A comprehensive guide to compliance program assessments

Heather Brownson: ©The Bonadio Group

As health care providers, it is important to ensure your organization is meeting all applicable federal and state regulations. In order to do so, organizations must implement an effective compliance program. The work doesn’t end there, however. Once a compliance program has been developed, it is critical that organizations conduct regular assessments to determine effectiveness and confirm the program is operating as designed, expected, and required.

What Is a compliance program?

Let’s begin by first clarifying exactly what a compliance program is. A compliance program is generally defined as a set of internal policies and procedures put in place to uphold an organization’s reputation and ensure compliance with applicable laws, rules, and regulations. Compliance programs can also help drive operational efficiency and lower costs.

According to the U.S. Department of Health & Humans Services Office of Inspector General, the seven elements of an effective compliance program include the following:

• Policies, Procedures and Standards of Conduct – An organization’s policies, procedures and standards of conduct should be established, documented, and made available to all employees.
• Program Oversight – An organization must designate a compliance officer to oversee the day-to-day operations of the program. Additionally, a compliance committee must be appointed to assist the compliance officer in managing the program.
• Education and Training – Periodic training should be administered across an organization to foster a culture of compliance. This training should be conducted upon hire and at least annually thereafter.
• Effective Communication – A direct and confidential hotline should be established, allowing employees to confidentially report any noncompliance issues.
• Enforcement of Compliance Standards – Disciplinary actions must be taken to address offenses to an organization’s policies, procedures, and standards of conduct.
• Internal Auditing and Monitoring – Organizations should employ a process that routinely monitors and identifies compliance risks.
• Detection, Resolution and Response – Organizations must investigate and respond to identified and reported issues.

How to assess your compliance program

As discussed, once a compliance program has been developed, it is important to regularly assess the program to determine its effectiveness. This assessment should consider the following:

• Structure – Are all the required program elements in place?
• Effectiveness – Can you demonstrate that the compliance program is effective?
• Risk Areas – Do you regularly conduct risk assessments to determine what areas within the compliance program should be tested more rigorously?
• Findings – What has your compliance program found?
• Root Cause Analysis – When a negative finding is identified, do you conduct a root cause analysis to determine why a negative finding is occurring?
• Root Cause Correction – When a root cause is identified, do you develop and implement a plan of correction? Do you go back and test the plan of correction to ensure it is correcting the root cause of the problem? Are plans of correction periodically revised to confirm that they are still correcting the root cause?

Who should assess the compliance program?

Now that you have an idea of how to assess your compliance, it’s important to note who is responsible for compliance program assessments. The answer to this is simple. Compliance is not limited to just one department. Instead, compliance must be an organization-wide initiative where everyone has a stake in the program. While a compliance officer should be established to spearhead the program and ensure the organization has the appropriate tools in place, it is ultimately the governing body, executives and various organizational departments that help ensure the organization is in compliance.

When to assess your compliance program

A common question that often arises surrounding compliance programs is around how often you should be assessing them. While it is best practice to keep your compliance program under constant review, formal assessments should be conducted at least annually. However, these annual assessments shouldn’t be an overwhelming once-a-year project. Instead, the assessments should be conducted incrementally throughout the year.

In addition to an annual assessment, there are also several events that may prompt an additional assessment. These include after compliance issues have been identified, when regulatory changes occur and when there is a change in management staff.

In order to maintain an effective compliance program in accordance with federal and state guidelines, organizations must diligently familiarize themselves with the entirety of expectations and standards. For further assurance, organizations may consider aligning with a trusted advisor who can provide specific guidance and ensure their compliance program satisfies the necessary requirements.

Heather Brownson is a Senior Consultant with The Bonadio Group’s Compliance Solutions Division with more than 15 years of experience in not-for-profit settings. She has held positions of Director of Quality Assurance, Associate Director of Compliance, Compliance Specialist and Employment Coordinator for organizations regulated by local state and federal laws. She has conducted compliance trainings and assessed compliance programs for various organizations and is a great compliance program resource for clients.