The American Health Lawyers Association’s Fundamentals of Health Law program held on November 11-13, 2018 in Chicago, Illinois centered on key health law topics and emerging trends in health care. One focus of the program was the need for healthcare organizations to promote a culture of compliance, which includes implementing an effective compliance program.

A compliance program is a formal statement of a healthcare organization’s coordinated, proactive efforts to prevent, detect, respond to, and report violations of laws, government regulations, and ethical rules.

The Office of the Inspector General (OIG) of the Department of Health and Human Services is tasked with combating fraud, waste, and abuse in healthcare. The OIG conducts the majority of healthcare investigations and has the authority to exclude providers from federally funded healthcare programs and to impose civil monetary penalties.

Additionally, the Patient Protection and Affordable Care Act 42 U.S.C. §18001 requires healthcare organizations to develop and implement formal compliance programs and provides an overview of the role of compliance in healthcare.

The OIG’s position is that healthcare organizations can reduce fraud, waste, and abuse liability through effective compliance programs. Compliance programs are not “one size fits all” and there is no “gold standard.”  The OIG allows and expects an organization to create a compliance program that is tailored to its unique needs. A compliance program must also include the OIG’s seven fundamental elements of an effective compliance program:

  1. Implementing written policies, procedures and standards of conduct. Policies and procedures should promote the organization’s commitment to compliance and address specific areas of risk. As noted in the OIG’s Supplemental Guidance for Hospitals, “[t]he purpose of compliance policies and procedures is to establish brightline rules that help employees carry out their job functions in a manner that ensures compliance with Federal health care program requirements and furthers the mission and objective of the hospital itself.”
  2. Designating a compliance officer and compliance committee. The compliance officer is charged with operating and monitoring the compliance program. The compliance committee should include members of key functions within the organization that can support and advise the compliance officer, such as legal, information technology, and privacy.
  3. Conducting effective training and education. At a minimum, all employees, physicians, and board members should receive training on fraud and abuse laws, as well as the compliance program.
  4. Developing effective lines of communication. Employees must feel comfortable reporting internally, and organizations should have multiple reporting avenues such as the compliance officer and an anonymous hotline. Organizations must also take all reports seriously, and conduct follow-up with the reporting employee. Whistle-blowers often file complaints with the OIG after reporting internally and receiving no follow-up from the compliance officer.
  5. Conducting internal monitoring and auditing. This involves an ongoing process of evaluation and assessment to deter bad behavior and ensure effectiveness of education and corrective action. The compliance program should also monitor compliance with privacy, and provide a risk assessment of potential privacy issues.
  6. Enforcing standards of conduct through well-publicized disciplinary guidelines. Standards of conduct outline an organization’s rules, responsibilities, proper practices, and/or expectations of its employees. Compliance should work with human resources and legal to ensure that the standards and consequences for violations are consistently enforced.
  7. Responding promptly to detected offenses and undertaking corrective action. Failure to ensure timely and effective remedial action for offenses can create additional exposure for the organization.

By implementing and following an effective compliance plan, healthcare organizations can avoid fraud, waste, and abuse liability. Failure to have an effective compliance program may result in:

  • Increased violations.
  • Undetected kickbacks and/or false claims.
  • Evidence of deliberate ignorance of false claims.
  • Entering into a mandated Corporate Integrity Agreement with the OIG.

Healthcare organizations should promote a culture of compliance at all levels inside the organization. Having an effective compliance program is an ongoing process. An effective compliance plan is not a static document, but is proactive, responsive, and changing with the needs of the organization.