Challenged by increasing and changing regulations, more Compliance Officers (CO) are engaging in Virtual Compliance Assistance (VCA) as an affordable option to quickly adapt to the industry’s shifting regulatory environment, while maintaining the daily functions of the compliance program. Compliance departments, like other non-revenue-producing departments, are losing resources as hospitals and physician practices of all sizes face unprecedented financial challenges. Even before the COVID-19 pandemic, compliance departments often faced hurdles in securing adequate resources to execute their compliance work plans and support their organizations’ compliance programs.
Virtual Compliance Assistance Partner (VCAP)
Some COs find they are engaged with multiple advisors of virtual compliance services in order to meet varying needs. However, engaging a VCAP provides the greatest advantage, as it fully leverages the institutional knowledge gained as the relationship grows. A VCAP can reassure the CO and the Board that the organization is continuing to assess and mitigate risks, while adapting to a fluid regulatory environment. Further, because a compliance program seldom scales at the same pace as the organization’s growth, a VCAP can bridge gaps and minimize potential vulnerabilities. A VCAP offers a cadre of compliance advisors who can provide bandwidth, as well as a deep bench of experts who can meet nuanced compliance needs.
For example, a VCAP offers both subject matter expertise and experience, derived from working with many different clients on evolving and complex regulations that may require research and evaluation to determine the potential impact on an organization. Consequently, a VCAP can advise as to how a crisis may affect current risk exposure, and how priorities should be assessed and realigned. A VCAP can also assist with routine work plan items, as well as unexpected high-risk items that require additional resources.
A primary advantage of a VCAP is that it can scale its services to meet the specific needs of an organization and its compliance program, regardless of size. A smaller organization may engage a VCAP to support its compliance program in totality because its compliance budget cannot support a full-time position, or partially because the individual serving in the CO role is stretched too thin serving multiple roles. A mid-to-large size organization may engage a VCAP to provide additional bandwidth to complete compliance work plan items. Any size organization can enjoy a strategic advantage by engaging a VCAP to help with specific needs, or to sustain appropriate oversight of the compliance program and support annual compliance initiatives.
VCAPs are financially attractive to COs because they are less expensive than a full-time equivalent (FTE), yet are rich in compliance knowledge. Additionally, VCAPs are agile and can simultaneously support various needs, as well as provide immediate on-call support. VCAPs offer a resource of multiple experts in markets where demand is high. Support can be tailored to meet specific requests, and thus COs reap the maximum benefit of each compliance dollar spent.
Organized in alignment with the Seven Elements of an Effective Compliance Program, VCAPs partner with and support COs by providing services to meet a variety of compliance needs. Such services include:
Standards, Policies, and Procedures
- Develop and/or revise the code of conduct.
- Develop, review, or revise compliance polices.
- Monitor regulatory updates and develop applicable policies to address operational processes or changes, as needed.
Oversight and Program Administration
- Develop Board and oversight responsibility education, and present as needed to Board members.
- Develop Board reports to include the compliance program update, status of compliance work plan items, potential regulatory impacts on the organization, and ad hoc audits as identified via detected deficiencies.
- Evaluate and/or develop the Compliance Committee infrastructure, including composition, reporting structure, and charter development.
- Provide guidance to the CO with regard to effectively administering the compliance program and obtaining appropriate oversight.
Reporting and Investigating
- Evaluate hotline reports and conduct necessary investigations under the direction of the CO and the organization’s legal counsel.
- Review the entity’s investigation policy and procedure and revise as necessary.
- Assist with processes to log and investigate issues that arise from audits performed by outside parties, such as third-party payers and government auditors.
- Develop necessary reporting structure and tools to convey monitoring and auditing findings to executive leaders, the Board, medical staff leadership, and affected departments.
Education and Training
- Monitor regulatory updates to discern impact on the organization and develop applicable training for employees and medical staff members when needed.
- Develop the annual compliance training plan based on needs identified in the annual risk assessment, regulatory updates, and monitoring and auditing outcomes.
- Evaluate and/or develop compliance training curriculum and materials.
- Develop and provide annual HIPAA training.
- Develop and provide customized compliance training for high-risk areas, such as revenue cycle and physician contracting.
- Develop and provide specialty coding training.
- Develop and provide professional fee coding education for providers.
- Provide new CO training via on-site or remote “bootcamp” offerings.
- Develop risk-based training as identified via the annual risk assessment.
- Provide monthly/quarterly compliance “hot topic” education.
Monitoring and Auditing
- Conduct compliance work plan audits as identified via the annual risk assessment and detected through ongoing monitoring activities.
- Evaluate auditing and monitoring processes and controls currently in place.
- Develop necessary processes to identify and respond to governmental payers in a timely manner.
- Conduct auditing of facility and professional fee billed claims, for accuracy and compliance, including “audit the auditor” claims review, and follow-up audits with corresponding action plans.
- Complete physician analytics such as E/M Bell Curve analysis, physician time study, and procedural utilization analyses to identify potential anomalies.
- Investigate aberrant patterns by conducting a sample review of claims.
- Monitor CMS’ Open Payment Data to identify potential undisclosed medical staff member conflicts of interest.
- Assess physician compensation arrangements, including but not limited to, medical directorships and real estate transactions with referral sources.
Compliance Risk Assessment and Work Plan
- Review risk assessment methodologies and tools.
- Evaluate and prioritize identified risk items for inclusion in the compliance work plan.
- Identify high-level risk areas that potentially expose an organization to a substantive level of threat or loss, and develop correlated prioritized action plans.
Response and Prevention
- Evaluate Conflict of Interest (COI) disclosure statements and assist with necessary COI management plans.
- Assist with development of corrective action plans and monitoring of progress of those created internally, as well as those that arise from audits performed by outside parties, such as payers and government auditors.
- Provide exit interviews and/or exit interview templates for applicable positions to determine knowledge of potential compliance exposure.
- Assist in developing a vendor management process, including establishing safeguards for vendor selection, implementing controls for monitoring vendor contract terms, and providing vendor compliance training.
Enforcement and Discipline
- Review/revise content of the disciplinary policy, including sanctions for non-compliance.
- Assist with establishing compliance goals within job descriptions and annual performance evaluations.
- Assist with the development of disciplinary action documentation in response to issues of non-compliance.
Regulatory Compliance Assistance
- Provide assistance with and advise organizations on navigating a corporate integrity agreement (CIA), including but not limited to:
- Providing subject matter expertise as it relates to understanding the CIA requirements and the impact on an organization.
- Evaluating gaps in the current compliance program, and developing mitigation plans that include timelines, accountability, and internal reporting.
- Assisting with implementation of mitigation measures and regular reporting to the monitor.
- Conduct transactional due diligence to evaluate potential compliance risks as they relate to program infrastructure, referral relationships, and claims submission.
- Provide post-transaction compliance assistance in transitioning entities to a corporate compliance program (e.g., implementing compliance policies and procedures at the new entity).
- Provide regulatory expertise as it relates to COVID-19, such as the Paycheck Protection Program, Medicare Advance Payments, and Provider Relief Funds.
Virtual Compliance Assistance Models
Depending on the size and compliance needs of an organization, VCA models will vary. The most basic model may be a flat fee per month for an established set of hours, to be used at the CO’s discretion. This model is typically used for more advanced compliance programs that simply need expertise as regulations change or new ones develop.
More advanced models will build upon themselves and may include a variety of the “a la carte” assistance outlined earlier. The advantage of VCA and a VCAP is the flexible budgetary possibilities that offer customizable options maximizing the value of every dollar invested in an organization’s compliance program.
When effectively deployed, a VCAP is not only economically efficient in that it consolidates the role of multiple advisors, it also garners increased executive and shareholder confidence because of the expertise it offers. A VCAP provides sustainability to compliance programs that otherwise might struggle to appropriately support the organization. Working as a trusted and valued member of your team, a VCAP gains the institutional knowledge of the organization and compliance program, resulting in efficiencies and the most value for building and supporting a robust compliance program.
- VCA is an affordable option to quickly adapt to changing regulations, while maintaining a compliance program’s daily function.
- A VCAP can reassure the CO and Board that the organization is continuing to assess and mitigate risks while adapting to regulatory changes.
- A VCAP can bridge gaps and minimize potential vulnerabilities when a compliance program does not scale at the same pace of the organization’s growth.
- VCAPs are financially attractive to COs, offering multiple experts, and providing tailored support at a lower cost than an FTE.
- VCAPs can become trusted, valued team members, providing sustainability to compliance programs that otherwise might struggle to appropriately support the organization.
About the Authors
Kristen Lilly Davidson MHA, CCEP-I, CHC, RHIA, CPHQ, is a consulting manager at PYA, who brings more than two decades of diverse experience to the Firm’s Compliance Advisory team, including health system operations, regulatory compliance, human resources, and revenue cycle improvement. She is a published author and co-author, and routinely speaks on regulatory compliance at national meetings.
Lori Foley, CMA, CHC, PHR, SHRM-CP, leads PYA’s Compliance service line and is a member of PYA’s Compensation Valuation Physician Service teams. She combines industry experience in managing multiple hospital-owned practices with over two decades of consulting experience advising physicians, and organizations affiliating with physicians, in the areas of compliance, compensation, strategic planning, operational and financial improvement, MIPS and affiliation structures.