Skilled nursing facilities (“SNFs”) are facing many challenges as their residents and staff encounter COVID-19 diagnosis, care and testing. During the COVID-19 pandemic, CMS and state departments of health have issued and revised interim final regulations, waivers, quality care directives, orders and multiple guidance memos. In early June 2020, the U.S. Department of Justice – Criminal Division (the “DOJ”) released an update to its “Evaluation of Corporate Compliance Programs” (the “2020 DOJ Evaluation Memo”). This article identifies several key topics and areas that the DOJ raises in the 2020 DOJ Evaluation Memo that SNF compliance officers can use now to help adapt their compliance programs and make the road ahead as smooth as possible.
SKILLED NURSING COMPLIANCE AND ETHICS PROGRAMS
SNFs were first required to create and maintain compliance and ethics programs under Section 6102 of the Affordable Care Act (“ACA”), which added Subsection 1128I(b) to the Social Security Act. The ACA called for SNFs compliance and ethics programs to be reasonably designed, implemented and enforced so that they are likely to be effective in preventing and detecting criminal, civil and administrative violations under the ACA.
In 2016, CMS issued final regulations to Part 483 of Title 42 of the Code of Federal Regulations, the Requirements for States and Long-Term Care Facilities (“RoPs”) that included compliance and ethics program regulations and set those regulations to be survey items beginning November 28, 2019, which became known as Phase 3.
42 CFR Section 483.85(c) sets forth the required compliance and ethics program components for all SNFs. These required components include:
- Written compliance and ethics standards, policies and procedures.
- Assignment of individuals within the high-level personnel to oversee the compliance and ethics program of the facility.
- High-level personnel are given sufficient resources and authority to ensure compliance with the written standards, policies and procedures.
- Due care must be exercised to not give discretionary authority to individuals the operating organization knew or had reason to know engage in criminal, civil and administrative violations under the Social Security Act.
- The program must be communicated to staff and volunteers in accordance with their roles and contracted individuals.
- Implementation of monitoring and auditing systems that are reasonably designed to detect criminal, civil and administrative violations.
- Consistent enforcement of facility standards, policies and procedures.
- Once a violation is identified, the operating organization must take all reasonable steps to appropriately respond to the violation and to prevent similar violations.
Starting on November 28, 2019, surveyors were to use requirements detailed in Section 483.85 to determine whether a SNF’s compliance and ethics program satisfies the requirements in the Final Regulations.
On July 18, 2019, CMS released proposed revisions (“2019 Proposed Regulations”) to the RoPs. See Hall Render’s summary here. CMS stated that it identified a number of existing SNF requirements that could reduce unnecessary burdens on facilities if they were simplified or eliminated. The 2019 Proposed Regulations would alter over a dozen sections of the RoPs, including: (1) resident rights; (2) admissions transfers and discharges; (3) compliance and ethics programs; and (4) infection control.
The 2019 Proposed Regulations also propose to delay implementation to some of these Phase 3 provisions until one year following the effective date of the 2019 Proposed Regulations.
Under the 2019 Proposed Regulations, beginning on November 28, 2020, surveyors will use the requirements detailed in the 2019 Proposed Regulations to determine whether a SNF’s compliance and ethics program fulfills the requirements in the RoPs. At this time, CMS has not issued specific guidance in its State Operations Manual for Skilled Nursing Facilities.
DOJ – EVALUATION OF CORPORATE COMPLIANCE PROGRAMS
The DOJ first released its “Evaluation of Corporate Compliance Programs” guidance in February 2017 and then revised it in April 2019.
In early June 2020, the DOJ released the 2020 DOJ Evaluation Memo.
The 2020 DOJ Evaluation Memo is designed to assist prosecutors in making informed decisions as to whether, and to what extent, the compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitoring or reporting obligations). Its concepts and principles should be considered when reviewing and designing a skilled nursing or other post-acute provider compliance program.
TAILORING THE PROGRAM AND LEARNING LESSONS FROM PRIOR ISSUES
The 2020 DOJ Evaluation Memo’s additions include recommending that prosecutors make a reasonable, individualized determination in each case that considers various factors including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape and other factors, both internal and external to the company’s operations, that might impact its compliance program.
The 2020 DOJ Evaluation Memo calls for prosecutors to credit the quality and effectiveness of a risk-based compliance program. Prosecutors should consider, as an indicator of risk-tailoring, revisions to corporate compliance programs in light of lessons learned. The 2020 DOJ Evaluation Memo adds new language to the “Updates and Revisions” section and instructs prosecutors to ask:
- Is the periodic review limited to a ‘snapshot-in-time’ or based upon continuous access to operational data and information across functions?
- Has the periodic review led to updates in policies, procedures and controls?
The 2020 DOJ Evaluation Memo’s theme of adapting a compliance program is reflected in a new “Lessons Learned” section that directs prosecutors to consider whether the company has a process for tracking and incorporating into its periodic risk assessment lessons learned either from the company’s own prior issues or from those of other companies operating in the same industry and/or geographical region.
When reviewing and redesigning SNF compliance and ethics programs, SNFs should not adopt the approach of others but should tailor its program to the SNF’s own unique factors and learn from its prior issues.
POLICY UPDATES ARE IMPORTANT
The 2020 DOJ Evaluation Memo emphasizes that any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process. It adds questions related to accessibility of policies:
- Have the policies and procedures been published in a searchable format for easy reference?
- Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?
When reviewing and redesigning SNF compliance and ethics program, SNFs should reconsider how the policies are made available to staff, volunteers and contractors. Are they in binders on shelves or available and searchable online?
DATA RESOURCES
The DOJ calls for prosecutors to address the sufficiency of the personnel and resources within the compliance function, in particular, whether those responsible for compliance have: (1) sufficient seniority within the organization; (2) sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation and analysis; and (3) sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.
The 2020 DOJ Evaluation Memo emphasizes that prosecutors should ask:
- Do compliance personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls and transactions?
- Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediment?
MERGERS AND ACQUISITIONS
The 2020 DOJ Evaluation Memo provides that a well-designed compliance program should include comprehensive due diligence of any acquisition targets, as well as a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls.
The 2020 DOJ Evaluation Memo adds that the due diligence of any acquisition targets should include a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls. The DOJ emphasizes that, in mergers and acquisitions, flawed or incomplete pre- or post-acquisition due diligence and integration can allow misconduct to continue at the target company, causing resulting harm to a business’s profitability and reputation and risking civil and criminal liability.
TRAINING AND COMMUNICATION
Another element of a well-designed compliance program is appropriately tailored training and communications. Prosecutors should also assess whether the company has relayed information in a manner tailored to the audience’s size, sophistication or subject matter expertise. The 2020 DOJ Evaluation Memo added a new statement to recognize that some companies have invested in shorter, more targeted training sessions to enable employees to timely identify and raise issues to appropriate compliance, internal audit or other risk management functions.
The 2020 DOJ Evaluation Memo calls for prosecutors to examine whether the compliance program is being disseminated to, and understood by, employees in practice in order to decide whether the compliance program is truly effective.
Several new questions were added for prosecutors to consider in that evaluation, specifically:
- Whether online or in-person, is there a process by which employees can ask questions arising out of the trainings?
- Has the company evaluated the extent to which the training has an impact on employee behavior or operations?
- Does the company take measures to test whether employees are aware of the hotline and feel comfortable using it?
- Does the company periodically test the effectiveness of the hotline—for example, by tracking a report from start to finish?
When reviewing and reimagining SNF compliance and ethics programs, SNFs should ask these questions of their own programs and adopt practices to achieve an effective program.
PRACTICAL TAKEAWAYS
- SNFs should review these new areas of focus as they review and revise their compliance and ethics programs for the future.
- SNFs should incorporate electronic communication tools to distribute their policies and procedures.
- SNFs involved in mergers and acquisitions should consider steps to integrate the compliance programs of both entities as part of the merger or acquisition process.
COMPLIANCE AND ETHICS PROGRAM TOOLKIT AVAILABLE
Hall Render has developed a compliance and ethics program toolkit to assist skilled nursing facilities in achieving compliance with Section 483.85 and the Final Regulations. For more information about the toolkit, please contact Sean Fahey at (317) 977-1472 or sfahey@wp.hallrender.com.
If you have questions about this topic or would like assistance in compliance with the SNF compliance and ethics program requirements, please contact:
- Sean Fahey at (317) 977-1472 or sfahey@wp.hallrender.com;
- Todd Selby at (317) 977-1440 or tselby@wp.hallrender.com;
- Brian Jent at (317) 977-1402 or bjent@wp.hallrender.com; or
- Your regular Hall Render attorney.
Hall Render blog posts and articles are intended for informational purposes only. For ethical reasons, Hall Render attorneys cannot—outside of an attorney-client relationship—answer specific questions that would be legal advice.
