​Nursing, assisted living, and post-acute facilities have long been an area of scrutiny by the Office on Inspector General (OIG) as they are high-risk areas. It is important that an organization have a formal compliance program as proactive and preventive; a structure to address issues; and as a mitigating factor should compliance violations be identified by regulatory agencies.

OIG recognizes a common structure for compliance programs centered around seven elements. They are:

• Written policies, procedures, and standards of conduct

1. How accessible are they to all employees?
2. How often are they reviewed?
3. What is the process/procedure for review and approval?
4. Are they written in understandable language?

As an example, every policy is subject to review every three years. However, they can be revised at any time. Front-line employees who actually work with the policies should be free and encouraged to make revision recommendations. As policies may impact areas outside of the department owner, an interdisciplinary committee can review them to avoid conflicts and also provide ideas to strengthen them.

• Designated compliance officer and compliance committee

1. Does the compliance officer report to the CEO directly with independent access to the board?
2. The compliance officer should not lead or report to the entity’s legal or financial functions.

A compliance committee of designated Board members meets on a quarterly basis with a standing agenda. The only member of management present is the compliance officer or its staff so that issues can be presented and openly discussed without management interference or filters.

• Effective training for success

1. Identify required training by regulatory and accrediting bodies.
2. What training is required? What should be conducted for all employees annually?
3. How is effectiveness measured?

Compliance can also develop custom-designed training to address specific reoccurring issues in identified departments. An example is one for Health Insurance Portability and Accountability Act (HIPAA) incidents with identification of their root cause and corrective/preventive actions. The staff usually appreciate the effort and attention shown to help them.

• Effective lines of communication

1. Have a variety of reporting mechanisms that can be used to report concerns or incidents.
2. How are the lines communicated? Are employees aware of them?

A hotline incident management reporting system can help the compliance officer track, manage, assign, quickly access and review cases and develop metrics of where to place compliance priorities. This should have an anonymous reporting feature and be available to the public for reporting access.

• Enforcing standards: consequences and incentives

1. They should be publicized and made available.
2. Consistently applied and enforced.

Adherence to compliance standards can be a rated factor in performance evaluations.

• Internal auditing and monitoring

1. Be proactive and reactive.
2. Communications and approach should be working as a business partner with managers for quality and process improvements.

Compliance should work as a team member with other departments in identifying and monitoring, through audits, opportunities for process improvements that can mitigate risks, make employees’ jobs easier, and increase revenue. One example, in an ambulatory care setting, is improving patient wait times.

• Responding to detected offenses and developing corrective action initiatives

1. Processes and resources should exist to address them.
2. Investigations, corrective actions, and resolutions should be prompt

Standard timelines should be developed for investigations to be completed. Points-of-contacts in departments should be identified to whom incidents should be sent.

This model provides a recognized structure for preventing, addressing, and resolving compliance issues in an organization. It is flexible in how organizations choose to develop programs to address them within available resources.

An annual compliance plan should be developed with the activities and their goals to support each element. An excellent guide for ideas can be found in Measuring Compliance Program Effectiveness: A Resource Guide, HCCA-OIG Compliance Effectiveness Roundtable Meeting: January 17, 2017.

Robert Rohr, J.D., M.A, CHC, SPHR is the director of corporate compliance for Sun Life Health, a federally qualified health center, with 14 locations in southern Arizona. He can be reached at robert.rohr@slfhc.org.