Question: I’ve been the Compliance Officer with my health center for three years. Each year I mean to send out regular compliance emails to employees about the compliance program, highlight our work and encourage employees to bring forward their compliance questions and concerns…but, with everything else going on, it always falls to the bottom of my “to do” list. How can I finally prioritize regular compliance communication to our staff without taking away from all the other compliance priorities?
Answer: The Office of Inspector General (“OIG”) Compliance Program guidance documents emphasize the importance of maintaining open communication between an organization’s compliance officer and employees. Open communication is a “two-way street,” meaning that the individuals covered by the compliance program should be communicating with compliance staff and vice-versa.
Here are few things to keep in mind when developing a communication strategy for the compliance program at your health center:
- Make it multipronged: The OIG Compliance Program guidance documents encourage organizations to use several forms of communication between the compliance officer and staff members, such as hotlines and email. While we encourage organizations to have mechanisms other than email for employees to report compliance issues, a regular compliance e-newsletter can be an easy way to inform all staff about the compliance program. When using email to inform, consider sending the message as a blind copy so that individuals cannot respond to all recipients, send the message through an email service (such as Constant Contact or MailChimp), or post the messages on the organization’s intranet. Always include information about how employees may contact the compliance program to report compliance issues, along with the compliance program message or update.
Remember that not all employees have easy access to email (think about maintenance staff who are rarely sitting at a desk and busy front desk staff who are inundated with email messages), some are not comfortable with technology and others may have limited English proficiency or disabilities that require a different or variety of communication methods. For these reasons, consider posting compliance program updates in employee breakrooms or using paper notices (either personally delivered by the compliance officer or included in other mailings to employees).
Be aware of the length and complexity of the information presented. Remember, these communications should support your organization’s compliance training and education program, not supplant it.
Know your audience(s): Compliance information and training is important for employees as well as Board members, volunteers, vendors, contractors and others. You can reuse written content and presentation materials for the other audiences. For example:
• If sending an email notice, consider including Board members on the message or include a copy of the message in the next month’s board package. Remember to check with the CEO before sending the email to Board members. Also, let Board members know that such messages are for informational purposes and that you are happy to answer any questions off-line.
• Post compliance notices and news next to the volunteer sign-in sheet. Request that they initial a separate form to affirm that they have read and understand the information.
• Include a copy of your organization’s standards of conduct and compliance polices to vendors and contractors when requested or as part of the contracting process.
Commit to a schedule: Consider including monthly or quarterly compliance communications as an activity on your health center’s compliance work plan. Below, we’ve sketched out a schedule of topics that can be adapted it to address the most relevant compliance risk areas for your organization:
January: “J” is for Jumpstarting your Compliance Program: Start the year off strong by providing all employees with an overview of the organization’s compliance program, including their responsibilities and how to report compliance issues or concerns. Include copies or links to relevant compliance program documents, such as:o Standards of conduct or code of conduct
o Conflict of interest and any required disclosure forms (as applicable)
o Compliance program policies and procedures
o Compliance program training modules
February: “F” is for False Claims: One of the top risk areas for healthcare providers of all types, inform your employees about the relevant federal and state laws related to false claims, provide helpful examples, and remind employees how to report any questions or concerns. For example:
The False Claims Act forbids knowingly presenting, or causing the presentation of, a false claim for reimbursement by a federal health care program, including Medicare and Medicaid. Some common examples of fraud include:
• Knowingly billing for services not furnished;
• Knowingly billing for services rendered by a provider which are outside the scope of that provider’s license; and,
• Falsifying certificates of medical necessity, plans of treatment, and medical records to justify a payment.
Penalties for submitting false claims include a penalty of up to $21,563 (in 2016) for each claim, three times the amount of the Government’s damages and exclusion from federally funded health care programs. Individuals who report false claims are known as whistleblower and are protected from retaliation (see our organization’s Whistleblower Protection Policy and Procedure).
Have questions about billing or coding? Please contact the compliance officer (include contact information).
March: “M” is for Minimum Necessary: Remind employees that under HIPAA, they may access and use only the minimum amount of protected health information needed to perform their job, unless the use or disclosure is for treatment purposes, to the individual who is the subject of the information, or if an individual has authorized the use or disclosure. Provide employees with additional details about the protection psychotherapy notes under HIPAA, substance use disorder records under 42 CFR Part 2, and any other types of records protected by state laws. Include a link to organizational policies and procedures that provide employees with guidance on the use and disclose protected health information.
April: “A” is for Anti-Kickback Statute: Provide employees with a brief description of the Anti-Kickback Statute, examples of prohibited conduct, and expectations for staff members. For example:
The Anti-Kickback Statute prohibits knowingly and willfully soliciting, receiving, offering or paying remuneration (including any kickback, bribe or rebate) for patient referrals for services or the purchase or lease of equipment, goods or services that are paid, in whole or in part, under a Federal health care program. Potential penalties include criminal fines, imprisonment, civil fines and exclusion from federally funded health care programs.
Example: In 2016, a Chicago psychiatrist was sentenced to nine months in federal prison for accepting nearly $600,000 in fees, benefits and other kickbacks from pharmaceutical companies in exchange for prescribing a medication to his patients. The psychiatrist prescribed the medication to thousands of elderly and indigent patients covered by the Medicaid program.
Violations of the Anti-Kickback Statute can occur even if the intent to induce referrals or a purchase or lease is only one of several reasons or purposes for the arrangement. Before entering into an arrangement or signing a written agreement, please speak with your supervisor and submit the relevant materials to [Contracts Manager, CEO, Legal Counsel] for review.
- Maintain documentation: Keep copies of the emails sent, information posted and other materials provided to employees. For emails, print a copy with the date and time it was sent and include a date on other information provided to employees. This will allow you to demonstrate regular communication with employees. It will also help to create a calendar for additional communication. Tracking the topics covered allows you to identify when it is time to revisit important compliance topics, such as billing and coding, HIPAA, and the compliance program basics.
- Have some fun: Consider including quiz questions as part of communication with employees and enter everyone with the correct answer into a raffle. Prizes could include items with the organization’s logo (water bottles, t-shirts) or gift cards to a popular lunch spot or coffee shop. Reviewing employee answers will also give you a sense of whether they need additional compliance education and training.
Developing a communication strategy for your compliance program will support the development of open lines of communication. The communication strategy can also support other compliance and organization initiatives, such as informing employees about compliance risk areas and developing training and education opportunities.