Solid Foundations: Health Care Regulatory Compliance Framework

Thoughtware Article Published: Sep 13, 2019
Solving Tough Medicaid Math Problems

The U.S. health care paradigm is slowly shifting from “sick care” to “health care” through an invigorated emphasis on preventative care delivered by primary care physicians, value-based contracting (including risk-sharing and capitation arrangements) and participation in accountable care organizations (ACO), bundled payment programs (BPCI) and clinically integrated networks. It’s no secret that sick care is reactionary and results in poor patient outcomes, inefficient resource use and skyrocketing costs. The transition from reactive sick care to proactive health care has not been frictionless to date and many challenges still lie ahead, but the objectives are clear: improved and sustainable outcomes for patients and providers. The sick care to health care transition can be used as an analogous frame of reference when organizations think about regulatory compliance. The regulatory governance function at health care organizations is a critical paradigm that has not advanced beyond the sick care side of the continuum.

Leadership teams at provider organizations are routinely faced with the need to enter into financial arrangements with referring providers in order to advance the organization’s mission. Hospitals have historically used a transaction-based or arrangement-specific compliance approach, which forces stakeholders to react to high-risk and high-sensitivity arrangements in real time. The current regulatory environment is such that even the most reasonable and common business terms could be construed as risky, especially in light of recent allegations and settlements. Not entering into these arrangements is typically not an option, as doing so could result in losing the ability to provide adequate patient care for provider(s) and any given organization(s). As a result, health care executives—who are already grappling with complex regulatory requirements—are subject to immense levels of pressure in what may feel like hostage situations. These reactionary encounters create high levels of compliance risk for health care organizations and executives alike.

Similar to the sick-care-to-health-care transition, it’s critical now more than ever for organizations to shift from a reactive to a proactive approach to regulatory compliance. The ultimate goal is to have a framework that mitigates legal compliance and business risk for the organization and its key stakeholders, preserves the organization’s ability to enter into prudent business arrangements in rapid-change situations (for example, replacing unexpected provider departures or securing coverage), helps avoid one-off “exceptions” that become the norm and reduces rising compliance costs. These objectives can be achieved under a comprehensive provider financial arrangement governance framework.

While most organizations have developed some compliance-related processes and internal controls, certain key controls may be missing, supporting documentation may be inadequate or existing processes may not be functioning in a manner that effectively reduces risk. For example, the lack of a formal manual or policy that clearly defines consistent compliance processes and the roles and responsibilities of key stakeholders increases the risk of gaps in the provider financial arrangement process. Similarly, the lack of periodic contract review requirements and any perceived ambiguity in contract terms (for example, payment parameters) increases the risk that an organization does not pay in accordance with the stated contract terms or that payment may exceed a fair market value range.

Organizations have historically viewed the relationship between business risk and compliance risk as an inverse trade-off; however, this perspective is founded on the notion that the relationship between those risks is a zero-sum game. In reality, organizations considering high-risk/high-dollar arrangements naturally also contemplate the magnitude and likelihood of achieving high-reward clinical and financial outcomes. In these situations, leadership must ensure the organization is getting what they pay for as the primary risk shifts from simply overpaying providers to overpayment through subsidization of provider underperformance. Both are problematic from a compliance perspective; however, the latter portrays how deficiencies in the governance of provider financial arrangements increase both compliance and business risk.

As participation in ACOs, BPCI and other forms of value-based health care increases, monitoring the actions of providers and what ultimately drives their clinical decision making will be critical from both a compliance and bottom-line business perspective. Monitoring should not only identify areas of risk, but also illuminate how to address deficiencies. Continuous and disciplined monitoring via internal controls is one critical way to reduce both business and compliance risk. Having even one weak area in the governance framework, where a loophole exists and can be exploited—for example, too many manual overrides or too much reliance on unsupported professional judgment—may lead to consequences, as seen in countless legal cases. Even the smallest cracks in an otherwise solid foundation can lead to system collapse.

Eliminating risk is unrealistic—all health care organizations will eventually be exposed to an arrangement that exceeds their risk appetite. The best thing an organization can do is establish a compliance governance structure that includes internal controls and appropriate parameters to rapidly identify and control risks in a manner that protects patients, providers, stakeholders and the organization.

Reach out to your BKD trusted advisor or complete the Contact Us form below if you have questions.

Related Thoughtware

Kate & Ben — How can we help you? Contact Us!

How can we help you?