Governing bodies of Medicare- and Medicaid-approved long-term care facilities must set up processes through which they will receive full reports regarding facilities’ risk mitigation and compliance efforts and respond to them.
These reports must originate from all parts of the organization which have a significant impact on the provision of services to the public, and include all key players, such as those responsible for compliance, internal auditing, human resources, quality improvement, legal, and quality assurance. The tasks and responsibilities for producing these reports should be clearly spelled out, so that any lapses can be identified before they become problematic.
For example, responsibility for the compliance function includes developing employee guidance policies, developing plans to improve and sustain compliance, and providing a method of measuring the efficacy of corrective actions. Responsibility for the legal function includes advising the governing body on the legal and regulatory risks of its business strategies, and providing advice and counsel to management about relevant laws and regulations that govern or impact the organization.
The internal audit function includes the provision of an objective evaluation of the existing risk and internal control systems, a monitoring process of the organization’s functioning (which should provide the early identification of areas where action may be required), and the development of policies which ensure the most efficient use of resources.
The human resources function provides full reporting on the status of the recruiting, screening, and hiring of employees; coordinates employee benefits, and provides employee training and development opportunities.
The quality improvement function must provide reporting on patient or resident health outcomes. This reporting process should recommend any necessary changes to clinical processes, with the aim of maintaining patient-centered care and reducing the risk of patient harm.
In this regard, it is recommended that governing bodies establish a risk-based reporting system, which should automatically flag events and incidents requiring immediate attention when certain risk-based criteria are met.
Reporting information must include, among other things, all conclusions relating to internal and external investigations, serious issues raised in internal and external audits, hotline call activity, all allegations of material fraud or senior management misconduct, and all management exceptions to the organization’s code of conduct and/or expense reimbursement policy.
Finally, it should be noted that the Office of Inspector General (OIG) recommends that an organization’s compliance officer should neither be counsel for the provider, nor be subordinate in function or position to counsel or the legal department. In addition, the OIG recommends that the officer responsible for all internal audits also be a separate individual, who should have access to appropriate and relevant corporate information, resources, and reporting channels.