Compliance program effectiveness requires annual measurement of risks and identification of trends

Annual measurement and proactive evaluation of program elements and risks through reports and metrics is necessary to routinely determine the effectiveness of a compliance program, according to Bret S. Bissey, Senior Vice President, Compliance Services MediTract. Bissey presented practical suggestions and best practices for evaluating a compliance program in a webinar sponsored by the Health Care Compliance Association (HCCA) on March 21, 2017.


Bissey noted specific guidance that compliance officers should refer to when evaluating their compliance programs, Office of Inspector General (OIG) Compliance Program Guidance for Hospitals, OIG Supplemental Compliance Program Guidance for Hospitals and the Department of Justice’s (DOJ’s) Compliance Program Guidance on Evaluation of Corporate Compliance Programs published in February 2017. Bissey pointed out that the OIG guidance recommends benchmarking compliance program progress and provides two examples, claims processing evaluation and surveys. Claims processing evaluation requires a benchmark for error rates and standards that include sample size net dollar value, and consistency of universe.

Although not specific to the health care industry, the DOJ guidance identifies elements that can be used to evaluate a compliance program. The guidance consists of compliance-focused questions that the DOJ Fraud Division might consider when evaluating a corporate compliance program, including such topics as analysis and remediation of underlying misconduct, conduct of senior and middle management, autonomy of the compliance function, and compliance program funding and resources.

Surveys to measure effectiveness

Bissey stressed the importance of measuring organizational compliance culture to provide evidence of the effectiveness of the compliance program. He said that surveys can provide evidence of program effectiveness and recommended using surveys to measure covered persons’ attitudes regarding the organization’s commitment to compliance. Through surveys compliance officers can determine how well the operations of the compliance program are understood and the obligations of the people involved. Surveys and questionnaires are important to measure whether organizational culture encourages ethical conduct and a commitment to compliance with the law. Surveys also should be used to measure employee compliance knowledge. He added that both types of surveys allow the compliance professional to benchmark and measure compliance effectiveness over time.

Elements of evaluations

To begin to evaluate compliance performance, Bissey emphasized the importance of measurement and defining expectations of performance. He suggested identifying a set number of elements, some of which should be kept from year to year to measure trends. Compliance officers should identify metrics that are available, develop a score card, and report achievements, including any reasons for variance and year to year comparison of results. Trending data is the key, he said.

Bissey identified the following elements with suggested standards to consider in an evaluation:

  • hotline calls, including logging, investigations, disciplinary action;
  • education provided to staff, physicians, board of directors, and executives; establish standards for different groups and obtain board support;
  • audit/monitoring results; potential areas of trending coding and billing results; including consistent measurement, annual reviews, random samples, and net dollar value error rate;
  • potential areas of trending billing and coding results, including short stays, observation, evaluation and management, research billing, diagnosis related groups;
  • audit benchmarking scorecard, can be part of annual review and built into the work plan;
  • annual audit work plan completion based on an approved annual work plan by the compliance committee or board; use trends to explain need for resources and make future plans;
  • budget analytic, identify trends of budget and actual expenses over several years; and
  • other data points to trend year to year, such as focus arrangements, payments made to nonemployed physicians without evidence of time and effort for approval, quality improvement.

Other considerations

Bissey stressed the importance of the independence of the chief compliance officer independence as well as ensuring that the chief compliance officer has the knowledge and experience necessary for the role. Finally, Bissey recommended that the organization consider an independent external review at some predetermined interval of time such as every two or three years.

Find a friendly format to ensure compliance guidance is followed

Modify the HHS Office of Inspector General (OIG) Compliance Program Guidance (CPG) documents so they make more sense and will be followed by the organization, according to Frank Ruelas, Facility Compliance Professional at St. Joseph’s Hospital and Medical Center/Dignity Health, during a webinar hosted by the Health Care Compliance Association (HCCA).CPGs, particularly for hospitals, provide valuable guidance for compliance professionals to follow in assessing their compliance programs and can be used by compliance officers of all types of facilities. The key is to make sure some sort of guidance is being followed and that assessments are verifiable.

Making use of the CPG

CPGs provide valuable information but few people read them and follow them, according to Ruelas. The problem is often that the original format of the OIG CPGs, from the Federal Register, is hard to read and navigate. Ruelas suggests taking the “text” format document from the Federal Register website and reformatting it into a “friendlier” format to help drive effectiveness. The revised format could contain a table of contents (to act as an inventory or checklist), hyperlinks to resources, headings, and anything else that would make the document more useable to perform an assessment of the organization’s compliance program.

When it comes to using the reformatted document to perform an assessment, Ruelas suggests going through and highlighting each action item contained in the CPG in one of three colors: green (acceptable demonstrated compliance), yellow (some demonstrated compliance), or red/pink (no demonstrated compliance. This will demonstrate the level of compliance and will easily show which items need additional attention. Ruelas stressed the importance of self-assessments being verifiable. Compliance officers must be able to show how he or she reached their assessment, right down to each item.

Just how many elements are there?

Ruelas warns that depending on which guidance you are following, the elements may vary slightly. The OIG has seven elements in a compliance program. The Affordable Care Act (ACA) (P.L. 111-148) and the Federal Sentencing Guidelines have eight and nine elements, respectively, but most elements overlap. All guidances are applicable, and no matter which framework you use—there is no established framework—it provides instructions on how to move forward to make your compliance program more effective, Ruelas noted.

How to get started

Ruelas stressed the importance of a supportive mindset when assessing an organization’s level of compliance. It could be that a compliance officer is coming into an already established program, so it is important to expect challenges. Then, Ruelas says to use the “plain, simple, old school” tried-and-true “5W1H Model”—start by identifying Who, What, When, Where, Why, and How regarding the compliance program, down to each item. If those are not identifiable, start with the compliance officer requirements of a compliance program, Ruelas noted, because that forces the compliance officer to focus on his or her own role and responsibilities. It also provides an opportunity to optimize the compliance officer’s job description and to meet with organization leadership.