There’s no “set it and forget it” when it comes to compliant compliance. There are so many aspects of practice management that require regular attention. You know having a compliance program is crucial, but are you measuring the program’s success or did you just set it up and forget about it? “These compliance programs are going to be evaluated as whether they live and breathe within your organization,” said Astara N. Crews, MJ, CPC, CPEDC, CHC, CHPC, CHIAP, said, in her presentation “Basic Steps in Measuring an Effective Compliance Program” at AAPC’s 2023 HEALTHCON. Understand the Context of Why Evaluation is Important Crews explained that some expert compliance professionals met with regulatory agency staff members, forming a roundtable that tried to figure out how to breathe life into compliance programs. Regulatory agencies were worried that mandating the establishment of compliance programs wouldn’t be enough because entities could prove that their compliance programs existed without those programs and practices actually producing any effect on compliance. It’s not just that a practice has to demonstrate and have evidence that such a program is in place — it needs to be infused throughout the organization to actually meet compliance requirements, Crews explained. The roundtable put forth concrete recommendations on how to quantify and, thus, measure different aspects of a usable and utilized compliance program. The Office of Inspector General (OIG) ended up adopting these recommendations and providing them as a toolkit for organizations to use when considering how to fully bring their compliance programs to life — and make sure they work. Crews referred to these recommendations and stressed that they are they are not “one size fits all,” but can and should be tailored to individual organizations. You can read more about those recommendations in this document: https://oig.hhs.gov/documents/toolkits/928/HCCA-OIG-Resource-Guide.pdf.
Additionally, the Department of Justice (DOJ), which is performing audits, updated in March 2023 a document (www.justice.gov/criminal-fraud/page/file/937501/download) intended for use by prosecutors when investigating an organization and deciding whether to bring charges or negotiate a plea or other agreements. Crews suggested that whoever is responsible for designing and evaluating an organization’s compliance program should consult these documents to know exactly what regulatory agencies are looking for. Focus on These 7 Elements Federal agencies that may penalize noncompliance provide a lot of tools for compliance. Crews recommends going straight to those sources so you can know what aspects of compliance regulatory agencies like the OIG want to ensure. “If you’re already looking at what the regulatory agencies are going to look at, then you’re one step ahead of the game,” she said. In the agency’s “Health Care Compliance Program Tips” document (https://oig.hhs.gov/documents/provider-compliance-training/945/Compliance101tips508.pdf), the OIG lists these seven elements as the foundation of an effective compliance program: 1. Implementing written policies, procedures and standards of conduct. 2. Designating a compliance officer and compliance committee. 3. Conducting effective training and education. 4. Developing effective lines of communication. 5. Conducting internal monitoring and auditing. 6. Enforcing standards through well-publicized disciplinary guidelines. 7. Responding promptly to detected offenses and undertaking corrective action. But when you go to measure the efficacy of these elements, what do you look for? Crews said that regulatory agencies want compliance programs to be well designed, adequately resourced, and empowered to function. Does your compliance program really work? “I like to use the word ‘infuse’ throughout your organization, so everyone knows where to find [compliance program information], and it doesn’t necessarily mean ‘call me’ or ‘call you at your office’ or even what the policy is, but [stakeholders] need to be able to find it on their own,” Crews explained. Another crucial point: Language matters. If you have legal counsel as part of your compliance program, there may be temptation to use “legalese” in written policies, so the language encompasses every potential liability. But Crews recommends writing policies in language that doesn’t exceed fifth grade reading comprehension. “We’re not trying to insult people, but English is not everyone’s first language,” she said. “You want to make sure that policies are easy to read, easy to understand, and really elementary, so anyone can understand what it is that you intend for that policy, and what you intend for them to gain from that policy.” She said that her organization was audited and passed because of the training that enabled everyone to find those policies on their own. e The DOJ says that prosecutors should look to see whether the principles of the organization’s compliance program are communicated to staff and other stakeholders, and whether the elements are fully accessible. The DOJ says that these measures are evidence that the compliance program has been designed for implementation and is being utilized. Crews noted that these measures were especially important to consider within the context of each organization. Pocket These Concrete Tips Tailor your compliance program accordingly. For example, if your organization has a single compliance officer, versus an entire committee or department, then it may be easier to make sure the compliance program is accessible to stakeholders but more difficult to have an extremely far-reaching and comprehensive program. If your organization’s compliance program is overseen by an individual, “you want to make sure you have practices in place of screening and evaluating employees, vendors, and other agents,” Crews said. Establishing and monitoring compliance as a cornerstone of new-hire and continuing education is another low-hanging fruit. You want to make sure that communication is happening throughout an employee’s tenure, and not just during the benchmark periods of onboarding or annual reviews, Crews suggested. “You want to make sure you’re consistently monitoring, auditing, and you have some sort of internal reporting systems. These are required, whether you have a team of one or a full-fledged team,” she said. Organizations should know how they will respond in situations of noncompliance. Crews told organizations to ask themselves these questions: “What are you really doing about those who are not being compliant? How are you handling those things? Is it equitable? Is it consistent?” She also said that documenting investigations and any remedial measures is a key aspect of proving that compliance programs aren’t just for show.