Healthicity
Share:
healthcare compliance, compliance program, compliance officer job, compliance officer, audio, skilled nursing facilities, podcast
Our new Compliance Conversations episode spans a wealth of great topics!
We're joined by Paige Pennington from Compliagent, an expert in compliance programs with extensive experience in nursing homes and post-acute care. We delve into various aspects of healthcare compliance, including common challenges faced by providers, the importance of compliance committees, audit protocols, and the ongoing risk associated with therapy services in nursing homes.
Tune in to the episode, Compliance Program Best Practices for Healthcare Organizations and Nursing Facilities, to:
-
- Gain a deeper understanding of compliance programs and their significance in healthcare.
- Learn about common challenges and best practices in the field.
- Stay updated on the latest developments in nursing home compliance.
- Explore strategies to enhance your organization's compliance efforts.
Paige is the Chief Operating Officer at Compliagent, managing the execution of Compliagent's services in order to support healthcare providers in achieving meaningful regulatory compliance.
Previously, Paige led the implementation of numerous regulatory compliance programs for long-term care providers at Fenton Nelson, LLP. Paige has worked extensively on the regulatory issues integral to the operations of healthcare facilities, including compliance with HIPAA/HITECH, Medicare and state licensing requirements.
With a degree from the University of Chicago and CHC credentials as a certified compliance professional, Paige brings rigorous training and deep expertise to her work. Paige understands the day-to-day challenges that clients encounter in compliance and has proven expertise to mobilize resources to drive compliance efforts at every level of an organization.
Transcript
CJ: Welcome everybody to another episode of Compliance Conversations. My name is CJ Wolf with Healthicity, I'm excited to be here today. We have another wonderful episode and another wonderful guest, Paige Pennington from Sunny California. Welcome, Paige.
Paige: Hi, CJ! Thank you for having me!
CJ: Absolutely! We are excited to be talking a little bit about kind of a mix of things today, compliance programs in general, but also a little bit on some specifics with nursing facilities. Paige has experience in both those areas and compliance in general as well as nursing homes and nursing facilities. But before we jump into the content page, we always like to allow our guests to tell us a little bit about themselves as much or as little as you want to share.
Paige: Hi, everybody! Thank you for joining to listen in. It's always exciting to have people interested in compliance, voluntarily listening to us talk about it. Compliagent is based in California and we are enjoying some nice sunny weather as CJ mentioned. Hopefully everyone else listening into is getting some nice sunny summer weather.
Compliagent is a consulting firm, we focus on developing compliance programs, helping providers build out or maintain their compliance programs. We work across the healthcare provider spectrum. We have a lot of work in the post-acute care sector, which is what my focus area is. So, that will be the context for a lot of what I talked about today. However, our team is diverse with a lot of experience in different fields, so by no means is that the only part of the healthcare sector that we touch upon. So, if you have any questions, comments, concerns, want to reach out and you are not from the post-acute care sector, don't be shy. We welcome everybody and we have a big team behind us with lots of experience of clinical, operational, regulatory. So, we look forward to fielding questions if anything that we mentioned today sparks your interest.
CJ: I've known Paige for many years now, and some of her colleagues, and they do excellent work and are just wonderful people, and I can't recommend them highly enough. So, we're glad to have her and some of you may be aware that Paige has joined us on a webinar before, so look at the Healthicity resources web page and you can find some additional webinar information that she's participated in.
Well, Paige, let's kind of jump in on some of our topics today. And as you mentioned your consultant, you are working, of course, with organizations that are throughout various stages in their compliance programs. Some are probably just beginning, right? And they want your help. Others are probably pretty robust and mature and maybe functioning for many, many years. So, with that kind of as a backdrop and all that your exposure to all those shapes and sizes of these programs, what do you think are the most common elements of a compliance program that providers struggle with? If you had to kind of pinpoint.
Paige: I think it varies a little bit, but I take the approach of let's start with the seven elements and I kind of think through compliance programs from a seven-element structure. I think about compliance programs starting from the seven elements and I think that the biggest problem in forming the structure of your compliance program is with the Compliance Committee Element. I think that whether you're a small organization or a large organization that has a robust existing compliance program, I often see that the Compliance Committee Element is overlooked and I think it's, you know, there might be various reasons why that is, whether it's because there aren't people to fill the function or there are people that haven't really given it enough attention; big, small, somewhere in between, there's a lot of mid-sized providers, especially in that post-acute care space. There's typically some type of quality assurance function, that I think a lot of my clients typically like to frame as; "Oh! This is our compliance committee!"
CJ: Right!
Paige: And you know I want to give them credit for that; "I'm happy that you're doing quality assurance. I'm not by any means knocking it. What you are doing is extremely important. You need to be focusing on things like infection control or rehospitalizations and managing psychotropic."
We know that CMS focuses on those areas, so while I think that the quality and clinical care and patient centeredness is important, that's not the whole piece of compliance. So, I find that with the lack of a compliance committee and trying to repurpose quality assurance or QA as a compliance committee, you are missing pieces of the pie that should be covered. So, you know with HR, we're missing things like OSHA or exclusion screening, if you're not involving legal or maybe other functions like operations and business development, you might be missing conversations about regulations like HIPAA or the Anti-kickbacks statute and physician contracting, things that might not come up if you're only having a meeting focused on quality and you're only hitting those clinical systems.
So, I don't think that quality assurance meetings are appropriate substitute for a compliance committee. I think that clients, especially larger ones, are typically surprised to hear that they're big meetings where they talk about these quality metrics, are not cutting it when I say; "No, no, no, that's not compliance. It's a piece of it. But it's not the whole piece that you need."
CJ: Yeah! And kind of on the flip side to that, I don't know if you've seen some organizations that have done really well in the compliance committee space, but I've seen a few that are very mature programs, have really good support from senior leadership and they might even have like an executive compliance committee and then subcommittees, right? They might have a committee for revenue cycle billing, and those coding those sorts of things, The Subcommittee for Privacy and HIPAA, and the Subcommittee for Research if you're doing research, those sorts of things. So, I've seen it kind of worked well the other way. Have you seen some really good examples too?
Paige: I wish I could say that I have seen those really good examples. And again, I speak largely, from the post-acute care space and I think that, you know, in my world of primarily focused on skilled nursing, home health, and hospice with a sprinkling of some other ancillary-related providers, I don't typically see that level of sophistication. What you are describing I see with some of the clients I touch in the hospital space or larger more sophisticated organizations that have like large board of directors with subcommittees at the board level and then compliance committees with again subcommittees and peer review committees and things like that where they are accredited organizations and sometimes the accrediting organizations even require some of those subcommittee.
I do not see that level of sophistication or breakdown in organizational structure in the clients that we typically end up servicing. I'm not saying it is you know 100% there are 15,000 plus nursing homes alone in the country. So, I'm seeing or touching maybe 3 to 400 in a year in some capacity as a consultant. And I'm not saying that any of them need that level of sophistication, but certainly, that's not where we are at in the post-acute care space.
CJ: And to be fair, the good example that I've seen was it was a large system. So, they did have hospitals, but they also had post-acute care facilities. And so, I think what may have happened in that case is the fact that they had this medical system and the compliance program was already well established that the nursing facilities and post-acute care facilities were able to just kind of be folded into the existing compliance structure.
And I wonder does that, you know why is it so hard for providers to navigate that compliance committee? Is it because most of that's structured for hospitals or what are your thoughts?
Paige: Do you think that at the outset the compliance guidance that started to come out from OIG in the 90s was really written in mind for larger systems? I mean, we have compliance guidance for anything from hospitals to home health agencies in small position practices and everything in between. But when you read it, there's not really much differentiation in those seven elements for small providers that are family-owned nursing homes, that might have 50 beds to chains of 205 hundred nursing homes. Given there's always a caveat of we expect you to be flexible and apply these pieces of guidance as applicable to your organization. But they don't really give you options for like, for example; if you are a small mom pop, you might do X, and if you're large you might do Y.
CJ: Right!
Paige: That's not really built in there, they outline; "Here's a compliance committee that we expect you to have," but they don't really walk that back and say, "Except if you're a small organization, we don't expect you to meet this requirement." So, I think for small providers, the lack of compliance committee makes complete sense to me.
If my organization is flat, meaning there's not much difference between my day-to-day manager to owner, my owner might even be my administrator, right? It might be a family-operated nursing home where my owner is my administrator, and then the other owners are like Grandma and Grandpa.
CJ: Right!
Paige: Who else is going to be on the compliance committee that isn't already on your governing body or your board? And then it kind of becomes a really redundant function of then who else is on your QA committee and now, are we having committees for the sake of having committees!
CJ: Right!
Paige: And how many meetings that we have as an organization before we can't provide care because everyone is stuck in meetings all day? I think it becomes really hard in smaller organizations to try to meet some of these idealistic requirements have been set out in regulations.
More recently, we actually have requirements for compliance and ethics programs for skilled nursing facilities that's F895 for anyone on the skilled nursing side listening in, that became a requirement in October 2022, we don't have a similar requirement yet for other providers.
That being said, if you look at the CMS requirements of participation, you don't have any requirement for a compliance committee written into those regulations, whether you're a smaller group, or facilities or less, or a larger group of five facilities or more. It mentions the requirement of having a compliance officer, it mentions if you're five or more that you need a compliance liaison, but there is no actual mention of formalizing a compliance committee.
So, right there you already get this kind of contradictory information from OIG since the 90s has been recommending a compliance committee, CMS with more recent requirements, not guidance, doesn't even mention compliance committee. So, it's like do we need one and if we don't, why would we put that burden on us as a small provider?
We know OIG has now promised updated guidance, so hopefully, that will address some variations that we're seeing in provider sizes and implementation of programs and that will address that issue. But that's my perspective from small providers and I think that's a very reasonable struggle for them to be dealing with.
CJ: Yeah!
Paige: In larger organizations, I don't have the same kind of empathetic approach to; "I get it this guidance isn't really considering where you're coming from." In larger organizations, I think people just kind of get stuck in their like vertical silo of like; "This is clinical," and then below me, I have these regionals and then below them I have directors, and then below them you have your floor staff. And then they just get siloed off where they have these maybe weekly meetings and maybe quarterly regional clinical meetings or quarterly HR meetings. And they already think in their heads that; "What do you talk about, we need additional meetings, we meet weekly, we have calls and then we have a senior leadership call once a month and then we have broader leadership meetings once a quarter!"
And so, I think in their minds with just staying in their wheelhouse of, you know, operations or clinical or business development or HR, they think that they are meeting this kind of compliance committee requirement and that they're sharing information and their reporting issues and they're planning for the future, but they're really staying in a vertical line of communication. There's not much sharing back and forth across the organization or sharing across departments. And so, I think that's where they get stuck is, they're like; "Oh! You know, you're right! We don't sit down as kind of like an interdisciplinary team of C-Suite folks and talk."
CJ: Right!
Paige: And once you start to explain, like, the benefit of when I talk about something like OSHA that has not only a clinical impact, but there's also an HR impact and because there's an HR impact, that impacts staffing, which impacts labor. So, finance is now listening.
You know it's cross-sectional. It's not just a clinical issue or an infection control issue. It is HR and finance and having all those people in that conversation when I talk about something like a respiratory protection program or workplace injury or getting even legal counsel involved because we've had no lawsuits in the area or workers comp issues, you know, they're like; "Oh yes! This totally makes sense why we should sit around at the table." They just needed someone to play quarterback and turn that light bulb on for them to explain why those vertical meetings need to be horizontal and the real decision-makers in the organization need to have a circular meeting where they're sharing information, trending that data, talking about it as a group, and then taking that back to their teams and sharing it down their vertical lines.
CJ: Yeah, I really like that kind of visual, the vertical and the horizontal, I think that's a really good way to put it. Let's take a quick break and then we'll be right back to ask you some more questions.
Welcome back, everyone from the break. We have Paige Pennington here with us from Compliagent and she's giving us some great advice and some insights that she's seen working with many of her clients. We were talking about kind of what common elements providers might struggle with in a compliance program. We just kind of finished up talking about the compliance committee. Paige, I wanted to ask you, are there any other common areas that you see that providers struggle with?
Paige: I think it's probably no surprise that I'm going to nitpick on this area, but the auditing program I always tell my clients this is the bread and butter of a compliance program is to, you know, dot your i's and cross your t's if you identify a problem when you're internally monitoring to disclose report refund if necessary. But from a very basic level, not even looking at the topics that you're selecting or why you're selecting them or how you're doing high-level things like trending your data, I generally find it's a documentation issue around like a lack of formality for audit protocols capturing the follow-up and retaining the proof that you actually did the audits in the first place.
So, in my mind, for example, a well-documented audit program as the government, if I come in and say; "Paige, your company is under investigation, show me proof that you have an audit program," as a compliance officer I would want to be able to very quickly show the government; "In 2022, here's a list of the various audits we had going on by department," and just a quick snapshot, so I look, you know, but I have a pulse on what's going on. Maybe I'm not the expert in each subject matter area, but I know what's going on. I have an aggregate list of those audit topics. I should be able to go to those departments and say; "Hey, CJ, you're in charge of our clinical area of XY&Z. Can you please give me all of your audit reports on this topic for this time period," and I shouldn't have to wait a week to get those because they should be saved somewhere readily accessible.
CJ: Right!
Paige: But unfortunately, more commonly than not, while the audits are happening, and I don't think for the most part that any of my clients that I've come to are not doing the work, it's just that they're missing some level or most of the formality around the auditing program. So, when I say formality, what I mean is they don't have a set frequency for the audits. So, I often hear something like; "Oh well, we try to do it quarterly, but that doesn't always happen," so, then it's like; "How often do you do it?" "Well, maybe last year we did it twice the year before we did it quarterly. I'm not sure if we did it the year before that, I couldn't tell you when it started." So, it's like, I don't even know as a compliance officer how far back I could look to produce those records. So, it's hard to produce something to the government when you don't know what you're looking for.
A set format or methodology, meaning do you use an audit tool? So like CMS has survey pathways for when a surveyor comes out or if you're an accredited organization when you're accrediting organization comes out, they have checklists. So that way when they ask you questions, it's apples to apples for all organizations being accredited or surveyed so there is not this huge discrepancy in how two different people do it. It's comparable results in data and it's accountable. If I ask two doctors; "Here's one chart audit the chart," but I don't give them parameters, what I get back is going to be night and day from each other. It's not going to be comparable.
So, when I ask for audit tools, especially in larger organizations where different people might be doing different audits, maybe you have one nurse consultant over this state and another nurse consultant other over another state. If you haven't given them a standardized format, I don't know how you're reporting back to a hypothetical compliance committee or to a board with results that mean anything if you can't compare the data.
CJ: Yeah!
Paige: Other things I look for in an audit protocol, is a set scoring. So how do I know if a building's doing well or not? you know, in a quantitative fashion, say like this building scored eight out of 10 or this building scored 90%, you know whatever it is, can you turn it into an objective score, so we can say whether or not we're improving or as a company, what our risk exposure is. Is there a process for escalation? So, if you do have that objective scoring, what's our comfort level? Maybe we don't expect people to be 10 out 10 every time, but if they score a 2 out of 10, we should probably have a standardized we do something, if they don't hit a minimum compliance threshold. And then just in terms of documentation; where do we save our audit tools? Who gets notified? So, thresholds for do we notify just the administrators? Do we just notify within the vertical? Do we share results with people outside of the vertical? Does it go to the compliance committee or is it only if you know someone fails their audit, does the committee get notified? If we have remediation actions, where do we document that? Obviously not on the audit tool, but there should be something at the site level where there's remediation documented. The last thing you want out there is; "Hey, we found a problem," but then you have no documentation that the problem is fixed.
And then the age-old question how long do we keep these things? Do we keep them for a year? Five years? As long as we keep medical records, they're not part of the medical record, but that is kind of what people use as their baseline of; "Well, we keep medical records for X-year. So, we kind of keep everything else for that same time frame, but you want to know how long you should be storing these and where they're stored, and who has access.
So, all of those things to me are part of an audit program. As a compliance officer, I know all that information and if I need it, it's at my fingertips. I largely to wrap that rant up, think that providers are doing the work and just setting themselves up to not get credit for it. So, I think that for the most part, when I come into organizations and they're asking me to assess their programs, I'm finding that they are relying on an individual with institutional knowledge to explain verbally what their audit process is, but you know, should that individual win the lottery and go off on vacation forever? You know, good luck telling the government what you did five years ago with your audit protocol because it's not in writing. So, anyone who's listening, make sure your audit protocols are in writing and organized and accessible.
CJ: Exactly!
Paige: So that's not a good takeaway on that topic!
CJ: Yeah. No, you're, right! You should be able to pull that that data in your results to kind of tell the story of the work you've been doing. So, kind of speaking of auditing, you know, I'm aware that therapy services in nursing homes has been an issue in the past. Is that still a significant risk? And if so, are there any key points on that topic that you could share?
Paige: I'm glad you asked because I think that a lot of providers were very nervous about this as a risk area leading into PDPM, which kicked off on October, 29, and then they kind of took their foot off the gas with this, like, fear of what is CMS going to do with this change in payment model because we all got distracted by something called COVID-19. And we really haven't given much thought to, is the government going back to these therapy equalization cases?
I think that we are not quite done with settlements and corporate integrity agreements related to over-utilization and therapy under the RUG model of payment for sniff PBS. First off, the look-back period for false claims is 6 years. We are in this October four years into PDPM, which gives us still two years of claims under RUGs that were, you know subject to that over-utilization claim by CMS, so we just need to be mindful.
In the fiscal year 2022 final rules, CMS shared some data with us, not sure if providers saw that, but they gave us some data that they did some trending right after PDPM kicked in that there was an average of 93 therapy minutes per patient for utilization in fiscal year 2019, so that's leading up to PDPM. And then in the three months following PDPM, so right before the pandemic, October, November, and December, that 93 minutes per patient dropped to 68 minutes. So that was a 27% drop. So, all of a sudden, the patient characteristics don't change, but the need for therapies sure just drops off by 27%. So, I don't quite know how providers who are already kind of in the queue for the government to pursue these therapy utilization cases are planning on explaining if they are in that group of facilities that show that 27% average drop off.
So, do I think there are more cases coming? Yes. Is there anything you can do about it? No, the data is there. The claims are already billed, what you did in October through March of 2020, pre-pandemic is you know that what's done is done.
I can tell you that there have been 3 corporate integrity agreements announced post-PDPM. So, in the first few months of 2020 related to therapy utilization. That being said, we haven't seen any since COVID-19 really ramped up. But again, we still have two years before the false claims, look back, period kind of sunset. So, I think that there could be more cases that will settle, especially since CMS has that data to utilize to say; "Hey nursing home, you told us this therapy was necessary under the rent payment system. But look at how your data just dropped off all of a sudden," so I think yeah, there's a risk and I think that the nursing homes may have set themselves up a little bit as soon as PDPM kicked in.
Separate from the payment model altogether, not looking at sniff PBS as a payment system. I think that skilled therapy is always going to be an important factor in how we provide services because therapy documentation is going to support our need for skilled services. So, we could provide skilled therapy as PT, OT, ST, or respiratory therapy. We also provide skilled nursing services. So, we still have a requirement to support the patients when they're under a Medicare age stay need skilled services that are medically necessary and reasonable for daily in-patient skilled care, meaning it's not more appropriate or cost-effective for that patient to reside at home and get outpatient care.
So typically, we see the skilled nursing services are front-loaded, meaning the IV antibiotics or the wound care happens more so at the beginning of the skilled stay, and then that tends to taper off. What lingers is typically the PT and OT services. So as the therapy continues, it becomes even more crucial for therapy to do stronger and more thorough documentation about why the services are skilled and still need to be inpatient, right? They are the only remaining skilled service, absolutely! You know they are the reason the patient is there under part A as a payer and they haven't converted to long-term care as Medicaid or gone home. So yeah, they are supporting medical necessity at that point and so that doesn't change whether it's RUG as the payment system or PDPM as a payment system.
CJ: Yeah! No, that makes a lot of sense. Paige, we're getting kind of close to the end of our time here. What other advice or thoughts do you have that you can give providers?
Paige: On the topic of therapies, since we're talking about it, some advice, if you haven't already done so, I would look at your pre-PDPM average therapy minute utilization and compare it to that October 2019 to March 2020 data. See what your utilization rate comparison is. Again, nothing you can do about it now. I think it's good to know what your data says about you. It's just, you know, good to know your exposure, what the government might think you look like just from a paper perspective.
I would also encourage you to look at your utilization of group and concurrent therapy, albeit CMS has a set, 25% threshold for utilization. If you were a company not using group or concurrent therapy prior to PDPM and you're using it now, I'd ask yourselves why make sure that you have patient-centered care plans that support why that's medically necessary.
And then again, just like under the RUG system, make sure that your skilled therapy continues to be medically necessary and that when you aren't showing improvement, which is not the criteria or the sole criteria for skilled therapy services that you do have good documentation to show that skilled therapy is still necessary to maintain the current level of the patients function or slow the inevitable decline of the patients function due to disease progression. And so that is your skilled criteria. So, continue those conversations and your IDT meetings when you're talking about medical necessity. So those are some of the takeaways functionally that I would say should occur on the therapy discussion side.
CJ: Well, that's great! Great advice! So much information. I mean, we could go on and maybe we need to have a part two sometime because there's obviously a lot happening in this space and you're very familiar with it. Thank you so much for your time today!
Paige: Thank you so much for having me! It was a pleasure talking your ear off.
CJ: Yeah, it's wonderful to have you in the webinars and podcasts, whatever you do seems to be spot on when it comes to this material, so thank you so much. And want to thank all our listeners for listening to another episode of Compliance Conversations. If you like these episodes, please subscribe and share with friends and colleagues. And we appreciate your continual listening to the podcast, until next time. Have a great day, everyone!
Questions or Comments?