Healthcare compliance post-ACA: Challenges and opportunities [Special Report]

Prior to the Affordable Care Act (ACA), chief compliance officers say their role in the healthcare organization was fairly straightforward. But now they must deal with broad and unprecedented regulatory changes and have a hand in quality initiatives throughout the organization.

The good news is that it has elevated the position of the chief compliance officer or CCO within the organization. The bad news is that compliance has become such an ever-growing component of quality that incorporating quality into compliance can be a "tedious" exercise, according to one chief compliance officer interviewed by FierceHealthcare for this special report that examines the changing role of compliance due to healthcare reform.

"The biggest challenge of ACA compliance is the intensity of the regulation expectations, how these need to be implemented across the entity and how many disciplines it now needs to incorporate," Regina Gurvich (pictured right), CCO at New York's Advantage Care Physicians, a multi-specialty physician practice, told FierceHealthcare in an exclusive interview.

While the ACA has had a profound effect on the compliance process, she says it also transformed the position of the CCO.

"I think every new regulation legitimizes the position more and more," Gurvich told FierceHealthcare. "If you look at historical perspective, compliance officers are still not fully there, so [post-ACA] it's legitimized, it raised the expectations of skill sets."

The changing role of the CCO

The ACA requires organizations to create effective compliance programs, a mandate that has also increased the visibility of the position, says Thomas Flynn, CCO of Hackensack University Medical Center, a 900-bed non-profit, research and teaching hospital in New Jersey

"I think it's safe to say [the ACA] is making the position more important in organizations, more complex, maybe even more difficult to fulfill," Gabriel Imperato, board president of the Health Care Compliance Association (HCCA), told FierceHealthcare, "because of the ever-expanding compliance needs of an organization and the corresponding risks, and while that isn't a new phenomenon for chief compliance officers, it certainly was enhanced by the Affordable Care Act."

Indeed, just 19 years ago, the HCCA began with a handful of newly named compliance officers. Today it boasts 10,000 members, who are part of "one of the fastest growing professions in the world," according to Roy Snell, CEO of the association.

The expanded importance of compliance to hospital and health system operations also affects what it means to be a CCO, says John Falcetano, CCO of Greenville, North Carolina's Vidant Health, a regional health system serving 29 counties in eastern North Carolina.

 "The basic toolkit of the compliance officer remains the same, but the knowledge base required to implement an effective program becomes much broader," Flynn says. "Hospital compliance officers will need to work with teams up and down the continuum of care and engage clinical staff at all levels in order to remain effective."

Therefore, it's vital that organizations invest in CCOs who have a thorough understanding of requirements to avoid potential penalties and get through audits post-ACA, according to Gurvich.

"Effective CCOs can stress the proactive nature of compliance requirements, establish relationship/ communication lines with the regulators, and facilitate the cohesiveness of the approach," she says.

Internal and external audit prep

Although the healthcare reform law has many provisions that address fraud and abuse, one of the historical benchmarks of the Affordable Care Act is that hospitals develop their own effective compliance programs and return overpayments within 60 days. Failure to comply results in the risk of significant financial penalties. 

"On one level, they kind of intensify what were already existing obligations that organizations had with respect to compliance." Imperato says. The 60-day requirement, however, is one of the most significant changes, he says, one "which certainly raises the stakes on the risk scale for organizations."

And then there's the audit process itself. Compliance auditors will review documentation to ensure that the organization meets the regulatory requirements. If the organization is not in compliance, auditors will make improvement recommendations. "If necessary, overpayments are determined and refunded," Falcetano says.

Fahad Ahmed, compliance and privacy officer for both Bridgeport and Greenwich Hospitals in Connecticut and the operational director for Yale New Haven Health System's Office of Privacy and Corporate Compliance, says not much has changed in the audit process since the ACA.

The CCO must still focus on high-risk areas and determine whether the organization has met the requirements in those areas, says Ahmed (pictured right). High-risk areas include departments with high net revenue, such as chemotherapy and radiation therapy, which have complicated billing and coding requirements but also have high dollars associated with the services, Ahmed says.

A successful post-ACA audit program will protect revenues by paying special attention to those areas, according to Ahmed.

During an actual audit, Ahmed says, auditors will focus most of their time on reviewing the medical record and supporting documentation.

"The most important thing you can do is educate your physicians on what documentation is needed, what are the most important elements to hit in your documentation that justify for your internal coders, but then also from your external auditors" that the organization appropriately bills for services provided," he says.

Accurate documentation, Ahmed told FierceHealthcare, means internal coding is correct, which in turn means organizations will avoid penalties and survive an audit "by any type of auditors, whether it's your in-house auditors or whether it's your governmental auditors as well."

Providers have made substantial efforts to comply with the ACA's regulations on preventable readmissions and fraud, but the law's provisions to reduce overutilization of care have somewhat slipped under the radar by comparison, Paul Keckley, managing director of the Navigant Center for Healthcare Research and Policy Analysis, told FierceHealthcare.

"The law essentially sets a foundation for appropriate care, [which] needs to be substantially transparent, and therefore there are actions taken where it becomes transparent," says Keckley (pictured left). While the healthcare industry takes steps to reduce readmissions and prevent fraud, he says complying with the medical necessity aspects of the law may prove more of a challenge.

"That one requires a lot of heavy lifting," Keckley says. "The science about what works and what doesn't work is not binary." The more information a provider has about a patient's symptoms, risk factors and comorbidities, he says, the more the lines blur as far as care necessity. "Medical necessity is about making sure that where the evidence is strong, you do what the evidence says, and where the evidence is weak, you don't want to be caught doing things just because it helps you generate more revenue. That's a very difficult process."

The larger the entity, however, the more the government would expect in a compliance program, says Falcetano. Larger organizations must conduct risk assessments, internal audits of inpatient and outpatient services, investigations and provide compliance education, he says.

The biggest mistake a provider can make during this process is "not having a strong compliance culture and believing that doing nothing to identify and correct compliance issues is okay," Falcetano says, "You can't stick your head in the sand and think the issue will go away."

Ahmed also suggests that healthcare organizations treat audits as learning experiences regardless of outcome.

"You may have a hospital audit that you're doing internally as part of your compliance plan and the goal is for the compliance department to make sure they are sending a message to department managers that this is an opportunity to improve, this in no way is a scrutiny of the department," he says, adding that too often, leaders do not use audit results or penalties to make the necessary corrections.