, how to reach them
with concerns, and the assured protection of folks reporting possible
wrong doing. The initial training on the states and protection of whistle
blower will be covered in the state training.
(4) communication lines to the responsible
compliance position, as described in paragraph (2) of this subdivision, that
are accessible to all employees, persons associated with the provider,
executives and governing body members, to allow compliance issues to be
reported; such communication lines shall include a method for anonymous and
confidential good faith reporting of potential compliance issues as they are
This is very clear. The
reporting mechanisms must be available to all and must allow for the
reporting individual to remain anonymous if they so choose. Here is what
1. Anyone who becomes aware
of or in good faith suspects wrongdoing by another employee, a board
member, a client, a vendor, a contractor, or any other person should
report it to their supervisor as well as Joe (Compliance Officer or
Diane Kinney or Sandra Steinhardt.
2. The individual making
the report may do so by reporting the concern in writing or by using any
anonymous method such as leaving a note on one of the above person desk,
etc. Anyone making an anonymous report must realize that the Compliance
Officer will not be able to ask additional questions of the person
reporting nor advise the person of the outcome.
I really think
school district should band together and setup an 800 number for employees
to use to report alleged wrong doing. It isn't expensive a very simple to
do. That way each district won't have to worry about how to cover the
(5) disciplinary policies to encourage good
faith participation in the compliance program by all affected individuals,
including policies that articulate expectations for reporting compliance
issues and assist in their resolution and outline sanctions for:
(i) failing to report suspected
(ii) participating in non-compliant
(iii) encouraging, directing,
facilitating or permitting either actively or passively non-compliant
behavior; such disciplinary policies shall be fairly and firmly enforced;
This will probably require a
new board policy specific to Medicaid compliance. Here is what ours says:
- Organizational Response.
- In the event the investigation identifies
employee misconduct or suspected criminal activity, Kinney will
undertake the following steps.
- As quickly as possible, cease the offending
- If the conduct involves the improper
submission of claims for payment, we will immediately cease all billing
potentially affected by the offending practice and or client.
- Consult with legal counsel, if necessary, to
determine whether voluntary reporting of the identified misconduct to
the appropriate governmental authority is warranted.
- If applicable, calculate and process
adjustments for any improper payments made by a Federal or State
government program as a result of the misconduct.
- Initiate appropriate disciplinary action,
which may include, but is not limited to, reprimand, demotion,
suspension and/or termination. If the offense involves the action of an
employee of a client we will immediately report the instance to the
appropriate executive at the client.
- If the investigation uncovers what appears to
be criminal conduct on the part of an employee or client, appropriate
disciplinary action against the employee or employees who authorized,
engaged in or otherwise participated in the offending practice will
include, at a minimum, the removal of the person from any position of
oversight and may include, in addition, suspension, demotion, and
termination. In the case of possible criminal conduct by an employee of
a client, referral to the appropriate government official will be made.
- Promptly undertake appropriate training and
education to prevent a recurrence of the misconduct.
- Conduct a review of policies and procedures to
determine whether revisions or the development of new policies and/or
procedures are needed to minimize future risk of noncompliance.
Conduct, as appropriate, follow-up monitoring
and auditing to ensure effective resolution of the offending practice.
(6) a system for routine identification of
compliance risk areas specific to the provider type, for self-evaluation of
such risk areas, including but not limited to internal audits and as
appropriate external audits, and for evaluation of potential or actual
non-compliance as a result of such self-evaluations and audits,
credentialing of providers and persons associated with providers, mandatory
reporting, governance, and quality of care of medical assistance program
This requires a review of
each provider area and a plan to deal with the potential problem area's.
Issues like supervision, orders, license and registration, supervisor
sign-off, periodic check against state and federal excluded provider
list, monitoring of licenses and registration information, systematic
confirmation actual meeting dates versus scheduled meeting, etc. All are
know problem areas that need to be addressed.
You should also use audit
techniques to assure that what we think is happening is actually taking
(7) a system for responding to compliance
issues as they are raised; for investigating potential compliance problems;
responding to compliance problems as identified in the course of
self-evaluations and audits; correcting such problems promptly and
thoroughly and implementing procedures, policies and systems as necessary to
reduce the potential for recurrence; identifying and reporting compliance
issues to the department or the office of Medicaid
inspector general; and refunding overpayments;
Fairly clear, but complex in
a school district setting. The structural setting should not, and can
not be allowed to, impeded the necessary actions. When problems are
identified the plan need to allow for the early informing of the OIG.
For example, you find out that a physical therapist did not pay their
registration fee yet their services were billed for. Immediately void
the bills and inform the OIG. Then review how this got through the
system and implement corrective action so it won't happen again.
Historically this is a problem with LSP as they don't need to be
registered to work in a school setting.
(8) a policy of non-intimidation and
non-retaliation for good faith participation in the compliance program,
including but not limited to reporting potential issues, investigating
issues, self-evaluations, audits and remedial actions, and reporting to
appropriate officials as provided in sections seven hundred forty and seven
hundred forty-one of the labor law.
People who make the district
aware of valid compliance issues must be protected for any retaliation
of any type. This can be a problem as you will have one employee
reporting on another. The result could be a negative action against one
employee who then will seek to retaliate against the other.
Here is our policy:
6. Retaliation or reprisal
in any form against anyone who makes a report of wrongdoing, cooperates
in an investigation, or participates in the compliance program is
strictly prohibited. If an employee or a contractor believes that an
adverse action in the form of reprisal or retaliation has been taken
against him or her as the result of making a report or cooperating in an
investigation pursuant to this or any other compliance policy, he or she
should report it to the Compliance Officer immediately.
521.4 Determination of Adequacy of Compliance
(a) The commissioner of health and the
Medicaid inspector general shall have the authority to determine at any time
if a provider has a compliance program that is effective and appropriate to
its characteristics and satisfactorily meets the requirements of this Part.
(b) A provider whose compliance program
that is accepted by the federal department of health and human services office
of inspector general and remains in compliance with the standards promulgated
by such office shall be deemed in compliance with the provisions of this Part,
so long as such plans adequately address medical assistance program risk areas
and compliance issues.