Paul Willging Says…


Corporate Compliance Isn’t Just ‘More Government’


There are those who see corporate compliance as just another example of overzealous government intrusion. In so thinking, they are running a risk-not just of government retribution but also of losing market share. Because corporate compliance, when you come right down to it, is good business.

Admittedly, an adversarial environment does seem to have enveloped much of long-term care over the past few years, arising from government’s punitive approach to its legitimate monitoring and oversight responsibilities. “Stopping fraud and abuse” have become the watchwords of federal government involvement in the country’s healthcare programs. The early years of collaboration between government and providers have been supplanted by a relationship built on hostility and mistrust.

I understand how easy it is to dismiss corporate compliance as just one more onerous burden laid on providers by an out-of-control federal government. But we’d be wrong to do so. Corporate compliance is not a federal mandate or regulation; from the government’s standpoint, it is more a “safe harbor,” mitigating liability in cases of alleged malfeasance. The bottom line, however, is that corporate compliance is simply good business.

Let’s face it, the concept of resident assessment doesn’t lose any of its validity simply because it was mandated by OBRA ’87. And would anyone argue that the training of nurses’ aides loses its relevance to the provision of quality long-term care just because Congress mandated it in that same legislation? Prior to 1987, with no mandate, those providers failing either to assess their residents properly or train their caregivers were simply providing poor care.

So, what is corporate compliance? Let’s begin by describing what corporate compliance is not. It is not just another book or manual to be relegated to the back shelf, unread and gathering dust. Its application is not limited to relationships with payers, such as Medicare and Medicaid. It is not simply a way to “get off the hook” when accused of legal transgressions. Nor, in the last analysis, is it someone else’s responsibility.

Rather, corporate compliance consists of those policies and procedures that govern the operations of the entire enterprise in accordance not just with all known legal responsibilities, but with the highest standards of professional and ethical conduct. Assuming that your corporate mission is one that you can be proud of, corporate compliance formalizes your company’s mission, as well as the standards and guidelines by which that mission is to be achieved.

Looked at in this way, corporate compliance has always been important. Certainly its importance can be seen in government’s increased enforcement activities, but those external forces are, perhaps, even less significant than compliance’s role in fulfilling the corporate mission and, ultimately, in serving the customer of healthcare services. The best justification for a corporate compliance plan, if appropriately designed and implemented, is improved operations and, thereby, improved quality of the services provided. Those are, in a nutshell, its ultimate goals.

How does one establish an effective corporate compliance program? While outside help might be useful, an effective and acceptable corporate compliance program consists of seven basic elements that can be attended to by the organization itself (i.e., no need to reinvent the wheel):

  • First and foremost, of course, the organization has to define and document acceptable standards of conduct and ethical behavior. Some of them, to be sure, will be oriented toward government’s requirements (“Thou shalt not submit false claims”). But, I would suggest, the more important rules will relate to your dealings with your customers. Appropriate standards will emphasize the importance of forthright advertising and full disclosure, the requirement for honest assessments of patient conditions and needs, and the imperative of treating residents with dignity and respect. All those procedures, reflecting ethical and professional behavior, should be clarified and written down so that misunderstandings regarding appropriate employee behavior can be avoided.
  • Once standards of appropriate conduct have been documented, staff must be trained to adhere to them. Documenting the training is not enough. Staff’s actual familiarity with the standards is critical, as is their understanding of the procedures to be followed when they happen to observe violations. A plan without staff buy-in is of little use to anyone.
  • Effective lines of communication must be established and assured. There can be no barriers that might interfere with the flow of information-in either direction. Managers must be open and honest in conveying requirements and expectations to staff. Staff must feel comfortable in both questioning and informing management regarding relevant issues. Intimidation, actual or perceived, has no place in an effective corporate compliance program.
  • An internal review and audit protocol must be implemented. Standards of behavior might have been established, documented, and conveyed; staff might have been fully trained; and lines of communication might have been set up. None of this necessarily means that the system is working. Verification procedures are a must. Such procedures should spot check not just the organization’s ad-herence to standards of conduct, but the staff’s faith in the system. One needs to verify not just the appropriateness of employee conduct, but the sense on the part of staff that violations of acceptable behavior can be reported without fear of retribution or ostracism. (A note to the wary: This aspect of effective corporate compliance need not be onerous. Huge corporate compliance staffs are not required. Sometimes it takes no more than a demonstrably open and supportive management showing a willingness to engage employees in candid and nonthreatening conversation to identify lapses in deportment or communications.)
  • When lapses in professional or ethical behavior are isolated, protocols for problem investigation must be available. It should be generally recognized that allegations or incidents of apparent misbehavior are not, in themselves, evidence. Investigative procedures to substantiate the “who” and the “how” of a potential problem should be clarified within the compliance plan itself. This is an area where seeking outside counsel might be appropriate, especially when violations of federal or state law are concerned or the legalities involving employee rights are an issue.
  • The program of available remedies in cases where transgressions have been determined should be documented in the compliance plan. The application of sanctions on an ad hoc basis is a recipe for disaster; such sanctions might ultimately be deemed arbitrary and capricious. More importantly, they pose the risk of undermining the entire plan by possibly diminishing staff support for and confidence in the plan. As alluded to earlier, a corporate compliance plan, absent that support and confidence, is worthless.
  • A corporate compliance officer should be appointed. In smaller companies, this officer will likely be someone who assumes that responsibility in addition to other duties. Under any circumstances, however, the corporate compliance officer should have direct access to the CEO and should not be in the direct chain of command between the staff and the CEO. In smaller companies, admittedly, when the functions of the compliance officer must be assumed along with other duties, this is easier said than done. But the underlying rationale for this is critical. Employees must feel comfortable in bringing issues of concern to senior management (and, ultimately, to the CEO) via as disinterested a corporate compliance officer as possible.

Does all this sound complicated? It needn’t be. The seven elements described above are at least as much basic principles of business practice as they are rules demanding slavish adherence. In essence, the effective plan is a clear demonstration not just to government, but to all external publics, of your organization’s commitment to responsible corporate conduct in accord with customer expectations. An effective plan increases the likelihood of identifying and preventing behavior inconsistent with your corporate mission. That’s how an effective corporate compliance plan improves the quality, efficiency, and consistency of the services you are providing.

There is no question that an effective corporate compliance plan will reduce your exposure to government’s increasingly onerous array of civil damages, monetary penalties, criminal sanctions, and administrative remedies. But let’s not overlook the greater value discussed here. Put simply, corporate compliance reflects your commitment to your most important audience-your customer. That fact alone demonstrates its worth. NH

To comment on Dr. Willging’s views, as expressed here, please send e-mail to
Paul R. Willging, PhD, was involved in long-term care policy development at the highest levels for more than 20 years. For 16 years as president/CEO of the American Health Care Association, Dr. Willging went on to cofound the successful Johns Hopkins Seniors Housing and Care postgraduate program (cosponsored by the National Investment Center for the Seniors Housing & Care Industries), and later served as president/CEO of the Assisted Living Federation of America. He has enjoyed an equally long-lived reputation for offering outspoken, often provocative views on long-term care.

Topics: Advocacy , Articles