Building an effective corporate compliance plan

Healthcare Financial Management, Sept, 1997 by Elizabeth Ryan

Corporate compliance plans are essential for healthcare organizations to cope with, and perhaps even stave off, investigations arising from allegations of illegal business practices. Initial development and implementation of a corporate compliance plan can be facilitated through four steps: determining the content of the code of conduct, determining how the code will be distributed, assigning responsibility for implementing the plan, and appointing a compliance task force to guide the implementation process. Special attention should be paid to education requirements of the United States Sentencing Guidelines to see that all employees understand and can apply provisions of the plan.

Healthcare organizations have been the targets of intense efforts by Federal and other regulators to eliminate billing fraud and abuse and other illegal activities that cost taxpayers millions of dollars each year. The numerous investigations currently under way throughout the country should serve as a wake-up call to healthcare facilities regarding the importance of developing and implementing comprehensive corporate compliance plans. Not only will the existence of such plans serve to mitigate damages should evidence of fraud and abuse be uncovered, but more important, will help prevent illegal activities from occurring in the first place.

Elements of a Corporate Compliance Plan

Three main components of a corporate compliance plan are the proposal, which explains what laws make the plan necessary and outlines implementation parameters; an explanation of the duties of the board of directors and the board's compliance committee; and a code of conduct. A compliance plan must include the following components under the United States Sentencing Guidelines:

* Compliance standards and procedures;

* Overall compliance program oversight;

* Standards and methods for delegating authority;

* Employee training programs;

* Monitoring and auditing systems;

* Enforcement and disciplinary actions; and

* Mechanisms for responding to problems and taking corrective action.

Four steps will guide the initial development and implementation of a corporate compliance plan. First, the content of the code of conduct should be determined. Second, the distribution of the code (or portions of the code), by department and relevant content, should be determined. Third, responsibility for implementing the compliance plan should be assigned. Finally, a compliance task force should be appointed to shepherd the implementation process. Keep in mind that a corporate compliance plan is most effective when it is tailored to meet the particular needs of the organization adopting it.

Determining the Content

A variety of approaches can be used to develop the content of a code of conduct. Depending on the needs of the organization, these approaches can include writing an all-encompassing code; developing content that highlights only specific functions that might be targeted by government investigators; specifying only functions that are currently being targeted for investigation; or integrating a variety of concerns into the code.

Writing an all-encompassing code. An all-encompassing code of conduct should address all relevant Federal, state, and local laws and regulations with which the organization must be in compliance, from copyright law to sexual harassment. One advantage of an all-encompassing code is its ability to coordinate and rationalize all compliance-related activities into a single document. That advantage, however, may be outweighed by the disadvantages.

Amending an all-encompassing code may be cumbersome as case law is interpreted, laws are amended, and new laws are enacted. In addition, some departments may not support some provisions of the code if they already have established, but different, policies and procedures in place for meeting specific regulations (eg, policies and procedures regarding sexual harassment established by a human resources department). Finally, trying to address all relevant laws in one document may result in a superficial code that is neither effective nor well supported throughout the organization.

Targeting specific areas. Patient accounting, clinical laboratory services, marketing, and physician compensation are some areas that are likely to be examined for violations of fraud and abuse, antikickback, deceptive advertising, and other regulations. Areas could be targeted for inclusion in the code of conduct from a financial standpoint by focusing on how likely they are to yield a significant amount of errors or result in the most costly fines per incident.

Areas also could be targeted from a public perception standpoint by considering the impact of certain types of publicity. For instance, illegal disposal of biohazardous waste could generate sufficient public outrage to affect the organization's flow of business.

Targeting areas under current government scrutiny. A code of conduct can focus on areas that are under current government scrutiny in an organization's state or local area. For instance, healthcare organizations in some states have been hit hard with investigations into violations of the 72-hour rule. Likewise, government scrutiny of billing for professional services at teaching hospitals has increased markedly.