Measuring the Effectiveness of Your Compliance Program

By Nancy J. Beckley, MS, MBA, CHC
Now that your compliance program is up and running (is it?), the next step is having a method for measuring compliance effectiveness. Dan Levinson, the Inspector General of the Office of Inspector General (OIG), Department of Health and Human Services, annually gives the keynote at the Compliance Institute. I have had the opportunity to interview Dan following his keynote address on several occasions for a live podcast. Something always sticks out for me when I recall those interviews. Dan described an effective compliance program as one that “detected a problem, corrected a problem, and prevented the problem from happening again.” So, you have never had a problem? The OIG and other federal authorities are likely to determine that you don’t have an effective compliance program. Let’s look at a few mini–case studies.
DETECT, CORRECT, PREVENT
A few examples of an effective compliance cycle and proof of compliance program effectiveness:
1. Supervision
In a physical therapy private practice, the supervising physical therapist (PT) leaves early on a Friday due to illness. Before the supervising PT leaves, he reassigns three Medicare patients to the PTA with instructions regarding therapy. The PT felt confident in doing this since the relevant PT practice act allows for general supervision. The PTA treats the patients, who are grateful that their therapy is not cancelled, and completes documentation, coding, and billing in the electronic medical record (EMR). Sometime during the next week, the practice owner, who had been on vacation, learns that the PT was not present to provide direct supervision, as required by Medicare (detect problem). She issues instructions to correct the billing by reopening the claim and adjusting the amount to reflect a zero charge. An amendment is made to the chart reflecting that therapy was performed per the plan of care, and that it was a no-charge visit as supervision requirements were not met (correct problem). The owner provides clarification on direct versus general supervision, and educates and instructs staff that Medicare patients cannot be billed for therapy when direct supervision is not provided (prevent problem).

2. Excluded Provider
In July of 2017 a private practice owner, as part of the practice’s compliance program, begins using the OIG List of Excluded Individuals and Entities (LEIE) to screen for individuals who have been excluded from participation in federal health care programs. A new employee of the practice shows up as a positive hit for exclusion, which cannot be reconciled through verification of address and social security number. Further review confirms that this employee, a physical therapist, has been excluded by the OIG (detect problem). The employee confirms this fact, and is suspended pending further investigation. It is determined that this physical therapist was permissively excluded in May of 2017 by recommendation of the State PT Board in another state. The practice, with the assistance of compliance counsel, makes a self-disclosure to the OIG. The OIG accepts the self-disclosure, and the PT practice pays a penalty for “allegedly” violating the Civil Monetary Penalties Law for employing an individual that it “knew or should have known was excluded from participation in Federal health care programs.” The practice terminates the physical therapist’s employment (correct problem). The physical therapy practice ensures that its policy is to conduct and document monthly exclusions checks (as recommended by OIG) (prevent problem).
3. Practice
A physical therapy and occupational therapy group practice has both physical therapy and occupational therapy–certified hand therapists (CHT). Due to a scheduling conflict a physical therapist treats a Medicare patient who is under the certified plan of care of one of the occupational therapists for three visits. Claims are submitted to Medicare under the credentials of the OT. Another OT in the clinic notifies the practice director (who is the compliance officer) via a dedicated compliance email of a potential billing and practice violation (detect problem). The practice owner interviews both therapists to get the facts. A refund for the three visits is processed to Medicare, and both the occupational and physical therapists are disciplined and the information documented to their personnel file (correct problem). Both the physical therapist and occupational therapist agree, as a condition of their discipline, to determine any obligation to self-report to their respective Board. The practice director provides information to the entire staff to mitigate the problem happening in the future. A monitoring activity is established (and documented) for ongoing review to ensure proper practice and billing (prevent problem).
These examples provide evidence of detecting, correcting, and preventing problems. Let’s look at the bigger picture: demonstrating overall compliance effectiveness.

DEPARTMENT OF JUSTICE
In February 2017, the Department of Justice (DOJ) published “Evaluation of Corporate Compliance Programs.”1 It appeared without much fanfare, but was quickly noticed for its important message to the compliance and provider community. In this document, the DOJ explains factors that come into consideration when conducting a criminal investigation. Sample topics and questions are itemized in the document, which includes a description of the type of scrutiny that can be expected. On the flip side, it provides a provider an opportunity to plan for an investigation (that they hope never happens). The focus areas are closely aligned with the Federal Sentencing Guidelines and the elements of an effective compliance program:
- Analysis and Remediation of Underlying Misconduct
- Senior and Middle Management
- Autonomy and Resources
- Policies and Procedures
- Operational Integration
- Risk Assessment
- Training and Communications
- Confidential Reporting and Investigation
- Incentives and Disciplinary Measures
- Continuous Improvement, Periodic Testing and Review
- Third Party Management
- Mergers and Acquisitions
Review the document’s sample questions to understand the elements that underscore the compliance big picture. To sum up, this memo pulls together elements for the DOJ to use during an investigation, and provides a measure for any provider to assess their own compliance program, albeit the elements described may not always be found in a compliance program scaled to a small therapy practice.
HCCA-OIG COMPLIANCE EFFECTIVENESS ROUNDTABLE
The OIG in cooperation with the Health Care Compliance Association (HCCA) convened a roundtable meeting in January to discuss ways to “measure the effectiveness of compliance programs.” Their guide, “Measuring Compliance Program Effectiveness: A Resource Guide,” was distributed at the March Compliance Institute and was a featured element of Inspector General Dan Levinson’s keynote address. The OIG cautions that while this appears to be in a checklist format, the document is not to be used as a checklist, or as a standard or certification document (e.g., such as those used for Medicare survey and certification).
A group of 40 compliance professionals representing all provider types, including physical therapy providers, gathered for this workgroup and used a round robin topical approach to brainstorm measures for each of the seven compliance program elements:
- Standards, Policies, and Procedures
- Compliance Program Administration
- Screening and Evaluation of Employees, Physicians, Vendors, and Other Agents
- Communication, Education, and Training on Compliance Issues
- Monitoring, Auditing, and Internal Reporting Systems
- Discipline for Non-Compliance
- Investigations and Remedial Measures
The Guide contains over 500 measurement elements offering a variety of tools for different programs, varied sizes, and different maturity levels. So how does a therapy practice make use of this tool? The OIG guidance on this suggests that only a small number of elements may be used at the beginning, and some elements will be used more often than others. They also warn that using all the elements, or even a substantial number, is “impractical and not recommended.”

Start by downloading the Guide and identifying elements that you know you can measure (not how well you can measure!). Best practice is to also identify elements that you would like to measure in the future, but systems and procedures need to be put in place before that can be done. The OIG is interested in feedback on the utility of the Guide and is looking to see the compliance and provider community response. The Guide should be used as an internal document to assist in measuring and documenting your compliance program. Look for opportunities to expand and improve your program and document your approach. Identify elements that can be measured by different individuals and functions in your practice, such as billing, finance, marketing, and operations.
Compliance and culture go hand in hand. A good place to start in measuring compliance program effectiveness is an employee survey. Survey tools, such as Survey Monkey, can be used for free, and provide some level of autonomy for the responder. As you start to contemplate measuring your compliance program effectiveness, ensure that you have a system to detect, correct, and prevent compliance problems. If you are a smaller practice scaling your compliance program, at minimum ensure that you have taken due diligence to ensure that no employee has been excluded from participation in a federal health care program, that you have educated your employees on preventing fraud and abuse in therapy, and that you have in place policies and procedures governing documentation, coding, and billing—the high-risk areas in outpatient physical therapy. Let me know if you have any questions or feedback on the Guide.
References
1 Department of Justice. Evaluation of Corporate Compliance Programs (Feb. 8, 2017). Available at www.justice.gov/criminalfraud/ page/file/937501/download
2 Office of Inspector General (March 27, 2017). Available at https:// oig.hhs.gov/compliance/101/files/HCCA-OIG-Resource-Guide.pdf.

Nancy J. Beckley, MS, MBA, CHC, is certified in health care compliance by the Compliance Certification Board and is a frequent speaker and author on outpatient therapy compliance topics. She advises practices on compliance plan development and audit response. Questions and comments can be directed to nancy@nancybeckley.com.