Compliance Officer and Compliance Department = Key to Effective Compliance
The goal of an effective compliance approach is to foster a culture that prevents compliance problems and quickly handles those that arise, as preventive and proactive. But when the organization identifies a systemic or previously unnoticed compliance problem, the Chief Compliance Officer (“CCO”) and the Compliance Department Team provide the expertise to confirm the problem, identify the cause, mitigate the risk, and help develop and initiate effective corrective actions.
Compliance experts have a solid understanding of the operational and administrative processes that are impacted. They focus on applying reliable methods to find the root cause (including data collection and analysis) and identify the applicable laws, regulations, and policies involved. When troubleshooting, compliance experts seamlessly coordinate with organizational leaders and advisors to address any non-compliance promptly.
Compliance expertise is offered to any organization through an effective compliance program under the leadership of the Chief Compliance Officer and the Compliance Department Team.
An effective compliance program is a business necessity in healthcare organizations today. Healthcare leaders may be familiar with those Model Compliance Guidance documents that the Office of the Inspector General of the Department of Health and Human Services (“OIG”) began issuing twenty years ago in 1998.[1]
Since then, the government has increased its expectations and tightened assessments of program effectiveness. Through many years of enforcement and assessment in the era of voluntary adoption of compliance programs, the government now signals that organizations simply cannot depend on the mere existence of a compliance program to demonstrate mastery of their duty to comply. Section 6401 of the Patient Protection and Affordable Care Act (2010) requires that every entity enrolled in government health insurance programs “shall establish [a compliance program] as a condition of enrollment.”[2]
If it has not done so before, it is now crucial that an organization consider compliance to be an integral part of its business strategy — an essential tool to do the organization’s work. The Board and leadership team must govern and operate squarely within legal and regulatory boundaries. The Chief Compliance Officer must help the board and Chief Executive Officer build a reliable and effective compliance program to carry out that mandate. The CCO and the Compliance Team must position continuous performance improvement of that compliance program in the forefront.
It’s a new day for compliance programs. According to OIG Daniel R. Levinson, the government has turned from incentivizing the adoption of compliance programs to incentivizing the operation of effective compliance programs.[3]
Enforcement and regulatory agencies, among them the Centers for Medicare and Medicaid Services (“CMS”), OIG, and the US Department of Justice (“DOJ”), don’t evaluate compliance programs except in the most inopportune times – when enforcement actions have been initiated or during settlement negotiations regarding non-compliance. Organizations must maintain and continuously improve the effectiveness of their compliance programs to assure they’re ready for such scrutiny. Compliance is strategic in nature as a solid foundation for an ethical organizational culture and establishes a formal signal of the organization’s intent to comply. An effective compliance program is value-added, because it can protect against the risks of costly non-compliance.
A compliance issue can arise at any time in any sector of an organization. The Chief Compliance Officer and the Compliance Team are the qualified experts with requisite independence and autonomy to: understand the organization’s operations and governance holistically across silos and barriers; ensure an adequate and independent investigation is conducted (some under direction of legal counsel to preserve the attorney client privilege, when appropriate); develop and document implementation of all corrective action plans; implement stabilizing policies and procedures following an incident; and, in coordination with other executives, see to it that the organization’s internal leaders and subject matter experts are deployed as and when necessary. This is often facilitated through the senior-level compliance committee, an element of an effective compliance program and configured to match the size and complexity of the organization.
Legal requirements must be clarified and met; internal controls must be in place. The Compliance Officer’s expertise includes coordination with the appropriate legal and internal audit functions to assess risks, assure legal sufficiency and address legal impact, and test for strong internal controls.
The independence of the Chief Compliance Officer is the golden key to maintaining an effective compliance program. Past practices, particularly in the early days of compliance program implementation, considered compliance to be an extension of the legal, internal audit, or financial function. Many compliance officers began their careers reporting to the General Counsel, the Chief Financial Officer or even the Chief Audit Executive. Today, these reporting relationships are not considered to be best practice by government agencies such as the OIG and DOJ, who urge that the Chief Compliance Officer have a direct reporting relationship to the Chief Executive Officer, be given unfettered access to the board, and have a “seat at the table” comparable to legal, audit and financial executives.
The Chief Compliance Officer’s role is not extrapolated from legal, finance, internal audit, operations, or governance. It is a unique role of executive station, rooted in dedication to accurate fact-finding; adherence to laws, regulations, and directives of internal and external origin; ethical business practices; and to supporting compliant legal, financial and operational decisions.
The Chief Compliance Officer and Compliance Department Team provide qualified expertise to build a compliant culture and to coordinate the process to promptly diagnose, assess, and correct non-compliance.
[1] See, http://www.hhs.oig.gov
[2] See, https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNEdWebGuide/Downloads/MLN-Compliance-Webinar.pdf regarding this requirement.
[3] Levinson informed the attendees at the Healthcare Compliance Association Annual Conference in 2016 that the OIG, Department of Justice and other enforcement arms of the government will not give an organization any “credit” in a settlement of non-compliance for simply having a compliance program. Levinson expressed the government’s expectation that in the twenty years since the OIG first issued compliance guidance, healthcare organizations should at least have a compliance program.
