Kusserow on Compliance: Time for Compliance Program evaluation

  1. Have a 2021 workplan focusing on improving the Compliance Program
  2. Not having independent evaluations is evidence of lack of program effectiveness
  3. DOJ & OIG: Identifying & addressing weaknesses evidences program effectiveness

With 2020 coming to an end, it is time to look forward to the New Year and plan ways to identify areas for improvement of the Compliance Program, building off of results of independent evaluations. Both the OIG and DOJ stress the importance of evidencing Compliance Program (“CP”) effectiveness and that all programs are in progress, never completed. They see compliance officers identifying weakness and gaps that lead to improvements as positive evidence of an effective program. The DOJ “Evaluation of Corporate Compliance Programs” notes that there will always be ways the program can be improved and enhanced. The DOJ, in its 2020 Compliance Program Evaluation Guidelines noted: “One hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment.”  The DOJ highlights the importance of effective implementation and evaluation measures” to determine whether the compliance program a “paper program” or one that is fully “implemented, reviewed, and revised, as appropriate, in an effective manner.” DOJ prosecutors are directed to ask: Does the company evaluate periodically the effectiveness of the organization’s compliance program?” Regular, rigorous, and consistent review of compliance programs is now the expectation.  The OIG calls for ongoing monitoring and independent ongoing auditing of Compliance Programs to evidence continuous improvement.

There are three general ways for independent evaluations: (1) a complete compliance program evaluation; (2) a compliance program gap analysis; or (3) an independently developed and administered employee survey of compliance knowledge, attitude and perceptions.

  1. Compliance Program effectiveness evaluations is recognized by experts as by far the best method to evidence how well the program is functioning. It measures outcome by conducting a 360-degree evaluation that includes: (a) full document examination and review; (b) on site review and testing of operations in action; and (c) interviews of Board members, executives, selective key staff, and focus group meetings. If done properly, the resulting reports with be 60 to 100 pages that include findings, observations, along with recommendations and suggestions for program improvement.
  2. Compliance program gap analysis is about half of the cost or less than a full compliance program evaluation, but the reduction of costs is matched by the diminished value of results. It is primarily a document “checklist” review, focusing on output metrics, rather than outcome metrics related to program effectiveness. It is best used with organizations with new or incomplete programs, desiring assistance in identifying elements needed to complete development of their program.  It can identify gaps for inexperienced compliance officers but lacks details by which this can be accomplished.
  3. Independently developed, validated, and administered compliance surveys of employees is the least expensive means, at a fraction of the cost for either of the two other methods, for evidencing and benchmarking compliance program effectiveness. The use of surveys has long been advocated by regulatory bodies, including in the Federal Sentencing Guidelines, OIG Compliance Program Guidance and DOJ guidelines. These organizations advise using surveys of employees to gauge how well the program is functioning. Surveys that are anchored in a large database of organization, permit benchmarking an organization to the universe. Compliance knowledge surveys test knowledge of the compliance program structure and operations and can provide very credible empirical evidence of the advancement of program knowledge, understanding and effectiveness. Compliance culture surveys focuses on employee beliefs, attitudes, and perception concerning compliance, useful in measuring the extent to which individuals, coworkers, supervisors, and leaders demonstrate commitment to compliance. Both types of surveys should be considered as they are useful in benchmarking and measuring change in the compliance environment over a period and provide different dimensions and perspectives on a compliance program.

For more information on the difference in scope of work between a full compliance program evaluation and a gap analysis, send your queries to Richard Kusserow at rkussserow@strategicm.com.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Documentary pillars supporting effective compliance programs

16 key documents described

Critical to an effective Compliance Program (CP) is reinforcing it with key documents that provide the supporting pillars. The following describes some of most important compliance program documents:

  1. Code of Conduct. This can be viewed as the Constitution for the organization and should be distributed to all covered persons.
  2. Charters for the Executive and Board Level Oversight Committees. These should establish oversight and support for the CP and define roles and responsibilities.
  3. Compliance Officer Charter/Position Description. It is important to formally describe the role of this position, responsibilities, reporting relationship to the CEO and Board, etc.
  4. Protocols Between the Compliance Office and Legal Counsel, HR, Internal Audit, etc. Many functions overlap or intersect with the Compliance Office. Working relationships need to be defined to avoid “turf issues.”
  5. Compliance Education and Training Policy. This should describe the development and implementation of regular, effective education and training programs for all affected parties, and describe general topics covered, frequency of training, and how you will document completion of the training.
  6. Hotline Charter/Policy. There needs to be a document that establishes a process to receive complaints and how they will be handled. It should describe how individuals can report concerns and ask questions or request guidance.
  7. Policies Addressing Ongoing Monitoring of High-Risk Areas. This is for program managers on their responsibilities to monitor their risk areas, develop and implement written guidance to their staff, training of the staff on how to comply and verify they are following the instructions properly.
  8. Policies Addressing Ongoing Auditing of High-Risk Area. These should address independent reviews of high-risk areas to verify and validate ongoing monitoring is operating the way it should and assist in the reduction of identified problem areas.
  9. Policies Governing Internal Investigations. Outline of the general steps that will be taken to investigate a report of possible problems; and documentation of results.
  10. Policies Addressing Non-Engagement of Sanctioned Individuals and Entities. This should state that there will be no engaging, contracting with, accepting referrals or prescriptions from those that are sanctioned, excluded or debarred from federal and state health care programs.
  11. Conflicts of Interest Policy. This should require all potential conflicts of interest be disclosed and provide a method for addressing them.
  12. Anonymity and Confidentiality Report Policies. Employees should be allowed to report potential wrongdoing anonymously and policy should protect the identity of those who request confidentiality.
  13. Non-Retaliation Policy. This should address protection against retaliation of those reporting potential wrongdoing.
  14. Document Policy Management and Retention. This should outline document retention and destruction requirements and should address electronically maintained documents.
  15. Credentialing and License Policy. This should address which individuals must maintain licensure and state that make clear no engagement or contract individuals and entities that are not properly licensed. It should define verification procedures.
  16. Disclosure of Overpayments and Violations of Law and Regulations Polices. Overpayments are common and sometime there is identification of wrongdoing. Strict rules should govern when and under what circumstances disclosures to outside parties is required.

These are only a starting point. All policies should be reviewed on an annual basis and updated as necessary. This includes eliminating policies that are no longer appropriate or relevant and writing new ones. All policies should be written in a template that permits you to document when a policy was last reviewed and when it was last changed.

For more information on this topic contact Marvin Mills (mmills@complianceresource.com) at the Compliance Resource Center that maintains over 1,000 compliance-related policy templates.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Board members must meet their compliance obligations

Both the DOJ and OIG have been moving to make board members more accountable for meeting fiduciary duties and obligations in overseeing the Compliance Program. The OIG has long called for a top-down compliance program, beginning at the board level. The OIG and American Health Lawyers Association published “Corporate Responsibility and Corporate Compliance: A resource for Health Care Boards of Directors” that sets forth how these obligations should be met. These standards are being included in Corporate Integrity Agreements that mandate personal attestations from board members regarding the effectiveness of the Compliance Program.

Traditionally, Outside Directors were the primary watchdogs of any board that oversaw of the audit, compliance, and compensation committees, rather than directors from the management of the enterprise. An Independent Director should not be affiliated with the organization as an adviser, auditor or consultant or have personal services contract(s) with the Company. One type of Independent Director that should be on the board is one that is also “compliance literate,” meaning having intimate knowledge of compliance as result of having been a compliance officer, an attorney who has dealt with compliance issues, experience as a compliance consultant, etc. They should have the requisite knowledge and skills to be able to critically evaluate the information and needs relating to the Compliance Program. If not already done, it is advisable for Compliance Officers to work on educating the board on their fiduciary obligations and the merits of having a compliance literate board member.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Compliance officer best practice tips

The ever increasing health care regulatory and enforcement environment increases the challenge for compliance officers. It is not enough to develop the seven standard elements of a compliance program. Compliance officers must persuade the organization to adopt those elements by changing the culture of the organization. This requires a lot of effort. It can be called preaching or selling—it amounts to the same thing. The following are suggested tips:

  1. Obtain independent evidence of compliance program improvement by periodically having independent experts evaluate its effectiveness and offer suggestions for improvements.

 

  1. Maintain ongoing metrics to benchmark progress of the compliance program effectiveness, such as using a compliance culture or knowledge survey that evidences improvements from one period to another.

 

  1. Do not compromise principle in the face of skepticism and sometimes resistance with leadership, and those who consider compliance to be a distraction to their job. Once you begin to “cave in” to their unreasonable disagreements, it creates a pathway to ineffectiveness.

 

  1. Educate management on the benefits of compliance in assisting in reducing risks that could give rise to liabilities and loss of reputation. The challenge of selling the message is ongoing.

 

  1. Sell the importance, value, and benefits of the program to the board, leadership, and the rank and file employees. Also sell the consequences not having an effective program. Gaining “buy-in” by the executive leadership and Board is the best path for the compliance officer to be effective.

 

  1. To be truly successful, compliance officers must reach and convince first line managers to carry the compliance message to their subordinates, by word and example. What they say and what attitudes they project to their staff is far more powerful than pronouncements from “on high.”

 

  1. Rank and file must see compliance as responsive to their concerns and this means actively and promptly investigating and resolving matters raised by the work force in a competent professional manner. Also, the compliance officer needs to be visible and available to hear what concerns people have; as such, it is good to walk around and talk to people about their jobs, thoughts, concerns, etc. This is all part of selling the program.

 

  1. Successful compliance officers seek cooperation and coordination of effort, not competition, with other functions that overlap with compliance, such as HR, Legal Counsel, and Internal Audit. If these functions engage in turf battles, it will negatively impact the effectiveness of the compliance program. A lot of benefit can come from developing protocols (policy documents) that establish working relationships and methods of cooperative effort.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 202o Strategic Management Services, LLC. Published with permission.