How to budget for your facility’s compliance plan

With compliance still a developing discipline, many health care providers are grappling with how to establish a budget, as well as a structure for an effective compliance program. But those two tasks cannot be viewed separately, says Brent Saunders, director of regulatory affairs at PriceWaterhouseCoopers in Washington, DC.

Drawing on recent survey data collected by the Philadelphia-based Health Care Compliance Association (HCCA), Saunders offered providers a framework with benchmarking data to accomplish those two tasks at a Healthcare Financial Management Association meeting in Washington, DC, Aug. 27.

"There is no standard process and there never will be a standard process," Saunders cautions. "No two organizations look the same, so no two budgets will look the same."

While size of the organization is one obvious measure, it's not uncommon to find smaller organizations spending more money simply because their leadership is committed to a more structured compliance program, he says.

According to Saunders, who is also president of HCCA, the focus of most compliance programs is shifting from development and start-up to implementation and monitoring. From a budgeting standpoint, that means more mature programs and more mature information, he says. But it does not always mean higher costs. In fact, once many start-up costs such as baseline audits are performed, costs may actually decline.

HCCA's survey found the average compliance budget now stands at about $313,000. Companies with revenues under $100 million annually spend about $149,000, while giants with revenues over $600 million spend roughly $472,000. To successfully plan and budget compliance efforts, Saunders outlined these seven "building blocks" that combine federal sentencing guidelines, OIG guidance, and benchmarking data:

I. Compliance standards and procedures. The cost of developing of a code of conduct can vary dramatically depending on the size and sophistication of the organization, says Saunders. But he says a "vanilla code" that includes nine or 10 "typical standards" should run $15,000-$20,000 and can often be accomplished internally. On the other hand, the cost to print 1,000 copies of a typical code can run $5,000. Providers that opt to print 10,000 copies will spend about $10,000, he says.

According to Saunders, today's typical code of conduct standards include these elements: personal obligation to report; fair treatment of employees; patient care and rights; billing practices; accuracy and retention of records; confidentiality of information; ethical business practices; antitrust; insider information and securities trading; marketing and advertising; and conflict of interest.

II. Oversight responsibility. Saunders says the composition of compliance programs is shifting. "We know for a fact that lawyers are a smaller proportion of the population" of compliance officers, he says. According to HCCA's survey, 20% of compliance officers possess a law degree, while 48% have a masters degree and 16% are CPAs. The number is evenly divided between male and female, and the average salary for a compliance officer is $94,000. Only 2% make more than $200,000.

"I think we are getting away from enforcement-driven compliance where people felt like they were under attack and wanted lawyers to run that part of their operation," observes Saunders.

"We are getting more in to operations-driven compliance and process improvement, and providers want somebody who understands how they work and how they operate." As a result, a health care administration background is now the most common skill set for a compliance officer, he says.

The salaries of compliance staff are sometimes surprising with administrative staff averaging higher salaries than internal auditors — $45,589 compared to $43,855. Risk managers are currently the highest paid at $54,475, HCCA's survey found.

III. Delegation of authority. Because federal guidelines preclude providers from hiring anybody with "a propensity to engage in illegal conduct," organizations are required to screen for sanctioned and excluded individuals and entities, notes Saunders. But it is up to the organization to decide how far to go.

He says all employees should be checked against the Health and Human Services Office of Inspector General (OIG) exclusion list at a cost of about $1 per employee.

But that number will vary for more costly background checks. Depending on where an organization wants to conduct that check and how far back it wants to go, those checks typically cost about $50 per employee, he reports.

Criminal background checks can be limited to senior management, as well as people who handle money or head a reimbursement department.

IV. Training and education. With the infrastructure of most compliance programs already in place, Saunders says the single biggest expenditure is now education and training. But providers must decide who to train, who will conduct that training, and what medium will be used.

Web-based training varies in cost but averages about $28,000 for a typical organization of 2,000-3,000 employees, while the cost of CD-ROM-based training varies even more dramatically, averaging about $20,000 for a company of the same size.

V. Auditing and monitoring. Saunders points out that the OIG wants to see monitoring take place on an ongoing day-to-day basis. It also wants providers to adopt a formal audit and review plan that targets high-risk areas and focuses on suspected violations. He says providers can expect a typical risk assessment or review to run about $22,000 per functional area, such as a department or laboratory.

The OIG also wants anonymous and confidential hotlines, he adds. The typical hotline vendor will charge about $1.50 per employee for organizations with 1,000 or fewer employees and about $0.75 per employer for organizations with more than 10,000 employees. Saunders says that other costs associated with promoting a hotline are similar to printing a code of conduct and can be offset if accomplished together.

VI. Enforcement and discipline. Enforcement is typically an internal action with little budgetary implication, according to Saunders. He says most of those costs are associated with terminations and are largely an internal opportunity cost.

VII. Response and prevention. Federal sentencing guidelines require providers to respond and prevent offenses, and the OIG says a protocol for accomplishing that should be in place. From a budgeting standpoint, self-disclosures are a major expense but hard to measure.

Some companies have spent millions of dollars on self-disclosures, he notes, but still spent far less than it would have cost to fight the government.