Compliance Strategy in a Medical Practice: How to Practice Integrity?
Compliance is a strategy in itself. Becoming safe, secure, adherent to rules, regulations and best practices and a company that practices integrity and makes it its first nature is perhaps one of the most important goals for any organization that takes itself seriously and wishes to stay in the game long term. How does one reach the state of compliance where it steeps the fabric of the company? What should be the strategy to become compliant all the time, in every circumstance, with every person, instinctively, obsessively, compulsively?
This is how I would start. Create these ingredients:
- The Right Leadership: The top has to be totally committed and involved. No contradictions can be allowed and, if there are shades of grey, decision are based on what is right and not what is expedient or convenient.
- Culture: A culture of compliance may initially need to be driven down by the leadership. Employees need to be educated and shown what compliance is and why it is a sine qua non. That compliance is a way of life for the organization and should become as natural and organic as breathing. Those resistant may need to be mentored again and again and those disruptive may need to warned, written up and even removed, if needed. This culture is perhaps one of the most important elements in creating a strategy of compliance. If this culture can be created and maintained, which takes a long time and sustained effort, then it starts feeding itself and maintaining itself. It is like creating a garden that is so well-nourished and robust that weeds do not take.
- Subject Matter Expertise: The organization needs to hire the best in the business, i.e., consultants and industry experts who can advise, correct, mentor, suggest and protect the entity. This advice is worth its weight in gold and it should never be taken lightly. Slowly, one should develop such expertise within the organization too, hire a Compliance Officer, who is well-trained and appropriately certified, is a person of skill, integrity, passion and compassion.
- A Compliance Program: A proper agenda needs to be created for the company with clear timelines which has to be adhered to and any failure needs to be reviewed. The program needs to include training material, manuals, orientation, annual updates, testing, feedbacks, reviews, audits and monitoring. Every staff member needs to be a part of it and it can never be overemphasized. Several strategies can be made to make it a fun activity, including awards for best behaviors, gaming, acknowledgements, special mentions, etc. The compliance program must feed off Policies and Procedures of the company and influence it in return.
- Transparency: Compliance is nothing without openness. In my opinion, a radical transparency would always ensure that people do not tend to become complacent or lapse into inertia and bad habits. Information and results need to be shared openly. No one can be punished for voicing his or her opinion. In fact, the reverse should become the case. Opprobrium must follow if one holds back one’s concerns since that can be detrimental. There should be no fear of truth or articulating one’s convictions. Communications, even if there are disagreements, can be professional and objective. Any failures should not be shoved under the rug and should be openly acknowledged and fixed. Failures must become part of the overall learning systems of the company.
- Research and Education: Constant updating of one’s knowledge base, review of newest circulars by the Office of Inspector General or Center for Medicare and Medicaid Services and any other agencies should be mandatory for the compliance teams. This research needs to be shared, used to update the compliance program, become part of annual reviews and training, hiring, upskilling and even at the time of firing employees. The approach should be scientific and based on evidence and research and health care policy, regulatory issues and policy, and not be subjective or based on one’s biases. One may even communicate directly with agencies for guidance if needed though that should be done under proper counsel only.
- Metrics: Compliance can be measured, whether by audits or random reviews of employee habits and responses. This approach is critical to assess oneself objectively, track improvements and changes to initiatives to educate staff, and measure oneself against industry standards. Even auditors should be measured for their level of education and knowledge and vendors need to be vetted.
- Creating a Team and Separate Department: Compliance should not be reporting to operations or to people who might get audited. It should be a dedicated group of individuals who are independent of other activities in the company or any other interests. These individuals may create literature and tools unique to the needs and specialty of the company as needed and their sole function should be to enhance the integrity of the entity. A team of trainers may be created to constantly educate rest of the compliance team and employees.
What are the departments that come under a special review of compliance? Ideally, every activity does. But for the purpose of this discussion, I have tentatively divided it into various headers. These are:
- Financial compliance including policy for annual audits by third parties, and refunds of erroneous payments, payment of taxes in a timely manner
- Billing and coding, including fee for service and managed care HCC coding
- Credentialing and contracting
- Marketing, including non-inducement of patients, and providers
- Human Resources, including equal opportunity, non-discrimination, fraud and abuse training, non-harassment, overtime policies, etc.
- Supplies, inventory, medications, samples, controlled drugs, assets and their management
- Patient safety and risk management
- Insurance, including malpractice, directors and officers, general liability, errors and omissions, etc.
- Information Technology
- Utilization and care management
- Medical operations
- Regulatory, including local, state and federal regulations, Stark, OSHA, HIPAA, anti-kickback, fee-splitting, corporate practice of medicine, restraint of trade, etc.
- Learning Management Systems
- Clinical, training of staff in medical procedures, certifications, licenses, testing, accuracy of equipment, etc.
- Medical records
- Patient education
And there are so many more. But these should suffice to create an overall compliance plan for the practice.
Just like Intelligence Quotient and Emotional Quotient, there should also be a Compliance Quotient that can be measured and shared. Or perhaps, we should call it Compliance IQ. Each employee must make it a part of his marrow and should be able to do the right thing in his or her sleep.
At the end of it, the company should mean compliance when it says it. It is easy to create manual but living them is tough. In the same token, once the habits take hold, being compliant becomes most easy and non-compliant behavior becomes painful, difficult and almost impossible to indulge in, individually or collectively.