Compliance Offices Assuming Additional Responsibilities

Results from the 2020 Healthcare Compliance Benchmark Survey

Results from the 2020 SAI Global Healthcare Compliance Benchmark Survey (Survey), developed with and analyzed by Strategic Management, revealed that many organizations view the Compliance Office as a convenient place to assign a variety of other duties. However, compliance offices should take care in assuming new responsibilities beyond the traditional compliance duties, especially where doing so may risk undermining the compliance program. Three quarters of the Survey respondents reported that their compliance offices are now responsible for HIPAA Privacy, with almost one third having HIPAA Security as well. About four in ten reported compliance responsibility for Internal Audit. A similar number of respondents reported Risk Management being under compliance, which should raise some concerns because that involves a much broader set of responsibilities that are beyond the capabilities of the compliance function. Examples of this would be the evaluation of (a) financial risks of an acquisition or merger; (b) operational risks with a new line of business; (c) IT risks for new systems and software; and (d) clinical risks for a new medical procedure, device, process, etc. One quarter of the respondents reported having responsibility for Claims Audit and Billing Compliance. One out of five reported responsibility for Quality Management. Another area of caution is for the 16 percent of Survey respondents that reported compliance as having responsibility for Legal Counsel. This should not be placed under compliance. Compliance should also not report to Legal Counsel, as this clearly runs afoul of the stated positions of the Department of Health and Human Services (HHS) Office of Inspector General (OIG) and Department of Justice (DOJ).

Connect with Our Compliance Experts

Contact Us Now

Strategic Management compliance consultants have over 40 years of experience in providing research, analysis, and program support for privacy and security rule compliance. For more information regarding this topic or the results of the Survey, contact Richard Kusserow at [email protected].