Blog Post

Checklist Reviews and Gap Analyses Do Not Evidence Compliance Program Effectiveness

Richard P. Kusserow | August 2022

To learn more about this topic, register for the complimentary SAI Global WebinarEvidencing Compliance Program Effectiveness,” that will be held on August 16, 2022, at 2 PM, Eastern.)

Compliance Program checklist reviews by compliance officers, as well as gap analyses by outside parties focusing on the process, will generate output results, often with numerical metrics. However, these tools do not measure the outcome or value created by the process. It is outcome or value that evidences the effectiveness of the compliance program. Process reviews are useful but are only the first stage in assessing the compliance program.

In the early years of developing compliance programs, importance was given to evidencing the implementation of the standard elements of an effective program; however, the world has moved far beyond that process. The Department of Health and Human Services Office of Inspector General (OIG) and the Department of Justice (DOJ) consider organizations that have compliance programs on paper alone, without being able to evidence it being followed in practice, as being “Sham Programs.” These are viewed as worse than no program at all, in that they evidence the organization knew what it should be doing but neglected to follow it in practice. This could suggest negligence, or worse, gross negligence resulting in more severe penalties.

The challenge is how to develop credible outcome evidence that the compliance program is being effective in reducing unwanted events or circumstances that could give rise to liabilities (e.g., enforcement penalties, tort actions, adverse media reports, etc.). It is possible to develop evidence of this type for each element; however, it is not easy. Even when that evidence exists, the question is whether it would be viewed as credible to skeptical outside parties. If DOJ and OIG are investigating dishonesty by an organization, they will have little reason to believe any internally generated information about the compliance program.

It is worth noting, however, that the OIG did cite methods they believe produce evidence that a compliance program is effective. These were:

  1. Results from Claims Processing Quality Assurance Program (QAP). Both the DOJ and OIG list false claims cases as their number two enforcement priority after arrangements with referral sources. Claims development and submission were highlighted by the OIG in its compliance guidance documents as a primary compliance high-risk area and pointed it out as one area where compliance program effectiveness can be evidenced and benchmarked. Program managers, including those involved in claims processing, have responsibility for ongoing monitoring. This should be part of a quality assurance program (QAP) that includes quality control reviews (QCR). QCRs are nothing more than randomly selecting claims for “real-time” testing for errors before submission for payment. Errors should be tracked to identify any emerging error patterns involving coders, DRGs, physicians, etc. Coders then could be educated on why the denial is occurring and how to prevent its recurrence. If a pattern of errors or denials emerges for a coder or physician, it should result in retraining or investigating the cause. The OIG advises performing these analyses can serve as a baseline and provide benchmarks for evidencing compliance improvement through the reduction in error rates.

  2. Independent Compliance Program Effectiveness Evaluations. Having objective evidence of compliance program effectiveness by independent experts is important, especially for those facing potential enforcement action. OIG guidance stresses the value of an independent effectiveness review and evaluation. The DOJ’s June 2020 Evaluation of Corporate Compliance Programs highlights the importance of “effective evaluation measures” to determine if the compliance program is a “paper program” or one that is fully “implemented, reviewed, and revised, as appropriate, in an effective manner.” They ask if the company evaluates “periodically the effectiveness of the organization’s [compliance] program.” Has the compliance program been evaluated and audited? The compliance officer, like any program manager, is responsible for ongoing monitoring of the program, but an impartial evaluation must be performed by someone who is “independent” of the compliance office to provide convincing “evidence” of the results. Periodically, it is advisable to have an independent evaluation by recognized experts to verify proper ongoing monitoring of the program and validate effectiveness in achieving goals for the program. It is by far the best method to develop credible and convincing evidence as to how well the program is functioning.

  3. Employee Compliance Surveys. The OIG Compliance Guidance recommends the use of questionnaires developed to solicit impressions of a broad cross-section of the organization’s employees and staff. Noteworthy, using properly designed employee surveys to evidence Compliance Program Effectiveness was cited in over 60 places in the 2017 “Measuring Compliance Program Effectiveness: A Resource Guide,” jointly issued by the Health Care Compliance Association and the OIG. A high level of credibility for outside authorities in the validity and confidence in survey results necessitates the survey instrument be professionally developed and independently administered to ensure confidentiality for respondents. Ideally, the survey results should be compared against a large universe of users to be able to have a benchmark for comparison. The survey should not just provide statistical results but provide detailed analyses of the significance of the question and the responses, including best practices to improve results in the future.

To learn more about this topic, register for the complimentary SAI Global WebinarEvidencing Compliance Program Effectiveness,” that will be held on August 16, 2022, at 2 PM, Eastern.)

For more information on other compliance-related concerns, contact Richard Kusserow (rkusserow@strategicm.com.)

Keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog