PROPOSED CORPORATE COMPLIANCE WORK PLAN 2021[2]
INTRODUCTION
The objective of the Office of Corporate Compliance (Compliance) is to continuously re-assess risk areas, re-prioritize compliance projects that are most critical to the mission of X, and report compliance developments and compliance audit findings to the Board’s Audit and Corporate Compliance Committee, Executive Committee of the Board and the full Board of Trustees as appropriate, the Executive Audit and Compliance Committee, the Chief Executive Officer, and the General Counsel.
The Compliance 2021 Work Plan briefly describes the various project areas that we perceive as critical to the mission of X. This Work Plan was developed by identifying risk areas, internally and externally, to X as well as reviewing the United States Department of Health and Human Services, Office of Inspector General (OIG) FY 2021 Work Plan, the State’s FY 2019-2020 Work Plans and several other external resources. Some of these resources include OIG, State and Centers for Medicare & Medicaid Services (CMS) guidance documents, enforcement settlements and various industry publications. Compliance will evaluate the State’s FY 2020- 2021 Work Plan when it is issued. The planning process is ongoing and dynamic; therefore the focus and timing of many of these projects may be altered in response to new information, new issues, and shifting priorities of X.
The audits identified in the Compliance 2021 Work Plan will be performed in areas that Compliance has reviewed in the past and also will include new audit topics not previously reviewed. The scope of this Work Plan includes X’s hospitals, outpatient facilities and clinics and its ancillary businesses such as its skilled nursing facilities, home health care, and laboratory services. Preliminary interview meetings with certain departments to discuss other possible areas for audit also are included. If necessary, audits will be scheduled later in the year.
Further, the Compliance 2021 Work Plan includes a large number of non-coding initiatives that will be performed. Some of the initiatives include: revising compliance policies, auditing HIPAA, reviewing physician practices coding procedures, implementing a new conflicts of interest disclosure tracking system, and implementing additional monitoring controls to address compliance related requirements.
2021 Corporate Compliance Audit Work Plan and Initiatives Schedule
Compliance Coding Audit Categories |
Estimated Hours | |
---|---|---|
1 |
Investigative Coding Audits |
X |
2 |
Professional Fee |
X |
3 |
Facility – Inpatient and Outpatient |
X |
4 |
Data Mining |
X |
5 |
Home Health, Skilled Nursing Facilities, Hospice |
X |
Total |
X |
Key 2020 Non-Coding Audit Compliance Initiatives |
Estimated Hours | |||
---|---|---|---|---|
1 |
Revise X Policy |
X | ||
2 |
Compliance Assessments of X’s Medical Office Locations |
X | ||
3 |
HIPAA Electronic Medical Record Access Audits |
X | ||
4 |
Implementation of HIPAA Monitoring and Detection Application |
X | ||
5 |
Revise Certain Coding and Billing Policies |
X | ||
6 |
Institutional Conflicts of Interest Policy |
X | ||
7 |
Compliance Committee Charters |
X | ||
8 |
Electronic Medical Record Compliance Related Policies |
X | ||
9 |
Review of HIPAA Security Rule Policies |
X | ||
10 |
Compliance Survey |
X | ||
11 |
New Conflicts of Interest Disclosure Tracking System |
X | ||
12 |
Audit of the Gifts and Interactions with Industry Policy |
X | ||
13 |
Review of Physician Practices Coding Procedures |
X | ||
14 |
Review Accountings of Disclosure Process |
X | ||
15 |
Code of Ethical Conduct Review |
X | ||
16 |
Employee Compliance Training Test Review |
X | ||
17 | New Employee Conflicts of Interest Forms | X | ||
18 |
Professional Fee Data Mining Tool | X | ||
19 |
HIPAA Security Awareness | X | ||
20 | New OMIG Hospital Compliance Program Guidance Review | X | ||
21 |
Government Investigations/Audit Policy | X | ||
22 |
Code of Ethical Conduct Certifications | X | ||
23 |
Pharmacy OMIG Checklist Review | X | ||
24 | Medicaid Transportation Providers OMIG Checklist Review | X | ||
25 |
Business Associate Audits | X | ||
26 |
Third Party Billing Review OMIG Checklist Review | X | ||
27 |
Marketing Analysis of Compliance Intranet Site | X | ||
28 | Strengthen Compliance Public and Internal Web sites | X | ||
29 |
Additional Conflicts of Interest Educational Resources | X | ||
30 | HIPAA Control for Posting Public and Internal Data on Websites | X | ||
31 |
Verify Compliance for Medicare Payments for the Drug Herceptin | X | ||
32 |
Verify Compliance for Billing for Immunosuppressive Drugs | X | ||
33 | Verify Compliance for Medicare Outpatient Payments for Other Drugs | X | ||
34 |
Verify Medicare Inpatient Coding Education on 2021 New Codes | X | ||
35 | IS HIPAA Related Risk Assessment | X | ||
36 |
EMTALA | X | ||
Total |
X |
1. INVESTIGATIVE CODING AUDITS
In addition to the coding audits scheduled each year, Compliance is also responsible for various investigative audits that are requested by management or are referred through the Help-Line. These audits are conducted throughout the year on an as needed basis. All requests are evaluated and referred to the appropriate member of the Compliance Audit team for review. In 2020, there were X investigative audits -- an increase from X in 2019.
2. PROFESSIONAL FEE AUDITS
X revamped its coding auditing structure in 2020. X’s professionals prospectively audits physician records and report the findings to Compliance on a monthly basis. Compliance plans to conduct various coding and billing audits on the topics listed below including re-audits of some 2020 professional fee audits that resulted in a financial error rate of greater than five percent and to ensure the coding accuracy of X’s coders.
A. Professional Fee Re-Audits
Description: Compliance will re-audit physician reviews conducted by X in 2020 and 2021 to ensure coding and billing compliance. These reviews will focus on X’s audits resulting in a Financial Error Rate (FER) over five percent and audits where there was no FER.
B. Physician Supervision Requirements
Description: CMS identified changes to its physician supervision requirements for 2021. These requirements will be reviewed, if applicable, for every professional fee audit performed in 2021.
C. Non-physician provider services (Incident - To)
Description: As stated in the Medicare Claims Benefit Manual 100-02, Chapter 15, section 60.1; Incident to a physician’s professional services means that the services or supplies are furnished as an integral, although incidental, part of the physician’s personal professional services in the course of diagnosis or treatment of an injury or illness. A physician may have the services of certain non-physician practitioners covered as services incident to a physician’s professional services. Compliance will review “incident to” services, if applicable, for every professional fee audit performed in 2021.
D. Physicians at Teaching Hospitals (PATH)
Description: Compliance will assess the compliance with rules governing physicians at teaching hospitals (PATH). In 2021, CMS issued revised regulations regarding the PATH coding and billing rules. The focus of these reviews will be to determine if teaching physicians are documenting appropriately in support of Medicare billing for their services when medical residents were involved in the care of their patients. Compliance will review teaching physician guidelines, if applicable, for every professional fee audit performed in 2021.
E. New Patient Visits
Description: As per the DCS RAC, Issues Under Review List, Issue # A000072009, “Providers should not bill new patient Evaluation and Management services on the same beneficiary within a 3 year period of time. Therefore, an issue may exist when multiple new patient E&M services are reimbursed under Medicare Part B inside of this time frame.” Compliance will review CPT codes 99201-99205 (New Outpatient/Office Visits) through data mining to ensure correct billing and coding within the new patient 3 year time frame.
F. High Volume Providers by Specialty
Description: Through the process of internal data analysis, Compliance will identify certain physicians who potentially billed excessive services. Compliance will review the physicians’ documentation to determine if services billed are medical necessary and supported by documentation.
G. Captive PCs
Description: Compliance in coordination with X will review various services billed by physicians within certain physician corporate entities (i.e., Captive PCs).
H. Evaluation and Management Services Provided During Global Surgery Periods
Description: Compliance will review claims submitted by physicians and reimbursed during the global surgery period. Under the global surgery fee concept, physicians bill a single fee for all of their services that are usually associated with a surgical procedure and related E/M services provided during the global surgery period.
Compliance will also review the appropriateness of the use of certain claims modifier codes during the global surgery period and determine whether Medicare payments for claims with modifiers used during the global surgery period were in accordance with Medicare requirements. Prior OIG work has shown that improper use of modifiers during the global surgery period resulted in inappropriate payments.
I. Sleep Testing: Appropriateness of Medicare Payments for Polysomnography
Description: Compliance will review the appropriateness of payments for sleep studies. Sleep studies are reimbursable for patients who have symptoms such as sleep apnea, narcolepsy, or parasomnia in accordance with the CMS’s Medicare Benefit Policy Manual, Pub. 102, ch. 15, § 70.
J. Medicare Payments for Part B Claims with G Modifiers
Description: Compliance will review payments for claims on which providers used certain modifier codes indicating that a denial was expected. Providers may use GA or GZ modifiers on claims they expect Medicare to deny as not reasonable and necessary. (See CMS’s Claims Processing Manual.) They may also use GX or GY modifiers for items or services that are statutorily excluded.
K. Medicare Part B Payments for Home Blood Glucose Testing Supplies
Description: Compliance will review Part B payments for home blood glucose test strips and lancet supplies to determine their appropriateness. The local coverage determinations (LCD) issued by the four DME MACs require that the physician’s order for each item billed include certain elements and be retained by the supplier to support billing for those services. Further, the LCDs require that the supplier add a modifier code to identify when a patient is treated with insulin or not treated with insulin. The amount of supplies allowable for reimbursement differs depending on the applicable modifier.
L. Physicians: Impact of Opting Out of Medicare
Description: Compliance will verify with X whether any of our employed physicians are opting out of Medicare and determine whether physicians who have opted out of Medicare are submitting claims to Medicare. Physicians are permitted to enter into private contracts with Medicare beneficiaries. As a result of entering into private contracts, physicians must commit that they will not submit a claim to Medicare for Medicare beneficiaries with whom they have contracted.
M. Data Mining Review
Description: Compliance in partnership with X is evaluating additional tools that could be used to more effectively evaluate physician’s compliance with the applicable coding rules. If an additional data mining tool is implemented, Compliance will conduct coding reviews based upon the available data.
N. Place-of-Service Errors
Description: Compliance will review physicians’ coding on Medicare Part B claims for services performed in hospital outpatient departments to determine whether they properly coded the places of service. Federal regulations provide for different levels of payments to physicians depending on where services are performed ( 42 C.F.R. § 414.32 ). Medicare pays a physician a higher amount when a service is performed in a non-facility setting, such as a physician’s office, than it does when the service is performed in a hospital outpatient department.
O. Evaluation and Management Services: Potentially Inappropriate Payments
Description: Compliance will assess the extent to which CMS made potentially inappropriate payments for E/M services and the consistency of E/M medical review determinations. We will also review multiple E/M services for the same providers and beneficiaries to identify electronic health records (EHR) documentation practices associated with potentially improper payments. Medicare contractors have noted an increased frequency of medical records with identical documentation across services. Medicare requires providers to select the code for the service based upon the content of the service and have documentation to support the level of service reported. (CMS’s Medicare Claims Processing Manual, Pub. No. 100-04, ch. 12, § 30.6.1.)
P. Part B Imaging Services: Medicare Payments
Description: Compliance will review Medicare payments for Part B imaging services to determine whether they reflect the expenses incurred and whether the utilization rates reflect industry practices. Physicians are paid for services pursuant to the Medicare physician fee schedule, which covers the major categories of costs, including the physician professional cost component, malpractice costs, and practice expense. Practice expenses include office rent, wages of personnel, and equipment. (Social Security Act, § 1848(c)(1)(B).) For selected imaging services, we will focus on the practice expense components, including the equipment utilization rate.
3. FACILITY – INPATIENT AND OUTPATIENT
A. Medicare Brachytherapy
Description: Compliance will review brachytherapy, a form of radiotherapy where a radiation source is placed inside or next to the area requiring treatment, to determine whether the payments are in compliance with Medicare requirements.
B. Inpatient Rehabilitation Facility (IRF) Re-Audits
Description: In 2021, the main objective of these audits will be to determine if the level of services provided are reasonable and necessary; the documentation within the medical record adequately supports the medical necessity.
C. Provider Based Clinics (Medicare)
Description: Since the beginning of the Medicare program, some hospitals have operated as single entities while owning and operating multiple provider-based departments, locations, and facilities that were treated as part of the main hospital for Medicare purposes. Compliance will review the documentation and billing of professional and technical facility services rendered in these clinics.
D. School Based Clinics
Description: Compliance will review the documentation and billing of professional and technical facility services rendered in school based clinics.
E. Durable Medical Equipment
Description: In accordance to the OMIG work plan; Compliance will review durable medical equipment (DME) and other supply claims submitted by selected providers to determine compliance and ensure that the equipment and/or supplies were properly authorized, the products were delivered, and the claim amount falls within Medicaid payment guidelines. Compliance will also conduct medical reviews of high ordering DME physicians to support the need for the DME and to determine if the targeted providers had seen and treated the recipients on the date of service or during the six month period prior to the DME date of service. We will also review the compliance of suppliers of DMEPOS with Medicare requirements for frequently replaced DME supplies to determine whether payments for such supplies met Medicare requirements.
F. MS-DRGs Gastrointestinal Disorders
Description: As discussed in the DCS, RAC Issues Under Review, Issue # A000962010; MS- DRG validation requires that diagnostic and procedural information and the discharge status of the beneficiary, as coded on the hospital claim, matches both the attending physician description and the information contained in the medical record. Compliance will validate MS- DRGs 332, 333, 334, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 368, 369, 370, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394 and 395 for diagnoses and procedures affecting the MS-DRG assignment. Compliance will also review present on admission and discharge status code indicators for every MS-DRG audit.
G. Clinical Social Worker (CSW) Services
Description: As discussed in the DCS, RAC Issues Under Review, Issue # A000222009; CSW services rendered during an inpatient acute care or skilled nursing facility stay are not separately payable under Medicare Part B, instead they are included in the facility’s Prospective Payment System (PPS) payment. CSW providers are expected to render services under arrangement with the facility. Therefore, an issue may exist when a beneficiary received CSW services during an inpatient stay, which have been billed and reimbursed under Medicare Part B. Compliance will review both the professional and facility component of these services.
H. Acute-Care Hospital Inpatient Transfers to Inpatient Hospice Care
Description: Compliance will verify with Hospice that Medicare claims for inpatient stays for which the beneficiary was transferred to hospice care and examine the relationship, either financial or common ownership, between the acute-care hospital and the hospice provider and how Medicare treats reimbursement for similar transfers from the acute-care setting to other settings. Regulations at 42 C.F.R. § 412.2 state that inpatient prospective payment system (IPPS) payments to hospitals for inpatient stays are payment in full for hospitals’ operating costs. Regulations state that hospice payments can be made for a general inpatient care day. ( 42 C.F.R. § 318.301(b)(4) ). A general inpatient care day is one on which an individual who has elected hospice care receives general inpatient care in an inpatient facility for pain control or acute or chronic symptom management that cannot be managed in other settings. If potential non- compliance is detected after verification, Compliance will conduct an audit accordingly.
I. Outpatient Dental Claims
Description: Compliance will review Medicare hospital outpatient payments for dental services to determine whether payments for dental services were made in accordance with Medicare requirements.
J. End Stage Renal Disease (ESRD): Bundled Prospective Payment System for Renal Dialysis Services
Description: Compliance will review to renal dialysis services under the new bundled ESRD prospective payment system for renal dialysis services. CMS is establishing a case-mix adjusted bundled PPS for renal dialysis services beginning January 1, 2020. The ESRD PPS, to be phased in over 4 years, will replace the basic case-mix adjusted composite payment system and the methodologies for reimbursement of separately billable outpatient ESRD services, and combines the payments for composite rate and separately billable services into a single payment.
K. Audiology Services
Description: Compliance will review Audiology Services with a HCPCS code of 92567, Tympanometry and HCPCS code 92568, Acoustic Reflex Threshold Services. CMS has focused prior reviews in this area of service.
L. Urgicare Centers
Description: Compliance will review our Urgicare centers to ensure compliance with coding and billing rules.
4. DATA MINING
The government utilizes sophisticated data mining tools to target health care providers whose claims are not in full compliance with all applicable regulations. Both the federal government and the State plans to further invest millions of dollars to continue to ramp up its ability to effectively data mine aberrant claim patterns. In an effort to understand our data as well as the government, Compliance is currently working with a third-party data mining software vendor, which affords us the ability to effectively analyze large quantities of real time data, for inpatient hospital, emergency department, and outpatient surgery claims.
Compliance will assess data from our internal data mining tool in the following areas in 2021:
-
Present on Admission Indicators (POA);
-
Missing Charges;
-
Post Acute Care Transfers;
-
Supply Units Billed; and
-
Diagnosis Related Groups (DRG).
5. HOME HEALTH, SKILLED NURSING FACILITIES, HOSPICE, LABORATORY
A. Home Health
1. Follow-up Reviews Home Health
Description: Compliance will conduct a follow-up review for Home Health based upon new industry guidance of areas to review.
B. Skilled Nursing Facilities and Hospice
1. Follow-up Reviews of Skilled Nursing Facilities and Hospice
Description: Compliance will conduct a follow-up review for Skilled Nursing and Hospice based upon industry guidance of areas to review.
2. Part B Billing for Hospice Patients
Description: Compliance will review Medicare and Medicaid payments for Part B Hospice patients to ensure compliance with coding and billing rules.
C. Laboratory
1. Trends in Laboratory Utilization
Description: Compliance will review trends in laboratory utilization under the Medicare program. Medicare pays only for laboratory tests that are ordered by a physician or qualified non-physician practitioner who is treating a beneficiary. We will examine the types of laboratory tests and the number of laboratory tests ordered.
COMPLIANCE INITIATIVES: KEY 2021 NON-CODING AUDIT COMPLIANCE INITIATIVES
1. Revise Exclusion Screening Policy
Description: One of the State and OIG’s top priorities is to detect health care providers and suppliers that have been excluded from the Federal and State healthcare programs. A hospital’s employment of an excluded provider or supplier can result in significant fines and penalties. As part of the new Patient Protection and Affordable Care Act (PPACA), new civil monetary penalties have been added to address excluded entities. Compliance will review its policy in this area to ensure it is robust.
2. Compliance Assessments of X’s Medical Office Locations
Description: X has over X medical office locations and continues to add new ones each year. Compliance is partnering with X to visit numerous medical office locations to conduct a general Health Insurance Portability and Accountability Act (HIPAA) and coding compliance assessment of various medical offices.
3. HIPAA Electronic Medical Record Access Audits
Description: The HIPAA regulations require health care providers to conduct audits to help prevent employees from inappropriately accessing patient data. One of the areas of concern regarding HIPAA is the issue of employees accessing protected health information (PHI) of other employees, family members or patients widely known in the community (i.e.,VIPs) without a clinical and/or business reason. Compliance will obtain a list of VIPs and/or employees that had an inpatient stay and will audit these employees’ medical records to determine if other employees inappropriately accessed their records.
4. Implementation of HIPAA Monitoring and Detection Application
Description: To further strengthen X’s controls, Compliance is working with Information Services (IS) to obtain IS budget approval and assist in the implementation of an IS privacy breach detection application that systematically identifies users who are engaging in patient access patterns that are indicative of snooping, identity theft or other risky behaviors.
5. Revise Certain Coding and Billing Policies
Description: One of the areas the government continues to focus on is appropriate coding and billing for health care services. In 2020, Compliance will review certain coding and billing policy areas and suggest any applicable revisions.
6. Institutional Conflicts of Interest Policy
Description: Institutional conflicts of interest are of significant concern when financial interests create the potential for inappropriate influence over the institution's activities, personnel, or resources. The risks of such conflicts include the possibility that the integrity and objectivity of the institution's research may be threatened or may be perceived to be threatened. Compliance will work with X to formalize an appropriate policy to mitigate against such influences.
7. Compliance Committee Charters
Description: X periodically refines certain compliance committees’ scope of responsibilities as the organization grows. Compliance will create or review and revise appropriately the applicable Compliance related committee’s charters to ensure they reflect current practices.
8. Electronic Medical Record Compliance-Related Policies
Description: Compliance will work with X to create compliance related policies to further strengthen our controls with regards to our implementation of electronic medical records.
9. Revision of HIPAA Security Policies
Description: In 2020, Compliance reviewed all of the HIPAA privacy rule policies and made appropriate revisions. In 2021, Compliance in partnership with Information Services will conduct a review of the HIPAA security rule policies drafted by IS. In addition, the Office of Civil Rights (OCR) for the U.S. Department of Health and Human Services will be issuing a final rule regarding additional modifications to HIPAA’s privacy standards. Compliance will consider any further revisions to our privacy policies as applicable.
10. Compliance Survey
Description: Compliance will implement a compliance survey to obtain feedback from employees regarding various compliance topics such as training, retaliation, HIPAA, and the Compliance HelpLine. Such surveys evaluate how well the compliance program is functioning and identify areas that can be strengthened.
11. New Conflicts of Interest Tracking System
Description: Compliance in conjunction with X will move its electronic conflicts of interest process over to a new Feinstein application to streamline the process and save costs. This will allow Feinstein and Compliance to better partner to identify and publicly report applicable conflicts of interests on our website pursuant to new federal research regulations.
12. Audit of the Gifts and Interactions with Industry Policy
Description: As part of the PPACA, the Physician Payments Sunshine provisions requires drug and medical device manufacturers to publicly report gifts and payments made to physicians and teaching hospitals in 2021. X recently enacted a more comprehensive Gifts and Interactions with Industry policy to mitigate vendor influence on our institution’s clinical decisions and to maintain a teaching environment free of vendor bias. Compliance will continue to audit applicable sections of the policy to ensure we are in compliance with our policy.
13. Review of Physician Practices Coding Procedures
Description: Each year the government makes several coding changes that impacts physician practices. The non-adoption of even one coding change can have a material financial impact on a physician’s practice. Compliance plans to survey various physician practices to ensure the physician practices are aware of the applicable coding changes and their procedures reflect all applicable regulatory updates.
14. Review Accounting of Disclosure Process
Description: In accordance with HIPAA regulations, every patient has the right to request an accounting of disclosure of their protected health information. Compliance will identify and conduct a random survey of the business groups (including physician office locations) that release PHI and their processes to help ensure we are taking appropriate steps to comply with the existing and forthcoming regulation on this topic.
15. Code of Ethical Conduct Review
Description: In 2020, Compliance had an outside consulting firm review our Code of Ethical Conduct. The Code of Ethical Conduct received a top quartile ranking, but the consulting firm had a number of suggestions to further strengthen our Code of Ethical Conduct. Compliance will review and incorporate the applicable recommendations.
16. Employee Compliance Training Test Review
Description: Compliance education is a key element of an effective compliance program. As part of annual Compliance Training, employees are required to complete a test and receive an appropriate score to ensure the employees understand key compliance areas. Compliance will analyze the test results to determine if certain areas of training need to be further emphasized in the future and will consider further ways to strengthen its testing process.
17. New Employee Conflicts of Interest Forms
Description: As part of the new health care legislation, vendors will begin reporting any compensation over $10 they provide to physicians and teaching hospitals. All new X employees fill out a conflicts of interest form when they join our organization. However, this conflicts of interest form is not as detailed as the annual conflicts of interest disclosure form clinicians and key employees fill out each year. Compliance will work with Human Resources to determine a process whereby clinicians and key employees will fill out the same annual disclosure form upon employment to capture the appropriate data.
18. Professional Fee Data Mining
Description: As the government continues to invest significant resources towards sophisticated data mining tools, we need to continue to invest it robust data analytics to ensure we are appropriately coding and billing physicians’ reimbursement claims. Compliance will work with X to evaluate methods to strengthen its data mining capabilities regarding professional fee coding.
19. HIPAA Security Training Awareness
Description: The federal government is placing more attention on health care provider’s security controls. Compliance will work with Information Services to strengthen its HIPAA security training for its employees.
20. New OMIG Hospital Compliance Program Guidance Review
Description: OMIG is expected to release a final compliance program guidance for Hospitals. Based upon a draft version, Compliance will assess the Health System’s performance under the anticipated new guidance and will evaluate appropriate ways to further strengthen our Compliance Program.
21. Government Investigations/Audit Policy
Description: The government conducts numerous audit and investigatory inquiries at our facilities. In order to respond to such audits or inquires, it is critical that our staff know how to respond appropriately. Compliance will work with X to further memorialize our process in responding to such events and to provide education on this topic.
22. Code of Ethical Conduct Certifications
Description: It is a best practice for employees upon employment to certify that they will comply and abide by their Code of Ethical Conduct. Compliance will work with Human Resources to verify that each new employee upon employment and annually thereafter certifies that he or she will comply and abide by X’s Code of Ethical Conduct.
23. Pharmacy Checklist Review
Description: The State Agency recently released additional guidance to assist health care providers in complying with applicable pharmacy-related regulatory requirements. Compliance will further review the State Agency’s pharmacy checklist tool as applicable to ensure our applicable business units have appropriate controls to address the State Agency’s guidance on this topic.
24. Medicaid Transportation Providers Checklist Review
Description: The State Agency recently released additional guidance to assist health care providers in complying with applicable transportation provider related regulatory requirements. Compliance will review the State Agency’s transportation checklist tool as applicable to ensure our applicable business units have appropriate controls to address the State Agency’s guidance on this topic.
25. Business Associate Audits
Description: In today’s environment, it is common for health care providers to outsource various business functions to vendors. Compliance will work with Procurement and Legal to identify all the applicable vendors that handle patients’ protected health information. Compliance will rank these vendors based upon a risk assessment grid and review certain high risk vendors’ HIPAA practices to mitigate any potential risk.
26. Third Party Billing Checklist Review
Description: The State Agency recently released additional guidance to assist health care providers in evaluating the regulatory requirements related to third party billing companies. Compliance will review the State Agency’s third party billing checklist tool to ensure our applicable business units have appropriate controls to address the State Agency’s guidance.
27. Marketing Analysis of Compliance Intranet Site
Description: It is important to improve upon how we educate and communicate with our employees about compliance topics. Compliance will evaluate and trend the number of employees accessing its intranet site. After review, Compliance will implement measures to further improve the access and content of its intranet site.
28. Strengthen Compliance Public Webpage
Description: Compliance will evaluate how to make the public compliance web page more accessible and will add additional educational content about our Compliance Program.
29. Additional Conflicts of Interest Educational Resources
Description: Compliance will create a frequently asked questions document to further guide employees regarding questions they may have regarding potential conflicts of interest.
30. HIPAA Control for Posting Public and Internal Data on Websites
Description: In today’s social media environment, the risk of a patient’s health information inadvertently getting posted to an internal or external website has significantly increased. To mitigate this risk, Compliance will roll out a new educational initiative that will require the applicable employees to undergo additional privacy training to ensure they are careful when posting information to internal and external web sites
31. Verify Compliance for Medicare Payments for the Drug Herceptin
Description: Compliance will verify with Pharmacy and Finance that claims we submitted for the drug Herceptin were appropriately billed. For drug claims involving a single-use vial or package, if a provider must discard the remainder of a single-use vial or package after administering a dose/quantity of the drug or biological, Medicare provides payment for the amount discarded along with the amount administered, up to the amount of the drug or biological as indicated on the vial or package label. However, multiuse vials such as those used for supplying Herceptin are not subject to payment for discarded amounts of a drug or biological (CMS’s Medicare Claims Processing Manual, Pub. 100-04, ch. 17, § 40). Providers must bill accurately and completely for services provided.
32. Verify Compliance for Billing for Immunosuppressive Drugs
Description: Compliance will verify with Pharmacy and Finance that Medicare Part B immunosuppressive drug claims are billed according to their Food and Drug Administration (FDA)-approved labels. We will also verify whether Medicare paid for immunosuppressive drugs that should not have been used in combination with other immunosuppressive drugs. Medicare Part B covers drugs that are not usually self-administered and are furnished incident to physicians’ services, such as immunosuppressive drugs. (Social Security Act, § 1832(a)(2), and CMS’s Medicare Benefits Policy Manual, Pub. No. 100-02, ch. 15, § 50.)
The manual also states that use of such drugs must be safe and effective and otherwise reasonable and necessary and that drugs or biologicals approved for marketing by the FDA are considered safe and effective for purposes of this requirement when used for indications specified on the labeling. Several FDA-approved labels for immunosuppressive drugs state that the drugs should not be used in combination with other immunosuppressive drugs.
33. Verify Compliance for Medicare Outpatient Payments for Other Drugs
Description: Compliance will verify with Pharmacy and Finance that outpatient payments to providers for certain drugs and the administration of those drugs (e.g., chemotherapy, anemia) were appropriately billed for the correct amount of units (CMS’s Medicare Claims Processing Manual, Pub. 100-04, ch. 1, §§ 70.2.3.1 and 80.3.2.2.). Providers must report units of service as the number of times that service or procedure was performed (ch. 5, § 20.2, and ch. 26, § 10.4). Compliance will also verify with Pharmacy and Finance that we bill appropriately for any drug overfill in accordance with the new CMS guidance on this topic.
34. Verify Medicare Inpatient Coding Education on New 2021 Codes
Description: Compliance will verify. with the applicable business departments that our staff has been educated on the applicable updates to the reimbursement billing codes for 2021.
35. IS HIPAA Related Risk Assessments
Description: Compliance will review applicable HIPAA security findings related to IS third party audits that are being conducted at various Health System facilities to satisfy a HIPAA Security Rule requirement. Compliance will assist as appropriate in any applicable corrective action plans.
36. Emergency Medical Treatment and Active Labor Act (EMTALA)
Description: EMTALA continues to be an area of governmental concern. Corporate Compliance will continue to assess and re-assess facilities compliance with EMTALA in 2021.