Specific Steps Needed to Establish a Compliance Program for a Physician Practice
The Compliance Guidance for Physician Practices and the Federal Sentencing Guidelines provide useful information concerning the process that is required to develop appropriate compliance programs. A health care compliance attorney, preferably with demonstrated knowledge of the compliance process through appropriate certification in health care compliance, can also be a terrific asset to help you design a program. I may be repeating myself, but it is extremely important that you do not simply adopt a “canned” program and expect it to reduce your risks or be effective in the event that the government comes calling. It is extremely important that you follow a systematic process for assessing risk and tailor your compliance program to address precise risk areas that are identified through the process. It is imperative that you document in detail the steps that you take to develop your program. When developing your program, and later while operating your program, you should at all times assume that someday you will be called upon to defend the program and demonstrate that it indicates a meaningful organizational commitment to the specific compliance risks that you face in your unique practice environment.
Initial Needs Assessment
As mentioned above, a compliance program should be developed with consideration for the actual risks that are present in the specific practice. This requires the practice to perform a formal analysis that is aimed at identifying specific risk areas. The extent of the needs analysis will depend on the size and complexity of the practice. Methods of performing the analysis will range from a full blown “gap” analysis with scoring of various risk areas down to a more simple employee questionnaire that asks for input concerning risk from the perspective of individual employees. In smaller, less complicated practices, such as a simple primary care practice, the needs assessment will be relatively simple. More complex specialty practices will touch on a much broad array of risk areas. Each item identified through your needs assessment will need to be prioritized and appropriately addressed in the compliance program.
Establish Line of Responsibility for Compliance Matters
The Federal Sentencing Guidelines require the appointment of a single individual with responsibility for compliance in the organization. The individual should be a “high ranking” individual with direct access to the Board of Directors or other governing authority. Smaller physician practices will generally designate one of the physicians as compliance officers. A member of administration may be named compliance officer in larger clinics.
Ideally, the compliance officer should not be in-house counsel because of potential conflicts between the differing roles of advocate and compliance officer. An attorney has ethical obligations to zealously defend the organization. This will sometimes mean that the best course of action from a legal standpoint may be to “deny and defend.” This will never be an appropriate course of action from the standpoint of a compliance officer whose primary job is to prevent compliance problems. The compliance officer will work to bring problems to the surface and disclose them when they are uncovered. This will often conflict with the role of general counsel.
Certainly general counsel plays an important role in compliance, but not as compliance officer. Most general counsel are already busy providing legal services to the organization. Placing compliance under general counsel makes compliance a secondary function of the general counsel and fails to demonstrate adequate commitment to organizational compliance. The “dual role” compliance officer will appear to work until a problem arises. Several cases involving “dual role” compliance officers have been investigated by the Federal government. Once an investigation commences, the organization generally quickly abandons the dual role compliance structure and appoints a dedicated compliance officer. In the most visible cases, the general counsel was actually forced to resign and the organization settled the case by entering a Corporate Integrity Agreement that required the division of general counsel and compliance function.
A practice may wish to consider creating a compliance committee in addition to appointing a compliance officer. Establishing a committee can be very helpful to the organization gaining physician buy-in and demonstrating that the organization is serious about compliance issues. As a practical matter, the compliance committee involves more individuals in the compliance process and can make the task of the compliance officer much easier. In larger organizations, establishing a compliance or ethics committee is strongly recommended. Smaller organizations should consider fulfilling this task at the Board level through regularly scheduled discussions of compliance issues.
Adopt Standards of Conduct
An integral part of the compliance program is the standards of conduct. The standards of conduct should include simply stated standards, in terms that can be understood by all levels of employees and others that deal with the practice that provide information concerning the commitment of the practice to compliance matters. The Standards of Conduct are not the place to get into legalistic discussions of the various laws that could apply to operations or present compliance challenges. The Code of Conduct should be a summary that everyone can understand and should reflect the general tone of the practice’s commitment to honesty, integrity and legal compliance.
Oftentimes the Standards of Conduct will include a personal introduction or letter from the highest ranking individual in the clinic which briefly explains the purposes of the Standards of Conduct and the practice’s commitment to legal compliance. This helps to set the tone within the practice that compliance and ethical behavior are a core value and principal of the practice.
Creating Your Compliance Plan
The compliance plan itself will provide detail in the seven areas of an effective compliance program as set forth in the Federal Sentencing Guidelines. The Compliance Plan will normally cover each of the seven areas. Additionally, there may be a more detailed discussion of some of the laws that may apply to the specific practice.
Setting Up Your Internal Reporting Mechanism
One of the primary elements in a Compliance Program is the creation of a system that permits employees and others to provide information regarding potential compliance issues without fear of retaliation. In larger organizations, multiple pathways permitting employees to make anonymous complaints should be maintained. Oftentimes providers use 24 hour compliance “hotlines.” Online reporting systems or “drop boxes” are also commonly used. Whatever system is used, it is crucial that employee understand that they are encouraged to provide information and that there is a clear prohibition against others in the organization retaliating against them for providing information. It should also be made clear to employees that wherever possible the identity of the person providing the information will be kept confidential.
The establishment of the compliance reporting process and communication to employees that retaliation will not be tolerated is a central element to an effective compliance program. Such a system will help the practice obtain valuable information, hopefully early on, before the issue becomes a big problem. Additionally, the openness of the program will send a strong signal to the outside world, such as government regulators, that the organization takes compliance seriously.
If information is obtained through the hotline system it must be taken seriously. Certainly not every piece of information will be reflective of a serious compliance problem, and an employee could potentially have other motives for making a compliant. Regardless, it is crucial that the information be acted upon and that the action be documented. If the compliance officer concludes that there were alternative motivations for the complaint, that fact should be substantiated and documented. If an objective investigation indicates that there could be a compliance issue, the matter needs to be pursued through an appropriate outcome. Depending on the circumstances and the result of a thorough investigation, the outcome could range anywhere from additional training through a self disclosure to the government.
Internal Compliance Policies and Procedures – Enforcement
One of the elements required by the Federal Sentencing Guidelines and described in all of the OIG industry specific Compliance Guidelines is that the Compliance Program include a mechanism to deal with compliance problems as they are discovered. In some cases the appropriate action may be a change in policies and further education. In more extreme cases of compliance violations should lead to employment discipline of various degrees depending on the nature and extent of the violation. Other cases will require full disclosure to the Federal government and repayment of overpayments and possible penalties.
It is important that your compliance program fit seamlessly with your employment policies. Part of developing a compliance program is adopting suitable employment standards that let employees know what to expect from an employment standpoint if they are found to be engaged in compliance infractions. These policies need to be communicated to employees as part of their training, both so they know the potential employment implications of compliance infractions, and so employees understand how seriously compliance issues will be taken by the organization.
Governing Board Approval of Compliance Plan and Policies
When it comes to compliance matters, the “buck stops” with the board of directors or other governing body of the organization. The governing body should be involved in the creation and adoption of all policies and procedures. The governing body and top management should take all actions necessary to make compliance a top priority within the organization. The board should issue an initial resolution regarding compliance at the inception of the process of creating a plan. The resolution should indicate the commitment of the governing body to compliance. It should also allocated sufficient funding to the establishment and operation of the compliance program. All of these actions indicate the organization’s commitment to compliance.
During the development stage, the governing body should be kept in the loop. Frequent reports should be provided to the governing body and input into the process should be provided by the governing body. The governing body should approve the steps that are taken in writing. If further direction comes from the governing body, it is recommended that the direction be placed in writing. This will indicate the ongoing input from the governing body and further solidify the organization’s commitment to compliance.
The governing body should also assist with other professionals in the organization “buying in” to the compliance efforts. It is very helpful for the governing body to be proactive in compliance issues and set the tone for the “compliance spirit” within the entire organization.
Internal Documentation and Systematic Approach
It is extremely important for the organization to take a systematic approach to both developing and operating a compliance program. Each step of the formation process, from the initial planning stage through final implementation, should be documented with a great deal of detail. The information should be presented to the governing body for review periodically through the implementation stage and the governing body should approve and adopt the information and provide additional suggestions and directives to the compliance officer.
When establishing and operating your compliance program, keep in mind that it is very possible, if not highly likely, that someday you will be called upon to defend the actions that you took to establish and operate the program. This is a very useful mindset to have while you are performing compliance functions. We often advise organizations to act as if the organization is actually under a Corporate Integrity Agreement and to document each steps as if they are providing the information directly to the government.
Educating and Training Your Staff
Another key element of an effective compliance program is to have an ongoing education and training program for employees. Training should occur at the inception of the program and upon commencement of employment by any new employees. Additionally, the organization should adopt an ongoing training program to provide period refreshers of basic issues and the requirements of the program. Additionally, topic-specific training should occur based on compliance risks or problems that are identified through the operation of the compliance program.
Ongoing Monitoring, Auditing and Assessment
It is important that the compliance program be seen as a continual process within the organization. Adopting a compliance program and then leaving it sit on the shelf will be of little if any effect. In fact, failing to adopt compliance as a process rather than a static “form” can present the organization with more risk than failing to adopt a compliance program at all because the compliance program that is not actively “worked” sets expectation and requirements that will not be met.
The organization should adopt an effective ongoing process to monitor and audit the organization for compliance difficulties. Risks areas that are identified by the monitoring process need to be reinforced with amendments to the compliance program, action by the governing body, potential internal discipline, additional training, and in extreme cases, self reporting to the federal government.
In The End
The process of developing an effective compliance program will not be without some pain, internal resistance, and resources. The payoff will often not be as apparent as the effort that it takes to develop and operate an effective program. The risks you are avoiding can be very difficult to see or quantify. However, the failure to confront and mitigate those risks can be devastating to your organization. Repayment obligations for false claims are generally three times the amount of the claims plus $15,000 per claim. It is shocking how fast the penalties add up. Extreme cases of fraud can also lead to criminal investigation and prosecution. Recently enacted health care reform legislation makes it easier in a number of ways for the government to bring criminal prosecutions in the health care area.
Now that compliance programs are becoming mandatory for most providers, including physician practices, it is necessary for providers to confront these issues. Do not make the mistake of taking this task on in a half-hearted manner. The result will not provide you with any of the benefits of an effective compliance program and can actually hurt you if a problem ever arises. Even though the date for adopting mandatory compliance plans for physicians is not yet upon us, you should start now to assure that your program is effective and that you have time to develop the appropriate “buy-in” by professionals in your practice. The proper process as identified above cannot be accomplished by taking “canned” compliance policies and adopting them. You must go through the steps necessary to develop a meaningful program.