Establishing and running a compliance program requires a healthcare organization to take a systematic approach to addressing compliance risk areas, carefully adhere to government guidelines, and involve the entire organization. Everyone from leadership to coding staff needs to understand and value the importance of the compliance program for it to be effective in reducing compliance risks. Fully understanding the risks facing an organization is imperative to forming the program’s foundation. Every organization needs a program that not only exists, but is also effective in the eyes of government regulators and enforcers.
This chapter covers different aspects of running an effective compliance program. This includes who needs to be involved in running the program and how—from the board to management and the chief compliance officer (CCO)—and why having relationships with core departments is critical to the program’s success. What should be in the board bylaws and charter? What should Compliance report to the board? And what is the board’s accountability if an issue goes undetected?
Receiving funding, hiring staff, and conducting an organizational compliance assessment are some additional foundational aspects of setting up a program detailed in this chapter. Important documentation is discussed as well, such as writing a code of conduct and creating policies and procedures. The risk assessment article describes how compliance can identify and rank the most important risks facing an organization. Educating staff and leadership and communicating compliance program initiatives and policies are also elemental program areas, and this chapter is filled with practical ideas and tools for conducting training sessions to build awareness of a program. Reporting mechanisms are another hallmark of a compliance program, and discussed in this chapter are various options for responding to reports, along with adequate documentation.
Understanding these foundational aspects of running an effective compliance program is more important than ever, as regulators increasingly monitor healthcare fraud and abuse. This chapter will give compliance professionals the tools and information needed to help their organizations manage risks, prevent investigations, and keep patient care at the core of their organization’s focus.
Building a Program
Compliance is not a one-person or one-department job or process. The entire organization needs to be engaged in the compliance program and understand that in order for the compliance program to be successful. Setting out what the compliance officer or compliance department is responsible for helps the compliance officer determine whether the department has enough resources to complete its responsibilities. Federal and state regulators want to see a substantial commitment of time, energy, and resources by senior management and the organization’s governing body applied to its compliance program. However, regulators understand that the scope of an organization’s compliance program depends upon the organization’s size.
In developing a program, a compliance officer should review the seven elements of a compliance program. In 1991, the United States Sentencing Commission established the Federal Sentencing Guidelines to guide courts in the sentencing of corporations and other business entities convicted of federal criminal offenses. The Federal Sentencing Guidelines also contains guidance in determining the effectiveness of a compliance and ethics program and sets forth seven fundamental elements of a compliance program.[5] These elements are:
-
Implementing written policies, procedures, and standards of conduct
-
Designating a compliance officer and compliance committee
-
Conducting effective training and education
-
Developing effective lines of communication
-
Conducting internal monitoring and auditing
-
Enforcing standards through well-publicized disciplinary guidelines
-
Responding promptly to detected offenses and undertaking corrective action
At a minimum, a compliance program needs to contain these seven elements. It is also important to review any state requirements. Some states have added additional elements related to setting up a compliance program. For example, in New York, there is an eighth element that requires healthcare providers to have a policy on non-intimidation and non-retaliation.
It is also important to review and understand the state and federal regulations that impact your specific organization. For example, the Office of Inspector General (OIG) has published compliance guidance for several specific healthcare sectors, including hospitals, managed care organizations, individual and small group physician practices, nursing facilities, hospice, pharmaceutical manufacturers, and third-party medical billing companies.[6]
The job requisition of a compliance officer will define the officer’s roles and responsibilities. Compliance officers should carefully review and understand their roles within the organization. A compliance officer should not hesitate to obtain clarification regarding any aspect of the role and should review the responsibilities with applicable supervisors and the board of directors. A compliance officer should make sure management and the board of directors also understand their roles within the compliance program. This clarity will help ensure that the compliance officer’s reports to the governing body are consistent with expectations. Certain responsibilities that typically fall under a compliance program will likely be part of a compliance officer’s job requisition.