Compliance Officers are confronted with a host of competing external obligations and internal demands. Most Compliance Officers would admit that they lack the necessary resources to adequately meet all of their job responsibilities in the ever-changing legal and regulatory environment. This problem has been exacerbated by executive leadership and Board oversight committee demands for evidence of compliance program effectiveness. Furthermore, it is becoming increasingly common that Compliance Officers have the added responsibility of acting as the HIPAA Privacy Officer. Handling all these duties with the help of only internal staff is referred to as In-Sourcing. In some cases, however, organizations turn to Outsourcing their compliance program. This is most often employed as a measure to temporarily fill staffing gaps with an Interim Compliance Officer (ICO) when an incumbent leaves. Additionally, smaller organizations often outsource to an individual or firm to assume responsibility by providing a Designated Compliance Officer (DCO). The OIG recognized the practice of using outside experts, but notes that “if this role is outsourced, it is beneficial for the (contracted) compliance officer to have sufficient interactions… to be able to effectively understand the inner workings” of the organization. The OIG also recognized that a Compliance Officer may serve multiple organizations. The downside to Outsourcing lies in selecting the right “experts” to entrust with the operation of the compliance program.
Co-sourcing has evolved as a third option and “middle ground” between In-sourcing and Out-sourcing and may prove to be the best strategy available for Compliance Officers who are looking to relieve the huge amount of pressure upon them. Co-sourcing is also recognized by the OIG as a useful solution for organizations limited in compliance expertise and resources. Co-sourcing involves using a third-party on an ongoing basis to supplement limited staff resources to carry out part of the workload. A Co-Sourced partner can provide a great variety of services to fill gaps and strengthen the Compliance Program.
As stated above, one of the biggest problems in deciding upon co-sourcing services lies in determining what parts of the compliance program can be assigned to an expert consultant partner; how to find the right expert; and how to properly define the scope of work to be performed by the Co-source expert. In future blogs, I will describe some of the potential functions and benefits that can be derived from this strategy as well as pertinent tips in selecting, negotiating and contracting co-sourcing services.Subscribe to blog