14 Q&A Responses from our Compliance Incidents Webinar

Q

What about when there is no sufficient information to substantiate an allegation. What is the best practice for documentation purposes?

A

Best practice documentation in this case is to clearly describe what was done to conclude that there was not sufficient enough evidence to substantiate the allegation, along with the reason why it could not, or should not, have been investigated any further. The documentation should include any reports that were run, interviews, communications, etc.

Q

Do providers have 30 or 60 days to refund without a penalty?

A

During the webinar, we discussed the importance of compliance with the CMS overpayment rules. Providers have 60 days to return overpayments once they have been identified -- See https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-A/part-401/subpart-D/section-401.305

Q

How can we increase participation in staff reporting incidents?

A

• First, make certain that staff are aware of the reporting methods available to them for incidents.
• Second, create an organizational culture that supports speaking up and reporting potential incidents.
• Third, as circumstances allow, share success stories of staff speaking up and reporting which led to improvements and/or successes within the organization.
• Lastly, many organizations have a code of conduct that staff must sign and agree to. Many organizations include a requirement in their codes that staff report concerns that they become aware of.

Q

What is the source document for these OIG recommendations?

A

The source documents for the OIG recommendations and quotes shared in the webinar come from the OIG compliance program guidance documents found on the OIG website: https://oig.hhs.gov/compliance/compliance-guidance/

Q

The distinction of how an incident is identified, which means whether it is tracked, is important for an organization. Are there recommendations on when an incident becomes an incident = tracked?

A

An incident should become an incident when it is reported to someone with a responsibility to receive the incident and see that it is handled appropriately. Such individuals might include supervisors, managers, executives, or compliance personnel. If the incident is shared verbally or via email (for example), it is important that the issue be entered into a tracking system or log and assigned a unique identifier. This is the formal beginning of tracking the item through to completion.

Q

I was meeting with a peer, and they told me that their compliance investigation team reviews the initial allegations raised and makes a pre-investigation judgment call whether or not the incident/behavior would have likely occurred. If they don't think it is likely to have occurred, they close the case without investigating. I've never heard of this before. I've always thought that if an allegation was raised, compliance officers have some requirement to do an investigation or due diligence before rendering a substantiated/not substantiated judgment. Have you heard of this pre-investigation judgement before?

A

I have not heard of a pre-investigation judgement call. It sounds as if this judgement call is being made without performing any due diligence such as asking additional questions of key staff, running reports, or performing preliminary investigations. If that is the case, it is my opinion that performing such a preliminary investigation judgement call is not appropriate.

According to OIG guidance, “…compliance programs should include processes and resources to thoroughly investigate compliance concerns, take the steps necessary to remediate any legal or policy violations that are found, including reporting to any Government program agencies or law enforcement where appropriate, and analyze the root cause(s) of any identified impropriety to prevent a recurrence. How an entity responds when it finds a violation resulting in a substantial overpayment or serious misconduct sets apart those that have a strong compliance program from those with a compliance program that is more form than substance.”

OIG believes that “An investigation could show that nothing improper occurred, it could reveal an overpayment that is owed, and it could uncover information indicating that misconduct has occurred, resulting in violations of applicable Federal or State law. Consequently, a compliance program should expect any outcome on this spectrum and plan accordingly through appropriate policies and other resources.”

Q

I recently took over the position as Compliance manager. While going through old paperwork (2019), I have found some information regarding a Stark Law infraction. Could I still investigate the incident or is it too late?

A

It is important to make sure any compliance issue has been thoroughly investigated. If you are certain this issue has not been resolved previously, it appears it should be investigated. Consider the appropriate use of legal counsel as well.

Q

I am new to my compliance position at my organization. Previously, our compliance program hasn't done a lot in terms of revenue cycle compliance tracking. I cannot get the revenue cycle leader or administrative team on board with tracking overpayments, can you rate how important overpayment tracking is for compliance?

A

In my opinion, it is absolutely essential. I also believe the following statement by the OIG supports this opinion:

“Health care providers and other industry stakeholders should take proactive measures to ensure compliance with program rules, including regular reviews to keep billing and coding practices up-to-date as well as regular internal billing and coding audits. Even if an entity makes an innocent billing mistake, that entity still has an obligation to repay the money to the Government. The Affordable Care Act included a requirement that entities must report and repay overpayments to Medicare and Medicaid by the later of: “(A) the date which is 60 days after the date on which the overpayment was identified; or (B) the date any corresponding cost report is due, if applicable.”18 If an entity identifies billing mistakes or other non-compliance with program rules leading to an overpayment, the entity must repay the overpayments to Medicare and Medicaid to avoid False Claims Act liability.”

Q

Do you recommend an organization track their incident reports received by a rate instead of total volume alone? ex: #IRs received/100 employees

A

Tracking in this way could be useful when trying to compare certain rates from one facility or department to another within an organization. I have not seen many organizations doing this, but I can see how this could be helpful in some ways.

Q

What is the recommended time-frame to complete an incident report?

A

This is a difficult answer to provide, because some reported incidents could take months to complete while others might only take a few hours to complete. However, it is important to track this metric over time to demonstrate improvement or to demonstrate completion rates are lagging and corrective action might be necessary, such as devoting more human resources to the effort to perhaps training compliance professionals in more efficient ways for completing incident management.

Q

What is the definition of "incident?"

A

The definition of incident might vary depending on the context or organization. For example, a patient safety incident such as a fall or administration of the wrong medication might have a much different definition than a report of incorrect coding and billing. However, in general, many programs consider an incident as a reported issue of concern or potential concern.

Q

Is there a way to have more than one person assigned as an investigator to an incident? (ex. a primary and secondary investigator) 

A

Yes. Multiple investigators can be assigned to a reported incident.

Q

So if they are reporting from outside, they don't require a login ID?

A

That is correct. The reporter accesses the public incident report form by clicking the related URL or scanning the QR code. 

Q

Also, please confirm that only an admin can make assignments of investigators and approvers? This was not our initial understanding of the workflow when planning to migrate incident and complaint reporting into Healthicity.

A

Users assigned to any of the following roles can assign investigators and/or final approvers: Admin, Full Access Manager, Incident Manager. The manager-level roles are location specific and can only access or take these actions on incidents related to locations where they’ve been assigned the roles. Manager-level users can also be limited to taking action on certain incident types by customizing your incident template permissions.

Q

When making changes to your incident templates - what is the best way to share them with others in your company before fully 'launching' the template, without disrupting incident reporting?

A

The system doesn’t currently allow exporting from the template page. If the users you want to share the template with don’t have permissions to view templates, the best way to share it is to submit a test incident using the new template. You can then share a PDF of the test incident, reflecting the template’s formatting, by using the Compliance Manager Share option. After creating the PDF and sharing, you can delete the incident, as deleted incidents aren’t counted in any incident stats. There are some additional steps you can take to keep the template you’re testing out of your user’s view. Please contact our support team for additional information at support@healthicity.com

Thank you to all who joined us for the live webinar. If you missed it, you can watch it on-demand here and gain 1.2 CCB CEUs.