Every compliance program should develop and distribute written compliance standards, procedures, and practices that guide the nursing facility and the conduct of its employees throughout day-to-day operations. These policies and procedures should be developed under the direction and supervision of the compliance officer, the compliance committee, and operational managers. At a minimum, they should be provided to all employees who are affected by these policies, as well as physicians, suppliers, nursing facility agents, and contractors, as applicable to those entities.15 In addition to general corporate policies and procedures, an effective compliance program should include specific policies and procedures for the different clinical, financial, and administrative functions of a nursing facility.
1. Code of Conduct
While a clear statement of policies and procedures is at the core of a compliance program, the OIG recommends that nursing facilities start the process with the development of a corporate statement of principles that will guide the operations of the provider. One common expression of this statement of principles is the code of conduct.16 The code should function in the same fashion as a constitution, i.e., as a foundational document that details the fundamental principles, values, and framework for action within an organization. The code of conduct for a nursing facility should articulate the organization’s expectations of employees, as well as summarize the basic legal principles under which the organization must operate. Unlike the more detailed policies and procedures, the code of conduct should be brief, easily readable and cover general principles applicable to all employees.
The code of conduct should be distributed to, and comprehensible by, all affected employees.17 Depending on the facility’s work force, this may mean that the code should be translated into other languages when necessary and written at appropriate reading levels. Further, any employee handbook delineating the standards of conduct should be regularly updated to reflect developments in applicable Government and private health care program requirements. Finally, the OIG recommends that current employees, as well as those newly hired, should certify that they have received, read, and will abide by the organization’s code of conduct. These certifications, updated any time the code is revised or amended by the organization, should be retained in the employee’s personnel file and made available for review.18
The OIG believes that all nursing facilities should operate under the guidance of a code of conduct. While the OIG recognizes that some nursing facilities may not have the resources to establish a comprehensive compliance program, we believe that every nursing facility can design a program that addresses the seven elements set out in this guidance, albeit at different levels of sophistication and complexity. In its most fundamental form, a facility’s code of conduct is a basic set of standards that articulate the organization’s philosophy, summarize basic legal principles, and teach employees how to respond to practices that may violate the code of conduct. These standards should be posted and distributed to every employee. Further, even a small nursing facility should obtain written attestation from its employees to confirm their understanding and commitment to the nursing facility’s code of conduct.
2. Specific Risk Areas
As part of their commitment to a compliance program, nursing facilities should prepare a comprehensive set of written policies and procedures that are in place to prevent fraud and abuse in facility operations and to ensure the appropriate care of their residents. These policies and procedures should educate and alert all affected managers and employees of the Federal health care program and private payor requirements, the consequences of noncompliance, and the specific procedures that nursing facility employees should follow to report problems, to ensure compliance, and to rectify any prior noncompliance.
The OIG recognizes that many States require nursing facilities to have a policies and procedures manual and that most facilities have in place procedures to prevent fraud and abuse in their institutions. These providers may not need to develop a new, comprehensive set of policies as part of their compliance program if existing policies effectively encompass the provider’s operations and relevant rules. However, the nursing home industry is subject to numerous Federal and State statutes, rules, regulations and manual instructions.19 Because these program requirements are frequently modified, the OIG recommends that all nursing facilities evaluate their current compliance policies and procedures by conducting a baseline assessment of risk areas, as well as subsequent reevaluations.20 The OIG also recommends that these internal compliance reviews be undertaken on a regular basis to ensure compliance with current program requirements.
To assist nursing facilities in performing this internal assessment, the OIG has developed a list of potential risk areas affecting nursing facility providers. These risk areas include quality of care and residents’ rights, employee screening, vendor relationships, billing and cost reporting, and record keeping and documentation. This list of risk areas is not exhaustive, nor all encompassing. Rather, it should be viewed as a starting point for an internal review of potential vulnerabilities within the nursing facility.21 The objective of this assessment should be to ensure that the employees, managers and directors are aware of these risk areas and that steps are taken to minimize, to the extent possible, the types of problems identified. While there are many ways to accomplish this objective, comprehensive written policies and procedures that are communicated to all appropriate employees and contractors are the first step in an effective compliance program.
The OIG believes that sound operating compliance policies are essential to all nursing facilities, regardless of size and capability. If a lack of resources to develop such policies is genuinely an issue, the OIG recommends that those nursing facilities focus first on those risk areas most likely to arise in their business operations. At a minimum, resources should be directed to analyze the results of annual surveys,22 and to verify that the facility has effectively addressed any deficiencies cited by the surveyors. An effective and low-cost means to accomplish this is through the use of the facility’s Quality Assessment and Assurance Committee. The committee should consist of facility staff members, including the Director of Nursing and the medical director. Inclusion and participation of direct care staff (e.g., nurses and nurses’ aides who provide direct resident care) should be encouraged. This committee is best suited to establish measurable, outcome-based criteria that focus on vulnerabilities that adversely affect the care of residents. On a periodic basis, the committee should meet to identify issues affecting the quality of care provided to the residents and to develop and implement appropriate corrective actions. The time commitment required for this collaborative effort will vary according to the magnitude of the facility’s quality assessment and assurance issues.
Creating a resource manual from publicly available information may be a cost-effective approach for developing policies and procedures to improve the quality of each resident’s life. For example, a simple binder that contains a facility’s written policies and procedures, the most recent survey findings and plan of correction, relevant HCFA instructions and bulletins, and summaries of key OIG documents (e.g., Special Fraud Alerts, Advisory Bulletins, inspection and audit reports) can be regularly updated and made accessible to all employees. Particularly in the case of more technical materials, it may be advisable to provide summaries in the handbook and make the source documents available upon request. If individualized copies of this handbook are not made available to all employees, then a reference copy should be available in a readily accessible location, as well as from the designated compliance officer.
a. Quality of Care
The OIG believes that a nursing facility’s compliance policies should start with a statement that affirms the facility’s commitment to providing the care and services necessary to attain or maintain the resident’s ‘‘highest practicable physical, mental and psychosocial well-being.’’ 23 To achieve the goal of providing quality care, nursing facilities should continually measure their performance against comprehensive standards that, at a minimum, must include Medicare requirements.24 In addition to these regulations, a facility should develop its own quality of care protocols and implement mechanisms for evaluating compliance with those protocols. As part of its ongoing commitment to quality care, the facility should implement a system that reviews each resident’s outcomes and improves on those outcomes through analysis and modification of the delivery of care. After the care delivery protocols have been modified, the facility should re-analyze the residents’ outcomes to assure that the modification had the desired result and has actually improved care. Although resident care protocols are a useful tool for maintaining or improving the quality of care, facilities should ensure that measurable resident outcomes are used to determine the adequacy of the care actually rendered.
As noted above, current and past surveys are a good place to begin to identify specific risk areas and regulatory vulnerabilities at the individual facility. Any deficiencies discovered by an annual State agency survey, Federal validation survey or complaint survey reflect noncompliance with the program requirements for nursing homes and can be the basis for enforcement actions.25 Those deficiencies identified by the State agency survey instrument must be addressed and, where appropriate, the corrective action should be incorporated into the facility’s policies and procedures as well as reflected in its training and educational programs. In addition to responding promptly to deficiencies identified through the survey and certification process, nursing facilities should take proactive measures to identify, anticipate, and respond to quality of care risk areas identified by the nursing home ombudsman or other sources.
As noted throughout this guidance, each provider must assess its vulnerability to particular abusive practices in light of its unique circumstances. However, the OIG, HCFA, the Department of Justice, and State enforcement agencies have substantial experience in identifying quality of care risk areas. Some of the special areas of concern include:
- absence of a comprehensive, accurate assessment of each resident’s functional capacity and a comprehensive care plan that includes measurable objectives and timetables to meet the resident’s medical, nursing, and mental and psychosocial needs; 26
- inappropriate or insufficient treatment and services to address residents’ clinical conditions, including pressure ulcers, dehydration, malnutrition, incontinence of the bladder, and mental or psychosocial problems; 27
- failure to accommodate individual resident needs and preferences; 28
- failure to properly prescribe, administer and monitor prescription drug usage; 29
- inadequate staffing levels or insufficiently trained or supervised staff to provide medical, nursing, and related services; 30
- failure to provide appropriate therapy services; 31
- failure to provide appropriate services to assist residents with activities of daily living (e.g., feeding, dressing, bathing, etc.);
- failure to provide an ongoing activities program to meet the individual needs of all residents; and
- failure to report incidents of mistreatment, neglect, or abuse to the administrator of the facility and other officials as required by law.32
As noted previously, a nursing facility that has a history of serious deficiencies should use those survey results as a starting point for implementing a comprehensive plan to improve its quality of care. The quality of life for nursing home residents can be improved most directly by effectively addressing these risk areas with written policies and procedures, which are then implemented through effective training programs and supervision.
b. Residents’ Rights
The Budget Reconciliation Act (OBRA) of 1987, Public Law 100–203, established a number of requirements to protect and promote the rights of each resident.33 In addition, many States have adopted specific lists of residents’ rights.34 The nursing facility’s policies should address the residents’ right to a dignified existence that promotes freedom of choice, self-determination, and reasonable accommodation of individual needs. To protect the rights of each resident, the OIG recommends that a provider address the following risk areas as part of its compliance policies:
- discriminatory admission or improper denial of access to care; 35
- verbal, mental or physical abuse, corporal punishment and involuntary seclusion; 36
- inappropriate use of physical or chemical restraints; 37
- failure to ensure that residents have personal privacy and access to their personal records upon request and that the privacy and confidentiality of those records are protected; 38
- denial of a resident’s right to participate in care and treatment decisions; 39 and
- failure to safeguard residents’ financial affairs.40
c. Billing and Cost Reporting
Abusive and fraudulent billing practices in the Federal health care programs drain the public fisc of the funds needed to provide program beneficiaries medically necessary items and services. These types of abusive practices also have had an adverse financial impact on private health insurance plans and their subscribers. Over the last twenty years, the OIG has identified patterns of improper and fraudulent activities that cover the spectrum of health care services and have cost taxpayers billions of dollars.41 These fraudulent billing practices, as well as abuses in other risk areas that are described in this compliance program guidance, have resulted in criminal, civil and administrative enforcement actions. Because the consequences of these enforcement actions can have a profound adverse impact on a provider, the identification of risk areas associated with billing and cost reporting should be a major component of a nursing facility’s compliance program.
The introduction of a prospective payments system (PPS) for Medicare SNFs, consolidated billing of all services furnished to a resident in a covered Part A stay and the forthcoming implementation of consolidated billing for SNF residents in a Part B stay create additional issues to be addressed when designing billing and cost reporting compliance policies and procedures.42 In the following discussion of billing risk areas, the OIG has attempted to identify issues that pose concerns under the current systems of reimbursement and the transition period to consolidated billing, as well as anticipate potential compliance issues stemming from these program changes. As is the case with all aspects of compliance, the nursing facility must continually reassess its billing procedures and policies to ensure that unanticipated problems are promptly identified and corrected. Listed below are some of the reimbursement risk areas a nursing facility should consider addressing as part of its written compliance policies and procedures:
- billing for items or services not rendered or provided as claimed;43
- submitting claims for equipment, medical supplies and services that are medically unnecessary; 44
- submitting claims to Medicare Part A for residents who are not eligible for Part A coverage; 45
- duplicate billing; 46
- failing to identify and refund credit balances; 47
- submitting claims for items or services not ordered; 48
- knowingly billing for inadequate or substandard care; 49
- providing misleading information about a resident’s medical condition on the MDS or otherwise providing inaccurate information used to determine the RUG assigned to the resident;
- upcoding the level of service provided; 50
- billing for individual items or services when they either are included in the facility’s per diem rate or are of the type of item or service that must be billed as a unit and may not be unbundled; 51
- billing residents for items or services that are included in the per diem rate or otherwise covered by the third-party payor;
- altering documentation or forging a physician signature on documents used to verify that services were ordered and/ or provided; 52
- failing to maintain sufficient documentation to support the diagnosis, justify treatment, document the course of treatment and results, and promote continuity of care; and
- false cost reports.53
The OIG recommends that a nursing facility, through its policies and procedures, take all reasonable steps to ensure compliance with the Federal health care programs when submitting information that affects reimbursement decisions. A key component of ensuring accurate information is the proper and ongoing training and evaluation of the staff responsible for coding diagnoses and regular internal audits of coding policies and procedures. With the arrival of consolidated billing and the next edition of the coding manuals, it will be even more critical that knowledgeable individuals are performing these coding tasks.
The risk areas associated with billing and cost reporting have been among the most frequent subjects of investigations and audits by the OIG. In addition to facing criminal sanctions and significant monetary penalties, providers that have failed to adequately ensure the accuracy of their claims and cost report submissions can have their Medicare payments suspended (42 CFR 405.371), be excluded from program participation (42 U.S.C. 1320a–7(b)), or, in lieu of exclusion, be required by the OIG to execute a corporate integrity agreement (CIA). 54
d. Employee Screening
Nursing facilities are required by Federal, and in some cases State, law to investigate the background of certain employees.55 Nursing facilities should conduct a reasonable and prudent background investigation and reference check before hiring those employees who have access to patients or their possessions, or who have discretionary authority to make decisions that may involve compliance with the law. The employment application should specifically require the applicant to disclose any criminal conviction, as defined by 42 U.S.C. 1320a–7(i); or exclusion from participation in the Federal health care programs. Because many of the services provided in nursing facilities are furnished under arrangement with non-employee personnel, including registry and personnel agency staff, the nursing facility also should require these individuals to be subject to the same scrutiny by their agency prior to placement in the facility.
This pre-employment screening is critical to ensuring the integrity of the facility’s work force and safeguarding the welfare of its residents. Because providers of nursing care have frequent, relatively unsupervised access to vulnerable people and their property, a nursing facility also should seriously consider whether to employ individuals who have been convicted of crimes of neglect, violence, theft or dishonesty, financial misconduct, or other offenses related to the particular job.56
Nursing facility policies should prohibit the continued employment of individuals who have been convicted of a criminal offense related to health care or who are debarred, excluded, or otherwise become ineligible for participation in Federal health care programs. 57 In addition, if the facility has notice that an employee or contractor is currently charged with a criminal offense related to the delivery of health care services or is proposed for exclusion during his or her employment or contract, the facility should take all appropriate actions to ensure that the responsibilities of that employee or contractor do not adversely affect the quality of care rendered to any patient or resident, or the accuracy of any claims submitted to any Federal health care program.58 If resolution of the matter results in conviction, debarment, or exclusion, the nursing facility should terminate its employment or contract arrangement with the individual.
In order to ensure that nursing facilities undertake background checks of all employees to the extent required by law, the OIG recommends that the following measures be incorporated into the compliance program’s policies and procedures:
- investigate the background of employees by checking with all applicable licensing and certification authorities to verify that requisite licenses and certifications are in order; 59
- require all potential employees to certify (e.g., on the employment application) that they have not been convicted of an offense that would preclude employment in a nursing facility and that they are not excluded from participation in the Federal health care programs;
- require temporary employment agencies to ensure that temporary staff assigned to the facility have undergone background checks that verify that they have not been convicted of an offense sthat would preclude employment in the facility;
- check the OIG’s List of Excluded Individuals/Entities and the GSA’s list of debarred contractors to verify that employees are not excluded from participating in the Federal health care programs; 60
- require current employees to report to the nursing facility if, subsequent to their employment, they are convicted of an offense that would preclude employment in a nursing facility or are excluded from participation in any Federal health care program; and
- periodically check the OIG and GSA web sites to verify the participation/exclusion status of independent contractors and retain on file the results of that query. 61
Regardless of the size or resources of the nursing facility, employee screening is critical. Nursing facilities, like all corporations, must act through their employees and are held accountable for their actions. One of the best ways to ensure that the organization will act in conformance with the law is to hire employees and contractors who can be trusted to embrace a culture of compliance. While the resources required to check the OIG List of Excluded Individuals/Entities are minimal, the absence of an accessible centralized site for criminal background checks may result in inefficiencies and expense. While large providers may elect to outsource the screening process, this may not be a realistic option for smaller nursing facilities. Nevertheless, the OIG recommends that all nursing facilities implement a policy to undertake background checks of all employees.
e. Kickbacks, Inducements and Self-Referrals
A nursing facility should have policies and procedures to ensure compliance with the anti-kickback statute,62 the Stark physician self-referral law 63 and other relevant Federal and State laws by providing guidance in situations that could lead to a violation of these laws.64 In particular, arrangements with hospitals, hospices, physicians and vendors are vulnerable to abuse. For example, in the case of hospitals, physicians and hospital staff exert influence over the patient and can influence the choice of a nursing facility. In addition, in his or her roles as medical director and/or attending physician, a physician frequently can influence the utilization of ancillary services.65 Moreover, by contrast, a nursing facility operator can influence the selection of which hospices will provide hospice services and which vendors will deliver equipment and services to the facility’s residents. In addition to developing policies to address arrangements with other health care providers and suppliers, nursing facilities also should implement measures to avoid offering inappropriate inducements to residents. Possible risk areas that should be addressed in the policies and procedures include:
- routinely waiving coinsurance or deductible amounts without a good faith determination that the resident is in financial need, or absent reasonable efforts to collect the cost-sharing amount; 66
- agreements between the facility and a hospital, home health agency, or hospice that involve the referral or transfer of any resident to or by the nursing home; 67
- soliciting, accepting or offering any gift or gratuity of more than nominal value to or from residents, potential referral sources, and other individuals and entities with which the nursing facility has a business relationship; 68
- conditioning admission or continued stay at a facility on a third-party guarantee of payment, or soliciting payment for services covered by Medicaid, in addition to any amount required to be paid under the State Medicaid plan; 69
- arrangements between a nursing facility and a hospital under which the facility will only accept a Medicare beneficiary on the condition that the hospital pays the facility an amount over and above what the facility would receive through PPS; 70
- financial arrangements with physicians, including the facility’s medical director; 71
- arrangements with vendors that result in the nursing facility receiving non-covered items (such as disposable adult diapers) at below market prices or no charge, provided the facility orders Medicare-reimbursed products; 72
- soliciting or receiving items of value in exchange for providing the supplier access to residents’ medical records and other information needed to bill Medicare; 73
- joint ventures with entities supplying goods or services; 74 and
In order to keep current with this area of the law, a nursing facility should obtain copies of all relevant OIG and HCFA regulations, Special Fraud Alerts, and Advisory Opinions that address the application of the anti-kickback and Stark self-referral laws to ensure that the policies reflect current positions and opinions. Most of these documents are readily available on the Internet. Further, nursing facility policies should provide that all nursing facility contracts and arrangements with actual or potential sources of referrals are reviewed by counsel and comply with applicable statutes and requirements.
3. Creation and Retention of Records
When implementing a compliance program, nursing facilities should provide for the development and implementation of a records system that ensures complete and accurate medical record documentation. This system should establish policies and procedures regarding the creation, distribution, retention, and destruction of documents. Policies should provide for the complete, accurate, and timely documentation of all nursing and therapy services, including subcontracted services, as well as MDS information. In designing a records systems, privacy concerns and regulatory requirements also should be taken into consideration.
In addition to maintaining appropriate and thorough medical records on each resident, the OIG recommends that the system should include the following types of documents:
- all records and documentation (e.g., billing and claims documentation) required for participation in Federal, State, and private health care programs, including the resident assessment instrument, the comprehensive plan of care and all corrective actions taken in response to surveys; 76
- all records, documentation, and audit data that support and explain cost reports and other financial activity, including any internal or external compliance monitoring activities; and
- all records necessary to demonstrate the integrity of the nursing facility compliance process and to confirm the effectiveness of the program.77
While conducting its compliance activities, as well as its daily operations, a nursing facility should document its efforts to comply with applicable statutes, regulations, and Federal health care program requirements. For example, where a nursing facility requests advice from a Government agency (including a Medicare fiscal intermediary or carrier) charged with administering a Federal health care program, the nursing facility should document and retain a record of the request and any written or oral response. This step is extremely important if the nursing facility intends to rely on that response to guide it in future decisions, actions, or claim reimbursement requests or appeals. A log of oral inquiries between the nursing facility and third parties will help the organization document its attempts at compliance. In addition, these records may become relevant in a subsequent investigation to the issue of whether the facility’s reliance was ‘‘reasonable’’ and whether it exercised due diligence in developing procedures and practices to implement the advice.
In short, all nursing facilities, regardless of size, must retain appropriate documentation. Further, the OIG recommends that the nursing facility:
- secure this information in a safe place;
- maintain hard copies of all electronic or database documentation;
- limit access to such documentation to avoid accidental or intentional fabrication or destruction of records; 78 and
- conform document retention and destruction policies to applicable laws.
As the Government increases its reliance on electronic data interchange to conduct business and gather information more quickly and efficiently, it is important that the nursing facility work toward the goal of developing the capacity to ensure that all informational systems maintained by the facility are in working order, secured, and capable of accessing Federal and State databases.
4. Compliance as an Element of Employee Performance
Compliance programs should require the promotion of, and adherence to, the elements of the compliance program to be a factor in evaluating the performance of all employees. Employees should be periodically trained in new compliance policies and procedures. In addition, policies should require that managers, especially those involved in the direct care of residents and in claims development and submission:
- discuss with all supervised employees and relevant contractors the compliance policies and legal requirements applicable to their function;
- inform all supervised personnel that strict compliance with these policies and procedures is a condition of employment; and
- disclose to all supervised personnel that the nursing facility will take disciplinary action, up to and including termination, for violation of these policies or requirements.
Managers and supervisors should be disciplined for failing to adequately instruct their subordinates or for failing to detect noncompliance with applicable policies and legal requirements, where reasonable diligence would have led to the discovery of any problems or violations and given the nursing facility the opportunity to correct them earlier. Conversely, those supervisors who have demonstrated leadership in the advancement of the company’s code of conduct and compliance objectives should be singled out for recognition.
The OIG believes that all nursing facilities, regardless of resources or size, should ensure that its employees understand the importance of compliance with program requirements and the value the company places on its compliance program. If the small nursing facility does not have a formal employee evaluation system, it should informally convey to employees their compliance responsibilities whenever the opportunity arises. Positive reenforcement is generally more effective than sanctions in conditioning behavior and managers should be given mechanisms to reward employees who promote compliance.
II. Compliance Program Elements
A. The Seven Basic Compliance Elements
B. Written Policies and Procedures
C. Designation of a Compliance Officer and a Compliance Committee
D. Conducting Effective Training and Education
E. Developing Effective Lines of Communication
F. Auditing and Monitoring
G. Enforcing Standards Through Well-Publicized Disciplinary Guidelines
H. Responding to Detected Offenses and Developing Corrective Action Initiatives
III. Assessing the Effectiveness of a Compliance Program