Monitoring, Auditing, and Internal Reporting

Question 1

What is Monitoring?

Answer 1

An on-going process that assists management in ensuring their business processes are working as intended.

Question 2

What is Auditing?

Answer 2

A formal, systematic and methodical approach designed to evaluate and improve effectiveness of business process and controls.

Question 3

TRUE/FALSE The Compliance Officer and Staff have full access to all documents and other information that are relevant to compliance activities?

Answer 3

TRUE

Question 4

TRUE/FALSE The organization leadership and board of directors should be knowledgeable about the content and operation of the compliance program.

Answer 4

TRUE

Question 5

• Reviews (monitoring) What are some techniques that the compliance officer or reviewer should consider when conducting a review?

Answer 5

• On site Visits • testing of billing and coding staff on their knowledge of reimbursement and coverage criteria • unannounced mock surveys, audits, and investigations • check of personnel records to determine whether any individuals who have been reprimanded for compliance issues in the past are among those currently engaged in improper conduct • Interview with personnel involved in management, operations, coding claim submission, and other related activities

Question 6

• Reviews (monitoring) What are some additional techniques that the compliance officer or reviewer should consider when conducting a review?

Answer 6

• questionnaires developed to solicit impressions of a broad cross section of the organization’s employees and staff • reviews of written materials and documentation prepared by the different departments • trend analyses or longitudinal studies that seek deviations • review of written materials and documentation prepared by the different divisions of an organization

Question 7

How should the Compliance Officer and staff respond to reports of detected compliance offenses and violations?

Answer 7

Upon reports or reasonable indications of suspected noncompliance, it is important that the chief compliance officer or other management officials initiate prompt steps to investigate the conduct in question to determine whether a material violation of applicable law or the requirements of the compliance program has occurred, and if so, take steps to correct the problem

Question 8

What should the records of an investigation for a detected compliance offense or violation include?

Answer 8

Records of the investigation should contain documentation of the alleged violation, a description of the investigative process, copies of interview notes and key documents, a log of the witnesses interviewed and the documents reviewed, the results of the investigation, e.g., any disciplinary action taken, and the corrective action implemented.

Question 9

What are some resources that can be used to identify risk areas when developing annual work plans?

Answer 9

• OIG Work Plan • Internal Findings related to other reviews • External Market Activity • External reviews done by enforcement agencies on a national basis

Question 10

What are some components that the work plan can include?

Answer 10

• The audits to be performed; • Audit schedules, including start and end dates • Announced or unannounced audits; • Audit methodology; • Necessary resources; • Types of Audit: desk or onsite; • Person(s) responsible; • Final audit report due date to compliance officer; and • Follow up activities from findings.

Question 11

What key component of the work plan must be conducted after the final report?

Answer 11

A process for responding to all monitoring and auditing results and for conducting follow-up reviews of areas found to be non-compliant to determine if the implemented corrective actions have fully addressed the underlying problems.

Question 12

-Reviews (monitoring) What are the six generic review activities that the OIG recommends that every organization have reviews in place for?

Answer 12

• Claim Development and Submission Process • Anti-kickback and Self-Referral Concerns • Bad Debts • Credit Balances • Retention of Records • Compliance Program Process

Question 13

What are the minimum components that make up the format necessary to conduct a review or audit?

Answer 13

• Sample Selection • Data Review and Collection • Data Analysis • Reporting Note: Compliance reviews should be designed as a form of ongoing process improvement.

Question 14

What types of Sampling techniques are acceptable?

Answer 14

Sampling techniques for reviews may range from scientifically determined statistically valid to a modest review of data, depending on the purpose and end user.

Question 15

When should the organization use a sampling technique that is statistically significant?

Answer 15

When reporting a self-disclosure to and external agency to maintain credibility and objectivity

Question 16

What are some reasons that cause corrective actions due to significant variations to the baseline found during a review or audit?

Answer 16

• Improper procedures • Misunderstanding of the rules • Fraud • Systemic problems

Question 17

Are there instances when a significant variation would not prompt a corrective action plan?

Answer 17

Yes. If the inquiry determines that the deviation occurred for legitimate, explainable reasons and has no significant impact, there may be limited corrective action or no action taken by management as a result of the findings.

Question 18

What are 3 general recommendations with the overall organizational reporting process of compliance?

Answer 18

• Organizational leadership and the Board of Directors should exercise reasonable oversight with respect to the compliance program’s implementation and effectiveness • Compliance reports created by ongoing review should be maintain by the compliance officer and reviewed with senior management and the compliance committee • A standard of macro comparisons across departments and functions should be developed and reported to senior leadership

Question 19

• Audit What 5 areas will conducting Compliance Audit help with?

Answer 19

• prevent, detect and deter criminal and unethical conduct • tailor a compliance program to a organization’s specific needs • improve the quality of the business functions of the organization • initiate immediate and appropriate corrective action by management • allow for early detection and reporting, thereby reduce loss

Question 20

• Audit Should the audit team conduct ongoing reviews for the organization?

Answer 20

No. One value of a formalized audit is to provide and objective outside view of the organization’s process and the audit team should be a different team than those conducting ongoing monitoring.

Question 21

• Audit What are the 12 areas that OIG recommends that organizations have audits in place for?

Answer 21

• Specific risk areas by organization type • coding • billing • information systems audit • issues are resolved and not repeated • medical necessity • contract management • claims submission procedures, including enrollment • anti-kickback and self referral concerns • bad debts • credit balances • advertising and marketing efforts

Question 22

What is one key difference between a review and an audit?

Answer 22

• A consistent selection process and sampling procedure must be used for audits

Question 23

How often should audit reports be presented to the CEO, governing body, and compliance committee?

Answer 23

On a regular basis, but not less than annually

Question 24

How long does the compliance officer, compliance committee, or management official have to report instances to the appropriate governmental authorities of misconduct that appears to violate criminal, civil, or administrative law?

Answer 24

Within a reasonable time, but not more than 60 days after the misconduct is discovered Note: Attorney consultation is recommended

Question 25

When does the OIG require immediate notification to governmental authorities?

Answer 25

• A clear violation of criminal law • The violation has a significant adverse effect on the quality of care provided to program beneficiaries • Indicates evidence of systemic failure to comply with applicable laws, an existing corporate integrity agreement, or other standards of conduct, regardless of the financial impact on federal health care programs Note: Attorney consultation is recommended

Question 26

Four components of a well structured compliance self-assessment include?

Answer 26

• Specific to each organization type • Forward looking - linking into long-term strategy for the organization • Look for optimal compliance choice • Be preventative in Nature

Question 27

What is the difference between a Self-Assessment and Needs-Assessment?

Answer 27

A needs-assessment is the starting point for compliance risk identification, it maps out the initial plan. Self-assessment occurs after the organization’s compliance plan has been implemented and shows that the organization continues to value compliance and are “doing the right thing”.

Question 28

What is the key purpose for establishing a baseline assessment?

Answer 28

The “snapshot” or baseline is used as part of the benchmarking analysis, and used by compliance and managers to judge the progress in reducing or eliminating potential areas of vulnerability and risk.

Question 29

To what extent can compliance protect anonymity and confidentiality?

Answer 29

Within legal and practical limits

Question 30

What are the recommended open lines of communication options available to report compliance issues?

Answer 30

• Hotlines • Emails • Written Memos • Newsletters

Question 31

TRUE/FLASE An “open door” policy making a visible and vocal commitment to compliance for purposes of discussing compliance is an acceptable communication method to report compliance?

Answer 31

TRUE

Question 32

What policies must be enacted for communication and reporting purposes?

Answer 32

• ensuring the confidentiality of the information in the report and the individual making the report • List the steps of the investigatory process to ensure consistency and thoroughness • guaranteeing that no retaliatory disciplinary actions will be taken against an individual making a “good faith” report

Question 33

TRUE/FALSE The reporting mechanism for compliance issues must be publicized?

Answer 33

TRUE Employee awareness is crucial if the reporting mechanism is to be effective

Question 34

What are some methods used to publicize the reporting mechanism?

Answer 34

• Posters • Letters • Wallet cards • Newsletter articles • Code of Conduct • Other Compliance Communications