All eyes are on the Centers for Medicare & Medicaid Services (CMS) while the Skilled Nursing Facility (SNF) industry awaits word as to whether the agency will grant a partial delay to Phase III Requirements of Participation (RoP) implementation, currently slated for November 28, 2019. Specifically, the industry is waiting to see if comments submitted in mid-September—when CMS’ Proposed Rule opened the floor for feedback on a proposed one-year delay of this requirement—are strong enough to convince CMS that SNFs need more time to create and implement a compliance and ethics program. Because that date is fast approaching, PYA expects CMS to quickly evaluate comments and respond with a final rule. If there is no change, then SNFs must have a compliance and ethics program in place by the end of November. If there is change, we believe reprieve is in sight due to CMS’ initiative to eliminate and/or reform burdensome regulations for healthcare providers. Regardless of CMS’ final stance on this requirement, SNFs should immediately plan for Phase III RoP implementation if they have not already done so.
OIG Guidance on Effective Compliance Programs
Effective compliance programs go beyond quality reporting, resident safety, and survey readiness; they function to reduce an organization’s financial and legal risk. Previously, the Office of Inspector General (OIG) issued Compliance Program Guidance for Nursing Facilities to assist providers in the development of effective programs in which the structure, policies and procedures (P&P), controls, resources, and tools correctly identify, deter, and remediate the substantial legal and financial risk that can occur because of misconduct.
According to the OIG, a comprehensive program should be based on the following “Seven Elements”: (1) high level oversight; (2) integration of compliance into P&P; (3) open lines of communication; (4) training and education; (5) monitoring and auditing; (6) response to detected errors; and (7) consistent enforcement of standards.
The OIG’s Seven Elements are intended to serve as an industry standard, offering a framework and foundation in the development of well-defined plans and strategies to build successful, effective compliance programs. While robust programs mitigate risk, the establishment of a compliance culture can also improve operational efficiencies, reduce costs associated with regulatory non-compliance, and provide a unified framework for ethical operations for an entire organization.
CMS’ Requirements for Compliance and Ethics Programs
Through Regulation § 483.85, CMS closely mirrors the OIG’s framework in its compliance and ethics program requirements. Specifically, in the Proposed Rule, CMS identifies eight requirements it deems necessary for a SNF to satisfy the RoP Phase III mandate. In fact, surveyors will use this regulation once the rule is finalized to determine if an organization’s compliance and ethics program is robust enough to meet the requirements.
Phase III Compliance and Ethics Program Requirements (Proposed Rule)
Organizations should focus on the following eight requirements of CMS’ Proposed Rule and employ OIG’s guidance noted earlier.
Requirement 1: Establish written program standards and P&P to reduce the prospect of criminal, civil, and administrative violations. The program must be reviewed biennially and revised as necessary.
PYA Insight: Develop a solid foundation. Start with the Seven Elements to shape comprehensive written standards. If not already present, prioritize development of written standards and P&P to prepare for this upcoming mandate. If already present, review P&P in detail to ensure all upcoming components are included and effectively demonstrate organization-wide commitment.
Requirement 2: Designate appropriate individuals to: (1) provide overall responsibility and program oversight—this can be the Chief Executive Officer, general counsel, members of the board, or executive management; and (2) oversee an alternate method of anonymously reporting suspected violations without fear of retribution.
PYA Insight: Organizational values start with the critical component of “tone at the top.” It is vital for executive management and the board to establish a culture of compliance. Educate these designated individuals to ensure they are aware of their future program responsibilities. If necessary, revise job description details to include a compliance component. Furthermore, provide staff, vendors, and volunteers an anonymous outlet—such as a compliance hotline—for reporting suspected violations.
Requirement 3: Provide sufficient resources and authority to the aforementioned specific individuals.
PYA Insight: Establishing a culture of compliance requires support from organizational leadership and adequate resources that include an operational budget and allocated staff support, as well as sufficient time to influence widespread change. This may include the creation or expansion of a compliance committee that meets regularly to develop and enforce P&P and promote ongoing training.
Requirement 4: Take steps to effectively communicate the program standards and P&P to the entire organization including staff, vendors, and volunteers. Requirements should include, but are not limited to, mandatory participation in training or orientation programs.
PYA Insight: Compliance training and communication is not a “once and done” topic during employee orientation. A culture of compliance is supported through multiple, ongoing training mechanisms and is enhanced through compliance-related events. Develop an ongoing training program that includes attendance and competency requirements, as well as compliance-focused events, to reinforce the role every individual plays in compliance.
Requirement 5: Take reasonable steps to achieve compliance with program standards and P&P. Such steps can include: staff, vendor, or volunteer use of monitoring and auditing systems; publicity of a reporting system that allows these individuals to anonymously report violations without fear of retribution; and a process for ensuring the integrity of any reported data.
PYA Insight: Perform an annual risk assessment that places great emphasis on compliance matters. From key areas identified during the assessment, develop ongoing auditing and monitoring activities to prevent and/or detect any aberrant behavior. Employing an effective monitoring and auditing program that focuses on frequent high-risk areas–billing for items or services not rendered or those not provided as claimed, upcoding the level of services provided, and providing quality of care that is inconsistent with federal and state regulation—will advance your organization’s goal of risk mitigation. The results of the risk assessment, as well as any findings from the monitoring and auditing activities, should be reported to executive leadership to determine corrective action.
Requirement 6: Consistently enforce the organization’s standards and P&P through appropriate disciplinary mechanisms, including taking action when individuals responsible for detecting or reporting a violation to the program contact fail to do so. If a violation is detected, the organization must ensure that all reasonable steps—including any necessary modification of the organization’s program—are taken to respond appropriately to the violation and prevent further similar violations.
PYA Insight: When drafting or reviewing the program, ensure your organization’s P&P define enforcement and discipline for violating the organization’s program. These defined P&P should be applied consistently throughout the organization, from senior leadership to front-line staff.
Requirements 7 & 8 apply specifically to organizations with five or more facilities. While CMS’ Proposed Rule actually delays or omits many of the burdensome provisions initially included in Phase III for entities of this size, CMS has proposed to instead include the following in RoP Phase III:
Requirement 7: Complete a “periodic assessment” of the organization’s compliance and ethics program in order to detect any deficiencies.
CMS Rationale: After reviewing feedback from industry and major healthcare stakeholders, CMS determined that the annual training requirement was too burdensome for organizations from a time and budgetary perspective. It therefore proposed removing the original requirement that an organization with five or more facilities conduct mandatory annual compliance program training, and instead conduct a periodic assessment.
PYA Insight: Mimic the recommendations found in Requirement 1 when developing your criteria of periodic assessments. A periodic assessment should be enhanced with a solid and practical compliance training program.
Requirement 8: Develop a program appropriate for the organization’s complexity, with each facility assigned a specific individual—likely high-level personnel within the operating organization—the overall responsibility to oversee compliance.
CMS Rationale: Phase III originally required organizations with five or more facilities to designate a compliance officer and identify a compliance liaison for each facility. CMS has proposed eliminating these dedicated positions due to the associated cost for facilities.
PYA Insight: While the compliance officer and compliance liaison positions are no longer required in the Proposed Rule, PYA suggests considering whether it is in the organization’s best interest to designate individual(s) solely dedicated to compliance. It is important to consider the organization’s size, geographic location, and proximity to home office compliance resources, as well as current compliance culture to reduce exposure to risk. While this proposal modifies requirements as to how the program is executed, CMS still requires that the program be appropriately developed, implemented, and maintained.
HOW PYA CAN HELP
PYA’s industry leaders have extensive knowledge in regulatory compliance matters and can facilitate understanding of this Proposed Rule and key program areas. Our compliance subject matter experts will provide a customized approach to assist you and your organization with today’s ever-changing compliance landscape.
If your organization would like more information for best preparedness for the sweeping changes in Phase III, or about any matter involving compliance, valuation, or strategy and integration, contact one of our PYA executives below at (800) 270-9629.
© 2019 PYA, P.C.
No portion of this article may be used or duplicated by any person or entity for any purpose without the express written permission of PYA.