Compliance Program- Final
Compliance Program- Final
(Compliance Program- Final)
Question description
Introduction
For this project, you are to apply the foundation knowledge you have acquired throughout this course and evaluate the model medical practice described here for you. You are the incoming Compliance Officer at Grace University Hospital. You have a staff of five coder/auditors, one systems analyst, and an office manager. All are full-time employees and have been part of the medical practice team for 15+ years.
There is a significant bias against the Compliance Program. You have been hired to evaluate, develop a mitigation strategy and put the program back on track with the guidelines as expected by the Federal and State governments. You also need to build credibility back into the program. The focus for this Compliance program project is on the Billing Compliance Program as it is responsible for the integrity of the medical record, privacy and security of health information (HI), accuracy of the assignment of billing codes and complete, and accurate documentation that reflects the services reported for reimbursement. There is a separate Compliance Program for Research and HR/Legal; however, your program collaborates extensively with Research and Legal. You also sit at the laboratory Compliance Committee and provide guidance as appropriate.
Existing Compliance Program
The corporate compliance program has essentially been inactive for three years and no audits have been completed during this time. There is pervasive mistrust of the compliance program. The compliance committee meets occasionally and not at all in the last year. There is no hotline or any publicized avenue of reporting for the general staff or patient population. The previous compliance officer was not in good standing with the medical staff because of enforced paybacks to the Medicare program. The existing policy and procedure manuals are outdated. There is no method in place for disseminating updated regulations or changes in policy. No one is able to provide you with any baseline information regarding billing or documentation compliance. There is no regular communication between the billing staff and the practice regarding denial, report requests or suspend trends.
You have received complaints for the following:
a) EMTALA violations
b) Fraudulent billing practices
c) Stark violations involving referrals to provider-owned laboratories
d) Medical identity theft
e) Security breaches
Staffing
The skillset of the staff is the following:
Three coder/auditors – CPC, CHC certified with a minimum of a bachelor’s degree in healthcare management or a related field.
Two coder/auditors – CCS, CHC certified with a minimum of a bachelor’s degree ibn healthcare management or a related field.
Systems Analyst – BS in computer engineering and 5+ years’ experience in Epic, MediTech, HPF and Cerner. The analyst is also facile in database design and management.
Office Manager – BA in English with a minor in Drama and skilled in all Microsoft Office applications. She has special skills in project management, SharePoint and Access.
Practice Profile
Specialty Areas
The medical practice is a multispecialty group practice that provides services in a teaching (PATH) institution. Both inpatient and ambulatory services are provided on the campus as well as in three satellite clinics. Radiology, pathology and laboratory services are provided under the umbrella of the institution. Residents rotate through all specialty areas and provide services both under the direction of the faculty attendings as well as directly in pediatrics and Internal Medicine under the Primary Care Exception.
Specialty
Physicians
Physician Assistant
Nurse Practitioner
Comment
Internal Medicine
15
5
8
Basic preventative and minor care; imaging is sent out, minor lab such as cell smears, fungal scrapings and UA are completed in the practice offices
Pediatrics
12
1
6
Basic preventative and minor care; imaging is sent out, minor lab such as cell smears, fungal scrapings and UA are completed in the practice offices. CHDP – type examinations are done to report need for public health nurse intervention.
Cardiology(Compliance Program- Final)
5
0
2
Consultative service primarily. Some cath lab procedures also performed.
General Surgery
22
8
2
Both ambulatory and inpatient services provided.
Dermatology
8
0
2
Outpatient procedures only; self-referrals; independent lab for special derm services
Endocrinology
5
0
0
Consultative services
Oncology
6
0
4
Large infusion center managed by RNs
Orthopedics(Compliance Program- Final)
7
1
1
Several Divisions including Joint Prosthetics, Sports Medicine and Foot & Ankle
Payer Mix
Contracts – 35%
Medicare – 20%
Medicaid – 15%
Capitated – 5%
Medicare Part C – 5%
Workers’ Comp/Industrial – 5%
Full Indemnity/PPO – 10%
Self-Pay – 5%
Trends:
Revenue Cycle:(Compliance Program- Final)
1. Trend in denials for consultations provided by Cardiology and Endocrinology after documentation provided
2. Incorrect billing noted for Infusion Center with multiple denials for antineoplastic and administration
3. Problems getting payment for services provided by nonMD Practitioners
4. Services by Orthopedics and provided in the ED are undocumented
5. General complaints from patients alleging rude and abusive behavior referred to Compliance
Compliance:
1. Multiple calls from staff reporting fraudulent billing practices
2. Attendings billing for services provided only by house staff
3. Providers referring to their own laboratory
4. Reports of non-existent documentation
5. Reports of billing staff changing codes
6. Report from ED of EMTALA violations
7. Report of any Fraud and Abuse Activity
Privacy:(Compliance Program- Final)
1. Medical record breach of celebrity seen at hospital
2. Report of patient attempting to use another’s insurance card
3. Multiple accesses, some unauthorized, on a high-profile chart
4. Poor recording-keeping for Privacy Office
5. Process for maintaining behavioral client records in the field
Research:
1. Stark violations involving referrals to provider-owned laboratories
2. Failure to separate routine charges from those billed to the grant
3. Irregular management of consents
4. Allegations of misconduct (principal moving ahead with publications after receiving a letter to cease)
External Audits:
1. Complaint-based investigation regarding a FEMLA denial
2. FMR for surgical practice regarding package unbundling
3. OIG Investigation for violation of P.A.T.H. regulations
Fraud Article: http://bok.ahima.org/doc?oid=103625#.WVKHQhMrI3g
Final Project Deliverables
You will be creating and submitting a Corporate Compliance Plan for Grace University Hospital. You will be submitting ONE (1) plan, but your plan will include several attachments. These attachments include the assignments that you have completed within this course. Make sure you review and update your assignments with any feedback I have provided. Together, they will form a complete compliance plan for this Use Case. 20 Points
As a component of the overall Corporate Compliance Plan, you will be required to provide:
1. Roles and structure of the Department: Organization Chart and Sample Position Descriptions for Corporate Compliance, HIPAA Privacy Officer and Risk Manager. Additionally, assess whether the Department meets the criteria for the seven sentencing guidelines and explain how it will satisfy these suggestions for mitigating exposure. Include your assessment in the Corporate Compliance Plan in addition to your presentation as a teaching tool of the Seven Sentencing Guidelines. 20 Points
Documents:(Compliance Program- Final)
a) Sample Position Descriptions (Corporate Compliance, HIPAA Privacy Officer, and Risk Manager) – Completed in Unit 1, Week 1
b) Stark & Whistleblower Presentation – Completed in Unit 1, Week 2
2. Training Plan: Based on industry information, CMS guidance, past audits and OIG targets, develop an Annual Plan of what you believe is addressable in your practice. This will include an education schedule within the Corporate Compliance Plan, your plan for tracking and monitoring the training and your plan for changes in the plan due to the identified risks identified in the Use Case. Additionally include the following Training Plans as attachments that were completed earlier in the course. Make sure you make any necessary updates based on my feedback. 20 Points
Training Plan Documents – All Completed in Unit 3, Week 7:
a) Corporate Compliance
b) Risk Management
c) HIPAA
d) Identity – Medical Theft
3. Provide a description of the Audit Program within the Corporate Compliance Plan. This should include a department policy to include types of audits that will be conducted, schedule of routine audits, what the sampling methodology will be, identification of who will pull the cases and how the field work is to be completed, and follow-up and refunding procedures. This will be supported by attaching your Audit Program Assignment documents. Make sure to make any necessary updates to the documents as part of the Audit Program Assignment. 20 Points
Audit Program Assignment Documents:
a) A brief policy & procedure for the assignment, initiation & close of the Audit – Completed in Unit 1, Week 4
b) Outline of the resulting report (you do not need to write a report – an outline of the sections is required) – Completed in Unit 1, Week 4
c) Sample entrance and follow up letters – Completed in Unit 1, Week 4
d) Include a section into the Audit Policy and Procedure that will create surveillance model to detect fraud and abuse within the healthcare organization (just a statement or two – nothing too big) – New
e) Include a forensic model for fraud and abuse surveillance (find on the Internet – you don’t have to create) – New
(Compliance Program- Final)
- Example (review the computer forensic model)
- http://resources.infosecinstitute.com/digital-fore…
- http://resources.infosecinstitute.com/mobile-foren…
4. Privacy and Security: Your department is not responsible for Privacy and Security but you receive a number of reports concerning privacy and security issues. The responsible department expects your cooperation and collaboration. Identify a system for filing documents used for state and federally mandated reporting and strict fieldwork. Additionally, identify Investigation Process, Policy & Procedures within the Corporate Compliance Plan. You have been asked to assist with developing a tracking system, for privacy and security concerns. 20 Points
HIPAA & Security Contingency Plan Documents:
a) Security Contingency Plan – Completed in Unit 3, Week 6
b) Example Policy for Breach Investigations (find one – don’t create) – New
a. You don’t have to create this but rather find an example of a policy online to include
c) Creation of an Electronic Breach Tracking Process – New
a. You should create an electronic tool that will let you track breach investigations and outcomes.
b. This tool should be able to be used to determine trends or issues in the organization. Recommendation is to complete using Microsoft Excel.
Please see attached supporting documents below for this assignment;