In our annual survey, SAI360 and Strategic Management Services assess the current state of healthcare compliance programs across the United States.
- Findings are reported in our 2021 Healthcare Compliance Benchmark Report.
- We announced the results on May 17 in a webinar featuring Richard Kusserow.
This annual industry benchmarking survey is designed to gain an understanding of issues currently confronting healthcare compliance programs and how compliance officers are responding to them, including important trending data from prior surveys. Data were collected from respondents at hospitals, home health agencies, physician practices, skilled nursing facilities, among others.
The following questions and answers are follow-ups to our webinar. Former HHS Inspector General, Richard Kusserow, CEO of Strategic Management Services, has kindly provided additional insights to participant's questions.
How often should there be an independent compliance program review?
When you look closely at all the guidance offered by various authorities you most often see the term “periodic” used. The only time you see a call for annual independent reviews is as a condition in an OIG Corporate Integrity Agreement.
I do not believe having them done annually is worthwhile if there is active ongoing monitoring by the Compliance Office. Ongoing monitoring is a program manager's responsibility and Compliance is a program. I advise our clients to consider having a full-fledged independent compliance program effectiveness review about every three years.
As a side note, it is advisable to have such an evaluation anytime where an organization engages a new Compliance Officer from outside the organization. That person would benefit greatly from having a report on the results of such an evaluation. It would tell them what they have inherited and how to draft a work plan to address any weakness or opportunities for improvement in the program. Quite frankly, I would make it a condition of engagement to have such a review.
What do you think are the most notable findings from the 2021 Compliance Benchmark Survey?
- Although, in general, Compliance Officers are satisfied with their jobs, most would consider going elsewhere if the opportunity presented itself.
- Compliance Officer experience and responsibilities continue to increase, especially with regards to HIPAA Privacy.
- The great majority use vendors to support their Compliance Program (e.g. hotline, sanction-screening, e-learning, etc.).
- There is remaining confusion of output vs. outcome in evidencing program effectiveness.
What are the biggest takeaways from the DOJ Guideline questions?
- It is difficult to produce evidence of CP effectiveness, e.g., proof of a “Culture of Compliance”.
- DOJ will likely not accept internally generated evidence of compliance program effectiveness.
What was the biggest deficiency found in responses to the Survey?
Most respondents believe erroneously that using internal checklists, tools, and compliance surveys are equivalent to an independent evaluation of the Compliance Program effectiveness. These are means for ongoing monitoring of the program, but effectiveness evaluations are ongoing auditing done by parties independent of the program.
What are the biggest problems for Compliance Officers evidenced by the Survey?
- Remaining confusion about using process and output for evidencing compliance program effectiveness.
- Failure for many to appreciate the difference between ongoing monitoring and ongoing auditing.
- Internally generated evidence of program effectiveness may not be considered credible by DOJ or OIG.
Is there any OIG citation regarding recommending external Compliance Program Effectiveness Evaluations?
Yes, begin with the Compliance Guidance for Hospitals. There also have been comments about this in the recently released DOJ Guidelines for Evaluating Compliance Programs.
How has a healthcare compliance practitioner’s job changed in the past year?
Respondents report that Compliance Offices are experiencing increases in terms of new responsibilities, and ever-increasing regulatory and enforcement changes, but without significant increases in staffing or resources.
What effect is the Opioid Crisis having on Compliance Programs?
Half of the respondents report a minor impact on their ability to meet obligations, but the other half said it was having a negative impact. Altogether, respondents seem to indicate that they are finding ways to cope.
Internal compliance surveys may not be the best way to measure employee understanding of compliance, but isn’t it better than not having a Survey?
From nearly 30 years of experience in compliance program development, administration, evaluation, and compliance surveys, I don’t believe an internal survey on compliance is worth the effort.
- There is a genuine issue of employee suspicion of the motive behind such surveys.
- Many are concerned that questions may be tricks to make the organization look better, and fear that their responses will not be anonymous.
- The overall result is that results tend to be skewed.
- Most internally developed surveys are not professionally validated.
- Internally generated surveys cannot be benchmarked against others.
- The cost of an internally generated survey in time and effort is more than employing a professionally developed, independently developed and validated survey that is anchored in a large universe database. For example, the Compliance Knowledge Survey© generally costs around $2,000 depending on the size and diversity of the organization.
Do you have any resources to share relative to compliance metrics?
Yes, I have a lot of information on metrics, but that was not within the scope of the Compliance Benchmark Survey. I will say the key issue with compliance metrics is to focus on the outcome, not output. Output includes such things as the number of people receiving compliance training; the number of hotline calls; the number of people screened, etc. That is not very helpful information. Outcome would address how well the employees understood the compliance lesson providing in training; how hotline complaints were handled; how potential matches on sanction screening were resolved, etc.
Do you need to check monthly only against the OIG’s LEIE?
As far as the OIG is concerned, periodic screening against the LEIE is all that is necessary. They do not spell out how frequent that should be. They also don’t have an interest in GSA debarment information. However, the CMS calls for monthly screening against both the LEIE and GSA debarment listings, as well as State Medicaid sanction data. Screening DEA, FDA, OFAC, death matches, and other databases are optional.
What is the SDN list? I was told that it is part of the GSA Debarment listing.
The Specially Designated Nationals And Blocked Persons List (SDN) Human Readable Lists. As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. FYI: It has been under a number of recent legal challenges in Federal Court.
How big a problem is it when the Compliance Officer reports to Legal Counsel?
That is a matter you need to decide; however, such a practice goes against what both the DOJ and OIG have made clear. Under such circumstances, the job of the Compliance Officer would likely be more difficult.