Just a few years ago, if you had asked me to name the primary functions of the governing body, I would have said there are four:
- Quality of Services
I see these primary functions as equally important. The leadership challenge for the CEO and Board is to keep the organization balanced by not focusing on one function to the detriment of another. To be sure, there is a lot of room regarding what could be included under each function; that, too, presents a leadership challenge and requires balance. We all have a natural tendency to reinforce existing strengths and not develop things that we know will require a lot of work but will ultimately make the organization stronger.
Some people would argue for Oversight as a fifth primary function, but I would counter that no managerial endeavor is really any good without oversight. In other words, you can’t say you are responsible for something and then not confirm that you did it. Whether we review something monthly, quarterly, semi-annually or annually, we need some basis for proving that we did indeed carry out our mission. Better yet, we made changes to become more effective.
The Fifth Function
Today, I would add a fifth primary function: Compliance. One could argue that Compliance itself is a form of oversight – and it is. But it is also much more. It is a vehicle for culture change. It is a systematic, disciplined process for getting your organization to the desired stage of regulatory compliance. It is something that can be reviewed on an annual basis, but not something that can be achieved simply by performing an annual review. It requires daily adherence to best practices, to changing regulatory requirements, to daily coding regimens and to documentation requirements. Any realistic analysis of the constitution of a good compliance program will quickly conclude that this is not something where you can just wing it.
Not convinced? Run a quick search for HIPAA enforcements and you will find plenty of actions against all health care providers, physicians, hospitals, nursing homes, home health, and vendors. HIPAA privacy, security and social media concerns are hot items with big fines attached to violations. For example, the University of Massachusetts – Amherst was hit with a $650,000 settlement over HIPAA security weaknesses, one of which was the lack of a firewall which apparently enabled access to PHI. By any measure, $650,000 is a lot of money, but it is not a big HIPAA settlement. Without an investment in a robust compliance defense, these enforcement warnings will become a reality for many providers, and their boards.
Also consider medical necessity as a cause of false claims in skilled nursing. The most obvious – and significant, at least so far – is the exposure to false claims in rehab, primarily under the Medicare program. SNF providers cannot pass off liability to the therapy company because the billing takes place on the facility’s provider number. A far more practical perspective is to recognize that the therapy company and SNF are joined at the hip; both parties need to work on a proactive basis to assure clean coding and claims. Like HIPAA, therapy claims accuracy and integrity cannot be addressed piecemeal. It needs the attention of a comprehensive compliance effort with an informed governing body at the helm.
Compliance is here to stay
There is no shortage of risk exposure. Strong leaders and governing boards will recognize immediately that the best way to deal with heightened risk exposure is not on a case-by-case basis, but with a systemic approach designed to mitigate risk. It’s a big job, a noble one, and it requires a disciplined, programmatic approach rather than patchwork. Compliance is the new normal, and it is here to stay.