OIG's 7 elements for effective compliance

List published in Federal Register in 2005

When initiating or improving a research institution's compliance program, the most efficient place to start is to follow federal guidance on such programs, including compliance program guidance created by the he U.S. Department of Health and Human Services' Office of Inspector General (OIG).

The OIG's guidance no longer is voluntary for hospitals, and its seven elements of an effective compliance program remain a solid foundation for other organizations' compliance efforts. The guidance published Jan. 31, 2005 (Vol. 70, No. 19) in the Federal Register, as the OIG Supplemental Compliance Program Guidance for Hospitals, lists these seven factors the OIG believes may be useful when evaluating the effectiveness of basic compliance program elements.

They are as follows:

1. Designation of a compliance officer and compliance committee.

The OIG states that the compliance department is the backbone of the hospital's compliance program and should be led by a well-qualified compliance officer, who is supported by a compliance committee. The OIG suggests organizations consider a number of questions, including this sample:

  • Does the compliance department have a clear, well-crafted mission?
  • Is the compliance department properly organized?
  • Does the compliance department have sufficient resources (staff and budget), training, authority, and autonomy to carry out its mission?
  • Is the relationship between the compliance function and the general counsel function and the general counsel function appropriate to achieve the purpose of each?
  • Is there an active compliance committee, comprised of trained representatives of each of the relevant functional departments, as well as senior management?
  • Does the compliance officer make regular reports to the board of directors and other hospital management concerning different aspects of the hospital's compliance program?

2. Development of compliance policies and procedures, including standards of conduct.

Compliance policies and procedures should be designed in a way that helps employees remain in compliance while carrying out their job functions, the OIG recommends.

Here are some excerpts from what the guidance suggests that hospitals consider:

  • Are policies and procedures clearly written, relevant to day-to-day responsibilities, readily available to those who need them, and re-evaluated on a regular basis?
  • Does the hospital monitor staff compliance with internal policies and procedures?
  • Have the standards of conduct been distributed to all directors, officers, managers, employees, contractors, and medical and clinical staff members?
  • Has the hospital developed a risk assessment tool, which is re-evaluated on a regular basis, to assess and identify weaknesses and risks in operations?
  • Does the risk assessment tool include an evaluation of federal health care program requirements?

3. Developing open lines of communication.

The OIG describes open communication as a product of organizational culture and internal mechanisms for reporting instances of potential fraud and abuse.

Here is a partial list of factors hospitals might consider:

  • Has the hospital fostered an organizational culture that encourages open communication, without fear of retaliation?
  • Has the hospital established an anonymous hotline or other similar mechanism so that staff, contractors, patients, visitors, and medical and clinical staff members can report potential compliance issues?
  • How well is the hotline publicized; how many and what types of calls are received; are calls logged and traced (to establish possible patterns); and is the caller informed of the hospital's actions?
  • Are all instances of potential fraud and abuse investigated?
  • Are the results of internal investigations shared with the hospital governing body and relevant departments on a regular basis?
  • Is the governing body actively engaged in pursuing appropriate remedies to institutional or recurring problems?

4. Appropriate training and education.

Failure to train and educate staff adequately creates risk liability for the violation of health care fraud and abuse laws, according to the OIG.

Some of the factors OIG asks hospitals to consider are:

  • Does the hospital provide qualified trainers to conduct annual compliance training for its staff, including both general and specific training pertinent to the staff's responsibilities?
  • Has the hospital evaluated the content of its training and education program on an annual basis and determined that the subject content is appropriate and sufficient to cover the range of issues confronting its employees?
  • Has the hospital kept up-to-date with any changes in federal health care program requirements and adapted its education and training program accordingly?
  • Has the hospital formulated the content of its education and training program to consider results from its audits and investigations?
  • Does the hospital seek feedback after each session to identify shortcomings in the training program, and does it administer post-training testing to ensure attendees understand and retain the subject matter delivered?

5. Internal monitoring and auditing.

With effective auditing and monitoring plans, hospitals might avoid submitting incorrect claims to health care program payers, the OIG says.

These are a few of the factors the OIG believes they should consider:

  • Is the audit plan re-evaluated annually, and does it address the proper areas of concern, considering, for example, findings from previous years' audits, risk areas identified as part of the annual risk assessment, and high volume services?
  • Does the audit plan include an assessment of billing systems, in addition to claims accuracy, in an effort to identify the root cause of billing errors?
  • Is the role of the auditors clearly established and are coded and audit personnel independent and qualified, with the requisite certifications?
  • Is the audit department available to conduct unscheduled reviews?
  • Has the hospital evaluated the error rates identified in the annual audits?
  • Does the audit include a review of all billing documentation, including clinical documentation, in support of the claim?

6. Response to detected deficiencies.

The goal is for hospitals to respond consistently to all detected deficiencies and develop effective corrective action plans to prevent further losses to federal health care programs.

The OIG's recommended factors to consider include some of these:

  • Has the hospital created a response team, consisting of representatives from the compliance, audit, and any other relevant functional areas, which may be able to evaluate any detected deficiencies quickly?
  • Are all matters thoroughly and promptly investigated?
  • Are corrective action plans developed that take into account the root causes of each potential violation?
  • Are periodic reviews of problem areas conducted to verify that the corrective action that was implemented successfully eliminated existing deficiencies?
  • When a detected deficiency results in an identified overpayment to the hospital, are overpayments promptly reported and repaid to the FI?
  • If a matter results in a probable violation of law, does the hospital promptly disclose the matter to the appropriate law enforcement agency?

7. Enforcement of disciplinary standards.

Hospitals can create an organizational culture that emphasizes ethical behavior and which considers these factors, among others:

  • Are disciplinary standards well-publicized and readily available to all hospital personnel?
  • Are disciplinary standards enforced consistently across the organization?
  • Is each instance involving the enforcement of disciplinary standards thoroughly documented?
  • Are employees, contractors and medical and clinical staff members checked routinely against government sanctions lists, including the OIG's List of Excluded Individuals/Entities and the General Services Administration's Excluded Parties Listing System?