Get in the Holiday Spirit with our Compliance Naughty or Nice Lists

As a compliance officer, do you ever feel like you are making a list, checking it twice, tryin’ to find who’s naughty or nice?

So many compliance activities require checking, double-checking and sometimes triple-checking.  At this festive time of year, let’s reflect on the naughty and nice lists.

The “Naughty” Lists

Sanction and Exclusion Checks

Sanction and exclusion checks literally rely on a list.  But this list comes from the U.S. Department of Health and Human Services Office of Inspector General (OIG). Most of us know we need to check employees, vendors, volunteers, and contractors who might be involved in work the federal healthcare programs may reimburse against the OIG's the List of Excluded Individuals and Entities (LEIE). You can learn more about it here:

In a nutshell, it’s not a list you want to be on if you are working in the healthcare industry. The list is updated monthly, so you should be comparing the list to your employees and others previously mentioned on a monthly basis to ensure compliance. We continually read about enforcement actions in this area.

Here are a few recent settlements:

Completion Rates

Have you ever received an email from an employee asking if the training titled “All-Employee Mandatory Compliance Training” is a requirement for them too? Ummm…Yes. Chuckle.

Compliance professionals are constantly monitoring completion and non-completion lists for required compliance training, code of conduct attestations, required conflict of interest disclosures, or many other tasks. There always seems to be a small percentage of individuals who just don’t complete mandatory compliance activities in a timely manner.

In the HCCA-OIG Resource Guide for measuring compliance program effectiveness, many suggested measures are designed around the completion rates. For example:

  • Measure 1.41 – Audit attestations for Code of Conduct
  • Measure 2.19 – Audit employee education completion rates
  • Measure 4.1 – Audit high risk training completion rates
  • Measure 4.48 – Conduct site visits to review vendor employee completion of required education
  • Measure 6.15 – Audit documentation to ensure employees, vendors, contractors sign annual attestations

The “Nice” Lists

It’s the holiday season, so let’s be a little more optimistic and celebrate who might be on the “nice” compliance list.

Doing the Right Thing

Many compliance programs celebrate employees who have been observed doing the right thing by regularly sharing stories or activities through a newsletter, email blast, or website.

Sometimes you don’t even have to share employee names or confidential details.  You can simply report something like, “We had 15 hotline calls this month. Most of them were unsubstantiated, but the few that may need further looking into might not have reached our attention without you, the workforce, reporting any potential concern through the hotline. Thanks for reporting!”

Participation in Risk Assessments and Work Plans

Most mature compliance programs have a formalized risk assessment and work plan process. These activities are not typically isolated to the compliance department. Usually, key individuals in many areas of operations, finance, internal audit, and others are involved. All those who take the time to contribute to an effective risk assessment process and development of a subsequent compliance work plan are definitely on the “nice” list!


Well, some may argue about putting the OIG on the “nice” list.  But overall, I feel the OIG does a lot to support compliance programs. Yes, they are required to enforce, but in most (if not all) cases, they are doing so to protect vital healthcare resources for those on Medicare and Medicaid, for example.

Here are some of the things OIG does that puts them on my “nice” list:

  • They allow their officers and employees to regularly speak at compliance conferences so we can gain important insights to high-risk areas
  • They publish compliance program guidance documents
  • They post educational materials such as slide decks, handouts, and videos that can easily be incorporated into a compliance program’s educational efforts
  • They issue Special Fraud Alerts
  • They publish their work plan and subsequent reports and audit results


These are a few ideas of who might be on your naughty or nice compliance lists.  What would you add to either list?  What would you remove?

Wishing you a happy holiday season!


To download this blog post as a pdf, click the button below.

Download the PDF

Questions or Comments?