Despite ongoing reports of clinical laboratories that have had enforcement actions brought against them as a result of a weak or faulty compliance program, many labs fail to routinely measure the effectiveness of the program they have in place.
The Health and Human Services Office of Inspector General (OIG) published a model compliance plan for the clinical laboratory industry on March 3, 1997, and updated the guidance on Aug. 24, 1998 (https://oig.hhs.gov/authorities/docs/cpglab.pdf). The model plan was intended to provide clear guidance to the lab industry on how to reduce the potential for fraud and abuse within their organizations.
The OIG identified seven critical elements of an effective compliance program (see box on page 10). This guidance has served as the basis for the majority of lab compliance programs, but over time, plans can lose their effectiveness if they are not measured, monitored, assessed, and adjusted as needed.
The keys to assessing compliance program effectiveness fall in three main areas—training and education, communication, and internal monitoring and auditing—according to Marguerite Busch, vice president and chief compliance officer for PAML and PAML Ventures in Spokane, Wash. Busch discussed strategies for measuring effectiveness during this year’s G2 Intelligence Lab Institute, held Oct. 10-12 in Arlington, Va.
Training and Education
Effective training and education should include new employee orientation, annual general/core compliance training, annual special topics training, periodic education on high-risk topics for high-risk departments, and just-in-time training if processes, regulations, and forms change, says Busch, who notes that “documentation of all training is critical.” Training for new employees should cover standards of conduct, location of policies and procedures, how to report compliance concerns (four-step process discussed below), and an overview of regulations governing fraud and abuse, waste, and false claims. New marketing representatives should also have additional, in-depth orientation as soon as possible after hire to include review of the company’s sales compliance policies, contracting process with sources of referrals including approvals for all contract proposals, and gifts and entertainment policies.
General/core compliance training should cover an overview of the code of conduct, any new or changed compliance policies, any new regulatory compliance issues, an emphasis on how to report compliance concerns, and a test or survey to assess comprehension. Special training for high-risk areas might apply to billing staff, phlebotomists, marketing representatives, and human resources. Topics covered should include those specific to those departments and is often best handled in department meetings and in person. Busch suggests using case studies and examples of key risks gleaned from newsletters, OIG prosecutions, and other sources. This type of training presents a valuable opportunity to have an interactive question-and-answer session with staff, she notes.
Communication
Busch suggests teaching a typical four-step communication process to employees:
1. Discuss the issue or concern with immediate supervisor;
2. Discuss the issue or concern with the department manager;
3. Contact the compliance officer or department; and
4. Call the lab’s or organization’s anonymous 24/7 “hot line” to report the issue or concern.
An effective communications policy ensures that employees are aware of the lines of communication available to them; the availability and approachability of supervisors, managers, department heads, and compliance officers; and the availability of a hot line. The policy must also ensure confidentiality of reports and include a strong nonretaliation policy. Documentation of the issues being reported is critical, as is documentation of investigation and corrective actions taken. A prompt response back to the reporting employee is essential, says Busch.
Internal Monitoring and Auditing
When conducting internal monitoring and auditing, Busch suggests focusing on the following high-risk areas:
Order/report/bill review. Review requisitions and orders, reports, claim forms, and other attached documents. Ensure that what was ordered is what was reported is what was billed, the ICD-9 code on the requisition or order matches the claim, and a valid advance beneficiary notice was executed if appropriate. Check to see if a Medicare secondary payer form is attached, if applicable, and if reflex testing occurred, was it ordered as such.
Three-day payment window rule for hospitals. Review inpatient admission reports and lab test orders for outpatients or nonpatients (outreach patients). Check to see if any testing was performed on patients within three days (not 72 hours) of patient’s admission to the hospital by a lab wholly owned or operated by the hospital. Also, check to see if any of that testing was billed out to Medicare as a separate claim (rather than being rolled into the diagnosis-related group).
Standing orders. Review standing orders to determine if they meet the requirements that they be for a specific patient for a specific test for a specific time interval. Check to see if the authorized provider signed the standing order and whether it has been reviewed or renewed at least annually.
Custom profiles. Review the custom profile authorization form to see whether it contains the required details so that the provider knows the charges for each component of the profile and that each test in the profile should be medically necessary. Has the provider signed an annual notification regarding the custom profile?
CPT/HCPCS coding. Review the procedure for maintaining current and accurate CPT codes. Determine whether new tests and new methodologies are being coded correctly and communicated to the billing system.
Employee training and education. Review training and education records, attendance rosters, new hire lists, and training and education materials. Check to see if new hires attended compliance orientation within the lab’s timeline policy, what percentage of current employees completed annual training within the specified period, and whether training was held for target groups in potentially high-risk areas.
Test utilization. Review the top 30 tests ordered during the past 12 months and the top 30 tests from the previous 12 months. Did any test increase more than 10 percent compared to the previous 12 months? For those that did, what might be the reason for the increase? Provide documentation as to the cause of the increase.
Marketing issues. Review marketing brochures, client supply reports, contracts with sources of referral, standard test requisitions, test directory, marketing expense reports, and client fee schedules. Check to see if the marketing materials are clear and not misleading, ensure that supplies sent to clients are appropriate for the volume of tests, and ensure that leases and phlebotomy service arrangements are at full market value, fully executed, and meet all Stark rules. Check to see if requisitions clearly give ordering providers choices for test orders, make sure gifts and entertainment for sources of referral meet the current “non-monetary compensation” standards, and review client fee schedules to make sure they meet Medicare and specific state Medicaid requirements.
Exclusion checks. Review databases of employees, vendors, clients, and the federal exclusion database (http://exclusions.oig.hhs.gov and https://epis.gov/) to ensure that no employees, contractors, vendors, or clients are on either list. Ideally this will be done before hire, before contracting with a vendor, before accepting a new client, and then at least annually.