3 Ways to Improve Hospital Compliance

April 2012Articles Staying Well Within the Law

1. Do Your Homework – Review the OIG Work Plan
Remember when you were in college and the professor would say, “Listen up. This will be on the final exam.” The Office of Inspector General (OIG) of the Department of Health and Human Services (DHHS) gives you a similar preview each year with the publication of its work plan – the latest version is posted here.1

This document sets forth the OIG’s enforcement priorities for the coming year. Any vigilant compliance officer2 should be familiar with what’s on the enforcement agency’s agenda and prepare accordingly.

Highlights from the Fiscal Year 2012 Work Plan for hospital compliance3 issues include a number of perennial hot spots: reporting for adverse events, reliability of hospital-reported quality measure data, admissions with conditions coded present on admission, reconciliations of outlier payments, hospital claims with high or excessive payments, same-day readmissions, Medicare payments for beneficiaries with other insurance coverage, duplicate GME payments, payments for non-physician outpatient services, Medicare brachytherapy reimbursement, Medicare inpatient and outpatient hospital claims for the replacement of medical devices, and observation services during outpatient visits.

New issues in the OIG Work Plan for 2012 include in-patient rehabilitation facilities, critical access hospitals, accuracy of present-on-admission indicators submitted on Medicare claims and acute-care hospital inpatient transfers to inpatient hospice care.

If you have an effective compliance plan, you are already monitoring changes in applicable laws and regulations on an ongoing basis and reviewing your institution’s operations to identify vulnerabilities. The Work Plan can help you focus on where the OIG will be looking in the coming year so those areas can be addressed first and remedied if necessary. With the increased frequency of RAC audits and whistleblower suits, forewarned is forearmed.

2. Tighten up your HIPAA Compliance
Congress mandated that the DHHS audit covered entities and business associates to ensure that they are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. The Department’s Office of Civil Rights (OCR) has announced a pilot program of 150 audits of covered entities to assess privacy and security compliance.

If your hospital is not selected as one of the first 150 audit targets this year, you’re not off the hook yet. It is anticipated that OCR will use the results of its pilot audit4 program to focus further audit activity on the areas of greatest noncompliance.

In either case, if you are audited, you can expect OCR to request complete documentation of your facility’s privacy and security compliance efforts. Their team will conduct a site visit during which they will interview key personnel and observe processes and operations. After the site visit, OCR will draft a report including findings and proposed corrective actions. The covered entity will be permitted to discuss the draft and finalize its proposed responses.

Of particular interest are your relationships with business associates and subcontractors, and your procedures for responding to a breach of personal health information (PHI). A recent study reported that more than 46 percent of breaches were committed by business associates or other third parties, so make sure your business associate agreements are adequate to hold your BA’s fully responsible for their mistakes.

Now is the best time to review your HIPAA compliance efforts, identify and rectify gaps, and bring your policies and procedures up to date. Don’t wait until the inspector is at your door.

3. Fully Document FMV for All Transactions
As compliance professionals know, fair market value (FMV) is an essential element to satisfy a plethora of regulatory requirements and exceptions, including, but not limited to Stark, the Anti-Kickback Safe Harbors and tax exemption criteria. Accordingly, documentation of FMV is not the time to cut corners on appraisers or legal fees.

The term “fair market value” is defined in slightly different ways in each regulatory context, but the common elements require the amount to be within the range of prices that would be paid as the result of bona fide bargaining between well-informed parties who are not otherwise in a position to generate business for each other, and who are not under any compulsion to enter into the transaction. In some situations there are additional requirements. For instance, the value of leases may not take into account the proximity of referral sources despite the well-known real estate mantra “location, location, location.”

Although a written valuation from an independent valuation expert is generally not required by law, proceeding without one is risky indeed. Worse yet is a valuation that includes impermissible factors such as anticipated referral volume or ancillary business to be generated under a transaction. Your valuation reports should always be obtained by your legal counsel to maximize their protection under the attorney client privilege and work product doctrine, but keep in mind that both such protections are not absolute.

FMV analysis and documentation is critical for all transactions with referring physicians including but not limited to employment and independent contractor agreements, medical directorships, leases, asset purchases, service agreements, joint ventures, investment opportunities and redemption of investments.

Don’t stop with FMV – most Stark and Safe Harbor exceptions also require a showing of commercial reasonableness, i.e., a legitimate business purpose of the transaction apart from anticipated referrals.

For more information about this topic, please contact William H. Maruca.

This article previously appeared in Corporate Compliance Insights and is reprinted here with permission.