Compliance starts at the top, experts say at AHCA/NCAL convention
Carol Rolf spoke about compliance issues.
Almost 20 years after federal law created an exclusion process related to participating in Medicare and Medicaid programs, some long-term care providers may not be checking their employees' status often enough, compliance experts warned Tuesday.
Exclusion occurs when an individual is barred from participating in Medicare or Medicaid programs for at least some period of time, and first became federal law in 1996. While mandatory exclusions can be obvious, such as related to the person committing fraud or patient abuse, the government also can bar someone for defaulting on student loans or for misdemeanor convictions related to controlled substances. If this happens, and a nursing home is employing the excluded person, the facility will face paying civil monetary penalties.
“You have no pity from the federal government on this - you have to pay,” said Carol Rolf, senior partner at Rolf Goffman Martin Lang LLP in Cleveland, speaking at “Deconstructing Corporate Compliance and Ethics for Large and Small Nursing Facilities” at the American Health Care Association/National Center for Assisted Living convention in Washington, D.C.
States also have specific laws: While the federal government requires checking for exclusion status at the time of hire, Pennsylvania requires checking monthly. Rolf says she recommends facilities check once a year.
“We've seen several cases where the medical director was excluded,” she said. “They were untimely in paying back loans for medical school.” This also has happened with therapists, commented Carol Amick, CPA, director of corporate compliance and privacy officer at Sava Senior Care.
Other hot topics in compliance include the use of technology. One common pitfall is what staff may put into an email. Rolf noted that some staff use email like instant messenger and communicate in a way that can be taken out of context. She noted a case in which there was a search done for emails where the acronym “RUG” was used within 10 words of the word “goal” and that “length of stay” was within 10 words of “target.”
With hardware, Rolf reviewed cases in which laptops were stolen and had unencrypted information, causing HIPAA breaches.
Both speakers said that there is value in reviewing PEPPER reports, and in facilities understanding what their building looks like compared to others, especially when looking at therapy RUGs.
“We had a building where everybody got speech therapy,” Amick said. “You've got to look at that type of thing.” If a provider decides to hire an analytics or software service to review MDS or other data, “use it,” she said.
Finally, if providers hire consultants to do external audits, they should remember that, unlike lawyers, what the external auditors find does not have to be kept to themselves. Rolf noted one case in which the consulting firm found overpayments, and the facility decided not to pay it back. The consultant became a whistleblower.
“CPAs don't have privilege,” she reminded.
Overall, with compliance, “I really believe it starts at the top,” Rolf said. “Then it will filter through the organization.”The AHCA/NCAL annual convention concludes today at the Gaylord National Resort & Convention Center. This year's event drew record attendance, according to organizers.