Highlights from OIG’s Semi-Annual Report to Congress

Late last week, the HHS OIG made available its semi-annual report to Congress summarizing OIG activities occurring from October 1, 2017 to March 31, 2018. As one might expect, OIG continues to commit resources to enforcement-related activities and to improve its data analytics capabilities. A few of the “headlines” from an enforcement perspective include:

  • Criminal actions brought against 424 individuals and entities allegedly engaged in crimes against HHS programs;
  • Exclusion from participation in Federal health care programs of 1,588 individuals and entities;
  • Civil actions brought against 349 individual and entities; and
  • Anticipated recoveries exceeding $1.4 billion from investigations

Many familiar themes and issues were examined by the OIG Office of Audit Services during the six-month period in question. Findings from select audits were that:

  • On an extrapolated basis, one MAC was found to have paid as much as $42.3 million in improper payments to 73 providers for hyperbaric oxygen therapy services which did not comply with all requirements.
  • An error rate of 100% was observed within a sample of 296 claims paid to 210 hospitals for the handling of manufacturer credits for recalled and failed cardiac medical devices.
  • An extrapolation from a small sample of audited outpatient physical therapy claims suggested that $367 million in improper Medicare payments were made during the six-month period for services and associated medical records which did not comply with medical necessity, coding or documentation requirements.
  • All but one of 2,145 inpatient claims for a diagnosis code 260 for Kwashiorkor were found to have been inaccurate.
  • A total of $66.3 million was calculated to have been erroneously paid for specimen validity tests billed simultaneously with certain urine drug screens.

If your organization provides any of these services to Medicare beneficiaries, it is an opportune time to look at your adherence to applicable requirements for clinical documentation, medical necessity and billing within these areas.
A link to the detailed report is available here. https://oig.hhs.gov/reports-and-publications/semiannual/index.asp

By Sharon Parsley, Director of Content Development

To Bundle Or Not To Bundle?

In August of 2017, CMS announced the cancellation of a proposed Cardiac Care Bundled Payment model as well as reversing course on a proposal to expand the Comprehensive Joint Replacement Bundled Payment model. Participation in both payment models would have been mandatory for certain providers in specified markets.

In January 2018, to considerable fanfare, CMS announced the creation of “Bundled Payments for Care Improvement Advanced” (BPCI Advanced). As of the publication date of this article, CMS will be distributing pricing to BPCI Advanced program applicants and, per the model program timeline, will move to execute participation agreements by the end of August 2018. This voluntary model is proposed to go live on October 1, 2018, with the first determination date for program payments on March 31, 2019. BPCI Advanced will be treated as an Advanced Alternate Payment Model under the CMS Quality Payment Program. The following is an introduction to some of the key components of BPCI Advanced.

First, acute care hospitals and physician groups may participate as “covener” or “non-covener” participants. The former will agree to coordinate care among patients throughout a 90-day “clinical episode,” which commences on the date of inpatient discharge or on the date of a covered outpatient procedure. Coveners will also assume some financial risk for the entire episode of care, whereas a non-covener participant bears no financial risk for care provided by other providers. Providers other than acute care hospitals and physician groups will be permitted to participate only as non-coveners.

Secondly, BPCI Advanced includes 29 distinct inpatient Medicare Severity-Diagnosis Related Group (MS-DRG) codes and three types of outpatient surgical encounters. A BPCI Advanced clinical episode is triggered by submission of a Medicare fee-for-service program claim by an “episode initiator.”

Thirdly, subject to certain exclusions, the clinical episode will generally include all physician services; inpatient, outpatient, long-term care, and inpatient rehab hospital services; hospital readmissions; skilled nursing; home health; clinical lab services; durable medical equipment; Part B drugs; and hospice services relating to the MS-DRG or the event that triggered the outpatient surgery.

Lastly, the payment reconciliation model is extremely complex, but is largely predicated on performance against select process-and-outcome quality measures and by comparing the aggregate costs of care provided during a clinical episode against an established target.

As an interesting backdrop, the Trump administration under former HHS Secretary Price, has taken aim at rolling back mandatory bundled payment initiatives, whereas Alex Azar, confirmed in January to fill that important role, has expressed support for alternate and bundled payment models. So, to bundle or not to bundle? Stay tuned for further developments.

Sharon Parsley

Director of Content Development


“Compliance Magic”


Determine If Any New Regulation Matters To You, Without Reading It!

During a demo, a prospect referred to a part of our system as “Compliance Magic”.  I asked her what she meant…she answered; “I can decide if a regulation matters to me (or not) without having to read it; it’s like magic”, I grinned like a Cheshire cat.

Pennsylvania’s “Right To Try Law provides a great opportunity for us to provide an example of this “magic”.

Without youCompli (if you’re not sure it’s relevant) you’re probably printing the new Regulation grabbing a yellow pad and starting to read.

Step 1: Is it Relevant To Me? (You my know this..or you may not)

When you read it, you’re looking for the parameters in the law that will help you decide if the regulation is relevant to you.

youCompli provides the parameters for you (we call these Relevance Questions). Here’s the Relevance Questions for Right to Try.

These questions seem pretty straightforward, but to answer the first one accurately you need to know what a “licensed health care facility” is in the Commonwealth of Pennsylvania.  youCompli provided it; we call this a “Tip”.

OK, now you’re ready to make your decision; Relevant or Irrelevant.

As I mentioned this example is straightforward, but as you know these relevance questions can get pretty complex.  Simple or complex we do this on every new healthcare regulation.

This info is provided to you (at no cost) on every new regulation.  You may not need it, you may already know that Right To Try applies to you.  But if you don’t, this would sure save you a lot of time.

Want to see this “magic”, drop me a note to arrange a demo jshafran@youcompli.com


Step 2: OK, it’s relevant to me.  What am I required to do to comply (STAY TUNED)


Do You Have the 4 Core Elements of an Emergency Preparedness Program? Jay Anstine

The motto of the Boy Scouts is “Be Prepared”.

On September 16, 2016 the Centers for Medicare and Medicaid Services (CMS) made it a law!

On that date they published a final rule relating to new federal emergency preparedness requirements for seventeen different types (list at the bottom of this post) of Medicare participating providers and suppliers.  The intent of the new regulations is to provide for adequate planning and establishment of a more consistent response by providers and suppliers.

Under this new CMS rule, you must develop and maintain an “Emergency Preparedness Program” that contains four core elements:

  1. Emergency Plan: Develop an emergency plan, updated at least annually, that is based on certain risk assessments and utilizes an “all hazards approach”. The emergency plan must also include strategies for addressing emergency events identified by the risk assessment, factor in patient population and capabilities to serve, and include a process for cooperation with local, tribal, regional, State, and Federal emergency preparedness officials.
  1. Communication Plan: Develop a communication plan, updated at least annually, that complies with Federal, State, and local laws and includes, among other items, the names and contact information for Federal, State, tribal, regional, and local emergency preparedness staff and methods for sharing medical and other information.
  1. Policies and Procedures: Policies and procedures must also be developed that are based on the emergency plan, the risk assessment, and communication plan. The policies and procedures must be reviewed and updated at least annually and address, among other items, subsistence needs for staff and patients (e.g., food, water, medical supplies), a system for tracking the location of on-duty staff and sheltered patients, emergency staffing strategies, and arrangements to transfer patients.
  1. Training and Testing Program. Develop and maintain a training and testing program based on the emergency plan, the risk assessment, the communication plan, and the policies and procedures. The training program requirements address topics such as who needs to be trained, the frequency of training, assessing knowledge, and documenting the training conducted.  The testing requirements address topics such as conducting full scale exercises, conducting additional testing, and the format of each testing type.

The exact CMS emergency preparedness program requirements will vary based on the characteristics of each provider and supplier type.  For example, there are additional requirements pertaining to emergency systems applicable to Hospitals, Long-Term Care Facilities, and Critical Access Hospitals.

This new regulation went into effect on November 16, 2016; however, participating providers and suppliers have until November 16, 2017 to implement all regulations. For a copy of the final rule, click here.


The seventeen provider and supplier types include the following:

  1. Hospitals
  2. Religious Nonmedical Health Care Institutions (RNHCIs)
  3. Ambulatory Surgical Centers (ASCs)
  4. Hospices
  5. Psychiatric Residential Treatment Facilities (PRTFs)
  6. All-Inclusive Care for the Elderly (PACE)
  7. Transplant Centers
  8. Long-Term Care (LTC) Facilities
  9. Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID)
  10. Home Health Agencies (HHAs)
  11. Comprehensive Outpatient Rehabilitation Facilities (CORFs)
  12. Critical Access Hospitals (CAHs)
  13. Clinics, Rehabilitation Agencies, and Public Health Agencies as Providers of Outpatient Physical Therapy and Speech-Language Pathology Services
  14. Community Mental Health Centers (CMHCs)
  15. Organ Procurement Organizations (OPOs)Rural Health Clinics (RHCs) and Federally Qualified Health Centers (FQHCs)
  16. End-Stage Renal Disease (ESRD) Facilities

Building a Common Compliance Language

Everyone needs to understand industry terminology to properly communicate.  Imagine a physician referring to a patient as a “customer,” or a lawyer calling a client a “patient;” it feels odd. Even worse, it would create communication challenges.

Every business organization has its own language, a specific terminology unique to the profession. Building a common organizational language provides many benefits:

  • A common language assures that all members of the organization understand expectations. Misunderstandings are minimized so time formerly spent on correcting errors can be spent productively.
  • Staff and patients hear consistency throughout the organization, providing a sense of cohesiveness which enhances the image and reliability of the organization.
  • A common language provides a sort of shorthand among the organization’s community of management and staff.
  • A common language creates a sense of culture for those working within the organization which can be a major factor in its success.

We use our proprietary Compliance Lifecycle Management (CLM) worksheet to help providers to outline their current processes and to rank each step’s effectiveness.  Outlining the internal methodology allows a natural development of a common language, a “complaince language,” for everyone within your organization.

At the past HCCA Institute (if you’ haven’t seen Pam Cleveland singing School House Rock’s I’m Just a Bill at our booth, you should) several folks told us they hadn’t developed a CLM or a common language, but they really wanted to.

I was happy to share with them our CLM Worksheet, and I hope that you’ll find it helpful as well. You can download it below.

Remember, an effective, comprehensive methodology will usually include:

  • Identification and documentation of new regulations
  • Assessing relevance (Click here to read more about how to gauge relevance quickly)
  • Translation into business requirements, also known as “the specific activities required to comply”
  • Communication of requirements to stakeholders
  • Execution of activities required to comply
  • Monitoring and validation that required activities have been completed
  • Demonstration of the steps you’ve taken to comply

Click here to download our Compliance Lifecycle  Management worksheet.  Contact us if you have any questions!  We would love to help your organization to begin using the same language!

Tagged with: ,

Faster Compliance Using “Command Signals”

You don’t want to waste time on regs that don’t matter to you!

Whether it’s a new reg from the Office of Civil Rights (OCR), the Centers for Medicare & Medicaid Services (CMS), or your state’s Health Department, one of the 1st steps required for compliance is gauging the new regs’ relevance to your organization.

We’ve analyzed and translated over 15,000 regulations into business requirements, Every business requirement we create includes relevance testing; we know how to do this…pretty well.

Here’s a powerful tip that will help you make the relevance decision quickly (and comply faster).

  • Create a list of command signals. These are words and phrases within a regulation that identify or “signal” compliance actions to be taken by regulated entities.  Command signals act as flags which help in the determination of relevance.
  • Break your list down between mandatory command signals, those requiring action, and permissive signals, those permitting action
  • When reviewing a regulation do a search for the command signals,. When you find them, it is likely you will find parameters which relate to whether or not the reg applies to you.

Here are some examples of command signals we use:

Mandatory Signals

  • Shall
  • Must
  • Should
  • Required to…
  • Obligated to…
  • Need to…
  • Have to…
  • Have until [Date] to

Permissive Signals

  • May
  • Can
  • Permitted to…
  • …is/are permitted
  • Allowed to…
  • …is/are allowed
  • …is/are optional

So if you are interested in faster compliance, think about building your own set of command signals. If you’re interested in learning more about our complete list (happy to share) contact me at jshafran@youcompli.com .

Tagged with: , , , , , ,

youCompli Announces New Software

youCompli post Gazette

Recently the Pittsburgh Post Gazette did a nice article on our new platform.  Click the link below to check it out.



Three Themes Shared By Uber, Airbnb, and Compliance…

I Believe Compliance Is On The Cusp Of Something Huge……something that will completely change the way that compliance work is done.

How would I know?

Because we’ve seen this before, in just the last few years.

Think back to 2007, before Uber and Airbnb were founded. Doesn’t seem like very long ago, but a lot has changed since then.

These were mature, “boring” industries that appeared to have settled on a way of doing things. If I wanted to drive for a living, I probably worked for a taxi company. I received my hourly rate and my employer made the rest. If I lived in a home or apartment, there wasn’t a whole lot I could do to make money from it. It’s not as if there were a line of people around the block waiting to rent it when I went away. That was what for hotels were for.

We all know how those boring industries have changed since then.

But did we see it coming? What were the common themes that led to the change?

  1. Existing assets were underutilized
  1. Individuals wanted more control
  1. Mobility and technology advances expanded what was possible

Sound familiar? It should…

Under-utilized Assets – Uber, Air BnB and others take advantage of under-utilized assets.   You may not think of it this way, but compliance knowledge is incredibly under-utilized.   Your ability to evaluate regs and create compliance programs is valuable to any organization needing to comply.  The question is how do you take that capability and scale it across those organizations.

Control and Independence – People today want more control over their professional aspirations.  Often this desire is attributed to millennials, but more and more people of all ages expect to be able to work where and when they want — and be able to build a successful career while doing so.

Technology – Advances in technology are either in place or are being developed which are facilitating this change. IBM’s Watson (artificial intelligence software) is able to dispense legal advice within seconds with 90 percent accuracy. This is trouble for lawyers, particularly young ones entering the job market, because humans are only accurate 70 percent of the time.  Technology systems for compliance are evolving.

This phenomenon of disruption is going to grow, and it’s going to change the supply and demand dynamics of many things — including compliance.

Frustration With Flying Can Improve Compliance

I hate when I’m on a flight that is delayed and they don’t explain to me why.   I marvel at people who can sit quietly resting their eyes or reading a book; I can’t.   I grind my teeth, fidget, and am generally miserable.  I want to know why we are delayed.

Most of the time the pilot doesn’t tell…and it drives me nuts.  I feel demeaned, and frustrated.  My guess is many of you share my feelings.

My frustration provides a great lesson for compliance professionals looking to build a culture of compliance.

Share information as much as possible.

When someone explains their rationale for a decision they validate that their decision affects me.   The non-verbal message is I matter; everyone likes to matter.

A compliance environment that enables and encourages transparency and open communication (sharing) will go a long way toward fostering trust and building that compliance culture all compliance professionals seek.

Bet You’re Glad You’re Not The Chief Compliance Officer At Theranos!

Anyone wanting to take a swipe at their compliance department should pay close attention to Theranos.  This once high-flying unicorn is getting hammered.

For those not aware.  Theranos (with a reported private valuation of $9 billion), publicly stated that their only product, which has been used to diagnose conditions and inform treatments for patients, doesn’t work.

The company told the Centers for Medicare and Medicaid Services that it issued tens of thousands of corrected blood-test reports to doctors and patients, voiding some results and revising others. (GULP)

That sounds awfully serious, doctors may have made health decisions with erroneous results.     

A brief google search does not uncover the poor schlub responsible for compliance at Theranos.   My guess is (and it’s just a guess) that there was not a lot of emphasis placed on compliance in this organization.

Good compliance both builds and preserves value…I wonder how those private investors who got in recently are feeling about compliance today.

Subscribe to Our Blog