Keeping an Eye on Organizational Risks

Compliance – that’s a word that causes many people in all types of industry to flinch. But in today’s heavily regulated healthcare world, it is a word that we need to be using more often. Hospice, in particular, is receiving a great deal of scrutiny with the recent release of two Office of Inspector General (OIG) reports:
(Click on the following to review reports) Hospice Deficiencies and OIG Safeguards.

Federal audit contractors are conducting an increasing number of audits of medical records across all settings of care to ensure documentation supports claims filed with Medicare and Medicaid. Hospices are subject to the mandated triennial Medicare certification surveys that look at the full scope of services and compliance with federal regulations. Faxes, emails, postal mail, or even “visitors” arriving at the front door bring notification of varied types of scrutiny.

While we focus a lot on compliance in clinical areas, we have to remember there are many other regulatory and compliance bodies that dictate how we conduct business across the organization – OSHA, Department of Labor, Equal Employment Opportunity Commission, HHS Office for Civil Rights (HIPAA and Nondiscrimination Rules), state regulatory agencies, and so on. Audits can impact all facets of day-to-day operations – administrative, human resources, finance, billing, safety, and more.

We need to begin to view compliance and risk mitigation as positive words. To ensure a compliant organization – doing the right thing all the time – organizations must have buy-in and involvement from leaders at all levels and across all service lines. The CEO must lead the staff to embrace a culture of compliance and ensure adequate resources are available to maintain a focus on areas of risk. Department and team leaders need to be aware of the rules and regulations that apply to their area of responsibility and have regular processes to assess compliance. Being intentional in reading newsletters and alerts is necessary to remain abreast of changes and hot topics.

Leaders must encourage reporting of compliance incidents, even the near misses, so that risks can be mitigated and future incidents prevented. The effort expended needs to be proportional to the level of risk and the scope of the issue. Areas of focus need to include patient quality and safety, financial stability, and organizational reputation and outcomes. The use of tools to identify, track and manage identified risks is an important component of a comprehensive program for compliance and risk management. Audits, checklists, graphs and spreadsheets are all important components of an effective compliance program and need to be utilized on a regular basis.

When responding to an incident, an educational approach with staff is highly encouraged. This inspires transparency and increases the likelihood that staff will report incidents in the future. Certainly, disciplinary action is warranted for willful or recurring violations of policies and rules; but an overall coaching approach can be quite effective in promoting earlier identification of risks and issues before they escalate. Sharing results of investigations raises awareness and helps others learn so that they may avoid the same situation.

There is nothing like a good story of a near miss or lesson learned to teach a concept or regulation. An employee went to the compliance director in tears because she had learned from someone else that she had sent an email to the wrong person. The email contained protected health information and had gone to someone in another healthcare setting not affiliated with the patient, so this was a potential HIPAA breach. Because of the company’s culture to always do the right thing the employee felt compelled to report the incident immediately despite what the outcome might be. The company was able to mitigate the risk by contacting the recipient who immediately went to his HIPAA Privacy Officer for guidance. The email was deleted without being read and there was no breach. The employee was more than happy to complete the required education and told her coworkers which led to other staff being more willing to report future potential incidents to protect patients, families and the company.

Ultimately the leaders and staff are the most important compliance tools an organization has. Fostering a culture of compliance, encouraging transparency, providing ongoing education, and promptly responding to concerns puts an organization well on its way to being better prepared to meet the scrutiny that will surely come in some form or manner.

Annette Kiser, Chief Compliance Officer, Compliance
Teleios Collaborative Network

An organizational model that allows not-for-profit hospices (Members) to leverage best practices, achieve economies of scale and collaborate in ways that better prepare each agency to participate in emerging alternative payment models and advance their charitable missions.