Seven Factors to an Effective Compliance Program

  • Chief Legal and Compliance Officer, XIFIN, Inc.

This is the second article of a multi-part series on the many dimensions of compliance related to diagnostic providers, independent device testing facilities (IDTFs), and hospital outreach laboratory services. The responsibility of compliance does not rest on the shoulders of one individual or committee. Compliance responsibility for laboratories, IDTFs, pathology practices, and hospital outreach programs must be part of every team member’s accountability, and collaboration on compliance helps manage risk and protect value.

The Spring 2021 Office of Inspector General (OIG) Semiannual Report to Congress stated that the OIG expected investigative recoveries for October 1, 2020, through March 31, 2021, to be approximately $1.37 billion and 221 criminal actions during this reporting period. OIG also took civil actions, such as assessing monetary penalties, against 272 individuals and entities, and excluded 1,036 individuals and entities from Federal health care programs. The massive recoveries by the federal government have resulted in continued aggressive enforcement and have encouraged state governments and commercial payors to take similar actions.

Compliance plays an essential role in the revenue cycle management (RCM) process for diagnostic companies and hospitals. As finance, billing, and RCM leaders review or update RCM processes, it is important to include compliance considerations. Compliance requirements keep changing, and a misstep can result in lost revenues, fines, and even extreme penalties like debarment, corporate integrity agreements, and criminal consequences for companies and responsible individuals. Thorough revenue cycle management addresses compliance issues that can otherwise cost an organization money, business freedom, and even exit opportunities.

To maintain an effective compliance program, abide by applicable law, and as a necessary risk management approach, there are seven factors that together comprise an effective compliance program.

1. Standards and Procedures

Diagnostics providers should have developed Standards of Conduct to guide the performance of their workforce and establish expectations for the highest level of ethical and lawful conduct. As well, they should maintain written policies and procedures appropriate for their business and the compliance risks identified. 

2. Oversight

Establishing a Compliance Committee and naming a committee chair that oversees compliance activities and guides the activities of the Chief Compliance Officer and their team is central to oversight. Consider having a Compliance Committee charter that includes a review of the business annually to identify the material enterprise compliance risks in the business. The Compliance Committee also has responsibility to maintain an appropriate compliance program regarding such risks. It is also useful to consider whether having the IT and security teams report up through the Chief Compliance Officer helps ensure organizational alignment when it comes to systems compliance. Typically, the Chief Compliance Officer reports directly to the CEO and the Board of Directors.

3. Due Diligence

Diagnostic providers must implement procedures to review the backgrounds of their workforce before they hire them and while they are part of the workforce.

4. Communication, Training & Education

Diagnostic providers should identify their training and education needs through a matrix approach that considers their workforce roles and responsibilities and the compliance issues relating to their specific positions. It is imperative that the organizational leadership communicates to the workforce the importance of compliance, Standards of Conduct, and policies and procedures as they evolve. 

5. Internal Monitoring and Auditing

Diagnostic providers and independent device testing facilities (IDTFs) must audit and monitor the organization’s activities considering the compliance risks identified. Part of that monitoring includes establishing and maintaining a hotline provided by a third-party service for reporting compliance concerns including reports that can be submitted anonymously.

6. Enforcing Standards

It is also vital that executives consistently message the importance of compliance throughout the organization. Compliance should be considered in employee performance evaluations, and appropriate disciplinary measures must be taken for violations of the compliance program and its policies and procedures.  

7. Responding to Issues

After any compliance issue has been raised, the diagnostic provider’s Compliance Committee must conduct a thorough investigation and address the issue, respond appropriately, and prevent similar issues from arising.

Providers’ revenue management activities need to include compliance planning and monitoring. The hot issues of the day change and appropriate attention will enhance the likelihood of keeping the revenue the organization earns and preserving the value the organization creates. 

The healthcare industry is in a state of constant change in laws, regulations, government requirements, reimbursements and payor requirements, and commercial and patient expectations. It is hard for any individual diagnostic provider to keep up with the changes. An effective compliance program is essential. To learn more about how XIFIN helps customers reduce their compliance risk, visit the Compliance page on our website.

Published by XiFin
Share This Post:

Sign Up for Blog Alerts

Search Blog Posts

Blog Posts By Date

Blog Posts By Tag