As the web of healthcare providers and entities becomes even more entangled, so too are compliance-related obligations, interactions and relationships. The advent of federal and state Accountable Care Organizations (ACOs), the expansion of Medicare and Medicaid managed care plans, and the implementation of other state Medicaid redesign initiatives, including Delivery System Reform Incentive Payment (DSRIP) programs, are dramatically expanding the breadth, scope and magnitude of compliance programs. In this article, we highlight the increased compliance obligations of providers who partner in collaborative arrangements, with a particular focus on DSRIP compliance considerations.

The Eight Elements of New York’s Mandatory Compliance Requirements

States across the country are defining more specific and stringent regulations around compliance. New joint ventures and initiatives (such as ACOs, Medicaid managed care expansion and DSRIP) require new and different compliance approaches.

For this article, we’ll examine New York as one example of how state compliance programs are evolving—and the kinds of requirements that need to be kept in mind during execution. Although regulators have stopped short of requiring Performing Provider System (PPS) leads to assume the compliance responsibilities of their partners or participants, there is a clear expectation that the PPS leads should monitor the actions and compliance efforts of the providers in their networks.

PPS leads must determine how to fulfill their more expansive role without confusing their employers or partners, duplicating efforts or expanding their potential liability. They must figure out how to integrate new requirements with existing compliance efforts, as well as execute them across all partners and participants.

To implement the new oversight expectations effectively in New York, PPS leads need to understand and consider all eight elements of the state’s mandatory compliance requirements:

1. Policies and Procedures

The compliance requirements state that policies and procedures must:

  • Address issues unique to DSRIP funds and processes,
  • Distinguish between policies with provider-specific versus PPS-wide applicability,
  • Be easily accessible and regularly updated and maintained,
  • Clearly communicate all rules, requirements and processes, and
  • Include language in any existing compliance plan that expands current compliance requirements and initiatives to DSRIP.

2. Compliance Officers/Compliance Committees

Recently released guidance emphasizes an established requirement that compliance officers be employees of the Medicaid provider, in this case the PPS lead or one of its wholly owned subsidiaries. The required reporting structure ensures both independence and access to leadership.

New York also addresses compliance committee membership, laying out the composition and participation requirements for both formal and informal groups. Committees must include representatives from across the network’s various affiliates, partners and participants. They also must collect and review data showing measurable evidence that the program is effective.

3. Open Lines of Communication

To meet requirements, compliance programs must have communications initiatives in place that:

  • Notify individuals throughout the network of existing hotlines for reporting potential issues and problems.
  • Explain which hotline or entity to contact for guidance on specific issues.
  • Support the appropriate sharing of information among partners and participants to ensure that all relevant parties are fully informed of emerging issues and prepared to respond in a timely manner.

4. Education

The requirements detail the educational programs needed to support compliance. PPS leads must develop training programs to ensure staff at all partner and participating entities are knowledgeable about compliance regulations, as well as their responsibilities in ensuring those regulations are strictly followed. While the PPS need not train all partners and participants itself, it must have processes in place to confirm training was provided at each performing provider. The programs must include content specific to DSRIP policies and risks and should be developed centrally and compatible across entities to ensure consistency of content while avoiding duplication of efforts.

5. Discipline

Discipline becomes more complicated and potentially politically sensitive as regulations broaden to include requirements for nonemployees and business associates. The most important considerations in any discipline plan are that it encourages good faith participation in the compliance program by all performing providers and is applied consistently.

6. Risk assessment and auditing

Traditionally, risk assessment has focused on four issues: medical necessity, documentation, coding and billing. PPS leads responsible for compliance oversight must also now have processes in place for meticulously and continually evaluating:

  • Adherence to the implementation plan;
  • The distribution, use and accounting of funds; and
  • The completeness and accuracy of quality, cost and other data that may need to be aggregated and delivered to the Centers for Medicare & Medicaid Services (CMS) or the state.

7. Corrective Action

PPS leads are responsible for ensuring that effective corrective action is swiftly implemented for any identified issues. Their required role also includes communicating the corrective action plan and tracking progress against established goals. The New York requirements detail specifically when and to whom PPS leads are able to delegate any of these duties to others in their organizations.

8. Nonintimidation and Nonretaliation

PPS leads implement and enforce a policy of nonintimidation and nonretaliation. PPS leads should monitor all disciplinary actions to ensure they can’t be perceived as retaliatory. They also need to ensure that disciplinary actions are being applied equally across the entire PPS.

Looking Ahead

Beyond traditional fee-for-service compliance self-monitoring initiatives, future processes will incorporate oversight procedures that managed care organizations and ACOs have utilized to monitor their downstream entities and participants, respectively. The scope and frequency of communications, adherence to the implementation plan, distribution and appropriate utilization of funding, and accuracy of reporting by partners and participants all will take on increasing significance—and ultimately comprise the central focus of monitoring efforts. Moving forward, oversight likely will consist of some combination of contractual obligations, auditing/monitoring and attestations of compliance. The PPS leads’ annual Office of Medicaid Inspector General (OMIG) Compliance Certification will be expanded to encompass activities not only of certifying providers but also of their partners and participants.

Until recently, it would have been hard to imagine that a compliance officer would look back fondly on the good old days of a simpler, perhaps stand-alone compliance program that operated within, and focused on, the operations and risks of a single healthcare entity. The changes highlighted above are significant and can be reasonably expected to have a profound impact not only on compliance officers and their departments but also on the daily operations of providers.

As integration continues, inevitably the reach and complexity of compliance programs will expand exponentially. Payers and providers will be well-served to strategize on how best to coordinate and integrate their plans and programs, not only within their own organizations but also in concert with their participants and partners in an ongoing effort to maximize both efficiencies and effectiveness.