Managing compliance in small organizations

1 minute read

Managing compliance in organizations with a small number of employees can be challenging, given financial and staffing constraints.

The U.S. Department of Health and Human Services Office of Inspector General’s (OIG) recently updated General Compliance Program Guidance (GCPG) includes an entire section dedicated to the topic with six pages of suggestions and tips on how to implement the seven elements of an effective compliance program within a small organization.[1] Suggestions include:

  • Designating a compliance contact who will be responsible for completing compliance activities if the organization cannot afford a full- or part-time compliance officer. The guidance states that the compliance contact should not be part of legal or involved in billing and coding or claims submission. The compliance contact should report on compliance activities to the CEO or the owner at least quarterly.

  • Developing policies and procedures and associated training on how to comply with federal and state healthcare requirements. OIG suggests using policy templates available from professional organizations as well as information from federal agencies to develop the policies.

  • Tapping into OIG’s library of compliance training videos to use in education, whether during a meeting, posting in common areas, distributing via email, or sharing on websites.

  • Communicating about the organization’s commitment to compliance, its policies on reporting potential law violations, and its nonretaliation policy. In the absence of a formal disclosure program, OIG suggests small entities have a user-friendly way to report improper conduct, such as an anonymous drop box.

  • Dedicating time and resources to conduct a compliance risk assessment that includes data review of claims denials, medical necessity, patient safety, and review of the OIG Work Plan. Once risks are identified, the entity can determine how to address them through auditing, monitoring, or process change.

  • Conducting at least one audit annually of claims and making any repayment of overpayments, policy changes, or reeducation.

  • Performing routine monitoring of exclusions in the OIG’s List of Excluded Individuals and Entities (LEIE) database, state Medicaid exclusion lists, and licensure and certification of providers.

  • Ensuring the organization has enforcement and disciplinary policies in place.

  • Investigating allegations of noncompliance and implementing appropriate corrective action such as policy revisions, education, disciplinary action, return of overpayments, self-reporting to the government, and disclosing to a law enforcement agency.

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field