The 23rd Health Care Compliance Association (HCCA) Compliance Institute gathered more than 3,000 healthcare compliance professionals in Boston, Massachusetts last week. The Compliance Institute offers the opportunity to learn about the latest developments and priorities from regulators, and this year’s event was no exception. Despite the challenges from working in a highly regulated industry, there are many opportunities for compliance officers to strengthen their healthcare organization’s compliance program.

The following represent my top takeaways from HCCA’s 2019 Compliance Institute.

Top CMS Initiatives for 2019

Kimberly Brandt, Principal Deputy Administrator for Operations at the Centers for Medicare & Medicaid Services (CMS) shared some of the agency’s key initiatives for 2019 and beyond during a general session. The following are some of the highlights from Brandt’s update:

• Patients Over Paperwork Program: This signature initiative centers around putting patients first. Providers spend too much time on paperwork and not enough time with patients. With the planned changes from 2018 through 2021, this project is expected to reduce more than 40 million hours of regulatory burden and save health systems an estimated $5.7 billion.
• Simplifying Documentation Requirements: CMS has made a number of changes to simplify documentation requirements using a two-prong approach. First, the provider documentation checklist centralized all documentation requirements in one place. Second, the agency offers a provider documentation lookup service.
• Forthcoming Stark Law Updates: The Stark Law was a primary theme of comments submitted in response to CMS’s request for information on burden reduction from 2017. As a result, the agency is working on an update to Stark regulations to be issued later in 2019.
• MyHealthEData: With patient information trapped in siloed health systems, MyHealthEData is an administration-wide initiative to unleash data to empower patients by giving them control of their healthcare information and allowing it to follow them throughout their journey.

The OIG’s Lesson on Innovation

This year, Joanne Chiedi, Principal Deputy Inspector General in the Department of Health and Human Services (HHS) provided the latest update from the Office of Inspector General (OIG) with a message about innovation. “When it comes to compliance in this revolutionary time in healthcare, don’t shy away from technology and innovation,” she addressed attendees. “Be bold. Take action. Compliance must have a seat and voice at the innovation table.”

Technology will be essential to the success of compliance in tomorrow’s healthcare ecosystem. Chiedi shared the following four strategies to ensure success in the compliance landscape of the future:

1. Agility and Adaptability: Being nimble and being able to adapt to change is critical. OIG has built a multidisciplinary workforce armed with data and technology to identify program vulnerabilities. Consider reviewing your staffing plan and be sure you have the right mix of experts.
2. Continuous Prioritization: To respond to rapid change, this involves scanning the environment early and often to look at the current state of play and at the horizon for surfacing issues. As a best practice, support a culture that allows for experimentation. Additionally, setup a regular process for environment scanning and prioritization of your compliance activities and priorities.
3. Compliance Leadership: Be passionate. Leaders disseminate a simple vision about their values and priorities. “For OIG, it’s critical that we do this right, that we do the right things, that we show people we care, and that we support them,” Chiedi explains. As a tip, she suggests seeking a meeting with the people planning your data and technology functions (e.g., chief technology officer, chief innovation officer).
4. Strategic Partnerships: Partnerships are more important than ever in today’s world. “It’s not healthy and sustainable to go at it alone,” Chiedi said. To develop better partnerships, she suggests identifying your organization’s patterns and reaching out to their compliance officers. “Get to the department heads within your organization and start with IT,” she said.

The Impact of a Compliance Culture

One part of an effective compliance and ethics program is that the organization promotes an organizational culture that encourages ethical conduct and a commitment to compliance with the law. “Compliance is not effective without culture,” according to speakers Scott Gima and Margaret Scavotto from Management Performance Associates during a breakout session on compliance culture case studies. “Some people are wired to call and report, but for the people on the fence, your culture will make a difference,” Scavotto explained.

Gima defines culture as doing things right. “Compliance needs to be part of the conversation at every level of the organization,” he explained. “It has to start with the C-suite. Involve the board, managers and supervisors to buy in. And you have to reinforce that things have to be done the right way.” The focus should be on taking care of patients, with everything else coming secondary.

Referencing Uber’s recent culture problems as an example, Gima suggests reviewing the report conducted by law firm Covington & Burling for lessons that can be applied to your organization. Specifically, consider adopting a zero tolerance policy for substantiated complaints of discrimination and harassment, without regard to whether an employee is a “high performer” or a long-term employee. “You have to follow the policy no matter how painful it is,” Gima emphasized. “You have to do it and hold everyone at your organization accountable from the top all the way down. That’s how you start changing the culture at your organization.”

Exclusion Screening Best Practices for 2019 and Beyond

While Section 1128 of the Social Security Act grants the OIG the authority to exclude individuals and entities from federal healthcare programs, there’s much more to exclusion screening compliance beyond the OIG. “The OIG Special Advisory Bulletin from 2013 is my ‘Exclusions Bible’,” Carey Cothran, Chief Privacy Officer at Piedmont Healthcare, stated during an exclusions breakout session.

“It provides the legal background for [the OIG’s] exclusion authority and describes ways in which individuals might end up violating the terms of their exclusion,” Nicole Caucci, Deputy Branch Chief at the OIG, explained during the session. “This is the first bulletin where the OIG recommended as a best practice to have a monthly screening process in place. We require that for anyone under a corporate integrity agreement (CIA).”

Besides the OIG’s List of Excluded Individuals and Entities (LEIE), most states have a Medicaid exclusion list and there are even some states that have two lists. “States have different reasons for why they might put somebody on an exclusion list,” Cothran explained. “If there are people on there, [then] we should be looking out for them and whether we should be paying them any state or federal dollars from any federal healthcare program.”

Even beyond the state Medicaid exclusion lists, there are more exclusion lists available for screening. When utilizing the U.S. General Services Administration’s (GSA) System for Award Management (SAM) for exclusion screening, the findings may not be clear. “Contact the agency who excluded the individual,” Emily Reilly, Compliance Administrator at WellStar Health System, recommended during the session. “You need to ask an expert about what the exclusion on an individual is going to mean. [This] may uncover how serious it may be for that particular industry.”

As we approach the next decade, one thing is for certain: the role that compliance officers play in the healthcare system will be critical to ensuring patient care and safety for years to come. Did you attend the HCCA 2019 Compliance Institute? What were your top takeaways? Let us know in the comments section below.