What is your culture of compliance?
By Nancy J. Beckley, MS, MBA, CHC*
What is the culture of compliance at your physical therapy practice?
Do you have a Code of Conduct? Do you have a compliance program? More than ever, therapy practice owners are thinking about and asking about compliance. Most compliance topics in physical therapy practice revolve around documentation, coding, and billing. For a small therapy practice those topics are a central and essential component for compliance.
The current cultural transition that is fostered by digital communications, with related privacy and security concerns, presents a challenge to practice owners for clear leadership on compliance. Culture tone starts at the top, and the culture of compliance starts with the compliance tone at the top.
I challenge readers to “scrapbook” your way to success in compliance by cataloging compliance-related documents digitally or the old-fashioned way in a scrapbook or ring binder. The top of mind thought should be: “What is the culture of compliance at my practice?” Here are a few questions for contemplation:
- How do we define our culture of compliance?
- How do my employees learn, interpret, and understand our Code?
- What is our Code of Conduct? Is it well codified (documented)?
- Does our Code reflect our mission, vision, and values?
- How do we handle violations of our Code?
- Does our practice encourage reporting violations of our Code?
- What is our policy on nonretaliation?
- What is our social media policy, both for our practice and for our staff on a personal basis?
- How do we protect patient privacy?
- What is our policy on nondiscrimination and nonharassment?
Grab a piece of paper, open up an app, or scribble in the margins as you read along and think about the culture of compliance at your practice. Examine the view of compliance both from the top and from the perspective of employees, volunteers, vendors, students, referral sources, and community partners.
Now for the technical details: mapping underlying compliance laws and regulations with your culture of compliance. For example, if your compliance culture is based on ethics and compliance with coding and billing for Medicare, it is essential that everyone at the practice not only understands your commitment to billing and coding compliance but also understands the operative details, including Medicare regulations and practical application for coding each patient encounter.
Let’s get started with some essential underlying components of compliance obligations by examining the landscape of laws and regulations.
The 7 Elements of Compliance
Initiating Your Compliance Program
The Affordable Care Act (ACA) required compliance programs. Small therapy practices may find it helpful to reference the Office of Inspector General’s Compliance Program for Individual and Small Group Physician Practices.1 While this guidance was written 18 years ago, it provides a template for getting started when properly updated with an effective contemporaneous compliance and practice risk assessment. The 7 elements of a compliance program are based on the Federal Sentencing Guidelines.
The Health Care Compliance Association and the Office of Inspector General (OIG) have identified the 7 Elements of Compliance for the purpose of measuring compliance program effectiveness2:
- Standards, Policies, and Procedures
- Compliance Program Administration
- Screening and Evaluation of Employees, Physicians, Vendors, and Other Agents
- Communication, Education, and Training on Compliance Issues
- Monitoring, Auditing, and Internal Reporting Systems
- Discipline for Non-Compliance
- Investigations and Remedial Measures
The 5 Faces of Fraud and Abuse
Understanding the Key Federal Health Care Laws
The OIG’s Inspector General Dan Levinson refers to the 5 key health care laws as the “FACES.” For therapy practices, the elements of compliance with these laws are essential and a central component of compliance:
- False Claims Act
- Anti-Kickback Statute
- Civil Monetary Penalties Law
- Exclusion Authorities
- Stark (Physician Self-Referral) Law
Affordable Care Act, Section 1557
Compliance with Federal Civil Rights Laws
Compliance with federal civil rights laws was extended to private practice therapy providers that accept federal financial assistance, defined as participation in Medicaid and/or TRICARE. The Final Rule was issued in 2015, and October 16, 2016, was the compliance implementation date. Key elements of compliance with Section 1557 include provisions for nondiscrimination on the basis of race, color, national origin, disability, sex, and age. To that end, Section 1557 defines and expands parameters for policies and procedures to be implemented, including but not limited to:
- Protecting individuals against sex discrimination
- Making all programs and activities provided through electronic and information technology accessible
- Providing appropriate auxiliary aids and services for individuals with disabilities
- Ensuring meaningful access for individuals with Limited English Proficiency (LEP)
- Including mention of the availability of language assistance services on nondiscrimination statements and taglines
The devil is in the details with Section 1557 compliance, and if you are getting a late start the Department of Health and Human Services’ Office of Civil Rights website provides detailed requirements.2
Health Insurance Portability and Accountability Act (HIPAA)
Ensuring Compliance with HIPAA
HIPAA was enacted in 1996, but fast forward to today and understand the compliance requirements and obligations for covered entities (CE) under three key areas of regulatory compliance. If your HIPAA compliance consists entirely of a Notice of Privacy Practices, a review of these key components of HIPAA is essential particularly given the environment of phishing, hacking, and cybersecurity threats.
- The Privacy Rule
- The Security Rule
- The Breach Notification Rule
Rehab Agency Conditions of Participation (CoP)
Compliance as a Condition of Participation (42 CFR Part 485, Subpart H)
If your practice is enrolled in Medicare as a Rehabilitation Agency Out Patient Physical Therapy (OPT), the following CoP are required and must be evidenced during the initial survey and revalidation surveys:
- Compliance with Federal, State, and Local Laws (including Civil Rights Assurance of Compliance)
- Administrative Management
- Plan of Care and Physician Involvement
- Physical Therapy Services
- Speech Pathology Services
- Rehabilitation Program
- Arrangements for Physical Therapy and Speech-Language Pathology Services to Be Performed by Other than Salaried Organization Personnel
- Clinical Records
- Physical Environment
- Infection Control
- Emergency Preparedness
- Program Evaluation
Comprehensive Outpatient Rehabilitation Facility (CORF) Conditions of Participation (CoP)
Compliance as a Condition of Participation (42 CFR Part 485, Subpart B)
If your practice is enrolled in Medicare as a CORF, the following CoP are required and must be evidenced during the initial survey and revalidation surveys:
- Compliance with State and Local Laws (including Civil Rights Assurance of Compliance)
- Governing Body and Administration
- Comprehensive Rehabilitation Program
- Clinical Records
- Physical Environment
- Utilization Review Plan
- Emergency Preparedness
For both rehab agencies and CORFs, the most significant compliance issues relate to compliance with Emergency Preparedness and the significant and time-intensive required activities.
Culture and compliance are synergistic concepts. As you contemplate today’s therapy landscape, ask yourself how today’s culture and the problems posed by advancing technology will impact the culture of compliance at your therapy practice.
What’s the compliance culture at your practice?
1 Compliance Program for Individual and Small Group Physician Practices. 2000. https://oig.hhs.gov/authorities/docs/physician.pdf. Accessed August 3, 2018.
2 Department of Health and Human Services. Section 1557: https://www.hhs.gov/civil-rights/for-individuals/section-1557/index.htm. Accessed August 3, 2018.
Nancy J. Beckley, MS, MBA, CHC, is certified in health care compliance by the Compliance Certification Board and is a frequent speaker and author on outpatient therapy compliance topics. She advises practices on compliance plan development and audit response. Questions and comments can be directed to email@example.com.
*The author has a vested interest in this subject.