Audit Expectations and Challenges

When it comes to hospitals providing best-in-class health care, stress comes with the territory. From stabilizing trauma victims, to accurately distributing medications, to physicians and nurses working long shifts, increased demands are everywhere — including operations not directly involved with patient care. One demand that can turn daily routines completely upside-down and compound stress is an audit. A GRC compliance audit can be conducted internally by various hospital committees or externally, often by government-approved contractors.

Internal Audits

An internal audit seeks to determine if a hospital’s financial and operational controls, and their related policies and procedures, meet compliance and risk management demands.

Based on a hospital’s risk assessment, management develops and reviews the scope and goals of an audit. Running the audit is then delegated to a committee, with the most common committees focusing on:

  • Patient safety
  • Nursing staffing
  • Clinical quality
  • Medical staff

An internal audit involves interviews and evaluating personnel or procedures. Upon the audit’s completion, a report of its findings is prepared by the appropriate committee and shared with management. Corrective recommendations of action to any areas of noncompliance are collaboratively developed, and a finalized report is presented to the hospital’s board of directors, chief compliance officer, and audit and compliance committee.

The ultimate goal of an internal audit is to improve patient care. Who in a hospital wouldn’t want to improve it, right? But the truth is that an audit can diminish quality of care while it’s in progress. That’s because committees are often comprised of physicians, nurses, and technologists who are pulled away from patient-care responsibilities to work on compliance administrative tasks.

External Audits

According to a 2017 AHA report, four federal agencies — the Centers for Medicare & Medicaid Services, the Office of Inspector General, the Office of Civil Rights, and the Office of the National Coordinator for Health Information Technology — are the primary drivers of regulations and compliance costs across eight domains for hospitals:

  • Hospital conditions of participation
  • Billing and coverage verification requirements
  • Meaningful use of electronic health records
  • Quality reporting
  • Privacy and security
  • Fraud and abuse
  • Program integrity
  • New models of care

The frequency and pace of regulatory changes implemented by multiple federal agencies are dizzying. Hospitals are often required to comply with regulations in very short timeframes, requiring a significant investment of staff time and finances. What’s more, responding to multiple external audits increases administrative costs, and funds could be tied up in lengthy appeals processes contesting an auditor’s inappropriate determination.

External audits are conservatively estimated at $100 per hour. For example, consider the total costs of a HIPAA audit:

  • HIPAA Gap Assessment — Identifies gaps and provides remediation plans for those gaps
    (40 hours average, $24,000–34,000)
  • Full HIPAA Audit — Assesses hospitals against all the requirements in the HIPAA Security Rule
    (100 hours average, $30,000–60,000)
  • Validated HITRUST Assessment — Provides the most complete, certifiable framework for HIPAA to mirror PCI compliance (400 hours average, $100,000–160,000 — with costs much higher for larger organizations)

Protect Your Hospital

If your hospital is like most others, it’s spending too much staff time and money dealing with a blizzard of regulations and an avalanche of red tape. Fortunately, there are solutions. youCompli GRC risk management software monitors, reads, and translates complicated regulations into plain English. Our solution enables you to fully understand which rules are pertinent to maintaining compliance, further simplifying the auditing process. And it tracks everything, from end to end, making audits much less painful.

Learn how youCompli regulatory compliance management software protects your hospital.

Who Needs an “Easy” Button? Regulatory Compliance for Teaching Hospitals and Academic Medical Centers

Nobody chooses to pursue a career in healthcare at a teaching hospital or academic medical center (AMC) so they could process regulatory compliance paperwork. Right?! Nevertheless, health systems spend $39 billion on admin duties to comply with no fewer than 600 regulatory requirements. Most of the time they are juggling these requirements (and a whole lot more) without an effective compliance management system. It’s anybody’s guess what is truly being done to comply.

The regulatory landscape continues to change. It’s even more complex for teaching hospitals and AMCs that have specialized facilities such as children’s hospitals and cancer centers. And it’s nearly impossible to know for sure what is being done to comply with the regs when students and researchers are added to the mix. Compliance oversight is already challenging enough when it includes only clinical and hospital staff, business associates and contractors.

Ever-increasing regulation ushers in more documentation requirements. Satisfying the reporting requirements steals time away from patient care and contributes to burnout. Plus, more regs and more people equals a big compliance headache.

These healthcare systems not only have the pressure to comply with regulations, improve care and cut costs as other hospitals do, but they have the critical mandate to educate future medical professionals and dedicate resources to research.

According to the Association of American Medical Colleges, academic medical centers in the United States contribute $562 billion in annual economic impact. But, what’s even more significant is the impact these facilities have on the health of our society. Medicine moves forward in teaching hospitals and academic medical centers. When people are faced with a health crisis and grasping for innovative treatment and cures, they flock to these systems. Oftentimes this is their last shot at a healthy future. Teaching hospitals and academic medical centers are the epicenter of first breakthroughs. They are also the last resort for patients who have tried everything else. As a result, teaching hospitals have more costly cases and often bear the brunt of safety-net and charity care.

Shouldn’t there be an “easy” button for them?

Academic medical centers and teaching hospitals have a great need for an effective compliance management system. These systems save valuable time and money. But they also make it easy to see what is being done by whom to comply with regs. No more ad-hoc spreadsheets. Thoughtfully applied technology can make regulatory oversight a piece of cake.

The more effective the compliance management system, the more time is freed up for medical professionals to do what they are passionate about—provide the best patient care and focus on their mission of treatment, research and education. And who couldn’t use an “easy” button for compliance regulation?

Are you ready to explore a compliance management system that is easy to use and effective? If you’re ready to transform your regulatory compliance process, schedule a call today!

Chief Compliance Officers Can Be in the Cross hairs

Chief compliance officers should take note of two recent enforcement actions in the financial sector.

In these cases, the regulators have gone after the compliance officers (in addition to others).

In the 1st case, the SEC alleges that the chief compliance officer was “carrying out his compliance responsibilities in an extremely reckless manner.” It further alleges that the cco “was required to review and monitor” trading practices “to make sure they were fair and equitable”.   It says, other than occasionally “spot checking” trade paperwork the CCO “essentially did nothing” to ensure the firm’s trading policies and procedures were being followed.

Attorney Brian Daly, a partner in the regulatory and compliance and investment management groups of Schulte Roth & Zabel in New York, called the SEC action “pretty extreme.” (Reisnger, 2019) Daly spent a decade as a general counsel and chief compliance officer at several investment firms before joining Schulte, including at Kepos Capital, Raptor Capital Management and The Carlyle Group.

“It’s unusual,” Daly told Corporate Counsel. “It’s one thing to say he [compliance officer] could be sanctioned or censured, but they are accusing him of recklessly not carrying out his duties because of inaction, and of aiding and abetting bad actions.” (Reisnger, 2019)

The 2nd enforcement case accused the chief compliance officer of allegedly engaging in fraud and then making false statements to the National Futures Association.

In May of this year, the CEO of the firm was charged with allegedly misappropriation, fraud and making false statements.  This led to the CFTC ordering the firms cco to pay $150,000 ($125,000 in restitution and $25,000 civil penalty) for fraud and false statements.

Philadelphia attorney Mary Hansen, the co-chair of the white-collar defense and corporate investigations practice at Drinker Biddle & Reath, said (about the 2nd case), the case should serve as a warning to chief compliance officers. “In the last couple years, we’ve seen more compliance officers charged,” adding, “and that’s not going away.” (Resinger, 2019)

While not in the healthcare field these cases and others reinforce the on-going need to create effective compliance programs.

youCompli’s regulatory change management software ensures your program is effectively managing ALL regulatory changes. To see a 2-minute video to learn how and hear from one of our customers click below.

See the Video

Reisinger, S. (2019, Sept. 25) Regulators Put Chief Compliance Officers in Their Sights in 2 Financial Fraud Cases Retrieved from http://www.law.com

Can’t Have The 7 Elements Without This!

 

While not named by the OIG as one of the “7 elements of an Effective Compliance Program” the ability to manage regulations directly affects 5 of the 7 actual elements (the 5 affected are listed at the bottom of this post).

So, you need to manage regulations effectively to have an effective compliance program.

When regulations change you (and many of your colleagues) need answers to one, two or all three of these questions.

  1. Are we aware of all the new regs that might apply to us?
  2. For the ones that do, what needs to be done to comply?
  3. Did we do it?

To make this work easier and give you the ability to manage it, we suggest relying on a methodology to perform this work.  When we created our software, we developed Regulatory Compliance Lifecycle Management (RCLM).

RCLM is a methodology that if followed will give you the ability to answer the questions above and be able to demonstrate what was done to comply (assuming you keep track of it).

RCLM includes:

  • Identification and documentation of new regulations
  • Assessing its relevance to your organization
  • Translation into business requirements, (specific activities required to comply)
  • Communication of requirements to ALL stakeholders
  • Execution of activities required to comply
  • Monitoring and validation that required activities have been completed
  • Demonstration of the steps taken above

Our software automates RCLM and makes compliance much easier.

If you’re interested in seeing how sign-up for our 10-minute demo by clicking the link and picking a date/time that is convenient for you.

#chaostoconfidence #StopReadingRegs

10-Minute Demo

 

 

5 Elements directly affected by regulatory changes

  1. Implementing written policies, procedures and standards of conduct.
  2. Conducting effective training and education.
  3. Conducting internal monitoring and auditing.
  4. Enforcing standards through well-publicized disciplinary guidelines.
  5. Responding promptly to detected offenses and undertaking corrective action.

74 Federal Healthcare Regulatory Changes in January 2019 Alone

Yes, 74!  Are you surprised? In recent months, we’ve noticed two themes that challenge everyone managing regulatory changes: First, regulatory changes are flooding into your organization in lots of different ways, to lots of different people; daily subscriptions, hospital associations, clinical associations, law firms, etc. This can be very chaotic. A compliance officer recently joked that she […]

Continue reading

Do You Have the 4 Core Elements of an Emergency Preparedness Program?

four core elements of emergency preparedness

Revised February 2023 Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers Final Rule  (Check out our latest update on emergency preparedness, based on the 2019 final rule.) The motto of the Boy Scouts is Be Prepared. As of 2016, that motto applies to healthcare emergency preparedness, too.  Hurricanes Katrina and Sandy wreaked havoc […]

Continue reading