Articles on Compliance Strategies

Featured Health Business Daily Story Oct. 21, 2008

Scorecards Demonstrate to Board Members How Compliance Activities Are Reducing Risks

Reprinted from REPORT ON MEDICARE COMPLIANCE, the nation's leading source of news and strategic information on false claims, overpayments, compliance programs, billing errors and other Medicare compliance issues.

By Nina Youngstrom, Managing Editor, (nyoungstrom@aispub.com)

Some health systems are using scorecards as a shortcut to giving executives and board members a lot of information about what's being accomplished by the compliance program and where the organization is at risk. And as leaders increasingly want to see the cause-and-effect relationship between the two, experts say the new generation of scorecards will have to show leadership teams and boards the correlation between compliance and risk reduction/performance improvement.

"Because of their oversight role, the board needs reasonable assurance that things are good, or if bad, they want to know what we are doing about it," says attorney José Tabuena, vice president of integrity and compliance at MedicalEdge Healthcare Group, Inc., a very large Dallas-based physician management organization. To meet their demands, compliance officers use metrics to identify and prioritize risk. But board members don't want or need to see the voluminous data that metrics yield.

Metrics in this context refers to data about the effectiveness of compliance program activities and the status of risk areas. Because management has long understood that what you measure is what you get, there's been a push toward developing easier-to-read scorecards and dashboards. Data are gathered continuously from both inside the compliance program (e.g., investigations, compliance committee meetings, billing and coding audits, etc.) and perhaps outside (e.g., OIG audits and Medicare repayments). The data are used to monitor the program over time and identify the legal, regulatory and other minefields that are ripe for corrective action.

The data should be boiled down for boards, says attorney Eric Klavetter, compliance and privacy officer for Mayo Clinic, a 1,900-physician/scientist-based practice in Rochester, Minn. One option is user-friendly scorecards. "Scorecards help you put meaning to the metrics," Tabuena says. Scorecards provide a structure for organizations to routinely report progress, or lack of it, as time marches on. And they minimize jargon, a premium for board members who may tune out at the sound of phrases like "RACs" or "one-day stays," Klavetter says.

Scorecards list major compliance-program activities and key risk areas, with a symbol to indicate the organization's performance in each area. Usually this is a red light (which means the area needs immediate improvement), a green light (the area is at or above expectations) or a yellow light (which means some improvements are needed). The compliance officer, in partnership with the applicable management team, will explain corrective action plans for the red-light items, Tabuena and Klavetter said at a recent Health Care Compliance Assn. audioconference and in interviews with RMC.

Risk areas are nothing new, although using metrics and showing the results through scorecards allow companies to analyze and reprioritize as they face new challenges or uncover errors. But there's a twist: It's no longer enough with many boards to report on what the compliance office has done. Metrics should be used to connect the dots between the organization's investment in compliance and the return on that investment.

Board Focus Has Shifted to Outcomes

"Five years ago or so, board metrics were more about the fact that we had 500 hotline calls in the first half of the year and trained 90% of employees and did X number of audits," Tabuena says. "Now it is shifting toward the outcome — and how your activities are changing the outcome."

When building metrics, Klavetter says you apply two important principles:

(1) Engaging management to understand the structure you are trying to establish: "The structure is meant to standardize the prioritization and risk-rating process," he says. For example, if you use a scorecard, the meaning behind the colors red, green and yellow must be universally understood. "You engage management and line staff to help create an inventory of metrics that can be captured, and use that process with the understanding that metrics will get rolled up to leadership, which fulfills the second goal," Klavetter says.

(2) Empowering board members to know what the risks are and enlist their support for action plans to improve weak areas and ensure accountability and responsibility.

Klavetter explains that Mayo has a "risk portfolio with many programs in it." Inside the programs are projects that a particular team may oversee. For example, one program is government payer compliance. Projects within include the incident-to and teaching-physician rules. "We go through an initial assessment of a project and determine what controls we have in place," he says. Then the project is evaluated according to a set of criteria, including staffing, resources, infrastructure and strategic plan implementation. "We look for opportunities to improve and assess our practices," Klavetter says. Recommendations are brought to physician leadership teams, which lead the effort to mitigate the risk with the help of compliance.

These metrics are then rolled up into scorecards, which give boards the bottom line graphically — which is appealing considering the volume of information the board is expected to absorb. Klavetter says he realized the value of getting across the main points quickly when he arrived to give the board a report and saw that he was one of numerous people sitting outside the boardroom, waiting for their sliver of time.

But don't mistake the simplicity of the scorecard for a lack of sophistication of the underlying material or the people who will review it, he adds. Scorecards open a dialogue between compliance, management and the board. "It creates a structure to interact on very complex topics," he contends.

It's important to avoid too much detail with the board, though, adds Klavetter. At first, the members may not want to hear about the incident-to rules or respiratory DRGs until they better understand the context. "Let the board go up a learning curve in a deliberate way with management's assistance," he explains.

So what kinds of metrics are behind the red, green and yellow lights of the scorecard? Until recently, scorecards reported more one-dimensional data — what are known as "effort metrics." Examples are how many coders or physicians attended coding education and whether every employee completed HIPAA training. But now the board wants to know whether the training improved coding and whether privacy violations are down because of all the money invested in HIPAA compliance. Tabuena, who helped organizations assess compliance programs when he was a consultant, says he's had clients who track the number of privacy complaints received and allegations substantiated and then try to correlate these data with the implementation of HIPAA policies and training. "Most boards don't care as much anymore about effort metrics," he says. "If training doesn't make a difference as far as behaviors and performance, to them it doesn't matter, and they won't pay attention to that data."

Coding is trickier because you have to trend improvements over time and segment it by specialty and, if applicable, geography, says Tabuena. For example, before coders or physicians attended coding training, accuracy was at X percentage, but now it's risen to Y percentage. "We try to show the impact of compliance program activities. Trending is a type of metric," he says.

There Is Down Side to Scorecards

There are some disadvantages to scorecards, Tabuena and Klavetter say. For example, "there's no standard or easy scoring formula," Tabuena says. To some degree it's a matter of trial and error. How you weigh metrics against each other to attain a score is a challenge. If the scores match up to your instincts about an entity, that's a good sign. But "you'd be concerned if a facility is having problems and it scores yellow or green in every area," he says. That raises questions about whether the scoring method is accurately capturing what you want to measure.

In addition, expectations must be realistic, Klavetter says. "Maybe management and the compliance officer thought a risk could be reduced in 90 days, but it's going to take six months," he says. "You have to be as scientific or data-driven as possible."

Also, if the elements on the scorecard are too easy, the scorecard may not be a true representation of risk. And if the elements are too hard, it may make the compliance program look ineffective. In the end, each organization will need to define the approach that best fits its organization and culture, says Klavetter.

It also can be disconcerting to put the organization's weaknesses in such stark terms. There are always concerns that the performance doesn't improve as expected, but that may be the moment where leadership has a clear understanding of what risk it is assuming, he says. Another concern is that the scorecard could be legally discoverable in an enforcement action. That's a potential cost of scorecards, but the benefit outweighs the cost because it shows an organization's proactive intent to identify and mitigate risk, says Klavetter. They also assist in resolving issues in a timely manner. Tabuena suggests having a process that helps ensure that significant issues are routed for legal review when appropriate, and that takes training and judgment.

Advertise With AIS

Privacy

Site Map