- Stressed in new “General Compliance Program Guidance”
- Most Compliance Officers cite this as a top priority for 2024
- DOJ and OIG don’t see self-assessment results as credible evidence
- Best to have this done at the beginning of the year with a work plan to follow
- Initiating assessments should be by Compliance Committees
One of the major planning steps for Compliance Officers for the new year is assessing the status of the Compliance Program to document and evidence progress to date, identify opportunities for improvement and have action steps to enhance program effectiveness. Regular, rigorous, and consistent review of compliance programs is now the expectation. The OIG and DOJ have noted that all compliance programs are works in progress, never completed, and are meant to respond to the ever-changing regulatory, legal, and business environment. They further stated, “[o]ne hallmark of an effective compliance program is its capacity to improve and evolve.” The OIG in their November 2023 “General Compliance Program Guidance,” makes it clear that Compliance Officers are responsible for monitoring their Compliance Program to ensure it is functioning properly according to written guidance and standards. However, ongoing auditing and assessment of the program must be done independently. Without independent evidence of program effectiveness, enforcement authorities would give little consideration to mitigating penalties. In fact, the penalties could be increased. This supports the need for periodic evaluations of the compliance program, designed to evidence the progress and success of the program to date, opportunities for improvement, and action steps to enhance program effectiveness. The OIG states that “[e]ntities also should periodically assess the compliance program’s effectiveness…The review should include an assessment of how effective each element of the compliance program is.” It further states that “[t]he Compliance Committee primary duties should include evaluating the effectiveness of the compliance program…” and that “[t]he board should direct the entity to perform the compliance program effectiveness review and have the reviewers report their findings and recommendations directly to the board.” It also calls for the Compliance Officer to periodically provide a report to the board on the assessment of the Compliance Committee’s performance.
The SAI360 2023 Healthcare Compliance Benchmark Survey found evidence of their compliance program effectiveness to be a compliance officer’s top priority for improving their program. Four out of ten respondents reported having an independent evaluation of their compliance program within the last three years. However, most respondents reported that the primary means for evaluating program effectiveness was reviewing the results of internal audits and using self-assessment tools or checklists. Unfortunately, the internal tools and methods are fine for ongoing compliance monitoring. However, this does not meet the standard of an independent evaluation, as described by the OIG and DOJ guidelines. No organization that comes under investigation by the government would want to try to use internally generated evaluations as independent evidence of the program’s effectiveness.
For more information on Compliance Assessment planning, scope of work, approach, methodology, time, effort, and cost, contact [email protected].
Join us on January 23, 2023 at 1:00pm Eastern for 2024 HIPAA Compliance Survey Results, presented by Robbi-Lynn Watnik and Natalie Lesnick, and sponsored by SAI360.Subscribe to blog