Compliance officer role poses no conflict

Question: Is there any reason I can’t serve as both risk manager and compliance officer at my facility? My administration wants me to take on compliance duties, but I’m not sure if there is a conflict of interest.

Answer: There is no compelling reason that a risk manager could not also act as the organization’s compliance officer, says Gregory J. Naclerio, JD, partner and co-chair of health care practice at Ruskin, Moscou, Evans & Faltischek in Mineola, NY. Naclerio has helped many institutions set up corporate compliance programs.

Corporate compliance programs originally were designed to ensure that corporations convicted of crimes could avoid the heavy fines associated with the Federal Sentencing Guidelines for violating the False Claims Act, the Anti-Kickback Statute, or similar laws applying to health care. In recent years, corporate compliance programs have begun helping hospitals avoid investigation and conviction in the first place. Naclerio says compliance programs now present a tremendous opportunity for health care organizations to protect their assets, and risk managers can play a significant role.

Protect the hospital

Certain other administrators in the health care hierarchy, however, are not good choices. The Office of the Inspector General (OIG) has made it clear that chief financial officers (CFOs) and general counsel are poor choices, although it has not actually prohibited them from serving as compliance officers.

"By the very nature of those positions, they are protective of the hospital," Naclerio says. "If there is a close question, the OIG is not sure the CFO is going to be fair and impartial because he’s acutely aware of the economic impact, and that colors his judgment. The in-house counsel’s job is to protect the hospital against all attacks, so that’s also a conflict."

A risk manager, on the other hand, is accustomed to investigating questionable medical care and other problems. That role is naturally more critical of the hospital, even if you ultimately want to do what’s right for your employer, Naclerio says. Acting as compliance officer would not require a wholesale change in attitude or loyalties.

"The risk manager’s job is to ascertain weaknesses and address them," he says. "If the risk manager applies those same traits and initiative to the regulatory side as compliance officer, I don’t see a problem at all and I don’t think the OIG would either."

The only potential problem, Naclerio says, is whether you can handle both jobs. Depending on the size of your organization and other factors, you may not be able to handle both roles adequately. If that is the case, choose one or the other, Naclerio says. Both jobs are too important to shortchange.