Having one in place isn't enough-it must be followed BY LAWRENCE A. FOGEL AND JOSEPH M. WATT
When it comes to regulatory compliance, some organizations say one thing and do another-and end up wishing they hadn't
BY LAWRENCE A. FOGEL AND JOSEPH M. WATT Let's start with the following true-or-false statement: "The mere existence of a regulatory compliance plan does not provide an organization with any assurance that its compliance program is effective." The answer: true. In fact, a poorly written compliance plan is probably more damaging than having no compliance plan at all. Why? An organization makes commitments and promises in its compliance plan that it is expected to fulfill. These commitments may establish even higher standards, and they are expected to be met. If it appears an organization is not serious about its compliance program, government and private agencies will have serious doubts about its credibility and integrity.
Consider this hypothetical: The typical compliance plan states that it will be reviewed and revised annually-but your compliance plan hasn't been modified in the five years since it was written. What message does that send?
The Department of Health and Human Services' Office of Inspector General (OIG) published the "OIG Compliance Program Guidance for Clinical Laboratories" on March 3, 1997, in the Federal Register. Since then, OIG has published a series of compliance program guidances for other healthcare organizations. These guidances explain to the healthcare industry the OIG's expectations of compliance programs. The OIG's principal guidance is based on the seven elements of The Federal Sentencing Guidelines Manual. Compliance programs must satisfactorily address these seven elements, at a minimum:
1. Compliance Officer and Committee
Some organizations either have no job descriptions for the compliance officer and committee, or the job descriptions are ambiguous and inaccurate. If the compliance officer, for example, does not have a job description, how can his or her performance be evaluated?
In addition, what if the job description for the compliance officer does not correspond with the duties contained in the compliance plan? In some situations, the compliance officer's job description is all-inclusive when, in fact, the compliance officer does not perform all of the listed duties. Often, the compliance officer is too busy with other job responsibilities to effectively manage the compliance program. The same ambiguity applies to the compliance committee. Members of compliance committees sometimes say that they don't know what their specific functions are or what is expected of them. Government agencies are not sympathetic, however. If an organization has a compliance program, it is expected to devote the necessary resources and time to make it effective.
Another common issue is the frequency of compliance committee meetings. Usually, the compliance plan will specify how often the meetings are to be conducted. Although the compliance plan might specify that meetings are to be held monthly, perhaps the compliance committee has met only four times during the last 12 months. Again, what message does this send, not only to the outside world, but also to the compliance committee members themselves?
Let's go one step further and assume that the committee did not keep minutes, or that the minutes were maintained in a very sketchy format. How can anyone know what progress was made during the compliance committee meetings? Sometimes the meetings are, indeed, unproductive and stagnant; committee members say that they spin their wheels and don't make any progress because they discuss the same issues over and over. This sort of performance raises questions about the seriousness of the committee's efforts and the effectiveness of the compliance officer. Too often, organizations do not evaluate the compliance officer or the committee members on their performance.
Generally, compliance plans require periodic reporting to the board of directors; however, in many cases there is no evidence that such reports have been made.
2. Standards of Conduct/Policies and Procedures
A compliance plan should either include the organization's standards of conduct, or these standards of conduct should be issued as a separate document. Regardless, they should be clearly written and disseminated to all employees and other affected persons. This, however, does not always occur. Often, people are confused in distinguishing between the compliance plan and the standards of conduct. Many employees mistakenly believe the standards of conduct are the organization's compliance plan. Every employee and other affected person should sign an acknowledgment form that they have received and read the standards of conduct, as well as the compliance plan.
Organizations should be careful that the standards of conduct do not conflict with other policies. For example, the standards of conduct may say one thing and administrative or personnel policies may say something totally different, which can pose serious problems.
Policies and procedures also should be written and current. If policies and procedures are not presented in written format, employees may allege that they were told to do something by their supervisors that cannot be supported by written policies and procedures. Written policies and procedures provide clear guidance to employees, especially when new employees are hired. Policies and procedures should be updated regularly and accurately reflect the manner in which each department operates.
Page of 3Next