Decide: YouCompli helps your organization make easy regulatory decisions

Before YouCompli, Compliance Officer Scott Borsuk said he “probably spent six to eight hours a week reading regulations, then copying and pasting them” to share with colleagues. Read the Western Maryland Health System case study.

“It’s not enjoyable reading,” Borsuk noted.

But he had to read closely to be sure he properly analyzed the regulation to see if it applied to him.

Simplify decision-making

“We were not confident that we were catching everything, we had the documents but didn’t know if we missed anything. At the end of the day, we didn’t know if we were making the right changes or not.” – Scott Borsuk, Chief Compliance Officer

Borsuk knew he needed a better system and a stronger approach to managing regulatory change. That’s where YouCompli came in. With YouCompli, Borsuk can easily decide if a regulation applies to his hospital system and how to comply.

YouCompli makes it easy for you to decide which regulatory changes apply to your organization and which tasks need to be performed in order to comply.

In this clip Scott Borsuk explains what regulatory change management is, and how YouCompli assisted his hospital system in achieving desired results.

Watch more videos on this topic here and see how YouCompli can help your organization

Regulatory analysis to help you decide

  • For each requirement associated with a regulation, YouCompli creates a few relevance questions. Users may be asked, for instance, “Is your organization a Medicare provider?” These relevance questions are followed by tips generated by YouCompli to help make your decisions easier.
  • We can do this because our analysts read entire regulations, flag relevant changes, and translate technical legal documents into easy-to-understand business requirements.
  • If you decide the regulation is not relevant, YouCompli marks it “complete” and removes it from your active tasks.
  • All our analysis is checked by Horty Springer, the nation’s leading health care law firm.
YouCompli’s simple interface makes it easy to decide if a regulation is relevant to your organization.

Get expertise from colleagues

Sometimes the relevance questions stretch beyond your expertise as a Compliance leader. In those cases, use YouCompli to get the answer from colleague with the right expertise.

  • Use the workflow tool to assign a complex relevance question to a subject matter expert
  • YouCompli allows you to maintain a directory of subject matter experts who provide compliance leadership within their departments
  • The workflow tool also tracks responses and lets your colleague decline or answer the question right in the tool.

A complete audit trail for your relevance decisions

YouCompli tracks all of your relevance decisions over time, so you can see which regulations and changes applied to your organization and why (or why not!)

  • All responses to decision criteria, including usernames and date stamps, are recorded in YouCompli to become part of the official record and the compliance audit trail
  • The log also captures the reasons for rejecting the requirement or proceeding to the next phase of the workflow.
  • YouCompli clients can access the complete audit trail at any time to review previous decisions and the reason for making that decision.

Great decisions help you manage regulatory changes

Once you know about a regulatory change and you’ve used YouCompli’s decision criteria to decide that a regulation applies to you, you’re ready to respond. YouCompli helps you manage the tasks necessary for compliance. And it helps you verify that your organization has put forth best efforts to stay in compliance.

Interested in how a healthcare system used YouCompli to decide which regulatory changes apply? Check out this case study from the Western Maryland Health System.

Five tips to help providers comply with Stark

The Stark Law creates a whole set of antikickback rules that providers must understand and actively work to comply with. And with all its good intentions, the Stark Law is incredibly restrictive. In fact, even the U.S. Court of Appeals for the 4th Circuit noted that “even for the well-intentioned healthcare provider, the Stark law has become a booby trap rigged with strict liability and potentially ruinous exposure.”

The Centers for Medicare and Medicaid (CMS) and Congress have taken steps to clear up confusion and loosen the rules in some cases (See our article on exceptions for value-based care). Still, your Compliance team has a tremendous responsibility to make sure that policies match the rules and that providers understand and follow the policies.

Policies match the Stark rules

Changes to the Stark Law have been coming out practically since the law was enacted. The law, which aims to protect against kickbacks and self-referrals, has gotten complicated in the details. Congress issues amendments to help  the law catch up to changing business practices. Healthcare organizations may have written policies that facilitated compliance originally. However, those may be completely out-of-date if they weren’t keeping up with the changes in the law.

For example, CMS has introduced modifications that addressed challenges with value-based care and resolve issues restricting coordinated care and health data exchange. Another modification to the law was allowing healthcare providers to accept cybersecurity tech donations from stakeholders.

While the compliance officer enforces the policies, he or she doesn’t have to live them the way those in operations do. Getting input from key stakeholders such as providers, Risk Management, and others in the C-suite can help ensure that final policies are clear. This early feedback and engagement can also help identify how the policy or regulatory changes will affect the individuals who must operate under them. Lastly, they can help identify potential operational conflicts with new policies or regulatory changes.

(See how YouCompli delivers model policies and procedures that help your organization comply.)

Providers following the Stark policies

With compliant policies in place, it’s time to help providers understand how to follow them. This is where communicating what certain key terms in a policy or regulation means in the context of the provider’s particular work becomes critically important.

Compliance officers know that “the road to success is going to run through quality of care,” says Harry Nelson, health care attorney at Nelson Hardiman. “Compliance isn’t the internal police that slows things down, but a strategic part of growth.” When it comes to making sure providers understand how to follow policies, the compliance officer has to look at the language of the policy from the providers’ perspective, not that of the compliance officer.

Here are five steps to help providers understand and follow Stark-compliant policies:

  1. Engage your operational leaders. Make sure the president and CEO understand the nature and intent behind Stark limitations so they can help explain and reinforce them. Give situational examples they can relate to so they understand what the key terminology means.
  2. Invest in training and communication. One email won’t do it with changes to Stark-related policies. Engage providers in small groups, in writing, and in person to explain nuances and answer questions about tricky scenarios. Whenever possible, use real-world scenarios to help illustrate how the regulations and policies impact them. Education and training should also be routine and ongoing with key stakeholders.
  3. Get feedback. Regularly check in to gather feedback from your leaders. Find out if the implemented tools and procedures are working for them, as well as to identify challenges they face. This step will help you see areas where the  words on paper mean something the compliance officer had not thought of. Adapt procedures and tools if necessary.
  4. Encourage people to ask questions. Make sure providers and your operational leaders alike know they can use you as a sounding board for grey areas or possible violations. It’s much better if they proactively ask if a proposed arrangement is compliant. Otherwise, they may have to unwind a relationship if they find out it is not compliant.
  5. Promote awareness to prevent future mistakes. Once an error is made, chances are it will reoccur and lead to additional violations. As you are addressing errors, promote awareness to prevent future mistakes. For example, when you are communicating the fact that a mistake was made, go the extra step to what caused it. This will be an opportunity to find out where their confusion was and use that insight to update policies or training.

Stark compliance starts with knowing about changes to the regulations and continues with crafting policies that providers can understand and follow. Involving stakeholders in policy creation and training, and engaging tech systems to reinforce the lessons will support the long-term success of Stark-compliant policies.

Do you have the tools you need to recognize and manage regulatory change across your organization? Find out how YouCompli can help you manage and coordinate your response to regulatory change or schedule a demo.

Subscribe for blog updates

Take as directed: Medication compliance and the Compliance office

Working toward higher rates of patient medication compliance is a critical component of patient care. That includes communicating what the medications are, what they do, and how to take them. Providers are keen to ensure they provide clear directions and to be sure patients can pay.  

It’s no wonder they take such care: Each year, about 125,000 Americans die due to poor medication adherence, according to the American Heart Associationi. Improper compliance practices come with a hefty price tag of $528 billion in annual expenses, according to a 2019 OptimizeRx surveyii.  

What’s more, medication mismanagement is a strong predictor of hospital readmission rates. Individuals who failed to take prescribed medication as directed had a 20 percentiii chance of hospital readmission within 30 days, compared to 9 percentiv for patients who take meds as directed.  For the compliance officer, keeping hospital readmission rates low is crucial to avoid wasteful spending, per the Centers for Medicare and Medicaid guidelines.    

So many factors contribute to whether a patient properly follows through with medication instructions. Providers and administrators alike do their best to put systems and communications in place that make compliance easier. While not within a compliance officer’s direct control, there are policies and procedures that can help hospitals comply with CMS requirements to lower readmission rates. This helps facilitate better health outcomes and increased quality of life for patients.    

So how can you ultimately help patients improve medication management skills? Here are a few tips you can include in your medication compliance plan to help reduce readmission rates. 

Discuss side effects 

Patients who experience side effects may stop taking their medication altogether; without discussing this decision with their healthcare provider.   

That’s why it’s so important for doctors to discuss common and possible side effects with patients.  

Work with healthcare providers at your facility about how they can discuss any treatment plan changes to lessen the chances of side effects. Make it known that the treatment plan may include adjusting the dosage or changing the medication altogether.  Cut Out Distractions 

According to BMC Health Services Researchv, three out of five patients often forget to take their medication.   

Are distractions the main culprit? Encourage providers to discuss the importance of taking meds at the same time each day.  

Maybe patients can use a cell phone alarm to set up reminders. Taking multiple medications at different times? The workaround may be to set other alarm times for numerous times during the day.  

To make things even easier on patients, providers may consider prescribing once-daily medications.  

Providers may consider collaborating with the patient on the best time to take the medications when distractions are at their lowest.  

Money worries 

Sometimes the issue of medication compliance comes down to cost. About 70 percentvi of physicians link high prescription costs to a lack of medication adherence.  

To save money, they may ration meds or not take them at all.  

In a study published in Circulation, viione in eight patients with heart disease didn’t take prescribed medication because of the expense.  

Luckily, there are resources such as GoodRx, an app that allows anyone to shop at local pharmacies for the lowest prescription medication prices.   

Doctors can also prescribe generic versions of meds whenever possible to cut back on costs.   

Communicate more 

Poor communication is a deterrent to medication compliance, which is in turn linked to poor health outcomes.  

Fortunately, Motivational Interviewing can help. With Motivational Interviewing, health care providers are encouraged to ask open-ended questions beginning with What, Why, How, and When during discussions about medication usage. This technique is shown to improve behavioral change and adherence, as reported in Perspect Public Healthviii.   

This PDF by The Motivational Interviewing Network of Trainers provides more information on motivational interviewing.  

Medication compliance helps patients experience better health outcomes, reducing readmission rates and helping the hospital avoid tripping CMS’s indicators for fraud, waste and abuse. While much of the responsibility lies with the patient, hospital policies and procedures can help ensure the patient has the best possible chance to understand and comply with medical guidance.  

YouCompli helps healthcare facilities know about regulations, decide if they apply to them, manage policy and procedure rollout, and verify compliance efforts. Learn more 

i American Heart Association 
ii OptimzieRX survey 
iii 20 percent 
iv 9 percent 
v BMC Health Services Research 
vi 70 percent 
vii Circulation 
viii study 

Growth in Telemedicine Could Mean Trouble if You Are Not Careful

We can all agree that 2020 was a year filled with surprises. The emergence of COVID-19 brought restrictions, which made the business of healthcare even more challenging. But then came the saving grace: telemedicine!

Even though telemedicine has been around in some form since the 1900s, its popularity exploded during the midst of the pandemic. With millions of people stuck indoors due to government lockdowns, health care providers turned to telemedicine options to provide desperately needed health care.

According to Doximity, a social media networking service for medical professionals, only 14 percent of Americans utilized telemedicine before the pandemic. But since the outbreak, telemedicine usage skyrocketed by 57 percent. Among patients suffering from chronic conditions, the number of virtual care visits increased by a staggering 77 percent!

The increase in telemedicine accessibility also means healthcare providers can potentially face compliance issue pitfalls, which could land them in trouble with the United States government. Before COVID-19 became a household name, Medicare and Medicaid upheld strict rules regarding payment for telemedicine services. For instance, reimbursement for telemedicine services was limited to patients residing in areas of the country with limited healthcare.In an attempt to slow the spread of COVID-19, government payors loosened these restrictions.

Unfortunately, telehealth services’ widespread use brought an uptick in COVID-19 related scams that specifically target healthcare providers offering this service. Such illegal activity caught the attention of the Department of Justice (D.O.J.).

A primary focus of the D.O.J. is a government agency that mostly focuses on telehealth arrangements that implicate the Anti-Kickback Statute.  The statute forbids transactions designed to corrupt medical judgment by rewarding referrals for Medicaid and Medicare services. In the past year, more than $4.5 billion in false claims were connected to telemedicine. And over 100 healthcare professionals were charged with submitting fraudulent claims to Medicare, Medicaid, and private insurance companies.

New changes to the Stark and Anti-Kickback Statutes that were long in the works took effect on January 19, 2021. The regulation updates are designed to eliminate regulatory and administrative barriers that hindered movement towards a value-based health care system. The updated rules also offer healthcare providers more flexibility to coordinate and improve patient care while maintaining safeguards against overutilization and inappropriate incentives.

The Stark Exceptions finalized three new exceptions for value-based arrangements between healthcare providers and payor systems like Medicaid and Medicare. These exemptions are solely based on the quality of delivered patient care instead of the volume of services.  For example, healthcare providers face at least a 10 percent financial risk for failure to achieve value-based goals. In comparison, the Anti-Kickback Statute requires at least a 5 percent financial risk for value-based arrangements.

Physicians’ practices should express caution when offering telemedicine services to steer clear of trouble with the government. As with traditional in-person healthcare, it’s best to avoid doing business with third-party companies that give money in exchange for referrals.

Here are a few guidelines physicians should consider avoiding getting on the D.O.J.’s naughty list.

  1. Consult with counsel before entering into any outside business relationships.
  2. Establish guidelines for physical examinations and prescribing practices.
  3. Monitor the prescribing habits of their physicians and nurse practitioners.
  4. Adopt data analytic tools to identify any abnormal billing behavior.

Physicians considering telemedicine should also consider the following tips to stay compliant.

Practicing Telemedicine Across State Lines.

Usually, state governments require practicing physicians to conduct telemedicine sessions within the state they are licensed. But in some states, this stipulation is relaxed due to COVID-19 to make healthcare more accessible. But physicians must contact their state’s medical board for updated information concerning this topic.

Informed Consent.

Healthcare providers are still expected to obtain consent before providing telehealth services. Besides requesting written or verbal consent from patients, providers should make patients aware of the risks and benefits of receiving telehealth services.

Use Caution When Prescribing Medication.

Because of COVID-19, the Drug Enforcement Administration (D.E.A.) allows registered practitioners to use prescribed medication to patients via telemedcicine technology. Physicians must adhere to the following conditions:

  • Prescribed medication(s) must be for a legitimate medical purpose.
  • The telehealth session is conducted using a two-way, audio-visual, interactive communication system.
  • The practitioners must practice healthcare within Federal and State law.

Only time will tell whether or not telemedicine will continue to grow in the upcoming months. But doctors should continue to use caution when using this technology to serve the public.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

Organization Liability: Types of Risk (Part I)

liability types of risk denise atwood

Risk is an important concept for compliance professionals working in the healthcare space to understand. After all, there are many times where risk and liability have crossover to compliance.

For example, in response to a suspected email or electronic health record breach, compliance and risk professionals will need to work together. This work will include:

  • Evaluating the breach
  • Reporting to the insurance carrier
  • Collaborating with a breach coach or legal team to ensure the investigation meets legal requirements and timelines
  • Collaborating with the information technology team and a forensics firm to ensure risk mitigation strategies are implemented and effective

And so on.

Generally speaking, healthcare compliance professionals should have a good working knowledge of organization risks and liabilities, as well as risk mitigation strategies.

This raises two important questions:

  1. What areas of risk do healthcare organizations face?
  2. What are the potential liabilities related to unmanaged or poorly managed risk?

Areas of Risk for a Healthcare Organization

Areas of risk for a healthcare organization are vast, and can involve injury to persons, property and reputation. Several areas of risk include:

Patient safety risks

These include near misses, which are mistakes which almost make it to the patient, as well as events or incidents that do make it to the patient, causing the patient to experience an unanticipated outcome such as a longer hospital stay, disability or death.
For example, a nurse may realize before giving a vaccine to a child that the adult vaccine and dose was drawn up in the syringe instead of the pediatric vaccine and dosage. This would be a near-miss. Along those same lines, a mistake occurs if the adult vaccine dose is actually administered to the child and an allergic reaction occurs.

Operational risks

These include such things as business interruption or supply chain issues. Business interruption incidents may include fire, flood, or pandemic. If the electronic medical record system goes down, and staff have to chart by hand on paper, this would be a business interruption. Supply chain issues can occur due to higher than normal demand or decrease in output by the manufacturer. If an organization cannot obtain needed supplies – such as hand sanitizer or surgical masks – that would be an example of a supply chain issue.

Legal risks

These typically involve lawsuits filed against the organization. Most commonly, lawsuits result from allegations of inappropriate employment practices or medical negligence or malpractice. For example, if a child had an allergic reaction after receiving an adult dose of a vaccine and unfortunately passed away, the parents may file a lawsuit alleging medical malpractice or negligence on behalf of the organization, the provider or the nurse who administered the incorrect vaccine.

Insurance risks

Insurance risks generally stem from a lack of adequate or appropriate insurance coverage or failure to transfer risk. Insurance risks can also connect to legal risks, which can stem from contracts with inadequate risk transfer or failure to conduct due diligence to vet the vendor. In the case of a pandemic, healthcare and other organizations may not have realized that pandemics and resulting business closures may be excluded from their business interruption insurance policy.

Human capital risks

These encompass the inability to hire, contract or retain appropriately trained staff. A lack of ICU level nurses causing staffing shortages would be an example. Human capital risks can also include professional board or licensing complaints against the organization’s doctors, nurses, therapists, or other licensed staff.

Reputational risks

Reputational risks are often forgotten or invisible to an organization until a bad event happens and it is announced to the public – at which point it is too late.

Reputational risk used to be limited to bad publicity which was published in print or reported on television. However, with the increased acceptance and use of social media, reputational risks are more far-reaching than the local newspaper or evening news program, and could potentially have national reach and negative impact on the organization . A newspaper may not run a story about a child who received an incorrect vaccine, but the child’s mother could post to Facebook or other social media platforms that the organization and providers are terrible and not to be trusted.

Practice Tips:

  1. Schedule a meeting with your insurance broker to evaluate your insurance policies by product line (i.e., general liability, property, cybersecurity, etc.) to ensure the organization is adequately covered to protect against most business losses.
  2. Educate staff to ensure they know how and where to report near-misses and mistakes that occur in the organization.
  3. Work with Risk Management to conduct a risk assessment to evaluate organization risks and implement mitigation plans.

Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and owner of Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.

Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  

Sign-up for the YouCompli Blog to Stay Up to Date on Compliance Related News!

Manage your healthcare regulatory change process effectively and efficiently

YouCompli enables the compliance officers to assign ownership and oversight of tasks to different department heads, functional leaders, or specialists. The solution prompts users to accept, reject, or reassign the task by a stated deadline. Manage the rollout and accountability of new requirements with the best workflow in the business.