Navigating New Norms: Key Takeaways from the 2024 HCCA Compliance Institute

I was thrilled to attend the 2024 HCCA Compliance Institute! The opportunity to network, collaborate, and learn from experts is invaluable when we can sometimes feel isolated as compliance professionals. 

Now that I'm back, wanted to share some key takeaways from the conference: 

Keynote Insights: Robert DeConti's (Chief Counsel to the Inspector General) 'Compliance Heroes' message offered a motivating perspective that also included OIG insights on the impact AI and private equity have on the delivery of care. 

OCR’s HIPAA Updates: The OCR's session on HIPAA compliance provided essential updates. 

OIG Guidance: Of course, as my focus area for 2024, I'm particularly eager to dive deeper into the updated OIG Compliance Program Guidance from November 2023. 

Let’s dive a bit deeper into each of these areas.  

Chief Counsel to HHS Inspector General, Robert DeConti “A Hero’s Journey”

“…putting your Professional reputation and everything else on the line to protect patients, government programs and the complicated and sometimes delicate system we rely on in this country to deliver healthcare. People’s lives are literally at stake. You are not alone…” 

The Hero is you!  

You wanted to be a guardian and protect entities and their patients, but you’re not alone. The OIG has resources that can be a “map for a compliance hero who is temporarily lost.” 

The OIG will also follow up later this year with Industry Specific Compliance Guidance (or ICPGs), including Medicare Advantage and Nursing Facilities, and then Hospitals and Clinical Labs. 

Another key takeaway was the OIG’s focus on the essential function of Risk Assessments, as well as Information Blocking and Hospital Compliance Audits. The OIG also reiterated that kickbacks can influence medical decision-making and cautioned against the corrupting influence of money and emphasized that the organization is deeply concerned with quality of care. 

When the hypothetical allegations of non-compliance are validated, the Compliance Hero recommends collaboration between Compliance, Legal, and the clinical Quality teams. And Self-disclosure was the gold standard to avoid years long investigation, disruption to patients and staff and uncertainty.  

The OIG also called out the responsibility of an organization’s leaders, saying, “Owners and Directors indicted, excluded or paid steep fines for their role in healthcare fraud…” and emphasizing the vital role they play in healthcare compliance. 

Two Risk Areas as it relates to Compliance:

1. Artificial Intelligence – Inspector General DeConti shared a past case where Consultants utilized upcoding for Pneumonia DRG. Key questions to ask around this instance are: 
   1. Imagine how this could have been perpetuated with AI?? 
   2. Or, how the OIG could have used AI to detect sooner? 
   3. Even better, how could the compliance officer use AI to prevent?  
   4. Will organizations use AI to bill for services that are not medically necessary?  
2. Private Equity  
   1. How are investors looking at ROI? 
   2. How are decisions for financial gain impacting patient care? 
   3. How can we follow the money and motivation? 

“I've challenged our office to consider the growing process of private equity and other forms of private investment in healthcare and how this investment raises concerns about the impact of ownership incentives. For example, return on investment and how those incentives may affect the delivery of high quality efficient healthcare, that's in the patient’s best interest and is accurately billed to the federal government. Private equity company gets involved in running the business of its healthcare portfolio companies perhaps in connection with a large management fee is receiving I anticipate that compliance professionals are going to be the first to identify instances where the private equity company has influenced the medical decision making or has cut the staffing in a way that means patients are not getting care that's in their best interests.” 

2024 Office for Civil Rights Update

HIPAA Priorities:

1. Finalizing 2023 Notice of Proposed Rulemaking on the HIPAA Privacy Rule to Support Reproductive Health Care Privacy 
2. Prioritizing investigations that follow HIPAA complaint and breach trends: 
   1. Hacking 
   2. Ransomware 
   3. Right of Access Enforcement Initiative 
   4. Risk Analysis Enforcement Initiative 
3. Engaging with Health Care Industry on Cybersecurity 
   1. Increased presence regionally across the country 
   2. Videos/Guidance/Newsletters 
   3. Webinars/Technical Assistance 
4. Review HIPAA Security Rule 

Civil Rights Priorities: 

1. Finalizing Proposed Rules 
   1. Section 1557 of the Affordable Care Act, Nondiscrimination in Health Programs and Activities 
   2. Section 504 of the Rehabilitation Act of 1973, Discrimination on the Basis of Disability in Health and Human Service Programs or Activities 
2. Maternal Health Investigations and Guidance 
3. Environmental Justice Investigations and Guidance 
4. Increased Disability Compliance and Enforcement 
5. Increased Language Access Compliance and Enforcement 

HIPAA Enforcement Highlights: 

1. OCR received 31,731 HIPAA cases in 2023. 
2. In most cases, entities can demonstrate satisfactory compliance through voluntary cooperation and corrective action. 
3. In some cases, the nature or scope of indicated noncompliance warrants additional enforcement action. 
4. Resolution Agreements/Corrective Action Plans. 
   1. 138 settlement agreements that include detailed corrective action plans and monetary settlement amounts. 
   2. 9 civil money penalties 

Corrective Actions May Include: 

1. Updating risk analysis and risk management plans. 
2. Updating policies and procedures. 
3. Training of workforce. 
4. OCR’s Corrective Action Plans may include third party monitoring. 

Recent Enforcement Actions: 

1. Montefiore Health System $4.75M 
2. LA Care Health Plan $1.5M 
3. LaFourche Medical Group $480K 
4. MedEvolve $350K 
5. Yakima Memorial Valley Hospital - $240K 
6. Optum Medical Care $160K 
7. Essex Residential Care $100K 
8. Doctors' Management Services $100K 
9. St. Joseph's Medical Center $80K 
10. iHealth Solutions $75K 
11. Green Ridge Behavioral Health $40K 

OIG General Compliance Program Guidance (GCPG)

The talk of the industry is the OIG’s new GCPG! With so many updates and important details, it’s a critical roadmap for compliance professionals. 

The GCPG is a reference guide for compliance professionals and the healthcare community, with important insights into Federal laws, compliance program infrastructure, OIG resources, and more details that are essential for healthcare compliance.  

GCPG link here. 

GCPG User’s Guide 

1. Reference guide 
2. Table of contents – links to sections 
3. Accessible on the Internet and downloadable (printer format) 
4. Defined Terms 
   1. “Should” is used to present voluntary, nonbinding guidance 
5. Footnotes 

The new PDF version is intended to be used as an electronic and searchable document, enabling compliance professionals to easily navigate the guidance.  

HHS OIG is soliciting feedback via email; Compliance@oig.hhs.gov 

Healthicity has provided several webinars on the subject of the new GCPG and we would encourage all compliance professionals to read, study, and be familiar with the November 2023 GCPGs.  

https://www.healthicity.com/resources/topic/oig-gcpg 

Conclusion 

The 2024 HCCA Compliance Institute provided valuable insights and resources. The conference offered a wealth of knowledge, and the post-conference recordings are a terrific way to delve deeper into specific topics.  

Whether you able to attend or not, consider exploring the resources available through HCCA to stay current on compliance best practices. For me, it is always a blast when HCCA comes to Nashville!  

To download this blog post as a pdf, click the button below.