How "Effective" Is Your Compliance Program?


May 22, 2019

By: Susan E. Ziel and Andrew W. Breck

Measuring corporate compliance program  “effectiveness”  is recommended by several authorities, including the United States Sentencing Commission[1] and the Department of Health and Human Services’ Office of Inspector General (“OIG”)[2].  The goals of an assessment process should be: (1) to identify potential gaps in program structure and function, (2) to maximize opportunities to confirm and communicate adopted standards throughout the organization, and (3) to implement the procedures necessary to proactively measure and evaluate compliance with these standards over time. 

The assessment process is typically completed by a well-qualified, independent consultant (“Consultant”) who makes certain findings and recommendations that are reported to the organization’s executive leadership and compliance officials. The process should include five sequential steps. 

  • The first step involves an introductory telephone or video conference involving the organization’s executive leadership and compliance officials and the Consultant to confirm the scope of  services, the timeline and the specific documents that are maintained by the organization and which will be the subject of the assessment process.     
  • The second step involves the Consultant’s off-site review of the organization’s documents.  
  • The third step involves a follow up telephone or video conference interview with the organization’s executive leadership and compliance officials that allows for additional fact-finding.  This interview may also include additional representatives who may be responsible for certain aspects of the organization’s processes related to service delivery, business relationships and billing, as appropriate.   
  • The fourth step involves the Consultant’s preparation of written findings and recommendations resulting from the assessment process that are delivered to the organization’s executive leadership and compliance officers in a confidential “draft” version for initial review in order to confirm any additional information or corrections necessary to finalize the report.
  • The fifth step is the Consultant’s presentation of the final report to the Organization’s executive leadership and compliance officials, during either an in-person or remote telephone or video conference presentation. 

Upon conclusion of the assessment process, the organization completes any program related evaluation procedures in accordance with its compliance program evaluation policy and procedure. 

The following is an initial, generic overview of the subject matter that is usually the subject of this assessment process:

  • Compliance Officer (Appointment, Job Description, Communications, Resources, Access, Reports)
  • Compliance Committee (Appointment, Charter, Membership, Meetings, Minutes, Reports)
  • Compliance Program Standards (Approvals, Publication and Distribution)
    • Defined Capitalized Terms
    • Code of Conduct
    • Policies and Procedures
      • Qualifications; Licenses, Certifications, Registrations
      • Representative Qualifications and Credentialing; Exclusion Verification
      • Delivery of High Quality and Safe Services
      • Business, Referral and Research Relationships
      • Health Information Privacy and Security
      • Documentation, Coding, Billing and Collection of Payments; Cost Reports
  • Training and Education (Policy and Procedure, Orientation, Annual Training, Written Materials, Confidentiality Agreements, Documentation and Reports)
  • Open Communication and Confidential Reporting of Program Violations (Policy and Procedure, Responsible Parties or Vendors, Documentation and Reports)
  • Non-Retaliation Safeguards (Policy and Procedure)
  • Internal Risk Assessments (Policy and Procedure, Annual versus Special Procedures, Documentation and Reports, Action Plans)
    • High Quality and Safe Services (Part A/B, Inpatient/Outpatient, Hospital-Based, Other)
    • Business, Referral and Research Relationships (Anti-Kickback Statute/Stark Law Arrangements and Other Non-Monetary Compensation, Open Payments Program, EHR Incentive Payments, Research Arrangements and Other Pharma and Medical Device Arrangements - PhRMA, AdvaMed,  Other Gifts and Gratuities)
    • Documentation, Coding, Billing and Collection of Payments; Costs Reports (Revenue Cycle, Personnel Training, Credit Balances, Overpayments)
  • Internal Investigation, Corrective Action and Other Disciplinary Policies for Program Violations (Policy and Procedure, Documentation and Reports, Action Plans)
  • Internal and External Reporting (Policy and Procedure, Documentation and Reports, Action Plans)
  • Program Reporting to CEO and Board; CEO/Board Accountability (Policy and Procedure, Documentation and Reports, Action Plans.)
  • Program Monitoring and Audits (Ongoing Monitoring, Annual versus Special and other Anecdotal Audits, in addition to the Risk Assessments listed under (7) above, including but not limited to an Annual Independent Documentation, Coding, Billing and Collection Audit)
  • Program Evaluation and Amendment (Policy and Procedure, Annual and Special Assessments, Documentation and Reports, Action Plans)

Krieg DeVault LLP, working closely with consultants from Integrity Health Strategies, are well qualified to assist your organization in completing this important assessment process.  If you would like additional information about our team, our services and our cost-effective fee schedules, please contact Susan E. Ziel, Consultant, Integrity Health Strategies, at sziel@kdlegal.com or Andrew W. Breck, Esquire, Krieg DeVault LLP at abreck@kdlegal.com. 


[1] https://www.ussc.gov/guidelines/2015-guidelines-manual/2015-chapter-8.

[2] https://oig.hhs.gov/compliance/compliance-resource-portal/files/HCCA-OIG-Resource-Guide.pdf.