CJ Wolf
Share:
compliance, compliance best practices, compliance program, checklist, compliance officer job, compliance officer
While there is not a perfect compliance program, those of us who have performed many compliance program effectiveness reviews for different organizations around the world have seen our fair share of good practices. In most cases, it seems these observed best practices are more a reflection of something deeper or an overarching culture of compliance, as opposed to the observed practice itself that makes the compliance program “best in class.” However, most of these best practices are present in exceptional compliance programs.
1
Proactivity
There is not a single compliance program that does not have to react to unexpected compliance issues. Often, it seems like these reactive issues rear their head late on a Friday afternoon around 4:30 p.m. But appropriately reacting to these issues is an important behavior of a good compliance program.
However, if your compliance program is only reactive, it is likely sub-standard. A best-in-class compliance program should make intentional decisions about proactive compliance work: looking for potential problems instead of waiting for them to appear. These types of programs devote resources, both human and financial, to proactive efforts. Proactivity often becomes a habit of anticipating compliance problems before they occur, or at least before they have occurred for a long time.
Examples of proactive behavior in a compliance program include:
- Regular performance of comprehensive risk assessments
- Development of compliance work plans that guide and commit a program to proactive compliance work over a reasonable period
- Strong, consistent, proactive auditing and monitoring practices
2
Use of Data Analytics
Healthcare organizations are replete with data. Some of that data can be extremely useful for compliance purposes. Perhaps it is medical coding and billing data, medical record access data, opioid prescription data, conflicts of interest data, or financial relationships data. The best compliance programs should regularly analyze data that could help identify potential areas of non-compliance and find the “needle in the haystack” compliance problem before it festers.
The U.S. Department of Justice’s document for evaluating compliance programs asks, “Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions?”
And, as it relates to the use of data in risk assessments, the same document asks, “Is the risk assessment current and subject to periodic review? Is the periodic review limited to a “snapshot” in time or based upon continuous access to operational data and information across functions?”
3
Compliance Access to the Board
Ultimately, an organization’s governing Board (or highest authority) is responsible for ensuring the organization has an effective compliance program. Holding a regularly scheduled executive session between the Board (or appropriate Board committee) and the compliance officer without having any members of management present is a compliance best practice. This is evidence of the compliance officer’s independence and authority.
The U.S. Department of Health and Human Services Office of Inspector General (HHS OIG) document “Practical Guidance for Health Care Governing Boards on Compliance Oversight,” suggests that Boards should “consider conducting regular 'executive sessions' (i.e., excluding senior management) with leadership from the compliance, legal, internal audit, and quality functions to encourage more open communication. Scheduling regular executive sessions creates a continuous expectation of open dialogue, rather than calling such a session only when a problem arises and is helpful to avoid suspicion among management about why a special executive session is being called.”
4
Exit Interviews
The best compliance programs look for every opportunity to gather information from employees about possible compliance concerns. They recognize that compliance personnel can’t be in multiple places simultaneously. Rather, compliance programs rely on employees and anyone with knowledge of potential areas of concern to report those concerns. When an individual is leaving an organization, the compliance program has a great opportunity to ask if the employee is aware of any potential concerns. The potential concerns might not be substantiated, but the compliance program is going to look at all concerns in the event one of them is valid. They are willing to sift through the many to find the one.
In one of their compliance guidance documents, the HHS OIG states, “an effective employee exit interview program could be designed to solicit information from departing employees regarding potential misconduct and suspected violations of company policy and procedures.”
The OIG believes, and seasoned compliance professionals know, information from such exit interviews “could provide management with insight about and an opportunity to address conduct occurring in the field…”
Conclusion
Of course, these are just some of the best practices observed in excellent compliance programs. What best practices have you seen that should go on the list? What are some best practices you have heard about from compliance colleagues at other institutions or during interchanges with professionals on social media or compliance conferences?
Go beyond the minimum and identify areas where your program could go one step further and implement best practices in compliance.
To download this post as a pdf, click the button below.
Questions or Comments?