Hospital Compliance Program – Board Concerns

Hospital Compliance Program Word Puzzle

Hospitals commonly have a Hospital Compliance Program.  Members of the Board of Directors read about problems or actual misconduct at other institutions. They want to know what the CEO is doing to reduce the chances of problems in their facility. So let’s take a comprehensive look at the impetus and content of compliance programs for hospitals in the US.

In this Article …

Regulations and a Hospital Compliance Program

Some people might be surprised to learn that a hospital compliance program for acute care hospitals is not required by federal government regulations. Other types of healthcare organizations such as skilled nursing facilities, Medicare Advantage Plans, and Accountable Care Organizations, are subject to regulations requiring compliance programs. But many other healthcare organizations, such as hospitals, home health agencies, laboratories, and physician groups only have guidance from the Office of Inspector General (OIG) on compliance programs. This means hospital compliance programs are a voluntary activity.

Of course, there are other factors that influence the decision to create a hospital compliance program. One of the chief factors is the US Sentencing Guidelines. In Chapter 8 of the Guidelines, courts are to consider “whether the organization failed to have, at the time of the instant offense, an effective compliance, and ethics program…..” Of course, this comes into play after your hospital has been convicted of some kind of illegal activity. But still, courts can reduce fines if they determine you had an effective compliance program.

Other Reasons to have a Compliance Program

So if there are no actual laws and regulations requiring a hospital compliance program, why implement one? There are several reasons:

  1. Having a compliance program demonstrates an organizational commitment to doing the right thing. Helping people is usually an important reason why employees choose careers in healthcare. Most of them want to know their hospital is also helping people by supporting a culture of compliance.
  2. A properly constructed and implemented compliance program gives staff members a place to go if they suspect someone may be making mistakes in business activities – or even engaging in misconduct. People who report issues and don’t see any feedback or resolution can and do turn into whistleblowers. And there is a thriving legal community just waiting to help them file a case!
  3. Besides encouraging a culture of compliance and heading off whistleblowers, a compliance program is also a risk management strategy. Successful risk management programs help organizations avoid occurrences like injuries to patients or property. In a similar fashion, an effective compliance program can help an organization minimize business risks such as submitting claims to government payers or enter into compensation arrangements with physicians who are also making referrals to the institution.
  4. Finding and addressing mistakes and misconduct benefits the government by ensuring it pays only for services that are medically necessary, properly documented and billed in accordance with government rules.


OIG Guidance for Hospital Compliance

The OIG first issued compliance guidance for hospital compliance programs in 1998. It supplemented the guidance 2005 with many more risk areas for hospitals to consider. The OIG organized the 1998 guidance the same way as its guidance for other healthcare organizations. The seven elements of a compliance program include:

1. Development of written policies and procedures and standards of conduct

  •  Hospitals can use these policies to address their significant compliance risk areas. Hospitals conduct a great deal of training for employees using on-the-job, verbal training methods. But employees also need access to written policies and procedures. These can help employees avoid mistakes when they are confronted with situations that may not have been covered adequately in training.
  • A second major area for written instructions is a code of conduct. A code of conduct might be described as aspirational in nature. Codes of conduct set the expectations for employees to always act in accordance with laws and regulations – of all kinds. Hospitals typically have extensive policies and procedures on a long list of topics. The code of conduct reinforces the notion that employees are expected to always do the right thing in carrying out their duties. It reinforces other documents such as an employee handbook and mission and vision statements.
  • A third important area to address in policies is the risk areas of the typical hospital that participates in government healthcare programs. These range from submitting claims for services to credit balances to patient dumping. Coding of services, claims for laboratory services, medical necessity, and compliance with Anti-Kickback and self-referral laws are additional areas of risk.
  • Note that the risk areas mentioned are mainly external business risks of a healthcare organization. Hospitals typically manage compliance risks related to patient care, employee relations, and non-business government regulations like licensing using other management structures.

2. Designation of a Compliance Officer and a Compliance Committee

  • The OIG describes the role of a Compliance Officer as “serving as a focal point for compliance activities.” Compliance officers typically report to the CEO but are also expected to have a reporting relationship to the Board of Directors. The Compliance Officer manages the components of the Compliance Program. He or she does not necessarily personally conduct all compliance training or compliance audits. But the Compliance Officer ensures that those activities are completed by other staff members as necessary. The Compliance Officer must have the necessary authority to review documents and conduct compliance investigations.
  • The Compliance Committee advises the Compliance Officer and assists in the implementation of the compliance program. It is responsible for working with other departments of the hospital and recommending strategies to promote compliance in the institution. The Compliance Committee is commonly composed of the senior leadership of the hospital along with key department directors such as the Revenue Cycle Director.

3. Conducting Effective Training and Education

A compliance program is unlikely to be very effective if employees do not know anything about it. The OIG Guidance reminds us that training in subjects like fraud and abuse, coding, and claims submission are necessary elements of a compliance program. And training should be ongoing, with updates for new information and periodic review of existing policies and procedures.

4. Developing Effective Lines of Communication

The files of the OIG are replete with examples of employees who identified or suspected mistakes or even misconduct in their organization. Managers rebuffed many of these employees when they tried to bring these issues to the attention of senior management. And many times, those employees then turned into whistleblowers. So it is understandable why the OIG’s seven elements of a compliance program include an element related to communications. Many hospitals use hotlines to enable employees to report issues to the Compliance Officer anonymously. Of course, the anonymity of employees reporting their own misconduct cannot be guaranteed.

5. Enforcing Standards Through Well-publicized Disciplinary Policies

Hospitals usually do not discipline employees for first-time mistakes. But when mistakes continue or even seem to be willful, hospitals must have disciplinary policies in place. And like most policies addressing disciplinary action, they should include the phrase “up to and including termination” as part of the potential discipline.

6. Monitoring and Auditing

Compliance professionals define monitoring as a manager keeping track of important facets of activity and documentation in the department. For example, a home health service manager will monitor the documentation of face-to-face visits between a patient enrolled for service and a physician. This is a requirement for submitting claims for this service.

Auditing is the review of a practice or activity by an outside entity. The Compliance Officer or Compliance Department staff may be the ones performing the audit. For instance, the Compliance Officer may conduct auditing of vendors to ensure no vendor the hospital is using has been excluded from providing services to government program patients. Outside auditors such as medical coding experts may be brought in to audit physician medical record documentation.

7. Responding to Detected Offenses and Developing Corrective Action Initiatives

Compliance Officers must call for formal investigations if there are indications or accusations of fraud or misconduct. Fraud is different than mistakes. Fraud involves a specific intent to deceive and gain a benefit. Investigations may start with a review of paid claims that are not supported by medical record documentation. If no misconduct or fraud is detected, paid claims can be refunded to the government payer.

Remove the employees under investigation from their work activity until the investigation is completed when misconduct or fraud is detected during an investigation. Compliance Officers should also report all types of investigations to the Board of Directors, and ultimately to the appropriate governmental authority.


Get Started on Your Hospital Compliance Program

If you are already responsible for a hospital compliance Program, you might want to download this free guide to Measuring an Effective Corporate Compliance Program.  This will help you assess if you have the important components of a hospital compliance program in place.

If you are just getting started on your development and implementation of a compliance program for a hospital and need assistance, contact The Fox Group! With headlines like “Hospitals on track for worst financial year in decades” now may be the time to consider outsourcing your compliance program!

When you need proven expertise and performance

Jim Hook, MPH

Mr. James D. Hook has over 30 years of healthcare executive management and consulting experience in medical groups, hospitals, IPA’s, MSO’s, and other healthcare organizations.