On January 17, 2017, a group of compliance professionals and staff from the Department of Health and Human Services, Office of Inspector General (OIG) met to discuss ways to measure the effectiveness of compliance programs. The intent of this exercise was to provide a large number of ideas for measuring the various elements of a compliance program. Measuring compliance program effectiveness is recommended by several authorities. This list will provide measurement options to a wide range of organizations with diverse size, operational complexity, industry sectors, resources, and compliance programs.
Screening of Employees, Physicians, Vendors, and Other Agents Element #3 Part 2
In March 2013, the section of the ACA, 7 Elements of Compliance, went into effect for any organization that receives Medicare or Medicaid money. At that time, everyone was to begin screening all individuals and vendors that they give money to and have documentation of the report. Many organizations scoffed at this, as the process can be tedious and timely if using the OIG website. The OIG website only lets a person scan up to 5 names at a time and then if there is a correlation of information, the next step can take even longer to diagnose if your employee is actually the employee on the OIG/LEIE website.
An audit should be conducted on a regular basis to ensure the screening process is being conducted correctly and all documentation is in place. It is also necessary to verify that investigations, resolutions to problems, and communication has been conducted and documented in the necessary situations.
Here at BCG Research we have automated system that will do up to 10,000 names in a few minutes. If you are interested in more information on how this works, please email me (below) or check out our website.
Measures of Effectiveness in a Compliance Program:
Below, is the list that was outlined on January 17, 2017 of what the team believed was important in the screening process of individuals under Element #3.
- Verify background/sanction checks are conducted in accordance with applicable rules and laws (e.g., employment, promotions, credentialing.)
- Monitor government sanction lists for excluded individuals/entities.
- Verify due diligence is conducted on third parties (e.g consultants, vendors, acquisitons).
- Assure corrective action is taken based on background/sanction check findings.
Let’s take a deeper look at this.
The report has many suggestions on how to measure these four points, and I have listed a few ideas for you below in an action plan format:
- Verify that the person responsible for doing the exclusion screening has understanding of the process and is accountable for the results.
- How to measure: audit the job description, training material, and do an annual performance evaluation.
- Annually review the process and audit outcomes are being responded to correctly.
- The organization has established a policy that requires background checks be performed on new hires, new vendors, and all employees and vendors who receive payment from the facility.
- How to measure: Review documentation to ensure disclosure requirements are clearly stated and that there is a current policy in place regarding the background checks.
- Verify there is a provision in all vendor agreements.
- Audit personnel files for Employee Information Worksheets and yearly update the worksheets for new information and signature.
The Employee Screening Process Should Include:
- The Employee Screening process should include:
- Verification all employee are screened prior to hire,
- All legal names/alias’ are being checked in the screening process,
- Discussion and decision on individuals that need to be checked including medical, staff, volunteers, and misc. people money is paid out to within the facility,
- Include in the policy what data basis people will be screened against according to the category of service they provide to the facility
- A specific and defined process of criteria for review of the screening checks,
- Everyone screened understands why they are being screened and the process of the disclosure process,
- A policy is in place for the frequency of screening and the screening process,
- There are sufficient controls in place in the hiring process and vendor engagement process to prevent the hiring of ineligible individuals and entities,
- Screening of individuals and entities meets the requirements of all laws and regulations,
- Screenings should be performed on a monthly basis,
- All applicants for employment understand the disclosure requirements and the importance of honesty on all applications,
- Policies in place which outline the process of screening, the investigation of potential hits, the actions that will be taken in response to a hit or investigation, and the tracking of the exclusion,
- Additional screening is established and a policy in place for the high risk employees and job areas of the organization,
- Verification process that vendors and other third party have certified they screen their individuals so you do not have too and that this is in writing between you and the 3rd party,
- Vendor agreements include the right to audit the vendor or ask for verification they are meeting the requirements and obligations of the screening process,
- Communication with stakeholders is consistent
- Lastly, verification there is a policy in place prohibiting anyone to be paid money if they are on an exclusion list.
Ok, that’s enough for one week! Some of you may have plenty to do with in the week to get caught up and meet all the standards outlined in this document. Next week, we will look at communication and education training in compliance.
The link to the OIG site as to what to measure and how to measure is below. There is a lot of valuable information in this section and I highly recommend you review them. If you want to review the what and how’s to measure element #3, the link is https://oig.hhs.gov/compliance/101/files/HCCA-OIG-Resource-Guide.pdf .
Should you have any questions or want a consultation of your program, please contact me at firstname.lastname@example.org.