Risk Assessment

Printer Friendly, PDF & Email

Resource: Compliance Program Structural Risk Assessment

Compliance Program Structural Risk Assessment

CREATED FOR ILLUSTRATION ONLY

A Compliance Program "best practice" is to conduct periodic Risk Assessments. Both a 1) Structural and 2) Substantive. The Structural component includes the framework necessary to build and operate an effective compliance program including the OIG necessary elements of a compliance program and the U.S. Sentencing Guidelines. The Substantive component relates to the specific body of substantive law (Medicare, Medicaid, Anti-kickback, Stark, Privacy, etc.) and will be presented for discussion separately. Please maintain documentation of this completed assessment in your files.

Effective Date:

Description

Current Strength Rating

Yes

No

N/A

Explanation of "Yes" including documentation references

Note/Action:

Element 1: Written Policies and Procedures

1

An assessment of key risks that could impact the organization has been conducted.

1.01

Policies address issues identified in guidance documents (e.g., OIG, fraud alerts, CIA’s) or enforcement actions by the OIG and other government agencies with applicable legal requirements.

1.02

Policies address previously identified serious weaknesses in its practices (audits, investigations, Exit Interviews, etc.)

1.03

Policies describe how the organization's compliance program operates and the consequences of noncompliance.

1.04

A Code of Conduct has been distributed to all employees and a signed acknowledgement is tracked and maintained.

1.05

Policies include the Duty to Report and reporting outlets

1.06

A process is in place to promptly address and rectify employee noncompliance.

1.07

Policies and Procedures are periodically reviewed and are updated to reflect changes in laws, regulations, or processes.

1.08

Policies and Procedures are reviewed at regular intervals.

1.09

Does a written policy provide guidance to employees on how potential compliance problems are investigated and resolved?

1.1

Compliance Policies and Procedures are distributed to employees upon hire.

Element 2: Education and Training

2

Is training and education provided to all employees, contractors, temps, etc. on expectations of the compliance program and potential compliance issues?

2.01

Is training and education provided to all Governing Directors about the expectations of the compliance program and potential compliance issues?

2.02

Does training include the compliance program overview including reporting mechanisms and the commitment to non-retaliation.

2.03

Does education include a description of key substantive laws and regulations that affect the employee's job

2.04

Does the training include consequences of violations of the various laws that may be imposed on individuals and the company?

2.05

Is the timeliness of employee training for new hires tracked and measured?

2.06

Are new employees/contractors required to take compliance training as part of orientation?

2.07

Is new compliance training provided to all employees annually?

2.08

Have high risk groups been identified and receive 3 hours of compliance training throughout the year?

2.09

The Compliance Officer can retrieve documentation that proves policies, procedures, and the Code of Conduct were distributed and received. (As in an acknowledgement).

2.1

Training records are maintained for 10 years. (Employee files are audited by Compliance)

Element 3: Open Lines of Communication

3

Does the culture encourage open communication without fear of retaliation?

3.01

Do employees know the kind of things that should be reported as a potential compliance concern? Are they reinforced in formal compliance training and locally?

3.02

Is an anonymous hotline or similar mechanism in place so that staff, patients, visitors, contractors, clinical staff can report potential compliance concerns?

3.03

Is the hotline publicized well? Are the type of calls tracked and logged (to establish patterns); and is the caller informed of the company's actions?

3.04

Is the compliance committee actively engaged in pursuing appropriate remedies to institutional or recurring problems?

3.05

Is there an alternative communication methods such as periodic newsletter or compliance web site for the compliance department to update employees on regulatory updates and/or changes in the program ?

Element 4: Internal Monitoring and Auditing

4

Is the audit plan re-evaluated annually, and does it address proper areas of concern, such as previous years' audits, risk areas identified as part of the risk assessment, high volume services, comparable external investigations, etc.

4.01

Does the audit plan include an assessment of billing systems in addition to claims accuracy in an effort to identify the root cause of billing errors?

4.02

Have the error rates been identified and tracked in the audits and patterns detected/mitigated?

4.03

Does the audit include a review of all billing documentation, including clinical documentation in support of the claim?

4.04

Are Quality complaints from patients, payers, employees, etc. centralized and investigated to detect patterns of concern?

Element 5: Response to Detected Deficiencies

5.01

Are disciplinary standards enforced consistently across the organization?

5.02

Is each instance involving the enforcement of disciplinary standards thoroughly documented?

5.03

Are all matters thoroughly and promptly investigated?

5.05

When a detected deficiency results in an identified overpayment, is it disclosed to the proper law enforcement agency?

5.06

Are periodic reviews of problem areas conducted to verify that the corrective action that was implemented successfully eliminated existing deficiencies?

Element 6: Designation of a Compliance Officer and Compliance Committee:

6

Does the Compliance Officer report directly to the CEO and/or Board of Directors?

6.01

Does the compliance department have a clear, well-crafted mission?

6.02

Does the Compliance Officer have sufficient authority to implement the compliance program? Does he/she have sufficient resources necessary to perform assessments and respond appropriately to misconduct?

6.03

Have compliance-related responsibilities been assigned across the organization and are employees held accountable for meeting them in performance reviews?

6.04

Is there an active compliance committee comprised of trained representatives of each of the relevant functional departments as senior management?

6.05

Does the Compliance Officer have direct access to the governing body, the president or CEO, all senior

6.06

Does the compliance officer have independent authority to retain outside legal counsel?

6.07

Does the compliance officer make regular reports to the board of directors and other managers concerning the compliance program effectiveness?

6.08

The Board of Directors is knowledgeable about the content and operation of the Compliance Program.

6.09

The Compliance Officer is independent from other duties that could constitute a conflict of interest (CFO, CEO, Billing, General Counsel)

6.1

The Compliance Officer cannot be terminated without Board of Directors approval as stated in the Charter.

Element 7: Enforcement of Disciplinary Standards

7

Are disciplinary standards well publicized and readily available to all employees?

7.1

Are disciplinary standards enforced consistently across the company?

7.2

Is each instance involving the enforcement of disciplinary standards thoroughly documented?

7.3

Are employees, contractors, clinical staff checked routinely against government sanctions lists, including the OIG's List of Excluded Individuals/Entities and the GSA excluded Parties listing system?

This document is only available to subscribers. Please log in or purchase access.