For a compliance program to be deemed effective, it needs to be structured properly. This begins with the designation of an independent compliance officer and establishment of a compliance committee. A compliance program needs support and buy-in, too, from the board, management, key professionals, physicians, and staff. Adequate resources are also essential, including the program’s budget, staff, and operational expenses. Once in place, the compliance department needs to establish annual goals, report on its activities, and work to continually improve and mature. A primary objective for the program is to establish itself as an integral part of the organization. This chapter covers the important aspects of structuring and administering an effective compliance program.
Compliance Officer
Industry standards recommend designation of a compliance officer to serve as the leader and point of contact for compliance activities. In most cases, the position should be a full-time role (depending on the size, scope, and resources of the organization). The organization’s executives will determine the feasibility and scalability of what types of resources can be dedicated to the compliance program. Assigning the compliance officer with appropriate authority is critical to the success of the program. On a specific level, for example, the compliance officer must have full authority to access all documents that are relevant to compliance activities. This includes documents such as patient billing statements and supporting clinical documentation, contracts with suppliers and agents, and other records, such as financial documents. In the big picture, however, appropriate authority comes from the unquestionable backing by the CEO and board of directors or its equivalent—the sources of ultimate authority within an organization.
To carry out such operational responsibility, the Federal Sentencing Guidelines state that the compliance officer should be a high-level person in the organization who is provided “adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”[1] This access is appropriate as it should have been the board that supported the launch of the compliance initiative and approved the hiring of the compliance officer. Board members may even be actively involved in interviewing compliance officer candidates. They also should be involved in developing the compliance officer’s job description and remain an important part of the compliance officer’s reporting structure.
Reporting Structure
There is concern and risk involved in having the compliance officer report to general counsel or the chief financial officer. Such a reporting arrangement creates a real and potential appearance of a conflict of interest due to their respective roles with management. Separation of compliance from legal and finance helps ensure that all aspects of the compliance officer’s role will be independent and objective (meaning there is no real or perceived vested interest in the outcome). The Practical Guidance for Health Care Governing Boards on Compliance Oversight—a document produced by the HHS OIG, Association of Healthcare Internal Auditors, American Health Law Association, and HCCA—states that the “OIG believes an organization’s Compliance Officer should neither be counsel for the provider, nor be subordinate in function or position to counsel or the legal department, in any manner.”[2]
There can be different reporting structures for the compliance officer’s role, and many variables must be considered to determine what works best for the individual organization. However, the dominant reporting structure across industries has the compliance officer reporting directly to the organization’s CEO and/or internal governing body (e.g., oversight committee, supervisory board, administrative body, board of directors, or audit committee) to maintain the compliance officer’s real and perceived independence. Most agree that the compliance officer’s role should be independent. It is recommended that the board or its liaison committee have, at minimum, a dotted-line or indirect reporting relationship with the compliance officer. For reporting structure statistics, see Table 1. Compliance Officer Reporting Structures: 2018 Survey Results. This data shows the 2018 SCCE & HCCA survey results on compliance officer reporting structures from more than 160 respondents working in healthcare organizations.[3]
Table 1. Compliance Officer Reporting Structures: 2018 Survey Results[4]
Reports to the Board | |
---|---|
Yes: 57.1% |
No: 42.9% |
Reports to a Position in the Organization | |
---|---|
CEO |
56.3% |
CFO |
9.9% |
General Counsel |
11.3% |
Human Resources |
4.2% |
Audit |
2.8% |
Other |
15.5% |
Duties
The compliance officer’s duties vary depending on size and scope of the program. The focus of the position should be the implementation, administration, and daily oversight of the compliance program. Primary responsibilities should include the following:
-
Designing, implementing, overseeing, and monitoring the compliance program
-
Reporting on a regular basis to the organization’s governing body, CEO, and compliance committee
-
Continually reviewing the compliance program to ensure effectiveness
-
Developing, coordinating, and participating in a multifaceted educational and training program
-
Ensuring that the organization’s consultants, vendors, and agents are aware of its compliance program requirements
-
Serving as a source of compliance-related information for employees, management, suppliers, and the board
-
Ensuring that appropriate background/sanctions and exclusion checks are conducted and positive findings are addressed
-
Assisting with internal compliance review and monitoring activities
-
Ensuring management has mechanisms in place to mitigate risks
-
Independently investigating matters related to compliance
-
Ensuring management identifies root causes and develops corrective action plans to mitigate identified noncompliance issues
-
Monitoring corrective action plans to ensure they are effective
-
Ensuring the organization has provided employees a mechanism for reporting potential noncompliance issues
The compliance officer is a unique position that requires an individual who understands the nature of the business or industry; is capable of understanding and questioning practices in the organization, including financial/revenue cycle areas; is knowledgeable of applicable legal requirements that may be imposed upon the industry for wrongdoing; has strong written and verbal communication skills; and is approachable. Whatever the tenure or educational level, the compliance officer (as leader of the program) must be a person who is respected and trusted throughout the organization. Strong interpersonal skills, ability to adapt, good listening abilities, and discretion are mandatory. For an example list of skills needed, see Appendix 1, Sample Compliance Officer Job Description.
Professional Standards
As compliance has grown and matured as a profession, it has, like other professions, sought to identify and distinguish those who have, through experience and education, achieved the necessary skill set to be an effective compliance officer.
Moreover, compliance officers are also stewards of public trust, and therefore the services provided must be of the highest standards of professionalism, integrity, and competence. HCCA‘s Code of Ethics for Health Care Compliance Professionals addresses three principles, which are broad standards of an aspirational nature. They include:
Principle I: Obligations to the Public—Healthcare compliance professionals should embrace the spirit and the letter of the law governing their employing organization’s conduct and exemplify the highest ethical standards in their conduct in order to contribute to the public good.
Principle II: Obligations to the Employing Organization—Healthcare compliance professionals should serve their employing organizations with the highest sense of integrity, exercise unprejudiced and unbiased judgment on their behalf, and promote effective compliance programs.
Principle III: Obligations to the Profession—Compliance professionals should strive, through their actions, to uphold the integrity and dignity of the profession, to advance the effectiveness of compliance programs, and to promote professionalism in healthcare compliance.[5]
These principles and the accompanying rules of conduct should be reviewed and studied—and adhered to—by all compliance officers. See Appendix 2 for the full Code of Ethics for Health Care Compliance Professionals.