Communication with Your Governing Body: Identifying Compliance Risks

Jeannine LeCompte, Publishing and Research Coordinator

The primary purpose of a reporting system within a Medicare- and Medicaid-approved long-term care facility is to ensure that the organization remains compliant with all legal obligations as set forth by the Centers for Medicare & Medicaid Services (CMS).

Governing bodies should prioritize the evaluation of how the facility’s management and staff work together to identify and investigate compliance risks. This should also include the implementation of appropriate corrective actions, and honing the methods used by the various departments to communicate with each other throughout the process.

The governing body should have a pre-determined checklist of incidents or events which automatically trigger suitable investigations and reports. Such a checklist—known as a risk-based reporting system—should at the very least include the following incidents and events:

  • Falls which result in injuries or fractures
  • Any instances of drug diversion
  • Any evidence of fraud
  • Any offence which is automatically reportable to the Office of Inspector General (OIG) or any other regulatory body
  • Any data losses or breaches, including identity theft
  • All staffing issues, particularly regarding background screening and ineligibility checks
  • Any significant reports on the company hotline by whistleblowers
  • Any instance of retaliation resulting from whistleblowing
  • Any noncompliance report relating to any aspect of the organization’s operations
  • Any quality-of-service related events, such as Quality Assurance and Performance Improvement (QAPI) issues
  • Security concerns or workplace violence reports
  • All regulatory licensing issues
  • All infection control incidents and reports
  • All billing and claims reporting
  • Any legal issues such as lawsuits, subpoenas, and contracts      

The above list comprises the most common areas which require constant review and reporting to the governing body, and must include a method for two-way communication about the content of the reports. There may be other issues unique to an organization which would require additional reports.