With ever increasing regulatory pressures and the issues around compliance within healthcare becoming more complex, compliance programs and internal audits need to work together in order to help companies manage their risks efficiently and effectively. That being said, this is very challenging to do in the current climate, with the consolidation of healthcare systems, increased competition between providers for more patients, and cost saving being at the forefront of every decision that is made.
One major risk posed in this highly competitive market is that healthcare providers must sign up to contracts with physicians in order to handle the growing demands within this landscape. This leaves hospitals and other medical practices uncomfortably caught against the need to get deals over the line and the equally important need to introduce strict compliance procedures that ensure all arrangements are fully compliant with both federal and state laws.
In addition to this, the healthcare market continues to face an increasing number of penalties and legal fines for a whole range of different issues that are related to certain practices of none compliance. For instance, in 2014 $6 billion was recovered by the United States Department of Justice (DOJ) from cases relating to the False Claims Act. Similarly, $2.3 billion has also been recovered against cases relating to federal healthcare programs. Since 2009, there have been in excess of 700 lawsuits by whistleblowers that have recovered $22.75 billion in total.
Audit & Compliance Risks
By not applying the appropriate level of attention to specific areas that are deemed high risk within a healthcare company may result in potential claims being made by a whistleblower, defense expenses, investigations, and even the chance of penalties and fines. These are all in addition to the negative publicity that will likely come with them as well. An instance of this occurring is, for example, when a management flow / process becomes unorganized or is unable to anticipate the steps required to be taken regarding certain arrangements. The lack of action acts as a clear indicator of subpar management and shows a clear failure to proactively identify issues, as well as lack of transparency which may in the future lead to severe regulatory exposure.
There is a certain amount of risk where benefits or money are exchanged between related companies, such as medical devices and pharmaceutical companies, service providers, and physicians. The payments made need to be monitored in order to ensure compliance with the appropriate state laws, including anti kickback statute and stark law.
Hospitals and medical centres need to put into practice specific policies for conflict of interest disclosure, as well as manage a process to ensure any conflicts that there may be are identified and then managed in a proactive manner. There should be no agreement in place that gives compensation based on any future, present, or past referrals that are made.
All claims that are paid for by the federal government which are in no way compliant with the appropriate documentation and coding regulations or come from a Stark violation that then lead on to a practice or pattern of overpayments has the potential to be applicable for penalties and fines under the false claims act. The risk of this increases whenever audits of the billing of claims, coding, and documentation are not completed or in the instance where a company does not do all of the required compliance tasks that are associated with the appropriate arrangements. During the process of producing a work plan for an annual audit, a company ought to establish how frequently audits are performed on both external and internal facts and risks relating to the area being reviewed.
Audit & Compliance Foundational Elements
The board of directors of a company needs to establish and then oversee its guarantee to corporate responsibility. The United States government states that as part of the best practice for a compliance program, members of the board should have clear visibility into concerns or problems, and healthcare corporate compliance audit leadership should maintain a strong relationship with the board of directors. All board members need to be aware of, as well as having the ability to manage any initiatives that may be related to measures, procedures, policies, and codes of conduct for responding to and preventing violations. The results from any audits performed must be presented to the board of directors as not to cause an oversight of the compliance and audit function. This relationship can be completely scalable but it is dependent upon the complexity and size of the company.
The compliance and audit officer must possess a linear reporting structure to the board of directors and thus have the ability to bypass any company interference or levels of management in certain situations. One hundred percent transparency is only achievable in those instances where the board is able to meet up with internal audit and compliance officers without the fear or reprisal or without the presence of management.
Large numbers of companies conduct enterprise risk management (ERM) programs in order to plan for where they should put their resources for the purpose of an audit. Most are now doing this on an annual basis. The areas that are commonly identified by an ERM include human capital , operations, billing, legal, IT, reputation, and finance. Experts suggest that by proactively engaging the appropriate department leadership in such discussions, it makes them feel much more included in the entire ERM process. Additionally, for its efforts to gain any real traction within a company, it is vitally important that the leadership sell the idea and its importance to other employees.
Audit & Compliance Committee Responsibilities
Although the responsibilities and roles of an audit committee vary from company to company, dependent on structure, ownership, services and size, there are some common functions. A committee provides direction and oversight to the audit and compliance program. An example of the functions involved include assessing high value and high risk contracts, monitoring and approving audit plans, receiving management reports, and ensuring that the process for the disclosure of conflicts of interest are working.