Office of Inspector General outlines its top concerns

While nearly all hospitals now have some type of compliance program in place, they also face the growing challenge of keeping those programs and their messages fresh, according to Howard Young, counsel at the Health and Human Services’ (HHS) Office of Inspector General (OIG). "As these programs mature, I think the reality is that people are going to get a little bit tired of ongoing compliance training," he warns.

Young contends that retaining the attention of senior executives in this area is "absolutely essential." But he says that’s easier said than done. To do this, Young says hospitals must carefully tailor their training to specific departments and sometimes even individuals. "This is going to be a real challenge on both time and resources," he warns. "But in order to keep your message fresh, you must constantly look for new approaches to compliance." That is especially true when it comes to training, which is the aspect that most employees encounter, he adds.

According to Young, that is only one of the emerging challenges facing hospitals. Here are several other areas that Young says hospitals should pay close attention to as compliance programs continue to mature:

- Compliance officers as whistle-blowers. If hospitals were harboring any doubt about the appropriateness of compliance officers turning into whistle-blowers, Young did everything he could to erase them at the American Health Lawyers Association’s recent meeting in Washington, DC. "There is nothing in the False Claims Act qui tam provision that would prevent a compliance officer or person engaged in the compliance function from filing a qui tam suit," he argues. In fact, Young says frustrated compliance staff often make the "perfect qui tam relators."

"I don’t think the government would discourage those types of people coming forward," he adds. Typically, he says their message and job function has been frustrated at some level within the organization, and they often have "an interesting story" to tell.

Whether there is something in the employment agreement of a compliance officer that might prevent this is another matter, Young concedes. But he also questions whether such a provision would be enforceable.

- Physician involvement. According to Young, one area the OIG is hearing a lot about these days is physician involvement in compliance programs. He notes that while most of the OIG’s corporate integrity agreements (CIAs) are with hospitals, the physician staff at those hospitals are legally a separate entity. That raises the questions about whether those physicians are bound by the CIA, he says.

Young concedes that busy physicians are often not very interested in compliance training and says the OIG tries to address that fact in its CIAs. But he adds that hospitals must still attempt to educate not only the employees such as the billers and the coders, but also physicians. "We think it’s a no brainer’ that any employed physicians that are employees of the hospital can be required to attend training," he asserts. But he adds that it may be harder to get buy-in from large groups of physicians that are on the medical staff but not under contract.

Young reports that some CIAs now require hospitals to make a good-faith effort to train these physicians. But when annual reports show that only a fraction of physicians attended any compliance training, that sends the OIG the wrong signal, he cautions.

"We generally do not demand 100% participation," he adds. To work around busy physician schedules, he says some hospitals now produce videotapes and audiotapes or make other types of training available to physicians, he adds.

Young notes that some hospitals have even teamed up to provide training, especially in inner cities where physicians serve on multiple staffs. But that carries risks, he cautions. "Training should pertain to a specific institution, and not all hospitals in the same city share all the same compliance goals or compliance mechanisms," he explains.

- Outsourcing compliance functions. Young says another area the OIG is starting to hear more about is the outsourcing of various compliance functions. Outsourcing the hotline function is not uncommon, and Young says the OIG does not take exception to that as long as vendors respond appropriately. But how hospitals respond to calls made to the hotline is their responsibility. "You can’t outsource that response," he cautions.

Young adds that while the OIG does not look sideways at lawyers and accounting and consulting firms that help develop and implement compliance training, it is critical that the training is tailored to that particular provider or entity. He says the OIG takes a dim view of "canned training modules" that do not provide ample opportunity for questions or address the needs of specific provider populations.

"Outsourcing the compliance officer function is a tough one," Young cautions. He notes that the OIG’s draft guidance for physicians says that several small practitioners can share a compliance officer. "Logistically, however, there are a lot of issues to work out in that regard," he warns. "It can be difficult for an individual to wear multiple hats and serve as a compliance officer for multiple providers."

On the other hand, outsourcing the audit function to an independent review organization is actually required by the OIG in many of its CIAs. But even there, he says that organizations with significant resources that outsource all those functions and fail to develop internal expertise in this area are selling themselves short.

"If a provider or entity chose to outsource the entire compliance program function — and some providers have asked us about that — I think it raises serious doubts about their commitment to compliance and whether they truly understand the message they are sending to their employees," says Young.

- Measuring effectiveness. According to Young, measuring effectiveness is critical not only for improving compliance mechanisms but also explaining that program to the OIG should a CIA suddenly become warranted. "If a provider comes to us and says it doesn’t need a CIA, it’s going to be critical that it is able to measure and document effectiveness," he explains.

Young says the OIG has seen a range of various benchmarking techniques. But many of them fall short. For example, the number of calls to a hotline is not always an effective measure, he says. That’s because some institutions have very good "open door" policies that encourage complaints to be brought directly to senior executives. "That is perhaps the best type of compliance culture," he says. "But if that is what happens in your institution, make sure that you document it."