OIG - Compliance Committee, Risk Assessment & Policy/Procedures

Show Notes

OIG 2023-2024 Compliance Guidance for Long Term Care Facilities is summarized to highlight importance of a compliance committee and the responsibility to assist the chief compliance officer to develop a robust facility risk assessment. From that assessment the committee would need to develop meaningful and accessible policies and procedures to guide all levels of the facility staff and consultants of their roles and responsibilities in maintaining healthcare compliance. 

Chapters

• 0:15: Introduction and Disclaimer
• 0:51: Compliance Committee Roles and Responsibilities
• 3:16: Policies, Procedures and Committee Effectiveness
• 6:41: Risk Assessment: Lessons from Pandemic
• 9:16: OIG Risk Assessment Framework
• 11:39: Summary and Closing Remarks

Transcript

Deanna Fye MSN, RN: 0:15

Hello, I will be your host. My name is Deanna Fye. I am a registered nurse and healthcare analyst. Let's get started.

Speaker 2: 0:26

The views or opinions expressed in this podcast are for informational purposes only, not intended as legal or professional advice, and may not represent those of Verity Consulting. Although we make strong efforts to make sure our information is accurate at the time the podcast episode was recorded, verity Consulting cannot guarantee that all information in this podcast is always correct, complete or up up to date. All information in this podcast is subject to change without notice.

Deanna Fye MSN, RN: 0:51

Welcome to Vital Compliance Insights Today. In this episode I will talk about a continuation of the compliance guidance from the OIG for long-term care facilities, three areas that I want to tackle. First one has to do with the compliance committee. I want to talk about policies and procedures and then risk assessment, not necessarily in that order, but I'll overlap in a few areas. Well, first of all, the compliance committee is a very important group of people that are ideally key stakeholders in the organization, and I will just say here it doesn't always need to be department heads. It certainly can be a collection of individuals who have a strong interest in participating, actively participating in the committee to help to ensure that actions are taken and there's an ownership of the compliance program. So what I will say is that it's important to make sure that the compliance committee may say you know we don't have everyone certainly on the committee, but for this particular topic, who might be missing, is there someone we need to reach out to for some information, to make sure that as a committee we're getting all a good input from a variety of stakeholders? Now the OIG makes it very clear that the compliance committee will not oversee or provide direction to the compliance officer, but this is a supporting role, a collaborative effort. The compliance officer is responsible for the compliance program, but how does the compliance committee help fulfill that work plan? So the compliance committee will work with the compliance officer to develop a work plan and the plan will include all of those initiatives to help keep the facility in compliance.

Deanna Fye MSN, RN: 2:59

Okay, and the important? Some of the important roles that a compliance committee have are to analyze risks. What are the risks facing our entity in a variety of ways? Okay, and can we implement them? How do we implement those initiatives? Are policies and procedures updated? Do people know how to find and gain access to the policies and procedures? Do they understand them? And do we have systems that are developed, internal systems that are developed, that have controls in place to make sure the policies and procedures that were developed are working, they're in place? So the compliance committee has a very important role to conduct a risk assessment in coordination with the compliance officer, put together some policies and procedures, make sure they're followed, because the goal here is to make sure that the compliance program is in place to protect beneficiaries, but also part of that is we want to make sure that the compliance committee can assess needs, to see if members who are following those policies and procedures have an understanding. Is there a need for further training? And the compliance committee could make those recommendations to say, it appears as though there's some more training needed. Is the disclosure program in place? Is it being followed? Okay, are we assessing the effectiveness of our work plan? Are we on track? So just to kind of touch on, the compliance committee has a very important role to support.

Deanna Fye MSN, RN: 4:43

Now the compliance officer needs to be aware of the activities, of course, of the compliance committee, and the compliance officer needs to report to the board what the work plan is, of course, how the committee's doing, and it's not about necessarily performance of individuals, but is the committee effective? Does the committee have the resources it needs to be effective? And there may need to be some adjustments made because it depends upon, you know, the size, the scope of the work plan. Do we have enough persons involved to help us execute that plan? So this will be information the compliance officer would take back to the board. This will be information the compliance officer would take back to the board and that should be a regular reporting mechanism. Now the OIG does recommend that a compliance committee meet once quarterly and, in advance of that meeting, send out an agenda, send out minutes from the previous meeting, because really, ultimately, you want the compliance committee members to be engaged, to know what's the expectation, what's my level of active participation meant to look like. And, of course, certainly the compliance officer may make recommendations and performance reviews on how active and how much participation the compliance committee members are engaged with. Okay, now we do have a compliance committee developing a work plan. Policies and procedures have been developed. We're making sure that the policies and procedures are available to all key stakeholders, that they're periodically reviewed. Do you understand what's in the policy procedure? Oh, we need to make an adjustment. It wasn't clear. Thank you for pointing that out to us. We need to do some new re-education. We need to revise the procedure. We need to clarify it.

Deanna Fye MSN, RN: 6:38

Now I want to switch some gears to risk assessments. Risk assessments why do we need them? Well, without getting into a lot of detail here, we know the OIG produced a publication in 2024 based on the pandemic COVID-19. And in August 2024, a publication from the OIG Lessons Learned on Nursing Homes the Pandemic in Nursing Homes. This was very eye-opening. The OIG was able to clearly identify multiple failures lack of comprehensive system level processes where, because of the pandemic, there were so many failures that resulted in very adverse outcomes for residents. So, for example, the lockdowns that occurred in facilities. What happened? Well, no one could go in, no one could monitor and make sure residents were okay, where they were safe, and, sadly, there were many instances where there was an increase in resident abuse and neglect. So that case was eye-opening. The OIG was able to identify multiple system-level failures and it underscored the need for risk assessments.

Deanna Fye MSN, RN: 8:00

And it really begs the question what can go wrong? How can things go wrong? Now there were a lot of people vocalizing concern about hey, you know, things are locked down. How do we know how people are? So a lot of lessons were learned here that we need to say wait a minute, hold on. We think we're on the right path, but maybe not. What are some of the unintended consequences that can occur? So we do a risk assessment, but then we stop and then ask again are we missing anything? Is there something that could come out of this? And it's important to engage people at all levels to ask is there anything you think could go wrong? Here? I think we covered it all, but what could go wrong. I think we covered it all but what could go wrong.

Deanna Fye MSN, RN: 8:49

To get feedback is really important in risk assessments. Now, oig does recommend an annual risk assessment and that plan should be submitted to the board by the compliance officer and the whole idea is for the risk assessment to identify risks, to analyze them and to respond to those risks in a prioritized manner and an organized manner. So we know that there are outliers sometimes. Sometimes things come up that we didn't have a full understanding of and that's okay. We need to identify that they exist. The OIG makes it really clear that failures to identify is just as important. So it's important to be very open and broad in saying we think this could be a risk, we think this could happen. We don't know, but we're continuing to gather some information to have a better understanding.

Deanna Fye MSN, RN: 9:48

To be clear, oig, in their guidance, compliance guidance they provide many tools for an organization to conduct risk assessments and there are some you know very much evidence-based tools out there and OIG wants a risk assessment to have followed the five principles associated with risk management and those five principles are identify the risk, identify the severity of the risk okay, prioritize, once you've done thatplement, risk responses based on what you know and finally develop a portfolio of associated unrelated risks things that could happen but we're gathering data to continue to monitor. Like I had already alluded to in the OIG guidance there in the appendices, there are many tools out there to help an organization conduct risk assessments. They're very structured framework approach to conducting an assessment and it would behoove you to take a look at that guidance because, like I said, there are many tools there and this will help to tackle some really complex topics that are just where do we start? I don't even know where to start. Well, this framework will help you to identify the steps to take to unravel some things, to put together a risk assessment plan.

Deanna Fye MSN, RN: 11:26

So we know the compliance officer is busy developing and giving guidance to the compliance committee to develop a risk assessment and it's important for that relationship between the committee and the compliance officer to be shared. That relationship needs to be conveyed to the board so the board has an awareness of the health, the status of the compliance committee, effectiveness. Okay, so, with that said, I really want to start to summarize by saying it's very important to have a compliance committee that's made up of key stakeholders. They're very engaged and actively participating. That, once risk assessments have been conducted, policies and procedures are put into place to help provide guidance on how to mitigate or avoid some of the risks that have been identified, but to also be keen and keep an open mind to things that could come up, and people should have comfort in bringing up concerns and identify those. Okay, it's very important to develop a dashboard, to have a broad view of those identified risks. And how are we doing? Are we on course with mitigating or avoiding some of these risks, particularly those risks that affect residents, beneficiaries, safety and quality of care, because certainly those need to be triaged as the highest priority. So I hope this was helpful to you, just to give you a quick overview of some of the areas where the OIG is putting some focus in their guidance.

Deanna Fye MSN, RN: 13:12

Thank you for listening and stay tuned for future podcasts. Thank you for listening. Your time is appreciated. We hope you enjoyed this episode of Vital Compliance Insights and found this to be informative. Please feel free to reach out to Verity Consulting at verityteamcom if you'd like further assistance with your healthcare compliance needs. Stay tuned for the next episode. Thank you.