Elements of an Effective Compliance Program

The Office of Inspector General of the Department of Health and Human Services (OIG-HHS) was founded in 1976 to fight fraud, waste and abuse in Medicare, Medicaid and more than 100 other HHS programs. To give medical practices guidance, promote the prevention of criminal conduct, and enforce government rules and regulations, OIG-HHS introduced the Elements of an Effective Compliance Program. Section 6401 of the Patient Protection and Affordable Care Act took this one step further, making a compliance program a mandatory condition of enrollment in Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP).

The development of this framework was based on the belief that a health care provider can use internal controls to monitor adherence to applicable statutes, regulations, and program requirements. These elements act as a first line of defense; identifying and correcting potential discrepancies in billing, reducing the chance of fraud and abuse, and promoting quality care.

“Just as immunizations are given to patients to prevent them from becoming ill, physician practices may view the implementation of a voluntary compliance program as comparable to a form of preventive medicine for the practice.” 65 C.F.R. 194, 59444 (Oct. 5, 2020).

These seven elements are discussed below.

For any questions contact Gabriela Illa, Rush Health and Rush Health ACO Compliance Official.

Corporate Compliance : The Elements of an Effective Compliance Program

Office of Inspector General (OIG) and Department of Justice (DOJ) have suggested, “…compliance programs are the most important step a provider can take to minimize regulatory risks”

The elements of an effective Compliance Program are listed below:
  1. Compliance Program Oversight
  2. Standards of Conduct and Written Policies and Procedures
  3. Education and Training
  4. Monitoring and Auditing
  5. Reporting and Investigating
  6. Enforcing standards through well-publicized disciplinary guidelines
  7. Response and Prevention
  8. Effectiveness (Recently added 8th element)
1. Compliance Program Oversight
  • Designation of a Chief Compliance Officer (CCO)
    • Audit and Compliance Committee
    • Access to Senior Leaders and Board
    • Audit and Compliance Committee
    • Appropriate Staffing and Resources
    • Subject Matter Expertise
    • Promotes standards of conduct and establishes a clear means of communication for reporting non-compliance
2. Standards and Procedures
  • Policies and procedures which target specific risk areas for health systems
    • Coding, overpayments, conflict of interest, confidentiality, privacy, particular regulatory requirements (including False Claims Act, EMTALA, CLIA, AntiKickback, Stark, research and labor laws)
    • Policies must be periodically reviewed
  • Code of Conduct
    • Separate from other policies and procedures
    • Provided to all new employees, staff and vendors and during annual compliance training
    • Outlines specific legal duty and integrates mission, vision, values, and ethical principles of organization
  • Compliance manual outlining program requirements
3. Education and Training
  • General compliance training should be conducted for all new and current employees, physicians, vendors, and other agents and includes
    • Mandatory annual training that is tracked
    • Risk-specific training for targeted employees (OIG position specific training)
  • Compliance training should focus on key risk areas
  • Awareness
    • Regulatory guidance disseminated throughout the organization via newsletters and in person presentations
  • Employees should be encouraged to seek guidance and clarification when in doubt
4. Monitoring and Auditing
  • Maintain an annual Audit Work Plan to incorporate routine audits and adjust work as necessary
  • Conduct for-cause audits based on government and internal requests
  • Seek input from leaders and managers on concerns they may have in their operational areas
  • Establish corrective action plans as needed
  • Implement monitoring for audits with identified deficiencies to ensure corrective measures are followed
5. Reporting and Investigating
Mechanism to report matters anonymously, i.e.: hotline
  • Internal vs. external
  • Ensure callers know how to receive updates and information related to their inquiry
  • Electronic tracking of investigations and results
  • Mechanism for reporting to leadership
  • Non-retaliation policy
  • Confidentiality and Anonymity
6. Enforcement and Discipline
  • Sanctions for non-compliant behaviors
    • Recommend disciplinary action when noncompliance is substantiated
    • OIG and GSA Sanction
  • Fair and consistent discipline
    • Discipline should be proportionate to violation and consistent with policies and procedures throughout all levels of organization
  • When necessary, disciplinary action must be properly reported to regulatory body
7. Response and Prevention
  • Assure development and monitor effectiveness of corrective action plans in response to noncompliance
  • Internal investigation
    • Conduct interviews to assess findings and scope of issue at hand
    • Collaborate with legal counsel if necessary
    • Cooperate with government inquiries and investigations
    • Investigate matters related to noncompliance in a fair, objective, and discrete manner
  • Refund overpayments to payers in a timely manner
  • Implement measures to mitigate ongoing harm
8. Effectiveness
  • As the compliance program matures, the principal measure of effectiveness moves from effort to outcomes
  • Engaging Operational leaders to embrace a culture of compliance
  • Incorporating Compliance risk assessments and audit results into enterprise-wide programs which assess and quantify risk i.e. Enterprise Risk Management (ERM)

Download this document Here