Make Compliance Your Health Organization’s Business Core
With compliance and ethics driving your healthcare business, it’s well supported.
By Lanaya Sandberg, MBA, MHA, CPCO, FAHM
In a healthcare organization, dedication to compliance requires all employees to observe sound business ethics. Here are 12 tips to help your healthcare organization foster a culture of compliance.
All healthcare organizations, regardless of size, should have a well-publicized code of conduct. This code should require every employee to report immediately any alleged or proven breaches of conduct, organizational policies and procedures, or the law.
The code of conduct also should state clearly that there is zero tolerance for retaliation. This will help employees feel they can safely and confidentially disclose compliance concerns.
: Align with the OIG’s Five Point Strategy
In 1990, the Office of Inspector General (OIG) published five doctrines for an effective compliance strategy, which included enrollment, payment, compliance, oversight, and response. These doctrines remain in effect today and include principles you would be wise to assimilate into your organization’s compliance plan.
Source: OIG Health Care Compliance Program Tips (https://oig.hhs.gov/compliance/provider-compliance-training/files/Compliance101tips508.pdf)
For example, health plans should screen and credential any provider who is interested in contracting with the plan. Although some health plans are subject to “any willing provider” state clauses, they still must exercise due diligence in their enrollment processes.
: Encourage Employees to Communicate Concerns
All employees must be aware that part of their job responsibility is to report compliance-related concerns, immediately. Compliance is not just a manager’s task; it applies to every employee in the organization. This messaging should initiate at the highest levels of the organization and penetrate all levels. Promoting a culture in which employees are aware of expectations could potentially mitigate, or even prevent, regulatory fines and reviews, sanctions, penalties, member dissatisfaction, and reputational damage from sources outside the organization.
Employees should have a clear and comfortable way for pointing out potential violations. Healthcare organizations should make available multiple avenues for employees to express compliance concerns. Each path should be clearly identified.
: Performance Appraisals and Compliance Sessions Go Hand-in-hand
Organizations typically require performance appraisals to be conducted mid-year, and at year’s end. This approach is problematic because it does not allow ample time for reflection.
Instead, I encourage managers to initiate monthly reviews with their direct reports, with compliance as a key focus. A standing agenda item in meetings with employees can be “the trust dynamic,” where topics (compliance-related, or not) are discussed in a candid, trusting environment. Explicitly stating measurable goals and objectives in development plans can be beneficial, as well.
: Share Lessons Learned with Employees
When a healthcare organization encounters a compliance setback, there is a natural tendency to solve the problem, implement sustainable corrective actions, and move on. An often-overlooked step is an internal, well-publicized account of the problem. Questions that should be answered include:
- How did it happen?
- How was it solved?
- How can the organization benefit from the lessons learned going forward?
Employees want to know what is going on in their organization; when appropriate, communicating compliance issues can help to promote higher morale levels. Seize opportunities to share lessons learned across the organization and to shed light on systemic issues. Communication can occur via an organization’s intranet or employee newsletter, for example.
Note: It’s not appropriate to disclose all compliance issues to employees; seek advice from legal counsel for any unclear circumstances.
: Designate a Compliance Manager
Healthcare organizations are encouraged to designate compliance managers. If the organization is large, consider employing a manager, per area, with expertise and training relevant to that area. It’s not mandatory for the compliance manager to be an attorney, but he or she should be well-versed in the specific area and should seek legal counsel advice for uncertain issues.
Conversely, if the organization is small, consider employing a single compliance manager, who is an attorney able to provide legal support and well-versed in all areas of healthcare compliance.
: Timing Is Everything
Whether you are a new healthcare organization or an existing organization undergoing expansion, re-configuration, or delegation of specific services and functionality to a vendor, it’s essential to incorporate a compliance framework to avoid adverse events.
Healthcare organizations should communicate frequently with all identified stakeholders and perform ongoing gap analyses (i.e., identifying future and current compliance gaps and how to bridge them). Recruit a compliance manager trained in creating a foundation for your compliance road map. There are basic project management techniques and tools that can be helpful in laying this foundation, including:
- Charter – A condensed overview of the project, including scope, objectives, constraints, critical success factors, participants and stakeholders, and roles and responsibilities. This document is signed and executed by and between project stakeholders.
- Work Breakdown Structure – A visual depiction and identification of the work ahead and deliverables expressed as a hierarchy.
: Document What You Do, and Do What You Document
The International Organization for Standardization (ISO) has developed quality management standards dedicated to offering products and services that meet and exceed customer needs, while improving quality. There are several standards contained in ISO 9000:
- 9001:2008 – Establishes the requirements for quality management
- 9000:2005 – Incorporates rudimentary concepts
- 9004:2009 – Identifies ways in which the existing quality management system can be improved
- 19011:2011 – Provides guidance on external and internal audits of quality management
Healthcare organizations should pursue certification in 9001:2008 by a credible external certification body. ISO certification can increase the likelihood of favorable audits and result in improved quality management systems.
Note: ISO is not a certification institution, but rather develops the standards for certification. External certification bodies vary based on geographic location.
: Don’t Outsource Core Competencies
As a general rule, do not subcontract to a vendor any services that comprise your core competencies. When competencies are outsourced, proper oversight can become a challenge, or even downright impossible.
Contracts with vendors should clearly indicate the particular services the vendor is responsible for (and associated penalties for noncompliance), through the statement of work. Select and recruit talent that has robust experience with vendor contracting and management.
Tip 10: Employ a Compliance Checklist
Your compliance manager should be responsible for developing and implementing a compliance checklist that identifies each applicable federal or state law, regulation, or requirement. The checklist should include the reporting duration (e.g., annually, quarterly, monthly) and associated sanctions and fines for each law, regulation, or requirement.
The compliance manager should develop open lines of communication and disseminate this checklist to all employees. Each employee must clearly understand how applicable requirements directly affect his or her job.
Tip 11: Treat Compliance as a Competitive Advantage
Consider conducting a “strengths, challenges, opportunities, and threats (SCOT)” analysis, which is a strategic planning tool used to evaluate organizational factors (search “example SCOT analysis” online, for examples).
Strengths and challenges are factors internal to the organization; whereas, opportunities and threats are external forces. While researching external opportunities, study any noncompliant actions of indirect and direct competitors, corrective actions, associated fines and sanctions, and benchmark findings to internal performance and positioning.
: Disaster Preparedness Matters
Healthcare accrediting bodies commonly require healthcare organizations to espouse widely adopted standards of care and actions for disaster preparedness and response. For example, to be compliant with The Joint Commission, hospitals must demonstrate competency in six key focus areas, including communications, supplies, security, staff, utilities, and clinical activity.
History teaches us that bad things can happen to even the most prominent, impervious organizations. I urge you to not think of compliance in its conventional, most convenient terms; but rather, I challenge you to think of compliance as a foundational concept that drives every aspect of the business and its supply chain. In other words, you must think of compliance as a core business practice.
Editor’s note: The views and opinions expressed in this article are those of the author and do not reflect the official policy or position of AAPC or any other organization.
Lanaya Sandberg, MBA, MHA, CPCO, FAHM, is chief of staff and head of strategy for a Medicaid managed care organization. She is a member of the Hartford, Conn., local chapter.