Deeper Than The Headlines: Diving Into A CIA Part 2: Written Standards And Training

In last week’s blog post we examined the “ownership” requirements of a recently published CIA. This week we continue to dive deeper into the CIA by reviewing the requirements surrounding written standards/policies, training/education, and auditing/monitoring. Recall, the CIA was with a radiology practice and was recently posted on the OIG’s website.

Three CIA Requirements

Written Standards/Policies

The radiology practice was given 90 days after the effective date of the CIA to develop and implement written policies and procedures regarding the operation of its compliance program. It’s one thing to write policies and another to implement them. I’ve reviewed many organizations’ compliance policies and they read beautifully. But have those policies been disseminated, digested and put into practice by the frontline employee who is ultimately the individual involved in the activity the policy is trying to address?

For example, your organization has a policy that it will follow all Medicare payment and reimbursement policies such as Local Coverage Determinations (LCDs) published by the Medicare Administrative Contractor (MAC). That sounds great in the policy but are those involved in the operations reading and following those LCDs? Your policy said you would. This means the clinicians who order, provide and document clinical services are aware of the LCD and understand it. It also means the coders and billers are aware of the LCD requirements and not just trying to get claims paid, but rather trying to get them paid in compliance with the written requirements of the LCD? Just because something was paid, doesn’t mean it should have been paid.

The CIA continues by requiring the practice to “enforce its Policies and Procedures and shall make compliance with its Policies and Procedures an element of evaluating the performance of all employees.” When was the last time your employees’ annual performance evaluation included compliance requirements?

You’re not done even once the policy is written and employees trained. This CIA requires policy review to occur “at least annually (and more frequently, if appropriate),” and the practice “shall assess and update, as necessary, the Policies and Procedures” with any new or revised Policies and Procedures being made available to all applicable staff and business partners. How does your compliance program currently document its policy reviews, updates, and dissemination to employees? Could you easily reproduce that documentation if called upon by an external agency for example?

Training and Education

In regards to training and education, the CIA requires a writing “Training Plan” which outlines the steps the practice will take to ensure all applicable personnel received at least annual training in regards to Federal health care program requirements.

“The Training Plan shall include information regarding the following: training topics, categories of Covered Persons required to attend each training session, the length of the training session(s), the schedule for training, and format of the training.” And ultimately, the practice “shall furnish training to its Covered Persons pursuant to the Training Plan during each Reporting Period.”

In addition, the practice needs a way to document and track all the training. The CIA requires the practice to “make available to OIG, upon request, training materials and records verifying that Covered Persons have timely received the training required under this section.” How easy would it be for your compliance program to produce a training plan and documentation if you had to demonstrate the effectiveness of your compliance program? What tools are most effective in helping you achieve this? Which are ineffective and should be replaced?

Auditing and Monitoring

Not all CIAs require the engagement of an Independent Review Organization (IRO). This particular CIA did require it for regularly scheduled claims reviews. Similarly, it is not always necessary to engage an external consultant to help your compliance program with an independent review or audit, but it can definitely add to the credibility of your compliance program if, at least occasionally, you invite an independent set of eyes to be involved with auditing and monitoring.

Certification is required as to the IRO’s independence and objectivity. Additionally, the certification shall include a summary of all current and prior engagements between the practice and the IRO.
Some of the other IRO requirements from this CIA included:

  • Individuals to conduct the Claims Review who have expertise in the Medicare and state Medicaid program requirements applicable to the claims being reviewed;
  • Individuals to design and select the Claims Review sample who are knowledgeable about the appropriate statistical sampling techniques;
  • Individuals to conduct the coding review portions of the Claims Review who have a nationally recognized coding certification and who have maintained this certification (e.g., completed applicable continuing education requirements); and
  • Sufficient staff and resources to conduct the reviews required by the CIA on a timely basis.

The claims review should include a determination as to whether the items and services furnished were medically necessary and appropriately documented and whether the claims were correctly coded, submitted and reimbursed. The CIA also required a sample of at least 100 paid claims for each location being audited.

Our next blog on this topic will include a further look at risk assessments, disclosure program and employee screenings for excluded parties.

Questions or Comments?