In recent years, skilled nursing facilities (SNFs) have increasingly become a target for government enforcement—particularly since the onset of the COVID-19 pandemic. Traditionally, SNFs have faced scrutiny through annual and compliant surveys, as well as round billing for therapy; however, this is changing, and SNFs are being targeted by surveyors more frequently and for an ever-widening range of issues.
Where are we going?
The purpose of this article is to provide a format a SNF may use to evaluate the effectiveness of its compliance and ethics program. The technique discussed in this article will not only provide a way to evaluate the effectiveness of a SNF’s compliance and ethics program but also offer a way to create efficiencies—while performing one task, you will simultaneously touch multiple areas. This article can be of immense help beyond learning something new; you will also walk away with an outline to help you combine resources and efforts to achieve multiple goals simultaneously.
We begin by discussing how to analyze the Centers for Medicare & Medicaid Services (CMS) requirements of participation in a SNF’s compliance and ethics program (42 C.F.R. § 483.85). Next, we unpack how to assess the effectiveness of a SNF’s compliance and ethics program utilizing CMS’s requirements of participation and explain why effectiveness is so crucial. Finally, we will review a tool that will assist a SNF’s evaluation and provide a way to display the results of a SNF’s review to internal stakeholders and outside regulators.
Why is this important
SNFs face more scrutiny than ever, and enforcement priorities often change along with administrations. For example, in 2020, the Trump administration announced enhanced enforcement for violations of infection control practices.[1] The Biden administration then rolled back a previous limit on nursing home fines.[2] , [3] , [4] Specifically, “CMS has determined that the agency should retain the discretion at this time to impose a per-day penalty where appropriate to address specific circumstances of prior noncompliance.”[5] The allowance or disallowance of arbitration in SNFs has also changed with each administration. Understanding the how and why of enforcement is imperative because you will use this information in your risk assessment.
It is essential for a SNF to know where the government is active with its enforcement actions to have an effective compliance and ethics program. For example, in 2021, the U.S. Department of Health & Human Services Office of Inspector General (OIG), through its Office of Audit Services, conducted five audits involving SNFs under OIG’s Work Plan.[6] , [7] Additionally, there are 29 active items related to SNFs on OIG’s Work Plan.[8]Finally, OIG has launched “Operation Care”—an initiative around seniors—due to a rise in concerns related to “a spike in the number of reports of elder harm and neglect.”[9]
To appreciate why it is important to understand government enforcement and how to utilize it as part of a SNF’s compliance and ethics program, consider antipsychotics. The usage of antipsychotics is a quality measure under a SNF’s five-star rating. [10]Additionally, in 2021, OIG also performed an evaluation titled CMS Could Improve the Data it Uses to Monitor Antipsychotic Drugs in Nursing Homes.[11]As such, if a SNF has overutilization of antipsychotics for its residents, this is something a compliance and ethics program should include in its work plan and consider auditing.
Finally, on April 24, 2023, Inspector General Christi A. Grimm announced that her office would be releasing new Compliance Program Guidances (CPGs) in 2024.[12] Of the first two guidances to be published, one will be on nursing homes.[13]The fact that nursing homes will be one of the first two areas updated for the first time in over 10 years shows you that skilled nursing is clearly on the minds of regulators and subject to close scrutiny.
How to utilize CMS’s requirements of participation to measure the effectiveness of a SNF’s compliance and ethics program
To effectively utilize CMS’s requirements of participation, we must first understand them. The requirements are set out at 42 C.F.R. § 483.85(1)–(8). For organizations with more than five communities, there are three additional requirements in 42 C.F.R. § 483.85(d)(1)–(d)(3).[14]
Element One: Written compliance and ethics standards, policies, and procedures
To start, we need to know what is expected as part of standards, policies, and procedures. Under the guidance, there are 11 components that must be satisfied to meet this requirement. The written compliance and ethics standards, policies, and procedures should:
-
Be reasonably capable of reducing the prospect of criminal, civil, and administrative violations.
-
Promote quality of care.
-
Designate an appropriate compliance and ethics program contact for individuals to report suspected violations.
-
Identify an alternate method to report suspected violation(s) anonymously without fear of retribution.
-
Include a nonretaliation/nonretribution policy.
-
Identify disciplinary standards that set out the consequences for committing violations for the operating organization’s entire staff.
-
Include applicable policies and procedures.
-
Understandable and accessible policies/procedures.
-
Include a compliance plan.
-
Identify volunteer expectations and roles.
-
Include attestation(s) to compliance.
Many of these elements should look familiar and overlap with processes you already have in place. What is unique here, however, is the reference to quality of care, which is often not included in compliance guidance. Finally, you need to remember that while policies and procedures are a start, they are not enough on their own to meet regulatory requirements.
Element Two: High-level personnel oversight
Under this element, there are five components that must be addressed:
-
Assignment of specific high-level personnel in the operating organization.
-
Incorporation of compliance into job descriptions.
-
Responsibility of identified high-level personnel to oversee compliance with the program’s standards, policies, and procedures.
-
Incorporation of compliance into performance evaluations.
-
Formation and maintenance of a compliance committee.
You need to pay attention here to what is required for a compliance and ethics program for an organization with less than five facilities versus what is required if an organization has five or more facilities. Additionally, you want to ensure your program focuses on being actively involved, structured, and engaged with appropriate leaders. Finally, it is vital that your organization has incorporated compliance into job descriptions and performance evaluations. If not, this should be completed as soon as possible.
Element Three: Sufficient resources and authority to individual(s) overseeing the program
Under this element, six areas must be addressed:
-
Reasonable assurance of compliance with such standards, policies, and procedures.
-
Establishment of a compliance budget.
-
Preparation and use of risk assessment(s).
-
Involvement of and access to the board of directors.
-
Procedures for the escalation of investigations.
-
The utilization of facility assessments as part of designing your program.
This element overlaps with the second question under the U.S. Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs[15] —Is the corporation’s compliance program adequately resourced and empowered to function effectively?—and, thus, is an area where you can cover multiple compliance program requirements while taking one action. Pay attention to your budget and look for ways to benchmark it. Next, risk assessments are essential to any compliance program. Additionally, companies are encouraged to utilize the facility assessment under this element. Finally, this is an area you may want to look at using benchmarking to other similarly situated entities.
Element Four: Delegation of substantial discretionary authority
Under this element, 10 areas must be addressed:
-
Due care not to delegate substantial discretionary authority to appropriate individual.
-
Accountability for screening of employees/contractors/volunteers.
-
Employee accountability.
-
Employee disclosure.
-
Employee/contractor/volunteer screening.
-
High-risk screening.
-
Ensuring employees and facilities have and maintain appropriate licensure.
-
Performance of legally required background checks.
-
Identify responses to screening.
-
Identify responses to exclusion from participation in federal programs.
This element really focuses on your program’s screening and checking of employees. It also looks to see how you utilize the information received and take appropriate actions based on the screening results. Given the requirements of this element, it is critical to work closely with your organization’s human resources (HR) department to ensure compliance with this requirement of participation.
Element Five: Effectively communicating program standards, policies, and procedures
Under this element, eight areas must be addressed:
-
Establishment of and education on the organization’s reporting system for compliance issues.
-
Communication with employees about the compliance program.
-
Assessment of the communication provided to employees.
-
Establishment of and education on the monitoring and auditing communication plan.
-
Establishment of and education on corrective action plans.
-
Education of employees on nonretaliation.
-
Appropriate oversight of organization vendors.
-
Appropriate oversight of organization volunteers.
This element looks at how your organization promotes and educates your employees about your program. Additionally, it touches on addressing problems and how to correct them. Finally, this section involves oversight of third parties in your facility.
Element Six: Reasonable steps to achieve compliance with program’s standards, policies, and procedures
Under this element, nine areas must be addressed:
-
Consistency with the organization’s compliance program standards, policies, and procedures.
-
Ensuring employee awareness of the compliance program standards, policies, and procedures.
-
Appropriate documentation.
-
Promotion criteria for the compliance program.
-
Performance of risk assessments.
-
Monitoring and auditing the work plan.
-
Utilizing an audit process to detect employee criminal, civil, and administrative violations.
-
Utilizing auditors to ensure compliance.
-
Utilization of corrective action plans.
This element confirms that your policies and procedures are working as intended. You need to monitor your systems appropriately and implement corrective actions as needed. Finally, you must perform risk assessments and generate appropriate work plans based on your findings.
Element Seven: Consistent enforcement through disciplinary mechanisms
Under this element, eight areas must be addressed:
-
Establishment and effective communication to employees of disciplinary action for failure to detect or report criminal, civil, or administrative violations.
-
Provide incentives to employees for compliance.
-
Consistency with disciplinary mechanisms.
-
Ensure employee awareness of disciplinary mechanisms.
-
Documentation of discipline.
-
Promotion criteria.
-
Identification and education of disciplinary standards for violations.
-
Collaboration with the organization’s HR department.
This element deals with how you handle individuals who do not follow program standards, policies, and procedures. Under this element, you want to ensure you have consistent application of discipline for violations. Additionally, the compliance department should collaborate with HR on this element to ensure consistency in application. Finally, consistent enforcement is also referenced in DOJ’s compliance guidance making this another element where you can address compliance with multiple guidances at one time.
Element Eight: Response to detected violations
Under this element, seven areas must be addressed:
-
Appropriate response to violation.
-
Consistency in responses.
-
Appropriate documentation responses.
-
Response to poor audit results.
-
Incorporation of root cause analysis.
-
Use of corrective action plans.
-
Annual review of, and if necessary, modification to the compliance plan
This element also deals with how you handle a violation. You want to ensure that you have proper documentation and utilize root cause analysis in identifying the underlying cause. Additionally, you should confirm that the response is proportionate to the incident and that you are documenting your response. Finally, ensure that you review your plan at least annually and make changes as necessary.
The following three elements only apply if an organization has five or more facilities.[16]
Element Nine: Mandatory annual training
Under this element, four areas must be addressed:
-
Provision of annual training.
-
Annual review of training materials.
-
Updating annual training materials as necessary.
-
Additional specialized training for high-risk positions.
This element deals with the training requirements for organizations with more than five facilities (exact requirements can be found at 42 C.F.R. § 483.95(f)). This element sets out the expectations around training and the timing of it. Finally, it is crucial that your organization is doing appropriate specialized training for those high-risk positions identified in your risk assessment.
Element 10: Designated compliance officer
Under this element, three areas must be addressed:
-
Designation of an appropriate compliance officer.
-
Reporting directly to the operating organization’s governing body by the compliance officer.
-
Such compliance officers should not be subordinate to the organization’s general counsel, CFO, or chief operating officer.
This element outlines the requirements for selecting a compliance officer and how the position should be structured. Areas two and three in this element should be familiar as these are OIG expectations for an effective compliance program.
Element 11: Designated compliance liaison
Under this element, four areas must be addressed:
-
Designate a compliance liaison at each facility.
-
Identify job expectations for the compliance liaisons.
-
Appropriate education from the compliance officer.
-
Ensure communication with the compliance officer.
This element requires a couple of different actions to be taken. First, you must determine who the compliance liaison will be at each facility. Then, you will need to train them and ensure an appropriate communication channel with the compliance officer.
Why effectiveness matters
An effective compliance program reduces your organization’s overall financial and legal risk. It is essential for the protection of residents, employees, and the maintenance of the SNF’s reputation.
An effective compliance program increases the probability that a SNF will identify, prevent, and correct unlawful or unethical behavior at an early stage, avoid costly mistakes, and regularly find areas for improvement. It helps reduce the risk of adverse events, medical errors, and other incidents that put residents at risk, thereby helping ensure that residents receive the best possible care in the safest manner. It also allows SNFs to better manage risks associated with regulatory noncompliance. It facilitates employee training that mitigates potential risks by making sure employees are continually educated on best practices. It creates a culture of accountability among employees, which makes it easier to address issues quickly and effectively and reduces overall costs. An effective compliance program also allows for the maintenance of high levels of quality assurance in SNFs. It demonstrates a SNF’s commitment to honest and responsible conduct.
An effective compliance program may save your company from adverse legal action. It may also mitigate damage. A SNF with a solid compliance program is looked upon more favorably by the government when it is imposing fines or other penalties. Demonstrating an effective compliance program may even reduce such fines or penalties by up to 90%.
Given Inspector General Grimm’s priorities, the importance of the establishment and maintenance of an effective compliance program cannot be overstated. Clear policies and procedures, improved risk management practices, enhanced quality assurance measures, and regular auditing processes as part of an effective compliance plan help ensure that SNF employees follow all applicable laws, rules, and regulations while providing first-rate care and services to SNF residents.
How to evaluate your program
Now that we have discussed the various elements, how they work together, and why effectiveness is critical, we can talk about a tool that ties them all together for a simplified assessment. As a resource for those who read this article, you can email me (jzielinski@cardon.us) to receive this free tool. This tool lists the requirements of DOJ’s guidance and CMS’s requirements of participation for a SNF’s compliance and ethics program under 42 C.F.R. § 483.85. It also has references to how those guidances overlap. In addition to allowing you to evaluate and measure your program, it also provides a way to display the results of your review. The tool begins with an overview and a summary of all the collected data points. The data points are based on responses to questions that allow you to evaluate whether your program is meeting a given requirement. Table 1 is a snapshot of a summary tab.
In addition to this high-level overview, further dashboards are tied to each element of 42 C.F.R. § 483.85. These individual tabs detail each element of 42 C.F.R. § 483.85. Within the options for each of these tabs are the detailed actions needed for each area and a way to mark where your program is in regard to the individual questions under that particular part (see Table 2).
Finally, at the end of each area is a column for cross-references where there is a match between guidance resources that allow you to explore additional detail to confirm whether an item has been satisfied or not.
What’s next?
Data and metrics are the next frontiers and something a SNF’s compliance and ethics program must understand how to utilize. A SNF needs to show how data and metrics have informed the compliance and ethics program’s priorities and work plan. The tool previously discussed provides a way to gather data and create metrics to demonstrate a SNF’s compliance and ethics program’s effectiveness utilizing CMS’s requirements of participation for a compliance and ethics program for a SNF.
SNFs must design their compliance and ethics programs with the government’s focus on measuring and testing in mind. Next, if there is a violation, your company’s compliance program will need to be able to provide months, if not more, of data to demonstrate the effectiveness of the program. This tool can assist with this process and provide a way to demonstrate a compliance and ethics program’s evaluation and growth over time.
A summary of important concepts
This article has covered a lot of ground, and we want to point out a couple of highlights:
-
A survey tag is possible if you lack a program meeting CMS’s requirements.
-
Risk assessments are essential to a well-designed and functioning program.
-
There is a focus by CMS on utilizing root cause analysis to understand what failed in a compliance program.
-
The significance of a compliance program’s capacity to improve and evolve over time in line with changes in regulations and laws.
-
The need to gather data and metrics and demonstrate how the information and/or metrics informed the company’s compliance program.
In the end, you must remember that paper alone is no longer enough to demonstrate an effective compliance program. Instead, your compliance program must have verifiable data and metrics that show how your program is satisfying applicable requirement(s).
We hope this information has been helpful in your journey to measure the effectiveness of your compliance program. If you have any further questions, please don’t hesitate to contact us.
Takeaways
-
Having an effective compliance and ethics program is important.
-
Utilize the Centers for Medicare & Medicaid Service’s (CMS) requirements of participation in a compliance and ethics program to measure the effectiveness of your program.
-
There is overlap between CMS’s requirements of participation and other compliance guidance for skilled nursing facilities.
-
Paper compliance is no longer enough, and your program must have and utilize data.
-
Review the key elements of CMS’s requirements of participation in a compliance and ethics program.