Compliance Committee Best Practices: A Q&A with Dr. CJ Wolf

Question from M. Anderson:

For small companies, under 10 employees, is a Compliance Committee needed? and/or a Compliance officer?


For a company this small, it would be rare for a full-time compliance officer to be hired or needed. Rather, someone in the company with other responsibilities would likely be named as the compliance officer or compliance contact.  In these situations, it would be unusual to have a large compliance committee. As a substitute, the named compliance contact could possibly meet on a regular basis with the owner, or highest authority, in the organization and have that duo function as a compliance committee. The OIG has also stated, "In situations where staffing limitations mandate that the practice cannot afford to designate a person(s) to oversee compliance activities, the practice could outsource all or part of the functions of a compliance officer to a third party, such as a consultant, PPMC, MSO, IPA or third-party billing company."  Healthitcity offers these kind of outsourced compliance services for smaller organizations who don't have the resources to hire a full-time compliance officer.

Question from S. Chennoju:

Can a medical coder ever have an opportunity to join a compliance committee?


Absolutely! A medical coder could very likely be an excellent addition to a compliance committee.

Question from G. Chukwuemeka:

What are some buy-in techniques that can be used to avoid/decrease resistance to compliance plan/charter?


I think a good buy-in technique would be to use the OIG Effectiveness resource guide quotes (i.e., the numbered measures) that I shared in the slide deck. Those measures, suggested by the OIG, directly refer to the compliance committee having a charter as well as a work plan.  Quoting the OIG should hopefully decrease resistance to the idea.

Question from K. Colton-Emke:

Can we have a compliance committee vs just a compliance officer?


The guidance from the OIG is to have both.

Question from M. Cox:

What areas of compliance should the committee not address?


The committee should own the compliance program. That doesn't mean they manage the day-to-day operations of the program, but they should feel the weight of overall ownership.  With that said, there probably isn't any area of compliance that the committee shouldn't at least have oversight of.

Question from R. Galli:

Engagement is lacking. I am basically talking to our committee the whole meeting. I ask for topics, nothing. We have 25 people on our committee from all departments, VP's, Directors. managers. There is no real ownership or commitment. They are checking a box.


I don't have all the details about your organization, but 25 people seems like way too many people for a single compliance committee.  Generally, I would recommend no more than 7 or 8. Perhaps you should consider an executive compliance committee with a smaller number of people, then create subcommittees with the other individuals remaining from the 25 people, if you still feel all 25 need to be involved at the committee level.  Sometimes, it takes an external opinion for management to follow certain compliance principles or recommendations. The situation sounds ripe for an external compliance program effectiveness review that should probably include a review of the compliance committee structure. (Healthicity performs these types of reviews if you need help.)

Question from R. Galli:

Can a compliance officer report to a vp of quality and compliance who is on senior management/the board?


Without knowing all the details of the organizational structure, it's not possible to say with absolute certainty, but in general, reporting to a VP of Quality and Compliance sounds appropriate.

Question from S. Graber:

I assume that the OIG guide that you reviewed today, is one of the best tools to use for overall compliance guidance? Are there other tools?


Yes, the OIG effectiveness guide is an excellent tool for measuring a compliance program's effectiveness.  Other tools I suggest are the OIG's compliance guidance documents found here.

You might also want to explore Healthicity's complimentary Resource Center.

Question from D. Grant:

Does the Compliance Officer have to report to the CEO; is it ok that they report to the COO?


Reporting to the COO is generally not recommended. OIG guidance and OIG Corporate Integrity Agreements show this to be true.

Question from R. Graves:

Is the Compliance Risk Mitigation Plan and the Compliance Work Plan the same thing?


In general, a mitigation plan is typically a written response to specific deficiencies identified in a risk assessment.  A work plan is typically a proactive plan to address areas of risk known to exist within the organization. With that said, there are compliance professionals who might use the terms interchangeably.

Question from B. Hunt:

What are your suggestions for encouraging more interaction? Do you suggest standardized reporting from operational areas?


Yes, standardized reporting can be a great way to encourage more interaction.  Especially if the operational areas contribute to the design and indicators that are agreed upon to report.

Question from S. Jacob:

Thank you for the webinar... Can you please share the link to the OIG and HCCA publication mentioned?


The effectiveness tool mentioned in the webinar can be found here.

Question from S. Jacob:

How do you boost engagement and ownership?


One way to boost engagement might be rotating the responsibility of running the meeting.  If everyone has a chance to run the meeting according to the agreed upon agenda, it can increase the engagement of that person (and everyone else).  Ownership can be increased by a well-written charter that clearly outlines ownership for the compliance program by the compliance committee, while the compliance officer is responsible for managing the day to day operations of the program.  Another way to increase ownership is to have the compliance committee regularly report to the organization's governing board or highest authority.

Question from D. King:

How can you ""mandate"" ownership to a committee?? In other words, how do you give power to the committee?


The best and easiest way is to have a well-written charter, signed by the highest authority in the organization (e.g., your CEO or chairman of the board).

Question from S. Kumar:

Is it a good idea to reference OIG quotes in the charter?


Yes, absolutely. Healthicity helps clients with writing charters, should you need help.

Question from J. Quick:

What is best practice for communication between hospital compliance and professional group compliance?


I think a good starting point is to have regularly-scheduled meetings with the compliance officer or compliance committee chairperson from each organization.

Question from D. Rhames:

How do you begin forming the committee?


Step 1 should be a well-written charter.  Step 2 should be drafting a short list of key operational leaders who could serve on the committee.  A good starting point for this step would be to identify operational leaders in areas representing the greater risk areas such as reimbursement/coding/billing, quality of care, research, legal, IT security, etc.

Question from W. Sowers:

Have you seen a combined compliance/enterprise risk management committee?


Yes, combining areas like this into one committee can sometimes increase effectiveness and  be a smart way to use limited resources and personnel.

Question from K. Stone:

Does the compliance committee have oversight of the implementation of the 7 elements? Also, somewhat separately, oversight of specific issues that come up under say, Auditing?


Yes and yes

Question from C. Young:

How would compliance committee work in governmental agency?


I think it would work in the same fashion as in healthcare.  The specific compliance risks might differ from non-governmental agencies, but the function and operations of the committee should work more or less the same way.

Questions or Comments?