5 questions about CMS – OIG Compliance Training
How is CMS – OIG Compliance different from HIPAA Compliance?
Simply put, CMS – OIG Compliance is your organization’s written program to achieve overall regulatory compliance and ethical business practices for all of your organization’s business activities.
HIPAA Compliance represents your organization’s Privacy and Security Compliance, and thus serves as a specific component of your broader CMS – OIG Compliance Program.
What is the OIG looking for from my organization to maintain CMS – OIG Compliance?
Your organization needs to implement and maintain an effective compliance program and establish a culture of compliance. At a minimum, you need established Policies & Procedures, a designated Compliance Officer, a strong annual training program, and new hire training, open lines of communication, and pre-designed methods to handle complaints or potential problems.
What is the best way to communicate with my workforce about CMS – OIG Compliance?
Leadership should begin by establishing open lines of communication.
Whether it is via email or phone call, your workforce should understand that they have options to file a complaint or grievance. There should also be an option for them to communicate anonymously. This can be accomplished by establishing a third-party hotline. This is maintained by an outside entity, so that your workforce members have complete reporting anonymity. Workforce members should receive annual training about CMS – OIG Compliance that highlight any changes in company policies.
What are Exclusion Checks and are they necessary for CMS – OIG Compliance?
The OIG has the authority to exclude individuals and entities from Federally funded health care programs for a variety of reasons, including a conviction for Medicare or Medicaid fraud.
A list of all excluded individuals and entities called the List of Excluded Individuals/Entities (LEIE) is maintained by the OIG. Any Covered Entity or Business Associate that hires an individual or an entity on the LEIE could be subject to civil monetary penalties. To avoid penalties, your organization should periodically check the LEIE.
The OIG updates the LEIE on a monthly basis, so your organization should also review it on a monthly basis. This includes checks on both your contractors and your vendors.
Every state also has a database of Medicaid Excluded Individuals which participating providers are obligated to check on a monthly basis.
What is a Risk Mitigation Plan and how do I develop one?
Whenever any audit is completed, whether it is a comprehensive compliance audit, a coding audit, or a Security Risk Assessment, there will be issues that need to be remediated.
The Risk Mitigation Plan is the schedule that you will develop to remediate these open issues. Think of it as your corrective action plan. Performing an assessment or audit can uncover potential gaps or areas of risk. However, even if you may not be able to adequately address all of those issues, your organization must be making reasonable measures to correct these gaps or risks.
An audit or assessment is just part of the compliance picture. Remediating open issues, training your workforce, maintaining open lines of communication, keeping up-to-date policies & procedures and taking corrective action for non-compliance all contribute to a strong culture of compliance.
What are the Seven Fundamental Elements of a Compliance Program?
Implement written policies, procedures, and standards of conduct
Designate a Compliance Officer and Compliance Committee
Conduct valuable and explicit training and education
Develop effective lines of communication
Conduct regular internal monitoring and auditing
Enforce compliance standards through prominently posted/well-publicized disciplinary guidelines
Respond promptly to detected offenses and undertake corrective action(s)
In addition to the above required elements of a Compliance Program, there are expected “Best Practices” embedded within those seven elements which can make an organization’s compliance program more effective. You can test the compliance of your organization by determining the Effectiveness of your Compliance Program.
HealthCare Compliance Network, LLC
10 Technology Drive, Suite 322
Hudson, MA 01749
TEL: (855) 526-6754