Healthcare providers operate inside one of the most regulated industries in the United States, and fines, sanctions, exclusions and prosecutions are on the rise. Government enforcement of state and federal regulations continues to increase, resulting in an even greater need for robust, mature — and, most of all, effective — compliance programs. In addition, the rules and regulatory requirements seem to be in a constant state of flux, challenging compliance departments to be vigilant in adapting their auditing and monitoring processes and other oversight techniques to the changes. The increasing number of organizational mergers, aimed at expanding the continuum of care presents another challenge. Failure to identify and mitigate risks properly during these transformations can result in civil and criminal penalties and cause significant damage to an organization’s reputation.
Instituting an effective compliance program offers providers an opportunity to demonstrate their commitment to meeting regulatory requirements, and minimizes the risk and impact of negative regulatory reviews by government agencies and qui tam lawsuits.
It is important to note that recent regulatory audits and investigations have focused not just on whether a compliance program is present but on whether it effectively demonstrates the organizational commitment to compliance in day-to-day activities. As organizations grow in size and complexity, compliance departments are challenged to make the pervasiveness of organizational values and integrity evident throughout the system.
Challenges and Opportunities
In creating and administrating an effective compliance program, healthcare organizations often face a familiar set of challenges. The tips below can help resolve these common hurdles to realizing the benefits of an effective compliance program:
- The influx of information regarding regulatory changes, areas of enforcement focus and internal organizational initiatives can be overwhelming. The solution to this problem is tactical in nature — divide and conquer. Identify high-risk areas (e.g., medication management, physician billing) and assign key personnel in each area to monitor changes that affect their business lines and roles and report any concerns.
- As the regulatory landscape changes, compliance policies and procedures (P&Ps) should follow. Determine whether your organization has an ongoing program of policy review that ensures the policies reflect the latest regulatory requirements. Furthermore, ensure you have effective processes in place to continually assess compliance with internal P&Ps.
- Annual compliance training is critical. It should be used to communicate to staff, the board and any business partners the purpose of the compliance program, the organization’s code of conduct and the expectations of employees and business partners for maintaining and enforcing compliance. Periodically testing employees and other associates on compliance-related topics can be used to determine whether the current training approach is effective.
- Recent government enforcement initiatives have focused on the board and trustee level of training and oversight of the compliance program. Utilize dashboards and scorecards to keep the board up to date on compliance activities and provide ongoing training to the board to facilitate understanding of the program by board members and trustees.
- Government agencies increasingly use data analytics to identify outliers for audits or investigative actions. Compliance officers can eliminate regulatory red flags by using data analytics tools themselves, to facilitate the identification and correction of anomalies and outliers in compliance risk areas.
- For organizations performing research activities, the number of entities that need to ensure compliance with regulatory requirements is rising. Compliance areas include the protection of human and animal subjects involved in research, fulfillment of and conformity with grant requirements, and ensuring the safety of investigators, students and faculty conducting the research. Confirm the integrity and reliability of the research and recordkeeping processes, the diligence of the Institutional Review Board oversight, the effectiveness of billing and grant accounting controls, and the accuracy of conflict-of-interest reporting.
Our Point of View
Due to the immense variance in the size and complexity of healthcare providers, mandating a universal compliance program blueprint has proven so far to be impractical. Nevertheless, given the guidance documents issued by the U.S. Department of Health and Human Services, Office of the Inspector General, and recent corporate integrity agreements (CIAs), government expectations are not difficult to grasp.
Most companies’ compliance programs can be improved in specific areas to meet these expectations.
While there is no such thing as a universal compliance program, we have found that, generally, all high-performing compliance departments manifest the elements of an effective program we described earlier: Proactive monitoring of changes, policies and procedures; proper training at all organizational levels; and use of data analytics to uncover hidden issues.
In the end, compliance is the responsibility of every person working in healthcare. The good news is that most people want to do the right thing. The responsibility of leadership is to equip employees with the tools that enable them to perform their compliance responsibilities and to foster an environment free from conditions that may lead to fraud and abuse.
How We Help Healthcare Providers Succeed
We help healthcare provider organizations evolve their compliance departments to avoid legal and regulatory setbacks by providing scalable assistance, when and where needed. We also act as a qualified third party to assist compliance officers with the necessary review and support to increase the effectiveness of their compliance efforts. Our services include:
- Compliance program design and implementation
- Compliance risk assessments
- Compliance program interim management and staffing
- Training assistance, including board education
- Compliance program effectiveness assessments
- Physician contracts and contract implementation reviews
- HIPAA privacy and security gap assessments
- Security risk analysis
- Coding and clinical documentation reviews
- Policy and procedure development
- Billing audits — physician and facility
- Departmental operations audits
- Clinical research program reviews
- CoP gap assessments
- CIA/CCA response assistance
- Revenue cycle compliance
- HIPAA investigations/OCR response assistance