Organizations expect their risk management and compliance functions to not only respond to regulatory and enforcement priorities, but also introduce new ways to control costs and drive growth. Risk and compliance officers are privy to information that boards of directors can use to make informed business and strategic decisions about operational challenges and opportunities, strategic growth and expansion, and technology adoption and implementation.

How well payers, providers, and life sciences companies calibrate their compliance spending to support growth, control costs, and manage risks will have a significant effect on how those companies fare in the future health economy. By identifying and prioritizing key issues, proactive risk and compliance functions can give their boards of directors an informed view of the opportunities and threats they may encounter in the marketplace. Tactically arming their boards with the information they need, risk and compliance functions can help measure the effectiveness of core processes and monitor progress toward meeting stakeholder expectations.

The strategic role of risk and compliance is increasingly vital as the movement away from fee-for-service to value-based care fundamentally changes the health care marketplace. In the evolving health care economy, organizations are considering the risks and benefits of adopting new capabilities, merging with or acquiring other entities, and integrating complementary organizations.

Traditional compliance data, such as training completion rates, hotline calls resolved, and number of complaints resolved, can be informative, but not actionable for a board. Without the context of business processes that lend meaning to this information, deriving practical use from it can be difficult. In their attempt to share information with boards in formats that are familiar, compliance executives may inadvertently separate compliance and risk concerns from larger business considerations. Without a connection to business operations, boards may be inclined to pass over the risk and compliance report to focus on other priorities

Proactive analysis uses the same available data, but organizes it into predetermined measurement bands and identifies notable trends across relevant time frames. Using this method, risk and compliance executives can rapidly detect trends that may indicate the potential for noncompliance and then present their findings to boards before issues escalate. By anchoring their observations and recommendations in data analytics and operational compliance performance monitoring, risk and compliance officers can increase their value to their organizations by focusing operational resources, reducing risk and preventing waste

Slogan: Compliance is an enterprise-wide responsibility.

There is a perception I the industry that Compliance programs are only focusing on HIPAA and PHI and I wanted to clarify that annual risk assessments are beneficial to identify weaknesses and risks in operations. One such risk assessment can focus on organizational operations while the second focus area can be an assessment of the potential risk and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information.

These assessments can be performed either internally or externally and ideally performed to some extent, annually. The assessment criteria should be updated as rules and regulations are implemented, revised or changed. Results of the risk assessments can be helpful in identifying potential specific risk areas within the organization that necessitate further auditing.

Additional resources to develop audit plans include the OIG Annual Work Plan, Recovery Audit Contractor (RAC) audits, Federal and State Surveys and the Office of Civil Rights audit protocol. The OIG has identified some risk areas in their Compliance Guidance Documents. Some of those risks include;

• Claim development and submission process

• Referral statutes

• Payments to reduce or limit services

• Emergency Medical Treatment and Labor Act (EMTALA)

• Relationships with Federal healthcare beneficiaries

• HIPAA privacy and security rules

• Medicare and Medicaid billing (OIG, 2005, p 4859)

• Medical necessity-reasonable and necessary services

• Anti-kickback and self-referral concerns

• Bad debts

• Credit balances

• Retention of Records

• Comp

An organizations’ reputation is directly affected by their ability to build trust among stakeholders. Trust can be earned by developing standards of conduct and policies and procedures that are well-communicated and consistently enforced. Here are some to consider:

Final thoughts;

The need to become compliant with rules and regulations is not a new concept nor is the development of a compliance program. Documents that provided suggestions for compliance program elements have existed for many years. In the past individuals and entities have been free to design their programs in whatever way they saw fit, however, the days of informal programs and processes to guide ethical business practices have passed.

Providers of healthcare services who chose to participate in federal programs must now implement formal programs that are both active and effective. Given the publicity of civil and criminal penalties in the healthcare service industry the role of compliance officer can be frightening. Many professionals with healthcare backgrounds are being thrust into compliance roles with little to no compliance experience or training. The goal of this Basic Field Guide is to provide information describing why compliance programs are needed and provide a basic program structure.

The document is intended to be written in an easy-to-understand format that allows new or untrained compliance professionals to gain a basic understanding of healthcare compliance. The Basic Field Guide should not be looked at as the only resource to develop an effective compliance program. This Guide can be a starting point that will lead one in the right direction.

Good luck to those of you who have chosen the compliance professional challenge!