As promised in the Healthcare Compliance Benchmark Survey Webinar, our presenter Richard Kusserow, CEO of Strategic Management Services, has reviewed all the questions provided by participants and prepared written answers. He is available to provide additional clarification to the following or to answer other questions. He can be reached by email at firstname.lastname@example.org.
What resources are available to measure Compliance Program effectiveness?
Although the HHS OIG stressed many times the importance of evidencing Compliance Program Effectiveness, they only provided three suggestions for doing so.
Having an independent compliance program effectiveness evaluation by experts outside the organization. For more information check out the following on compliance.com:
- Compliance program effectiveness evaluation
- Internal reviews are not independent compliance effectiveness evaluations
- Most healthcare organizations do not have independent compliance effectiveness evaluations
- Why independent effectiveness evaluations of compliance programs are necessary
- Compliance program gap analysis vs. effectiveness evaluation
The OIG suggestions included evidencing how well the claims processing system was functioning in reducing error rates.
- Claims processing is a high-risk compliance area
- Claims processing ongoing monitoring and auditing
- Proper claim processing steps: Effectively monitor billing and auditing to manage risk
The third suggestion was to survey employee compliance knowledge and attitudes. More information:
2. Do you parse that data by size of company?
Unfortunately, the sample size is insufficient to break out results by size of the organization with any level of confidence.
3. What options are available to scale a Compliance Program for Small Group Practices to meet the same regulator standards as larger organizations?
The DHHS OIG recognizes the challenge described in “Compliance Program Guidance for Individual and Small Group Physician Practices.” They concede the challenge and noted that for smaller organizations, it may make sense to engage a part time expert to be the Designated Compliance Officer to build and managed an effective Compliance Program.
- Interim outsourced compliance staffing
- Compliance programs for small health care organizations
- Smaller organizations have the option of using a part-time designated Compliance Officer
4. How often should there be an independent compliance program?
When you look closely at all the guidance offered by various authorities you most often see the term “periodic” used. The only time you see a call for annual independent reviews is as a condition in an OIG Corporate Integrity Agreement. I do not believe having them done annually is worthwhile if there is active ongoing monitoring by the Compliance Office.
Ongoing monitoring is a program manager's responsibility and Compliance is a program. I advise our clients to consider having a full-fledged independent compliance program effectiveness review about every three years.
As a side note, it is advisable to have such an evaluation anytime an organization engages a new Compliance Officer from outside the organization. That person would benefit greatly from having a report on the results of such an evaluation. It would tell them what they have inherited and how to draft a work plan to address any weaknesses or opportunities for improvement in the program. Quite frankly, I would make it a condition of engagement to have such a review.
5. What do you think are the most notable findings from the 2022 Compliance Benchmark Survey?
- Although, in general, Compliance Officers are satisfied with their jobs, most would consider going elsewhere if the opportunity presented itself.
- Compliance Officer experience and responsibilities continue to increase, especially with regard to HIPAA Privacy
- The great majority use vendors to support their Compliance Program (e.g. hotline, sanction-screening, E-learning, etc.)
- Remaining confusion of output vs. outcome in evidencing program effectiveness.
6. How do you see the role of Compliance in working with IT for EMR build to ensure correct build values are used for claims? For example, correct POS-Code, correct modifiers, etc.?
I see that makes very good sense. In fact, the Compliance Officer should work with all program managers to ensure they are engaged in ongoing monitoring of their compliance risk areas. Ongoing auditing can verify this is being done and if it is effective in reducing risk exposure.
7. What was the biggest deficiency found in responses to the survey?
Most respondents believe erroneously that using internal checklists, tools, and compliance surveys as equivalent to an independent evaluation of the Compliance Program effectiveness. These are means for ongoing monitoring of the program, but effectiveness evaluations are ongoing auditing done by parties independent of the program.
8. What are the biggest problems for Compliance Officers evidenced by the survey?
- Remaining confusion about using process and output for evidencing compliance program effectiveness.
- Failure for many to appreciate the difference between ongoing monitoring and ongoing auditing.
- Internally generated evidence of program effectiveness may not be considered credible by DOJ or OIG.
9. Is there any OIG citation regarding recommending external Compliance Program Effectiveness Evaluations?
Yes, begin with the Compliance Program Guidance documents, which cite this. Also, the CIAs often require annual Evaluations. In addition, the DOJ would expect any evidence of Compliance Program effective would have to come from independent reviews, not unsupported assertions or checklist results from internal reviews. There also have been comments about this in the recently released DOJ Guidelines for Evaluating Compliance Programs.
10. Where does FWA fit into your compliance findings and reporting?
The focus of the Survey was on Compliance Programs, not specifically on fraud, waste and abuse issues. However, there are touchpoints to these issues in the Survey results. Among them is the question related to encounters with government authorities.
11. How has a healthcare compliance practitioner’s job changed in the past year?
Respondents report Compliance Offices increasing in terms of new responsibilities, ever-increasing regulatory and enforcement changes, but without significant increases in staffing or resources.
12. What effect is the Opioid Crisis having on Compliance Programs?
Half of the respondents report a minor impact on their ability to meet obligations, but the other half said it was having a negative impact. Altogether, respondents seem to indicate that they are finding ways to cope.
13. Internal compliance surveys may not be the best way to measure employee understanding of compliance, but isn’t it better than not having a survey?
I don’t believe an internal survey on compliance is worth the time, effort, and cost.
- There is a genuine issue of employee suspicion of motive behind such surveys.
- Many are concerned that questions may be tricks to make the organization look better; and fear that their responses will not be anonymous.
- The overall result is that results tend to be skewed.
- Most internally developed surveys are not professionally validated.
- Internally generated surveys cannot be benchmarked against others.
- The cost of internally generated survey in time and effort is more that employing a professionally developed, independently developed and validated survey that is anchored in a large universe database.
- For more information on this, see Compliance Surveys and Overview on Compliance Surveys
14. How big a problem is it when the Compliance Officer reports to Legal Counsel?
There is no legal or regulatory prohibition for the Compliance Officer reporting to Legal Counsel, however, such a practice goes against both the DOJ and OIG stated positions, who believe the Compliance Officer should report directly to the CEO. They further view Legal Counsel as an advocate into protecting the organization, and not an independent fact gatherer who would ensure proper disclosure of violations were made.
They also have had too many cases where Legal Counsel has tried to conceal problems under the cloak of Attorney Privilege. What this all means is that those organizations choosing to have Compliance reporting through Legal Counsel would have the added burden of explaining why this decision was made. It would be an added hurdle to try to evidence an independent and effective Compliance Program.