Jan Elezian (jan.elezian@sunhawkconsulting.com) is a Director at SunHawk Consulting in Denver, CO. Gerry Roy (groy@phoenixchildrens.com) is Vice-President, Chief Compliance and Privacy Officer at Phoenix Children’s Hospital in Phoenix, AZ.
In today’s highly regulated healthcare market, a chief compliance officer (CCO) seldom has time to rest. This is clearly the case with a seasoned CCO who has been in place for some time, but even more so for one who is new to an organization. The first few months can be overwhelming—as if someone dumped a puzzle with missing pieces on your desk. This is true whether you are joining an existing compliance program or creating a new one. This article will provide a framework to help you prioritize the first 100 days in your new role.
Step 1: Sorting your pieces with an onboarding road map
Within the construction industry, there is well-known principle: Measure twice and cut once. The same principle can be applied here as it relates to your onboarding as the CCO. Regardless of the state of the compliance program, your very first step should be one of assessment and planning, not action. Take time to create a road map for methodically analyzing the organization and developing and executing a new program. To help capture fleeting thoughts as they pour in, consider focusing on another five primary areas:
-
Orienting to the organization
-
Orienting to the compliance program
-
Conducting an initial risk assessment
-
Developing resources and tools
-
Introducing yourself to the organization
Consider these areas the five sides to your puzzle. Focusing on these main categories will streamline your thought process, allowing you to be more efficient with your time. Additionally, these main topics still allow you to bucket specific subcategories so everything is in one place. When creating your onboarding road map, break up the work into multiple sessions. This will allow you to come back with a clear mind and capture thoughts you could miss if trying to accomplish everything in one sitting. The remaining discussion will further explore each of the five sides of your puzzle. Keep in mind that completing the work will not occur sequentially, as presented, but rather with simultaneous attention.
Step 2: Finding the corner pieces by orienting to the organization
After you have taken the time to develop your road map, the next step will be orienting to the organization. Although regulatory requirements may apply equally from one organization to the next, how the organization complies will vary based on organizational structure and available resources. Orienting to the organization will give you a starting point for identifying potential risk and position you to better understand where and how the compliance program will intersect with operations. To address this step, focus on two key areas: (1) research and (2) operations and key personnel.
Research
As you went through the hiring process, you likely engaged in some form of research about the organization. Now that you are on board, you have access to documents not publicly available. Although research appears straightforward, identifying what to review can be puzzling.
Overcoming this challenge will be case-specific, depending upon the organization’s size and scope of services provided. To ensure you have captured all the documents to review, it may be helpful to develop a research review list and continually refer to it. Consider reviewing as part of onboarding to the organization:
-
The organization’s website and internal portal
-
Marketing materials
-
Organizational charts
-
Legal entity documentation (e.g., articles of incorporation, operating agreements)
-
Board meeting minutes
-
Senior leadership meeting minutes
-
List of professional services agreements
-
List of contracted services agreements
-
List of payer contracts
-
Operational policies and procedures
Engaging in document review has multiple benefits, such as expanding your institutional knowledge and further developing your risk assessment. Additionally, it will position you to have a more fruitful discussion when you begin to meet with key personnel to discuss operations.
Operations and key personnel
Because each organization varies in how it complies with regulatory requirements, learning more about the operations and personnel will help further orient you and help you assess risk. Start with identifying key personnel who can provide institutional knowledge to get you up to speed. Schedule individual meetings with members of the board and the C-suite. Aside from understanding roles, these meetings are also an opportunity to gain insight into background, experience, and personality styles and will help you gauge compliance awareness. This insight is critical, because it will assist in your assessment of program understanding and support, and guide your development of training specific to these groups per Department of Justice and Office of Inspector General (OIG) guidance.
You will also need to meet with key stakeholders at the senior manager level (e.g., VPs, directors, managers). As you meet with leadership, take time to specifically walk through the operations under their direction, or set up a time to observe the work. It is also advisable to meet with selected frontline staff to identify operational vulnerabilities, of which leadership may not be aware. Taking time to focus on operational logistics can be invaluable for figuring out how the puzzle pieces fit together.
You must also meet individually with all members of the executive compliance committee and the various other committees engaged in compliance oversight activities. During these meetings, review charters and minutes of past meetings. You should assess attendance, examine prior issues and outcomes addressed by the committee, and identify the need for both member departure and addition of new members with subject matter expertise in areas of high risk. Remember, these group will guide you in the oversight of compliance. They are your compliance partners. Ensure the charters are sufficient in terms of scope and authority. Revise them as needed.
Step 3: Finding more corner pieces by orienting to the compliance program
In addition to orienting to the organization, part of your onboarding road map will inherently include orienting to your new compliance program. Presumably you were aware of the state of the program (new or existing when you took the job), so this will be a process of further identifying the work ahead of you. To carry out this work, focus on two key areas: (1) document review and (2) program structure.
Document review
Regardless of the state of your program, the work of orienting it will be measured against the so-called seven elements of an effective compliance program, as deemed by the Department of Health and Human Services OIG.[1] A list of documents to review, based on the seven elements, includes:
-
Compliance plan
-
Code of conduct
-
Compliance personnel job descriptions
-
Compliance committee charter
-
Compliance committee minutes
-
Compliance department organizational charts
-
Compliance department meeting minutes
-
Compliance department reports to the board
-
Compliance department reports to management
-
Compliance department work plans made within the last five years
-
Prior risk assessments conducted within the last five years
-
Reports related to hotline calls
-
Documents related to any past government agency investigations or audits
-
Corporate integrity agreement as applicable
-
Notable audits and related findings within the last five years
Program structure
In addition to engaging in document review, orienting to the compliance program should also include evaluating its structure, including the personnel performing the work. In evaluation of program structure, start by ensuring each of the seven elements are addressed. From there, the focus will be on how the program is meeting those elements. In order to further analyze the program’s structure, the OIG and Department of Justice have issued guidance outlining benchmarks to help you measure effectiveness of the program.[2],[3],[4]
As part of orienting to the structure, assessing personnel responsible for administering the program is also necessary. If you are inheriting an existing program, some key areas to address include:
-
Identifying personnel responsibilities
-
Background and experience of personnel
-
Appropriate staffing levels
-
Workflow
-
Challenges staff encounter in performing their duties (e.g., HR, logistical, or resource related)
If you are creating a new program, then your approach to personnel will be focused on identifying and fulfilling staffing needs. Some areas to address include:
-
What staffing is needed to meet each element?
-
Has any staffing has been approved in the budget?
-
What resources are available for recruiting?
-
What does the recruitment process to attract solid candidates look like?
-
Is there a software tool available that may help mitigate the need to hire another full-time employee?
Although the above discussion is not intended to be all inclusive, it does give you a starting point. Now that you have your corner pieces, you are now in a position to work your way toward the center.
Step 4: Find matching pieces through an initial risk assessment
Now that you’ve oriented to the organization and the compliance program, you’re in a position to conduct an initial risk assessment to identify your priorities for the next year. For purposes of this discussion, conducting this initial risk assessment is listed sequentially in this step. However, identifying potential risk has been taking place since Step 1. To that end, now is the time to revisit the various items you have noted and conduct an initial assessment.
If you are joining an existing program, past risk assessment documentation (as noted above) likely has been included as part of your document review. You can now supplement what you’ve reviewed by talking with your team(s) about concerns from their viewpoint. If you are creating a new program, prior risk assessment documentation may not be available, so you may need to rely upon information you have gathered thus far.
Regardless of the state of your program, you can supplement the information you have by surveying key personnel about their top three concerns. Keep in mind that this discussion is focused on the first 100 days. Finalizing the risk assessment likely will extend beyond your first few months.
Step 5: Work into the center by developing resources and tools
In addition to the steps discussed above, your onboarding road map should also include developing resources and tools. Resources may include regulatory guidance (e.g., statutes, regulations, interpretive guidance) or secondary authorities such as websites, list serves, periodicals, internal policies, and organizational personnel. Because the development of these resources is unique to the organization and services provided, determining which resources are available will be case-specific. To help you identify your resources, consider asking key personnel in the organization where they get their information to stay current.
Separate from developing resources, you will also need to focus on the tools needed for the management of the compliance program. If you are coming into an existing program, this work may look more like identifying tools versus developing them. If you are establishing a new program, then this work will involve developing or acquiring appropriate tools, keeping in mind your available budget. Potential tools you may find helpful when it comes time to manage the program include:
-
Reporting mechanisms (e.g., direct, compliance staff, hotline)
-
Repository for tracking reported issues
-
Education and training materials (e.g., new hire, annual)
-
Repository to manage policies (e.g., computer folders/files, vendor-provided materials)
-
Policy manual for consistent implementation
-
Repository for documenting investigations
-
Investigations manual
-
Repository for addressing specific issues (e.g., breach incidents, tracking nonmonetary compensation under the Stark Law)
-
Process for conducting and documenting risk assessment
-
Risk assessment manual (e.g., how to conduct risk assessment consistently each year)
-
Health Insurance Portability and Accountability Act (HIPAA) Risk Assessment Tool
Step 6: Introducing yourself to the organization
Paramount to the future success of an incoming CCO is the ability to quickly establish a profile within the entire organization. A CCO must be a recognizable figure, with the ability to help employees feel that he/she is accessible and is comfortable interacting with employees at every level of the organization, from executive leadership to the rank and file. In reviewing the organizational structure, identify key opportunities to meet and greet. Potential meetings you may want to attend include:
-
Executive leadership meetings
-
New employee orientation
-
Organizational celebrations (holiday or milestone)
-
Management forums
-
Department staff monthly meetings
-
Key organizational committee meetings
Develop a standard presentation discussing your background and compliance priorities. Consider including some personal aspects when discussing your background. When staff can relate to you on a personal level, perhaps because you share a common hobby or home state, communication lines are often established. It is critical that staff find you approachable. Your priorities should be at the macro level, discussing the benefits of compliance to the entire organization, stressing financial and reputational solvency and longevity.
Conclusion
Because time is the enemy of any professional, the above steps are provided to give you a systematic approach for onboarding to your CCO role and allow for the most efficient use of your time. As mentioned above, many of these steps will be carried out simultaneously. Whatever approach you take, developing an onboarding road map will ensure you have a solid foundation for prioritizing the first 100 days in your new role.
Takeaways
• A systematic framework of steps helps to prioritize onboarding to your new role of CCO and allows for the most efficient use of your time.
• Your first step should be one of assessment and planning, not action. Begin by creating a road map for analyzing the organization.
• Orient to the organization by focusing on document review and leadership interviews to learn about operations and key personnel.
• Whether new or established, your program should be measured against the seven elements that the Department of Health and Human Services promotes as part of an effective compliance program.
• Include development of resources and tools such as regulatory guidance and secondary sources in your onboarding road map.