Measuring the Effectiveness of Your Compliance and Ethics Program, Using CMS's Requirements of Participation

Show Notes

Joseph Zielinski, Compliance and Privacy Officer, CarDon & Associates, and Michelle R. Adams, Associate General Counsel, Ensign Services, discuss how to measure a long-term care facility’s compliance and ethics program. They cover why compliance is so important in the context of long-term care facilities, existing compliance and ethics frameworks, CMS’ Requirements of Participation, recent cases that highlight the importance of compliance effectiveness, and how to measure and utilize data to demonstrate compliance effectiveness. Joseph and Michelle spoke about this topic at AHLA’s 2024 Long Term and Post-Acute Care Law and Compliance in San Diego, CA. From AHLA's Post-Acute and Long Term Services Practice Group.

To learn more about AHLA and the educational resources available to the health law community, visit americanhealthlaw.org.

Transcript

Speaker 1: 0:00

<silence>

Speaker 2: 0:07

This episode of A HLA speaking of health law is brought to you by a HLA members and donors like you. For more information, visit American health law.org.

Speaker 3: 0:22

Good afternoon. My name is Joseph Zelinski , and I'm the compliance and privacy Officer with Cardon and Associates. Today I'll be talking with Michelle Adams about measuring the effectiveness of your compliance and ethics program using CMS requirements for participation. This is a topic that Michelle and I presented on at Long-Term Care and the Law and Compliance back in February. And I'm just going to do a little more of a dive into the topic and I'll turn it over to Michelle to introduce herself.

Speaker 4: 0:50

I'm Michelle Adams. I'm an Associate General Counsel with NCI Services, and I've worked in , uh, healthcare and healthcare law for, for many years at , at this point, and really enjoyed presenting on this topic with Joe at the, at the conference in February.

Speaker 3: 1:09

So , like we said, we mentioned this topic was presented at the Long-Term Care Conference back in February. Um, really where we wanna start is discussing the measurement need , um, in this , in starting there. The reason we chose this was there is needs to be more than just measuring the topic. Uh, the government has come out and said that having policies and procedures simply isn't enough anymore , and that you need a way to sort of measure the effectiveness of your program. So we're gonna get into that topic and talk a little bit about what that looks like. And Michelle, before we get too far into our topic, let's talk about some compliance basics. Can you tell a little bit about the seven elements of an effective compliance program?

Speaker 4: 1:58

Sure. And I, I wanted to go back to discussing, discussing , um, why we need to major the compliance program. I think, I mean, I think it's, you know , there's lots of reasons, right? Like , um, just having a compliance program isn't enough. We know that we see it all over the place. I think we've probably both read it. We've, I think we've written an article that stated it <laugh>. Um , but it's, you know, at this point there are so many, you know, we've got the Department of Justice, we've got the OIG, we've got CMS that all have these requirements. And so we need to have a way to measure our compliance program. Or anybody who has one should have a way to measure them, because if they're not measuring them, then they have no idea if they're effective or not. Right?

Speaker 3: 2:50

Right. And that's, that's the key that we're really trying to get to, is measuring that effectiveness of the program.

Speaker 4: 2:55

Yeah. Yeah, exactly. And so you were talking about compliance basics. Well, we have the seven elements and these , um, I wanna say in the early or mid two thousands, the OIG identified the seven elements of , of an effective compliance program. And it's, I did a quick Google search just to see how easy it is to find and got thousands of responses, <laugh> . So I won't just list out all of the elements, but I will say they're, they're easy to find. Um, one of the top , uh, results I got from the OIG even just list out , um, the compliance program tips and then even has, which I thought was really helpful, five practical tips for creating a culture of compliance. And I'll talk about those , um, as we get into our conversation. I'll talk about those in a little bit. 'cause I think they kind of come in later in our conversation. Um, and then speaking of the Department of Justice , um, what compliance program basics do they provide?

Speaker 3: 4:02

Thanks. Yeah, and I just wanna add one point on the seven elements. We, we noticed there's a slight variance that came out when they did the new general compliance. That's right. Guidance that came out last fall. So you can also look at that general compliance guidance, which shouldn't be hard to find from the OIG webpage that Michelle talked about being able to access. Um, but thank you for mentioning the DOJ . So the DOJ has their three fundamental questions that apply to whether you have an effective compliance program or not. I'm not gonna, I'm not gonna tell you the three fundamental questions. Same as Michelle. You can, as Michelle said, you can do a quick Google search and they'll pull up , um, the DOJ guidance came out, I believe, initially in 2017, and then was amended as been amended two different times , uh, with the 2020 amendments being a little more large in scale than the more recent 2023 amendments. But what those really get into is showing you what the expectation is from the Department of Justice side, how their attorneys are supposed to interpret the guidance, and then basically gives you a map that you can follow to help avoid , uh, issues with the Department of Justice. Now, I guess just one caveat to point out, the Department of Justice is more so dealing with criminal issues than civil. So that's a distinction to be aware of as you're going through this. But the, the big piece out of this is , um, you can get credit against any potential penalty that you may , uh, incur as part of what's being investigated. If you can demonstrate, you know, the effectiveness of your compliance program, sort of using this guidance that has been put there, and you can actually get reduction or mitigation in your , uh, penalty. And we mentioned this in our title, but I'll let Michelle just give a little bit basics on the requirements of participation.

Speaker 4: 6:00

I wanted to go back to something you said. You mentioned , um, the DOJ focuses on criminal. Like, do you have any examples of the difference between civil and criminal? Um, for purposes of, you know, compliance program?

Speaker 3: 6:14

Not, I'm to put you in the spot <laugh> off the top my head , but I mean, just the general, the general distinction of civil, you're looking at corporate integrity agreements, fines, things like that, department of Justice. Uh, you're looking at fines, but also the potential for jail time. So the, the big distinction between the two is you're getting away from sort of monetary to a more , um, physical penalty of potential jail time , uh, which would not be an issue under sort of the civil side of things.

Speaker 4: 6:44

And is it, is intent one of the main differences? I mean, you know, like I look at like the False Claims Act, you know , whether it's civil or criminal, partly depend. I mean, well, maybe mainly depends on intent. So if you, you can sort of unintentionally , um, commit fraud and abuse under the False Claims Act, but you can also do it intentionally and then it becomes a criminal ,

Speaker 3: 7:07

Um , right. And I think that's where , um, what we're gonna talk about and having an effective compliance program is, is important because if you can demonstrate that your program worked properly to identify an incidental issue , um, obviously that's going to be more beneficial to your favor than having a massive fraud that your program did not discover. Um , mm-Hmm . <affirmative> that had an intent to defra the government.

Speaker 4: 7:35

Okay. Uh, going back, you mentioned the requirements of participation. So talking about them very generally, just as an introduction to the requirements of participation. 'cause I know you're going to talk about them in more detail. Um, the requirements of participation come from , um, and there are requirements of participation for all different types of facilities. So when we talk about the requirements for participation, we're talking about the requirements for long-term care facilities , um, and they come from CMS and, you know, basically their requirements, right? Like the , you're mandated to follow them or you may not be able to participate in Medicare Medicaid. I'm gonna let you dive , uh, you, you know them better than I do, Joe. Um, I'm gonna let you dive a little more into , um, what they are and then start with how you actually utilize them to, to measure effectiveness.

Speaker 3: 8:38

Okay . Yeah. I think, as Michelle said, these are requirements of participation and most importantly, requirements to get paid.

Speaker 4: 8:46

Yeah. <laugh> . That's right. Like ,

Speaker 3: 8:48

We don't wanna forget that part .

Speaker 4: 8:49

All facilities wanna get paid. It's mostly like the most important part , um, judging by my daily phone calls.

Speaker 3: 8:57

So we're gonna talk now about using the requirements of participation to measure , um, effectiveness. And I'm not gonna go into detail on exactly what the requirements of participation are for long-term care. Um, it's under section 4 83 . Um, you can find them , you can find them pretty easily. Um, so the ROPs in their simplest form, as Michelle talked about, is they're the requirements. Um, in this sentence we're talking, in this , uh, podcast, we're talking about the compliance and ethics program requirements. So generally speaking, at a pretty high level, those get into dealing with policy and procedures, auditing and monitoring, naming compliance program. You'll notice they are very similar to the seven elements that Michelle mentioned earlier. Yeah . Um, you can, if you look back at our presentation, one of the things we did was to align the seven elements with each of the requirements of participation. The way that I've sort of broken it down is there are 11 different requirements, 10, that apply to everyone, and an 11 that applies if your co company has five or more facilities. And that deals with having a compliance liaison in addition to a compliance officer. Um, if you want more on that, I've, I've done a podcast on, on that. So you can Google and probably find sort of compliance liaisons why , what they are, what they do, but that, that's your distinction. That may not apply to you if you're a smaller entity. That's not to say necessarily that even if it's not required to have one, that it's not a bad idea to have one. Um, so regardless of size, it may be , um, a good idea. And what we're, and the way we're using the ROPs is they're gonna be the baseline to set the questions of what the expectations are for our program so we can sort of set out what each of those 11 different pieces of the requirements tell us to do. We can list out their requirements and then we can go through and compare our program to those requirements and what they set out as sort of how you do that. We'll talk a little bit more in detail later in the podcast about a tool to help you utilize that. But what we're gonna sort of cover, and we'll talk a little bit more about why we're covering it here shortly, is what the RO is, you know, leveraging the ROPs and using something that's there. It's kind of like when you're given the answer answers to a test, you know, you might as well go ahead and take advantage of it . So, you know, CMS is telling you, here's the things you need to do, here's the elements of each of those, and then basically you can compare your program to those elements. So I mentioned brief ,

Speaker 4: 11:58

Oh, sorry, <laugh>. I was just gonna say, can you give an exa , can you like, take one of the requirements? Um, like how you said, can you take one, maybe your favorite one if you have a favorite one, and , um, just kind , just give an example of what you're saying, like taking that, looking at the requirements and comparing them to your program.

Speaker 3: 12:20

Yeah . So for example, what I would call requirement three is sufficient resources and authority to the individual overseeing the program. So that is the, is what the guidance says. And then where it's broken out as to how you sort of show that in the subparts from the section is , uh, reasonable assurance of compliance such as standards, policy and procedures, looking at your compliance budget, risk assessments, board of directors , um, escalation of investigations, use of facility assessments. Um, and just one other thing to plug here is, this was actually one of the two new areas when they most recently redid the DOJ guidance that asked about whether you have sufficient resources to operate your program. So an example of , of sort of what the , what the requirement is, the elements that would show you meet it. And then just a little bonus tip that in meeting this one, you do get the double benefit of, of hitting a Department of Justice guidance area. And one key way that you can help in this specific area is look at benchmarking to compare to similarly sized organizations.

Speaker 4: 13:34

Do you think it matters? You know, so it's like looking at your budget, so you obviously probably wanna have one, but do you think it matters? I mean, it's tailored to the size of your organization, right? I mean, correct . If you have six facilities, you might have a small compliance budget or, you know, if you have 300, your compliance budget might be fairly extensive. And it depends on how many people, you know, I mean, I know some smaller organizations, their compliance officer also often wears other hats. Um, whether that's recommended or not. Um, <laugh>, I know there's some guidance out there, I think from, is it from the OIG? Your compliance officer shouldn't be your CFO or your CEO . Um, and sometimes, I know they've said it shouldn't be your chief legal officer either, but I know there are organizations where, you know, they're not, they usually have their a attorney or their chief legal officer still be their compliance officer. 'cause that's the budget and the abilities that they have.

Speaker 3: 14:40

And I think that's a good point that you raise on the different sizes of programs. Um, really there is no one size fit all prescription. We're gonna , we're gonna try and give you a way to , um, you know, measure the effectiveness of your program. But certainly it's not the only , uh, way to do it. And it's going to vary on things like Michelle said, what's the size of your department? Uh, you know, sort of, if you've got one, there's gonna be less of an expectation if you've got 20 . Um, so really the key here is that you need to tailor this to your resources there. And if you don't have resources, then it's probably a good starting point to go to your board or your owners or whoever the appropriate governing body is and say, Hey, look right here. This isn't at least two different places that it tells me I have to have a budget. So I have to have a budget. And here's <laugh> . You know, and this is the reasoning why. So that can be something you can take back. Um, if you're maybe smaller, not as resourced , um, you can point out that just not in the requirements of participation, but also in the DOJ guidance, it talks about how well resourced you are and that being , um, an important factor.

Speaker 4: 15:53

And I think there are , I don't know, budget wise if it makes more sense or less sense. I think there are even companies who will, I don't know if they'll, will, they function as your compliance officer? I think they'll provide you guide like compliance, almost like a compliance program so that, you know, but I don't know if it's any cheaper. Do you know?

Speaker 3: 16:14

Yeah, I mean that , yeah, there's, there's fair number of companies I think will do what Michelle referenced and both help stand up a program for you. And then I do have friends that work for companies where they go and do jobs as interim , uh, chief compliance officers. I don't know if you'd want a full-time, hire out <laugh> , uh, your compliance officer. But certainly if you, you hit a snag between officers, it may not be a bad idea to have an interim person in there to ensure that nothing kind of falls through the cracks as you're , uh, backfilling the position.

Speaker 4: 16:48

Yeah, you wouldn't want your survey, you wouldn't wanna have a survey in between and not be able to name someone as your compliance officer <laugh>.

Speaker 3: 17:00

Well , we , where

Speaker 4: 17:01

Where were we?

Speaker 3: 17:02

I was gonna say, we , we've covered a lot of ground and we've talked about sort of the why these are mandated, but I think Michelle can bring a little bit more light to this by talking a little bit about some of the cases out there and sort of what and why , um, those cases show that knowing your program is effective is important.

Speaker 4: 17:23

Well, and I think, you know, so these are some recent , um, false Claims Act settlements. And if you, there are, at least I found when I searched online, there certainly , um, you know, probably like the O-I-G-D-O-J, they keep sort of repositories of these types of cases. There are law firms that also , um, give , uh, really nice summaries and compile, you know, these every year. And usually they're looking for the biggest dollar amounts or sort of the most egregious, egregious , uh, but so these, you know, these four cases are high dollar amounts. Um, you know, and, but I , I mean it , so these sort of show like sort of the worst case scenario, but , um, it can certainly happen anywhere. Um, and it can certainly be going on under your nose without you really knowing, particularly if the compliance officer or compliance team or the legal counsel aren't. I mean, you can't be involved in everything. Uh, the first we've got , um, Saratoga Center for Rehabilitation and Skilled Nursing Care. I'm bringing this one up in particular because this one was egregious and I don't know what their compliance program was. I would think anyone at these, this facility would've been able to pick up on the failures that were happening. Um, these were allegations of violations of the False Claims Act, submitting claims for payment for services. The government claimed were worthless. 'cause the facility actually failed to maintain their license, ensure proper staffing and actually maintenance. The buildings were deteriorating, like very obviously falling apart. Um, and this is , this one was , um, in New York , um, they had a lot of medication errors. So medication errors, you know , uh, audits could certainly pick those up. Um, you know, they could be picked up in many different ways. And I think a lot of these are things where if you had a compliance hotline , uh, many of these would've been reported on a compliance hotline. <laugh> , uh, lot of unnecessary falls, lot of unnecessary pressure ulcers. They lacked hot water a lot of the time and adequate linen. Um, and they lacked disposal of solid waste. So it was a pretty , um, it's unfortunate for anybody who was a resident there and they were shut down, fortunately, <laugh> , um, they had some license issues in that initially there were appropriate operators for the facility and the, there was a dispute between the landlord, I believe, and maybe the operators and the landlord just removed the operators and put people in place that didn't have the appropriate licensure. Uh, particularly this one. I mean, any, a lot of compliance issues we've got some others. It seems that a lot of the False Claims Act settlements involve , uh, payment to physicians. That's seems to be, those are the ones I seem to read the most about. Oh, and in the one I just talked about, Saratoga, that was a seven point, basically, almost a $7.2 million settlement. And I don't know, I'm wondering if they even paid it, if they even have the ability to pay it. I mean, if their buildings falling down , uh, they don't have hot water linen, et cetera . Um, I'm wondering if that one will ever get paid.

Speaker 3: 21:14

Go going back to a point you made earlier, Michelle, and these is intent required for a False Claims Act violation?

Speaker 4: 21:21

No, it's not. So it can't, so there's, you know, there's the Civil False Claims Act and the Criminal False Claims Act, and the difference , uh, one of the main differences is intent. Um, sometimes there's intent to defraud the government , uh, and, you know , uh, other times there isn't. And that's the, I don't know if it's right to say scary thing about the False Claims Act, but you could have, you know, an untrained employee in your, you know, let's say your accounts payable who , uh, doesn't realize their billing incorrectly to Medicare or Medicaid. Um, and that could, you know, before that's caught, particularly if you don't have an effective compliance program that could go on for two or three years, and then you either end up with a whistleblower because somebody comes in and realizes like, Hey, this is some odd billing for therapy. Um, or because the government decides to do some sort of audit. Um, you know, you're, you're looking at millions of dollars because of the way that the False Claims Act assigns , um, penalties. It's for every single individual claim, each one gets a penalty. Um, there's a , a few other cases , uh, you know, that , you know, different , um, these, like I said, these involve physicians. So we've got false claims submitted based on violations of the Anti-Kickback statute. Um, allegedly, this is Alta Vista Healthcare and Wellness Center. Um, this is in California. So $3.23 million settlement with the , um, US and , uh, almost $600,000 settlement with California. Um, they allegedly paid several physicians monthly stipends and provided them with , uh, some really nice travel and entertainment in return for their referral of patients to Alta Vista . And I think we see this a lot, unfortunately , um, allegations of paying physicians for referrals. Uh, they also had to enter into a five year corporate integrity agreement with , um, H-H-S-O-I-G, which can be super cumbersome , um, to, I don't know if you've ever had to, to deal with one of those, Joe, I know we worked together in a previous life and , um, with an organization who was, we were sort of peripherally involved, but I remember it was a lot of work for the, under the corporate integrity agreement for our com Chief Compliance Officer.

Speaker 3: 24:00

Yeah. Not knock on what I, I have not had the , you know , with one other than that kind of tangential one where we were sort of an outside entity doing a little bit of consulting Yeah. Work with, with an entity that had an integrity agreement. So I, I think you're, I think you're raising a lot of valid points on sort of what these cases can do. And I think the fact that they can escalate very quickly mm-Hmm , <affirmative> , um, and they don't require an intent. So like you said, if you don't have an effective , um, auditing and monitoring program and you don't catch a billing error, even if it was, you know, not an intentional one, you're still gonna have that false Claims Act. And then you're gonna have on top of that an issue with your program not being effective in that it didn't catch this error for, you know, an extended period of, of time. So, you know, I think those cases are, are important. Um, is there anything more just that you can think, that you'd like to say sort of about why it , why it matters , um, what you do

Speaker 4: 25:05

Well , like why it matters to have an effective compliance program? Yes . Yeah . Oh gosh. I mean, I think it ensures, you know, better care of your residents. Um, you know, I mean, it really protects your patients or your residents. It promotes quality care. Uh, like you, you've mentioned this before, if you end up under a corporate integrity agreement, well, you, you could actually end, if you have an effective compliance program in place and you know, you're being investigated by the Department of Justice , uh, you may be able to avoid a corporate integrity agreement because you had a compliant , an effective compliance program in place. But, so yeah, it can, it can help you avoid, I don't know , for lack of a better word, punishment. Um, it can decrease your culpability. Um, I think it also, it's good guidance for your staff, right? For all of your employees. I mean, compliance applies at every single level of the organization from the very top to the very bottom. So you, I mean, of course you want , um, oh, why can't I think of the word? Um, like I said, it goes from the top to the bottom. You want like a , um, well, I mean, you want the, the very top to consider compliance really important, and you want that to filter everywhere. Uh, so that can be one of the, you know , that can be a hur a hurdle, a bit of a hur , a hurdle, but it also just identifies for your employees, for everybody what is appropriate, what isn't appropriate. Provides an outlet via a compliance hotline, usually for reporting, you know , um, things that they believe may not be , um, you know, appropriate. Um, and I think that, you know, I mean, when you're dealing with humans, there's potentially always going to be something, you know, and so people having a safe way to report that is important, but it also just identifies how they should behave <laugh>, you know? Um, and I think people appreciate that . I could be wrong, but, and then we talked about this earlier too . It protects your reimbursement , uh, the ever important reimbursement, the facilities, most facilities wouldn't survive without that reimbursement. The government reimbursement , um, could also, you know, protects your image, protects your reputation, helps attract, you know, future residents. I can't think of anything else for the second, can you think of anything <laugh> ?

Speaker 3: 27:44

Yeah, just a couple other things I wanna , and I wanna touch on. One thing in the case is, I don't think we have it in our notes, but just because we tended to discuss and note the higher level settlements, doesn't mean there aren't smaller settlements out there. Um , oh ,

Speaker 4: 28:00

There's so many.

Speaker 3: 28:01

I, I did present one time with a member of DOJ , and they, one of the key points that they emphasized is no matter is too small , um, you , you know, you don't hear in the news often these smaller a hundred, you know , couple hundred thousand dollars settlements, but they are out there and the government is looking for them, and they are more , um, sophisticated. I think part of, you know, in addition to the information Michelle mentioned on why it matters so much, I think you have to look at the attention that is coming to skilled nursing and the focus that's on there. So we know there was the 2020 National Nursing Home Initiative that involved D-O-J-O-I-G-C-M-S , Medicaid fraud control units. We know that one of the first two revised guidances that is coming out from OIG is gonna be related to nursing homes. And that's supposed to come out at some point this year. Um, we know we have the staffing mandates out there, <laugh> the staffing little be beyond the scope of what we're gonna talk about, but, you know, area , you know, another area of focus. And then if all that wasn't enough, you've got private equity, which is probably its own podcast about the impact of private equity and long-term care and how that impacts things. Um, but there's, there's a lot out there, and this is definitely an area in focus right now. So you do wanna make sure that you are valuing it, that you can demonstrate effectiveness and that you are measuring what you're doing. Um, I think now that we've talked a little bit about the what and the why , um, maybe we can get to the how.

Speaker 4: 29:43

Well, and I wanted to make one more point because I read this this morning as I was preparing for this podcast. So on the CMS website, this is an update from April of 2024. And you know, you may already know this, I didn't know this, that there CMS is currently test testing a risk-based survey approach. So if you're a higher quality facility , um, uh, you'll get potentially, like I said, they're testing it, receive a more focused survey that takes less time and resources. Um, so it'll still ensure compliance with health, health and safety standards. Um, so higher quality, what does that mean? It states that it's a history of fewer citations for non-compliance , uh, higher staffing, fewer hospitalizations, and then other characteristics such as no citations related to resident harm or abuse, no pending investigations for residents at immediate jeopardy for serious harm and compliance with staffing and data submission requirements. So what this says to me is having a a , an effective compliance program may also help you have <laugh> may, may qualify you for a , you know, a risk-based survey that'll take hopefully less time and less resources , um, than typical.

Speaker 3: 31:08

Yeah. And anyway , that's done a survey knows anything you can do to reduce that down Yeah,

Speaker 4: 31:13

Exactly.

Speaker 3: 31:15

Is a good thing because , you know, they , they , the longer they're in the building, the more likely they are to find issues . So that, that's good news for that. And just another reason why you wanna have an effective program and be part of that survey issue.

Speaker 4: 31:30

So how do we measure it , Joe? Because I know you created a really nice tool , um, and we should say first that one of the issues, maybe you're already gonna say this, and I'm so sorry. One of the issues after we gave this presentation is we didn't realize that our materials didn't include the fool tool that Joe created. And it's a , do you , would you say it , it's interactive, right? Like it's not just a form. I mean, you tell me, I'll let you talk about it <laugh> , but I was just gonna say, if you want the tool, please request it , uh, from Joe because just having a copy of it in the, if you watch our conference presentation, you won't have the full tool and be able to utilize it appropriately.

Speaker 3: 32:20

Thank you. So what this tool seeks to do is sort of aggregate a lot of the data and create sort of measurements and metrics that you can use to measure the effectiveness of the compliance program. And the way it does that is it sort of combines and utilizes the requirements of participation, the measuring effectiveness guidance that came out from OIG , um, some of the DOJ information and then our guidance on , um, John Blank <laugh> . But it's, it's in there. You'll see it when you'll see it when you get the tool <laugh> . Um , and, and we, we previewed this a little bit when we were talking earlier, but what the tool does is it sets out the various requirements for that specific section, and then it's gonna give you detailed guidance that is incorporating what , um, O-I-G-D-O-J everybody has said , um, in there. And basically that's how you're gonna make a determination whether this requirement doesn't apply to you partially app , whether it's partial , not implemented, partially implemented, or fully implemented. Um, so you've got four options for each sort of question. And then you're gonna get a nice summary page on the, on the, on the first landing page is gonna create a nice summary of all the data. There's some other tables that are in there, but what you're gonna sort of do , um, and this is not for the faint of heart, I think I just did one and I think it took me about three or four days. Um, so it, it is a time consuming event, but it does give you a good foundation. Um, but you , but you can split up the tool. Um, I did it all myself, which took a long time, but I think you could split it up and send it out to different members of your, send different pieces to different members of your team , um, and probably get it done a lot faster and maybe with a little more information that you're getting multiple inputs rather than one. So that's probably one of the, one of the tips I would say when utilizing the tool is try and make sure you're getting the folks that are actually doing the work to do the measuring and the, and the rating. Um, and that 'cause that will help to get you more accurate. I will say I was a little surprised at , uh, the number of partially completed <laugh> ones that we, that we had , um, didn't, you know, didn't really have a lot of not applicable. I probably didn't necessarily need that category , um, other than in one area. But it , that was sort of the interesting piece to me is I, as I think I thought we were a little more mature , um, than maybe we are. So that was sort of an interesting revelation , um, to me as I did it. Um, but one of the big things you are gonna do that's important to the government is you are gonna come away with a lot of data. You're going to , you're gonna get a lot of pieces of information, you're gonna look at a lot of areas , um, you know, and I think some of the conversations you'll have with , uh, your coworkers and colleagues as you complete this is gonna be as valuable as what the information , um, it's tells you itself. So I mean, it is, it is a learning experience, but it's a good way to audit and mon audit and monitor your program going forward. And then the other thing it does is it gives you a baseline that as you go forward, you can document that maturity of your program as you show over time the changes and improvements that your program , um, has made. So that's gonna be a key utilization for it. And then I just wanna spend a moment talking about data <laugh>, <laugh> . Um, I'm not a statistician <laugh> , um, so I will put that disclaimer , um, out there. But, you know, what are you gonna do with this data that, that you're gonna have? Um, because the government talks about measuring and testing, and so what are you, so what are you gonna do here? So what can you do with the data that you would tend to generate here ? So you can do demonstrate program effectiveness, which is what we've been talking about, and hopefully <laugh> , uh, giving you some tips and guidance on how to do, you can use it as part of a risk assessment. Um, you know, this may help you identify areas of vulnerability that you have within your program. Um, this could be good board material , um, or audit committee material, depending on how your reporting structure goes. Um, you can use it to engage your senior leaders. Um, as we talked about earlier, if you need support for your compliance budget, this may be a way to go and demonstrate, Hey, look at us. These are all the requirements we have to meet and we're not meeting 'em. I need a budget to meet 'em. Um , yeah, <laugh> . So hopefully it can help you in that way. Um, and then, you know, kind of two final points is , um, it gives you that ability to benchmark year to year , and then it really gives you metrics that you can develop and utilize within your program. And the best part is the tool does most of that calculating , um, itself. So you just need to interpret the data.

Speaker 4: 38:06

Mm-Hmm. <affirmative> . And if , if, so let's say you fill out the tool and you've got all this information. If you somehow , um, you know, knock on wood end up being investigated by the government, would you ever recommend sharing any of that with them? Or is it more of an internal document that shouldn't be shared?

Speaker 3: 38:31

I think it's gonna depend on what it shows.

Speaker 4: 38:34

<laugh> . Yeah . <laugh> .

Speaker 3: 38:37

Um, you know, I think, I think if it's you're demonstrating an effective program and you, and let's say you caught the violation, I would think that would be a time when you would want to , you know, sort of show, here's our program, here's how we measure effectiveness, here's how we know we're doing what we're doing. And the fact that we caught this, you know, demonstrates that it's working. Yeah . So I think that, you know, is an important thing. And I think that's going to , that's where I would say probably lean on your council . Mm-Hmm. <affirmative> , um, and see what they, what they would recommend. They're gonna have a little more experience in this than, than I do. But I would say if, if, if you didn't discover the problem and you got a whole bunch of , uh, you know, partially complete or not complete, you , you're probably not gonna show that. 'cause that's just gonna support what's been found. Yeah . But if , but if you are finding that you're, you're meeting most of the stuff and you do discover sort of the issue, you know, you can say, Hey, here's how we're, here's how we're doing our program. Here's how we were able to catch it. Um, you know, because we were doing these things and this is, this is how we've evaluated our program, and we think that's evidenced by what's, what's happened. Um, and that's not to say that just because you do this tool, you'll catch everything. Yeah. Um , no, no one is gonna be perfect. And I don't think the government's expectation is perfection. Um, you know, I think they understand, as Michelle mentioned earlier, we're all humans, so we're, and we're all dealing with people <laugh> . So that is , uh, you know, one of those things to consider and that the government does take into effect. And that's where the intent that we spent so much time , uh, kind of talking about and trying to distinguish can be an important , uh, you know, piece for you. But, but really, you know, we, we don't wanna, we don't wanna make it sound like this tool is gonna , you know, be a one stop solution. It's just gonna help you with your program development, and it's gonna point you in the directions that you need to go to make improvements or changes.

Speaker 4: 40:52

So do you recommend utilizing it annually? You know, and then once you've, you know, let's say you've identified, you know, just throwing out a number, like five key risk areas, you know, do you then take, you know, you use the tool, you know, gather all the info , um, and then take those risk areas and sort of have your, you know, create an annual plan on improvement in those areas. I mean, there are some things that'd be really easy to improve and others that, you know, could take a lot of time and education and training and resources. Uh, so I guess I just asked two questions. So the first one was, do you recommend doing it annually? And then the second one is, you know, maybe taking it and creating like your , I'm just envisioning like an annual plan. Like, okay, here are the things we need to work on this year. And maybe over time you'll have less to work on, depending on what your starting point is.

Speaker 3: 41:51

Yeah. I would say you'd wanna do it at least annually. Mm-Hmm . <affirmative> , um, maybe in that first year, you might wanna do it more frequently, or if within a year you make a large program change Mm-Hmm. <affirmative> , um, you may wanna update your information as you're, as you're revising your program. Um, but I think the, the most, the guidance out there would tell you at least once a year, but if you do have something major, you're probably gonna want to go back and update it. So let's say you do unfortunately have , um, a violation, the government does come knocking. Um, you're probably gonna want to take a snapshot of what your program looks like at that point. So you may wanna stop and say, okay, we need to do an assessment, see where we are. And then the good thing is, and this is a little bonus credit for you, DOJ will give you credit for what you do during the time they're investigating. Mm-Hmm . The matter. So if you can demonstrate improvement in your program during the time, then you can get credit to help offset the penalty. So that's where, again, it can be important to say, Hey , uh, OIG person, when we start , we assess our program at the start, here's where we were . Um, we had this unfortunate incident, we implemented corrective actions. Here's where we set , here's where , where our program is now that we've, that we've done this. So I think that's the first part of , um, your question and the second piece. Yeah, I, I think it's important to help drive what you're gonna do because you're gonna have sort of your annual work plan , um, for what I would say are sort of the operational pieces. So you're gonna have an annual work plan that's gonna audit, monitor, falls, wounds , um, pressure ulcers , um, med errors, all those, it errors , all those general things you're gonna have in , in sort of your, your work plan. But then you're gonna have that compliance specific plan where you're trying to update and do things, and I think that's where this is gonna help you for the year, set some priorities within compliance as far as what you wanna achieve for the year.

Speaker 4: 44:06

Mm-Hmm, <affirmative> , that makes sense. Yeah. Hopefully the, the DOJ knocking on your door isn't the first to hear about an issue, but I mean, it , it happens unfortunately, particularly if, you know, I think probably in whistleblower situations where, you know, you, depending on the size of your organization, you may have no way of knowing that something in particular was happening until <laugh> , until you, until they either, you know, they, they, they start their investigation in multiple different ways, depending , um, could be a letter, could be a, them showing up with a search warrant. So , uh, but I think, you know, utilizing your tool, you know, using the requirements of participation to , uh, measure your effectiveness, you know, and, you know, develop, you know, your, your plan of , um, of attack to keep your compliance program effective and current , um, hopefully will prevent that from happening.

Speaker 3: 45:06

Okay . I , Ms . Michelle, do you have any concluding thoughts?

Speaker 4: 45:13

Uh , just that

Speaker 3: 45:13

We , that we near the end of our time ,

Speaker 4: 45:16

Um, I'm gonna conclude with, I just read these this morning from the OIG and I think they're , uh, really, really helpful practical tips. So I'm gonna, I am, this is the one thing I'm gonna list out on the podcast <laugh> , um, make your compliance plans a priority. Now, I think we've basically said that this entire conversation, know your fraud and abuse risk areas. You can utilize this tool to do that. Um, identifying your compliance plan, et cetera, et cetera, I think helps you, helps you know that , um, manage your financial relationships. Super important. That's where I think most places get in trouble. Our financial relationships, whether it be with medical directors , um, or others, I thought this was really good. Just because your competitors doing something doesn't mean you or should. Uh, and I've also heard to add to that <laugh> , um, well , we've done it this way for years, that doesn't make it okay either. Um, and then when in doubt, ask for help.

Speaker 3: 46:22

And , and I'm going to kind of keep mine short to the <laugh> , to the point here, <laugh>. Um, mine is gonna be, you need data. Data is the, is the new frontier. We know that , uh, CMS is doing a lot of data mining to help them discover these issues. Um, so you, you really need to know your data well, and you need to know what it's telling you , um, so that you can take appropriate actions. Um, and just sort of the , the phrase that that sticks out to me is measuring and testing in mind. Um, so design your program, you know, in a way that you can measure it and that it can be tested. Mm-Hmm, <affirmative> . Um , so I'd like to thank , um, Michelle for her time, and I'd like to thank the audience for listening. Have a great day .

Speaker 2: 47:16

Thank you for listening. If you enjoy this episode, be sure to subscribe to a HLA, speaking of health law, wherever you get your podcasts. To learn more about a HLA and the educational resources available to the health law community, visit American health law org .