Fostering a Culture of Compliance in Healthcare

On the left a young manager understands the culture of compliance. On the right the words, "Do the Right Thing."

There is a lot of discussion these days about the culture. You can read about how it is crumbling, or you can hear about how it is expanding to encompass new populations and communities. How the corporate culture is toxic to some employees or is supportive of things like honest feedback. There is one sub-culture, the culture of corporate compliance, that has arisen in the past few decades, to improve the internal and external aspects of business functions throughout the world. And that is particularly true in the healthcare industry.

In this Article …


What is the Definition of a Culture of Compliance in Healthcare?

Healthcare organizations may have a slight advantage over businesses in general since they are often populated with employees who have chosen healing professions as their life’s work. A great many employees have ethical values that stem from their profession, making them already oriented toward ethical behavior. Of course, there are plenty of exceptions, which is why we need so many tangible reminders about behavior and core values. In any case, one definition of a culture of compliance in healthcare is a culture where the entire organization comes to work each day to “do the right thing, always”.


The Tangible Foundations of a Culture of Compliance

It can be useful to think about some “tangible” foundations of a culture of compliance, as well as “intangible” foundations of a compliance culture.

Compliance Programs are one of the most important tangible foundations of a compliance culture. Some healthcare organizations are subject to regulatory compliance. For example …

  • Skilled Nursing Facilities have federal regulations that require each facility to have a compliance and ethics program. The program must include written compliance and ethics standards, and internal policies and procedures. A high-level employee who is not known to have a propensity to engage in criminal acts must oversee the compliance program. (A pretty low bar, but there it is!) There are other provisions on communication, auditing and monitoring, enforcement through disciplinary mechanisms, and responding to violations or non-compliance. The regulations were finally published in 2017 after being required by the Affordable Care Act in 2010, and are 3 pages long. The Office of the Inspector General’s (OIG) guidance on compliance programs for skilled nursing facilities was 17 pages in the Federal Register in 2000.
  • Accountable Care Organizations (ACOs) also have regulatory compliance requirements. Compliance programs must have policies, a Compliance Officer, a Compliance Committee, and Governing Body oversight. There are provisions for auditing, investigations, and training.

Several other types of healthcare organizations must rely on guidance from the OIG on the elements of a compliance program. This guidance generally has the same or similar seven elements recommended for an effective compliance program.

The 7 Elements of an Effective Compliance Program

  1. Compliance Policies and Procedures, including a code of ethical conduct
  2. High-level oversight, including by the governing body and Compliance Officers or a Chief Compliance Officer, plus a Compliance Committee
  3. Auditing and monitoring, especially oriented to the business risks of the organization
  4. Training and Education
  5. Open communication, including anonymous reporting
  6. Responding to/investigating detected offenses
  7. Enforcing disciplinary standards

The Code of Conduct is the second tangible, critical part of a compliance culture. The code of conduct is frequently referred to as “standards of conduct” in the OIG compliance guidance for healthcare organizations. A code of conduct can have many provisions expressing the organization’s position on a range of operational issues. These can range from billing practices to quality of care to activities that affect the environment. The code of conduct may contain a list of essential principles of the legal and ethical behavior of the organization. For example: “Avoid actual and potential conflicts of interest, including actions that may give the appearance of a conflict of interest”.

Other organizational documents can help in creating a culture of compliance as well. Vision statements, Mission statements, and lists of Corporate Values can all contribute to a workplace culture where doing the right thing is considered an important measure of success.


What are the Intangible Foundations of a Culture of Compliance?

Certainly, the tangible foundations and rules are important. But most people would agree that the intangible foundations are equally, if not more, important in establishing and maintaining a compliance culture. Some of the intangible foundations needed in creating a culture of compliance include:

  • Leadership: Leadership is needed at all levels, from the Board of Directors to the most junior employees.
    • The Board of Directors should establish the organization’s commitment to a corporate culture that values doing the right thing at all levels of the organization. This includes making resources available to support the corporate compliance program for the entire organization.
    • Senior Management has a critical role in modeling the behavior of employees who are committed to ethics and ethical practices. This includes approaching problems with integrity, being responsible for tough decisions, and setting expectations for themselves as well as the rest of the organization. Employees understand when their senior leadership does not live up to the comments they make about having a strong culture of compliance when priorities collide.
    • Middle Management and supervisors also have an important role in creating a culture of compliance. These levels of management are most likely to be the leaders who communicate how the compliance program works when an issue arises. They can also be subject to conflicting priorities, e.g., taking a shortcut to getting claims out vs. making sure the claims are correct. These situations can also demonstrate commitment to integrity and to the values of the organization.
    • The Compliance Team is also called upon to help create a speak-up culture where reporting a compliance risk is rewarded, and retaliation against employees is not tolerated. Of course, the Compliance leaders are also responsible for investigating potential compliance failures or even outright misconduct.
    • Finally, there is the great mass of employees who represent the business to customers or patients. This group is the backbone of the organization for most companies and is vital to the success of the business and its compliance culture. Every company typically has informal leaders who can and do shape the environment on the opinions of employees. Providing formal training to all employees on the compliance program and code of conduct is essential. And keeping track of what informal leaders are saying about the organization is important, too.

Achieving a culture of compliance in healthcare organizations carries many challenges, and is not for the faint of heart. But working in an organization where employees trust their leadership to do the right thing is very rewarding!

When you need proven expertise and performance

Jim Hook, MPH

Mr. James D. Hook has over 30 years of healthcare executive management and consulting experience in medical groups, hospitals, IPA’s, MSO’s, and other healthcare organizations.