Corporate Compliance

Note from the instructor: General guidelines for keeping up to date with changing regulatory requirements

Medicare Insider, September 1, 2015

Want to receive articles like this one in your inbox? Subscribe to Medicare Insider!

This week’s note from the instructor is written by Judith L. Kares, JD, regulatory specialist for HCPro.

One of the biggest challenges to the provider community, including hospitals and critical access hospitals (CAH), is keeping up to date with current regulatory requirements, particularly when it comes to rules on coverage, coding, billing, and payment for services provided to beneficiaries under federal healthcare programs, including Medicare and Medicaid. For those of you who have taken one of our hospital or CAH Medicare Boot Camps, you probably remember discussing this early during the week, when we identified the major official sources of authority on Medicare rules, as well as some tips about how to efficiently keep yourselves up to date.

According to guidance from the enforcement community (the HHS’ OIG and the U.S. Sentencing Commission), hospitals have the responsibility to exercise reasonable care to identify potential regulatory risks before they occur, to detect suspected or actual violations when they occur, and to prevent similar violations from occuring in the future. This responsibility is particularly true with respect to violations relating to federal healthcare programs. One of the ways that hospitals can demonstrate that they are exercising reasonable care in these areas is to establish and follow written guidelines for keeping up to date with changing regulatory requirements, based on the size and resources of their organization and the complexity of their healthcare operations. The remainder of this note provides some general guidance for the development of such guidelines.

Primary sources of authority for applicable regulatory standards

Given the complexity of the task and the limitations on resources available, it is important to identify the areas of greatest potential regulatory risk by becoming familiar with the primary sources of authority for applicable regulatory standards. Therefore, the sources of authority set out below generally appear in the order of their potential regulatory risk.

Government Programs (e.g., Medicare and other Federal Programs). U.S. Government Printing Office (GPO) Federal Digital System (FDsys)—federal laws (statutes) and regulations:

  1. Statutes are “codified” in the United States Code and published online on GPO FDsys website
    1. Sometimes cited with Social Security Act section numbers which can be found on the Social Security Administration website
    2. New statutes are cited as Public Laws or by their popular name and can be found on Congress.gov maintained by the Library of Congress
  2. Regulations are initially published in the Federal Register on GPO FDsys and then “codified” in the Code of Federal Regulations (CFR) on GPO FDsys
    1. CFRs are published in an Official version updated annually and a regularly updated unofficial electronic version
  3. CMS—CMS guidance
    1. Manuals
      1. Most CMS manuals are available on the CMS website as part of the “Internet Only Manual” (IOM) system, including the following three IOM manuals
        • Pub. 100-2 – Medicare Benefit Policy (basic coverage rules)
        • Pub. 100-3 – Medicare National Coverage Determinations (national coverage decisions)
        • Pub. 100-4 – Medicare Claims Processing
      2. A few “paper-based” CMS manuals (including the Provider Reimbursement Manual) continue to be available for download on the CMS website
    2. Transmittals
      1. There are two types of transmittals that are published on the CMS website
        • One type of transmittal announces policy or manual changes that are tied to a particular CMS manual
        • The other type of transmittal is a “one-time notification” that contains information but does not change CMS manuals
      2. Transmittals are tied to a change request number from CMS
    3. MLN Matters article
      1. There are two types of MLN Matters articles that are published on the CMS website
        • One type is tied to a particular transmittal and is intended to provide practical operational information about Medicare to providers. Such articles are numbered with “MM” followed by the change request number of the associated transmittal
        • The other type, referred to as a “Special Edition MLN Matters article,” is not tied to a transmittal but provides information on topics CMS deems of particular interest. Such articles are numbered with “SE” followed by two digits representing the year it was published and then two digits representing the order the article was published in that year
    4. Frequently Asked Questions (FAQ)
      1. FAQs are published on the CMS website with information on specific topics
  4. Medicare Contractors
    1. Medicare Administrative Contractors (MAC)
      1. MACs create local coverage determinations (LCD), which are published on the individual MAC website and on the CMS website
      2. MACs also publish substantial billing and coding guidance on their websites
    2. Recovery Auditors
      1. Under the Recovery Audit Program, the country is divided into four jurisdictions
      2. Recovery Auditors are required to obtain prior approval of audit issues and to post approved issues and other important information relating to the program on their websites
  5. HHS OIG
    1. The OIG is the primary enforcement arm of the HHS
    2. The OIG publishes frequent guidance on regulatory issues, including, but not limited to, its annual FY Work Plan, Advisory Opinions, Fraud Alerts, Audit Reports, as well as various enforcement actions
    3. Relevant guidance can be found by going to the OIG website

Note: HCPro maintains a website with extensive links to Medicare resources, including, but not limited to, GPO Access and the CMS website

Guidelines for scope of review to determine regulatory standards

As noted above, hospitals should attempt to maximize the efficiency of their routine review activities without sacrificing the quality and adequacy of information obtained. To that end, the hospital’s compliance officer and/or his or her staff should, at a minimum and on an ongoing basis, do the following:

  1. Subscribe to weekly regulatory updates. Subscribe to and review at least one online publication that provides weekly regulatory updates to key government programs (e.g., Medicare, Medicaid, CHIP, etc.).
    1. For example, HCPro publishes a weekly online publication Medicare Insider, which includes updates on Medicare law relating to hospitals, including links to proposed and final regulations, transmittals, fact sheets, etc. Medicare Insider will appear in your email once a week, generally on Tuesday.
    2. The weekly update should be reviewed as soon as possible (within a day or two) following its receipt.
  2. Listserv subscriptions. Subscribe to relevant CMS email lists through the CMS Mailing Lists website or the NIH website, both of which can be accessed via the HCPro links website under “Listserv Subscriptions.”
    1. For the CMS Mailing Lists website, first set up a user profile on the “CMS.HHS.gov Email Updates” page. Suggestions for subscriptions on the CMS mailing lists, include:
      • CMS Coverage Email Updates, which include updates to coverage policies (NCDs, LCDs, etc.)
      • Hospital Open Door Forum, which updates subscribers on CMS’s monthly hospital “Open Door Forum” conference calls. These calls provide valuable information to hospitals. You can receive dial-in information by signing up to this list serve or checking the Hospital Open Door Forum page on the CMS website.
      • MLN ConnectsTM Provider eNews
      • CMS News Releases (including fact sheets)
    2. For the NIH hosted lists, go to the “NIH Listserv Homepage” link on HCPro’s links page and sign up by clicking on the list you wish to join. Suggestions for the NIH hosted lists include:
      • HOSPITALS-ACUTE-L (hospital acute care provider information)
      • MLNMATTERS-L (MLN articles)
      • OP-PPS-L (Outpatient Prospective Payment Information)
      • HHS-OIG-MEDIA-L (the OIG’s “News Releases”)
    3. Email should be checked at least once a day to determine whether any listserv-based emails have been received, and, if so, those emails should be triaged to determine their importance/priority, as well as appropriate follow up (e.g., immediate review, dissemination to appropriate personnel).
  3. Federal Register table of contents subscription. Subscribe to the daily Federal Register table of contents listserv (FEDREGTOC-L) through the GPO Access link under “Listserv Subscriptions” on the HCPro Links website.
    1. This listserv provides the TOC for that day’s Federal Register (which is published by the government every weekday that the government is open for business), including citations and links to the updates included in that issue.
    2. Items are listed in alphabetical order based upon the agency issuing the updates (e.g., CMS).
    3. Email should be checked at least once a day to determine whether anything of interest has been published, and, if so, to determine its importance/priority, as well as appropriate follow up.
  4. Online review of recent transmittals. Conduct online review of transmittals issued during the preceding week, which can be accomplished by going to the HCPro links website and opening the last link entitled “Transmittals” at the end of the first section of links, “CMS Medicare Billing-Related Sites – General.”
    1. Once at the Transmittal site, click on the current calendar year (2015). When it opens, you can set up your page so that the most recently issued transmittals are at the top of the list.
    2. Since most transmittals are issued on Fridays, the best time to check on recent updates would be first thing each Monday morning.
  5. Online review of contractor and agency websites. Conduct online review of relevant contractor and agency (e.g., MAC, Recovery Auditor, state healthcare agencies) websites for updates on at least a weekly basis.

The above is not an exhaustive or exclusive list. In addition to the above suggestions, which are all free (no additional subscription fees are applicable), hospitals may want to subscribe to certain proprietary services (e.g., Craneware, CCH, Mediregs, etc.), for which there is an additional subscription fee. In particular, many of these proprietary services have more sophisticated and user-friendly search capabilities than the government databases. HCPro’s brand new Medicare Compliance Watch is another such service, as is the customized Medicare Membership program.

Again, whatever you decide to do, create written policies and procedures outlining your review process. Policies and procedures should also exist to show how you disseminate and use the information obtained to identify, detect, and prevent potential risks or suspected or actual compliance violations. Good luck!



Want to receive articles like this one in your inbox? Subscribe to Medicare Insider!

Most Popular