Data Compliance: 3 Focus Areas for Mitigating Organizational Risk

There is no question that healthcare organizations should have an effective healthcare compliance program. Despite differences in compliance requirements across healthcare sectors, there is a common denominator— the actions taken to reduce risk are often the same actions that protect patients. But how do you achieve compliance goals when the healthcare industry and its regulations are ever-changing? 

This three-part compliance series aims to show how technology can help you achieve your compliance goals. To do so, we will explore areas in which organizations need to focus their attention and identify the common data gaps that typically go unnoticed until a problem arises. In addition, we will discuss how closing these gaps mitigates regulatory, legal, and financial risk while improving performance and efficiency to support the audit process.

Three Areas of Focus

When considering the complexity of an effective healthcare compliance plan, a good rule of thumb is, to begin with the end in mind.  

A good first step is aligning your compliance program with the internal audit framework to introduce a systematic, disciplined approach to reinforce internal controls. This process supports applicable regulatory demands and standards while simultaneously promoting customized best-practice policies and procedures.

Let’s take a closer look at three common focus areas.

Regulatory Demands 

The first area requiring healthcare organization alignment that most are familiar with is state and federal regulations. These regulatory programs ensure that reimbursement happens only for licensed practitioners and healthcare entities in good standing with the Office of Inspector General (OIG). 

Healthcare organizations must align their practices to comply with OIG regulations. Not only does this ensure payment for services provided, but it also helps avoid steep fines and penalties. A provider or entity faces mandatory exclusion from all federal healthcare programs and, therefore, can’t participate in government-funded programs if they have engaged in any of the following: 

• Fraud or other offenses related to services delivered under any government program, either federal or state, including Medicare, Medicaid, or state healthcare programs
• Abuse or neglect of patient(s)
• Felony convictions related to healthcare fraud, theft, or financial misconduct
• Felony convictions related to unlawful practices associated with a controlled substance 

In addition to offenses that result in mandatory exclusion from government programs, there are permissive exclusions. These actions don’t necessarily result in automatic exclusion, but the OIG can choose to exclude for several reasons. These reasons can include:

• Misdemeanor convictions related to healthcare fraud or unlawful practices associated with controlled substances
• Changes in license status due to professional competence or performance 
• Submitting false claims for payment to federal healthcare programs
• Managing or ownership of a sanctioned entity

Unfortunately, exclusion actions can take years to conclude and be published on the OIG’s List of Excluded Individuals and Entities (LEIE). The burden is on healthcare organizations to ensure they don’t employ an excluded individual or entity. Looking for red flags during screening and continued monitoring after hiring can prevent ongoing association with a high-risk provider.

Standards Boards 

The second area healthcare organizations must be mindful of is the standards set by accrediting organizations. Accreditation or certifications are typically based on quality and processes. Organizations must meet specific criteria to meet or maintain their certification or accreditation. 

Many of these standard setting organizations are activity specific, catering to hospitals, practice groups, research, pharmaceutical marketing, or other specialized programs. These standards boards address the unique challenges and risks of different aspects of health care based on the inherent exposure of each type of organization. Examples of these standard setting bodies include the following: 

• Centers for Medicare and Medicaid (CMS)
• Healthcare Effectiveness Data and Information Set (HEDIS)
• Sustainability Tracking Assessment & Rating System (STARS)
• Consumer Assessment of Healthcare Providers and Systems (CAHPS)
• The Joint Commission (TJC)
• The National Committee for Quality Assurance (NCQA)
• Det Norske Veritas (DNV GL)
• Utilization Review Accreditation Commission (URAC)

Best Practices 

On top of regulatory and standards based compliance, healthcare organizations must also ensure patient safety and quality care. Reducing your organization’s fraud risk through internal policies and procedures that satisfy laws, regulations, and standards can help ensure quality of care and patient safety. In addition, it adds transparency to your organization, allowing you to address specific areas of vulnerability.

Sometimes, best practices may mean more frequent drug testing, checking healthcare providers against the preclusion list, or additional screening against other primary sources. Ultimately, organizations have a responsibility to do whatever it takes to protect patients and institutions against exposure to risk.

Technology helps you achieve results in these areas

To remain compliant and achieve your goals in these three focus areas, organizations must be diligent in creating and sustaining transparency through screening, verification, and continuous monitoring. Every member of the organization, including those on the Board or in the C-suite, require screening. As you probably are aware, screening and continuous monitoring are time and labor-intensive processes. 

Verysis’ advanced technology uses automation and aggregated platforms to deliver an accurate, real-time view of every individual and entity associated with an enterprise or organization. Our dataset, Fraud Abuse Control Information System (FACIS), cuts back on administration time dedicated to screening individuals and helps you meet and stay compliant with all government and regulatory standards.  

FACIS helps you with the following:

• Pre-screening potential employees, contractors, or vendors
• Continuous monitoring
• Credentialing

A single inquiry in our FACIS database scans current and historical records in over 5,500 primary sources, thus effectively reducing your risk of hiring a sanctioned employee. In addition, our advanced algorithms utilize proprietary matching, giving you the most accurate results.

Verisys’ advanced technology solutions help mitigate your organizational risk. Set up an appointment today to learn how we can assist your organization.