Symptoms of an Ailing Compliance Plan
| Symptoms of an Ailing Compliance Plan|
When it comes to regulatory compliance, some organizations say one thing and do another-and end up wishing they hadn’t
BY LAWRENCE A. FOGEL AND JOSEPH M. WATT
|Let’s start with the following true-or-false statement: “The mere existence of a regulatory compliance plan does not provide an organization with any assurance that its compliance program is effective.”|
| The answer: true. In fact, a poorly written compliance plan is probably more damaging than having no compliance plan at all. Why? An organization makes commitments and promises in its compliance plan that it is expected to fulfill. These commitments may establish even higher standards, and they are expected to be met. If it appears an organization is not serious about its compliance program, government and private agencies will have serious doubts about its credibility and integrity.|
Consider this hypothetical: The typical compliance plan states that it will be reviewed and revised annually-but your compliance plan hasn’t been modified in the five years since it was written. What message does that send?
The Department of Health and Human Services’ Office of Inspector General (OIG) published the “OIG Compliance Program Guidance for Clinical Laboratories” on March 3, 1997, in the Federal Register. Since then, OIG has published a series of compliance program guidances for other healthcare organizations. These guidances explain to the healthcare industry the OIG’s expectations of compliance programs. The OIG’s principal guidance is based on the seven elements of The Federal Sentencing Guidelines Manual. Compliance programs must satisfactorily address these seven elements, at a minimum:
1. Compliance Officer and Committee
In addition, what if the job description for the compliance officer does not correspond with the duties contained in the compliance plan? In some situations, the compliance officer’s job description is all-inclusive when, in fact, the compliance officer does not perform all of the listed duties. Often, the compliance officer is too busy with other job responsibilities to effectively manage the compliance program. The same ambiguity applies to the compliance committee. Members of compliance committees sometimes say that they don’t know what their specific functions are or what is expected of them. Government agencies are not sympathetic, however. If an organization has a compliance program, it is expected to devote the necessary resources and time to make it effective.
Another common issue is the frequency of compliance committee meetings. Usually, the compliance plan will specify how often the meetings are to be conducted. Although the compliance plan might specify that meetings are to be held monthly, perhaps the compliance committee has met only four times during the last 12 months. Again, what message does this send, not only to the outside world, but also to the compliance committee members themselves?
Let’s go one step further and assume that the committee did not keep minutes, or that the minutes were maintained in a very sketchy format. How can anyone know what progress was made during the compliance committee meetings? Sometimes the meetings are, indeed, unproductive and stagnant; committee members say that they spin their wheels and don’t make any progress because they discuss the same issues over and over. This sort of performance raises questions about the seriousness of the committee’s efforts and the effectiveness of the compliance officer. Too often, organizations do not evaluate the compliance officer or the committee members on their performance.
Generally, compliance plans require periodic reporting to the board of directors; however, in many cases there is no evidence that such reports have been made.
2. Standards of Conduct/Policies and Procedures
Organizations should be careful that the standards of conduct do not conflict with other policies. For example, the standards of conduct may say one thing and administrative or personnel policies may say something totally different, which can pose serious problems.
Policies and procedures also should be written and current. If policies and procedures are not presented in written format, employees may allege that they were told to do something by their supervisors that cannot be supported by written policies and procedures. Written policies and procedures provide clear guidance to employees, especially when new employees are hired. Policies and procedures should be updated regularly and accurately reflect the manner in which each department operates.
Frequently, the compliance plan specifies that each departmental policy should contain compliance guidance language. Frequently, however, departmental policies contain no such thing. This is cause for concern, because the overall organizational compliance plan is nothing more than a master blueprint. The real nuts-and-bolts work is performed at the departmental level, and the specific policies of each department need to contain compliance guidance relevant to its employees.
3. Education and Training
It is very difficult, if not impossible, to separate compliance training from competency training; these two types of training programs go hand in hand. Yet, employees who have a tendency to be involved in risky situations frequently report that they see no concern from management about providing them with regular and effective training in job performance and error avoidance.
Another related concern is the lack of documentation or coordination relating to the compliance training. Typically, compliance plans specify that the documentation should be maintained in a centralized location. Furthermore, someone in the organization is normally responsible for coordinating staff education. Yet, much of the education may be fragmented among the departments, meaning that no one is centrally monitoring or documenting the amount of compliance training that employees are receiving. In view of this, how can there be any assurance that the employees who need the specialized compliance training are actually receiving it?
4. Hotline and Reporting Complaints
All complaints should be taken seriously and investigated to the extent necessary. The documentation should tell the entire story relative to a particular complaint, including how it was resolved. Sometimes, though, the documentation for the hotline calls and other complaints is inadequate.
Organizations may have a difficult time deciphering the difference between a complaint and a question. If the question is expressed as a concern, it should be investigated and documented like any other complaint.
Typically, very few hotline complaints are recorded, which raises questions about the hotline or complaint process, its operating effectiveness, and whether the employees and other designated persons are aware and trusting of the process. In these circumstances, we often find that there have been more complaints than are documented on the hotline log, but they have been resolved or dismissed before being documented.
5. Responding to Allegations and Disciplinary Action
Some compliance plans specify that investigations should start within a specified number of days after a problem is identified and be completed within a specific time frame. Yet, some investigations either go on indefinitely or are never truly resolved. If the compliance plan requires that the investigations be started and completed within a certain time frame, the organization should take every measure to ensure that these requirements are met.
If any illegal or improper acts are discovered, the employee(s) involved should be disciplined appropriately. One common problem, however, is that the “punishment does not fit the crime.” Discipline for a serious offense may be miniscule or nonexistent. Some employees may not be punished as severely as others for committing the same type of act-sending another negative message about the seriousness of the compliance effort.
Some organizations rely on their personnel policies for determining the type of disciplinary action to be taken. Others lay out specific disciplinary actions relating to compliance violations. In either case, the compliance officer should be consulted by human resources to evaluate disciplinary action relating to a compliance matter.
6. Auditing and Monitoring
One way to effectively monitor compliance is to perform periodic random audits. These audits may be performed internally, or at other times external auditors or consultants should be used. For effective audits, a risk assessment should be performed to identify the areas that have the highest degree of risk in the organization. A work plan should be prepared that identifies areas to be audited and when the audits will be conducted. Some organizations either do not follow their work plans or do not complete all their assigned tasks. Even when an audit is conducted, its documentation is frequently insufficient. For example, there may not be any work papers or sufficient details allowing monitors to follow the trail of the work performed, or even a report to explain the nature of the findings and corrective action that was taken. Documentation for the audit should tell the whole story of the incident, what was found, and what corrective actions were taken.
Sometimes the investigations reveal systemic problems within an organization that require corrective actions, yet there is no change in policies and procedures. Sometimes self-reporting to a government or private agency monitoring for violations is required, but the disclosures aren’t made. Concealment of this type is considered a very serious offense and always should be avoided. Sometimes honest mistakes are made, requiring employee training on proper performance of duties and close monitoring of employees’ future work. If the organization either dismisses or ignores such problems, its commitment to compliance will again be called into question.
| 7. Background Checks|
Organizations should have policies for conducting background checks of newly hired employees. Some background checks don’t include, however, searching the OIG Web site (www.oig.hhs.gov) for Medicare-excluded individuals and entities. Sometimes physicians and other practitioners are not checked through the National Practitioner Database. In other cases, organizations may not include, as part of their background checks, reference checks or contacting previous employers. Background checks are important if organizations are to avoid delegating a high degree of authority and trust to individuals who have been convicted of serious offenses.
|Lawrence A. Fogel, principal, and Joseph M. Watt, partner, are members of BKD Health Care Group in Kansas City, Missouri. BKD is one of the 10 largest CPA and advisory firms in the country, with nearly 200 partners located in 26 offices in Arkansas, Colorado, Illinois, Indiana, Kansas, Kentucky, Missouri, Nebraska, Ohio, Oklahoma, and Texas. BKD Health Care Group includes more than 200 strategic planners, reimbursement consultants, professionals with intermediary or clinical experience, healthcare auditors, systems managers, employee benefits and human resources consultants, operations improvement managers, and tax professionals. For further information, e-mail Lawrence Fogel at firstname.lastname@example.org or Joseph Watt at email@example.com, phone (816) 221-6300, or visit www.bkd.com. To comment on this article, please send e-mail to firstname.lastname@example.org.|
Topics: Articles , Facility management , Regulatory Compliance