6 Steps to a Bulletproof Compliance Department

By Dustin Miranda, CSSBB | Consultant | November 5, 2019

In 2018, we saw the highest dollar amount of total penalties for HIPAA violations in history, with fines totaling $29 million overall. Now, rising concerns about privacy and security have forced governing bodies to become far more rigorous and rigid in the enforcement of existing regulations. In response, healthcare organizations are paying extra attention to regulatory audits and shoring up their compliance departments.

A crucial step in preventing penalties and protecting your healthcare organization from the inside out is setting up a comprehensive healthcare governance department that is able to perform audits, ensure compliance, and align privacy best practices with the overarching goals of the organization.

By ensuring your regulatory compliance department has structured internal audit procedures, your healthcare organization will be able to get a firm grasp on overall healthcare governance for a successful operation.
As 2020 approaches, we are all aiming for the most secure, successful, and sound compliance of our burgeoning technological age. Here is what you can do to shore up your own compliance programs and audit strategies.

1. Understanding Regulatory Audits & Governance

The key to setting up a successful compliance department and having consistently strong regulatory audits is to know what regulating agencies and healthcare plans are looking for.

A robust compliance department will look at everything from internal audit procedures to compliance department integrity and program regulations, but also they conduct a contractual analysis. Regulatory audits examine everything from contracts with insurance companies and providers to malpractice insurance looking for issues such as:

  • How are the contracts set up?
  • How is your organization meeting the requirements of those contracts?
  • How is your organization handling risk mitigation?

Maintaining such governance is the responsibility of the healthcare organization as a whole – and that is no small task.

And really the best way to handle that is to start with ensuring that your compliance department is robust enough to have its own audit procedures, its own audit schedules, possibly an audit playbook to prepare for external audits.

Having your own internal practices is critical to protecting your organization for the time when the federal or state regulatory bodies decide to come around for an audit. The goal is for your organization to feel so comfortable and confident with your own internal audits that external reviews are nothing more than routine.

Working within your internal organization governance every month and doing a deep dive every quarter will prepare your organization for annual scrutiny. To set your organization up for success, start by having these essentials in place.

2. Have a Written Charter

From a hospital standpoint, ensuring that you have a charter in writing is the foundation of a strong compliance department. Your charter should outline what you are trying to accomplish as an entire organization and, by extension, how your compliance department facilitates those goals. Reporting structures and protocols should also be included to make any regulatory audits as smooth as possible.

For example, most compliance officers report either directly to the board of the hospital or directly to the CEO. Doing so removes any internal interference that might prevent the officer from being fair and unbiased in their reviews. If the charter establishes what the goals are, there can be no confusion on what the compliance department should have oversight of.

Alternatively, for something like clinical documentation, many hospitals bring in a third party to complete the review. Knowing what constraints are present and including them in the charter is beneficial so that all stakeholders involved know exactly what needs to be measured, who is responsible for each element, and how to make sure there is no conflict of interest.

3. Establish Audit Policies, Guidelines & Tools

Once you have a charter in place and the various responsibilities covered, a healthcare organization should also establish clear and concise guidelines on how regulatory audits will be conducted.

Your audit policies and guidelines should answer questions such as:

  • What will be reviewed in the audit?
  • What are the specific tools that will be used to measure healthcare compliance?

If your organization has not already created your own audit tool, setting up a tool that measures the factors that are important to the organization is critical. For instance, all hospitals should be measuring critical criteria for either JCAHO or DNV accreditation while also addressing the various issues of concern to the multiple governing bodies.

Ensuring that your organization has the right tools for the right department and that people are trained adequately on how to use these tools is a pivotal first step.

4. Consult with Counsel

Compliance departments should either include, or work in conjunction with, in-house legal personnel who are fluent in healthcare law. Ensuring that your organization is consistently up to date with legal issues goes a long way toward preventing malpractice or contractual suits that are unwarranted.

Your governance charter should delineate:

  • Whether your counsel is internal or external
  • How your counsel will communicate with the organization’s CEO or board and when
  • What your legal personnel is focusing on with regard to the overall legal risk from both a patient and an employee standpoint
  • Whether the organization’s legal personnel will be involved with the human resources department

The biggest threat to any compliance department is a lack of complete transparency about what legal counsel and regulatory audits are looking into, the results of what is found, and how any issues will be addressed moving forward. Clarifying these points from the start and maintaining adherence to them is crucial.

5. Protect Against Conflicts of Interest

The next step in setting up a successful compliance department is utilizing legal counsel to ensure that there are no internal or external conflicts of interest.

For hospitals that have agreements or contracts with pharmaceutical companies or vendors, for instance, protecting against conflicts of interest is of paramount concern to the organization. Maintaining a handle on these issues also includes contract management and assessment so that physician compensation arrangements and contracts do not violate any Stark Laws or Fair Market Value Laws.

Legal counsel should be thoroughly familiar with Fraud, Waste and Abuse Laws, Stark Laws, Anti-Kickback Laws, and the False Claims Act. There are numerous rules under those regulations that it can be easy for organizations to miss serious violations without adequate counsel and regulations in place.

Ensure that your compliance documentation includes disclosure policies and procedures so that conflicts of interest are found and can be properly disclosed and remediated. Lack of attention to these areas, which are deemed high-risk, can result in heavy fines, investigations, penalties, and bad publicity.

Healthcare governance is a much wider-ranging topic that requires an organization to have subject matter experts in many different areas all within your governance department.

6. Positive Reporting

The final step of setting up a successful compliance department is ensuring that interactions with either the board or the CEO – whoever receives compliance reports – are positive and proactive. The goal is not to place blame.

Rather, the goal of positive reporting is simply to state the facts and making clear, strong recommendations on how to fix those deficiencies or issues. Reporting should be objective; however, this is difficult to accomplish when dealing with issues that may have broken a regulation or a law. The natural inclination is to want to assign blame to compartmentalize the problem. However, nothing should come in the way of fixing an issue, which requires openness, honesty, and a commitment to best practices.

Nothing will erode the trust that an organization has built in the community more than lying about violations.

Maintaining a Healthy Compliance Department

Once you have set up a full and robust compliance department, having a third party come in every one-and-a-half to two years to ensure that your organization is using proper procedures.

A third-party group should audit your auditing tools, conduct in-depth assessments, and ensure your charter and policies are enough for your organization to meet the needs of what needs to be reported based upon the organization’s size and healthcare delivery methods.

If your organization’s compliance department is not quite fully fleshed out – for example, if you are only auditing claims from the billing perspective and doing an occasional audit of physician notes – it may be time to reach out to an outside firm to help your organization bolster your internal compliance program.

If your organization needs help setting up compliance policies and procedures, building an audit tool that suits your needs, and setting up protections against Stark Laws and Anti-Kickback Laws, get in touch with us. The experts at John Lynch & Associates can help you protect your organization from the inside out.

Phone Number

(623) 980-8018

Mailing Address

PO Box 11651 Glendale, AZ 85318-1651