Blog Post

Compliance Program Maturity Models

Richard P. Kusserow | October 2020
Download PDF

Maturity Models have been used for decades in the defense, energy, and information technology sectors. In the last few years, the concept has moved to the healthcare compliance industry. As a result, many Compliance Officers have been weighing the advantages of applying such a tool to their operations. This article will hopefully shed some light about these models.

In short, a Compliance Program Maturity Model is a technique to measure the ability of an organization to implement continuous improvement processes for its compliance program. Used as a tool, it helps assess the current state of an organization’s compliance program by analysis that defines a maturity structure at successive levels towards continuous improvement. It can also identify best practices and guides for organizational improvements built on observations about efforts to move the program through levels of effectiveness. A Maturity Model can be best understood as an evolutionary process, at the end of which there is evidence of fulfilment of a desired target by defined levels of maturity and assessment of the extent to which factors are meeting desired goals.

There are many different approaches to Maturity Models; however, it should be a set of structured levels that describe how well the information and records management policies, practices, and processes of an organization have been implemented and whether they produce the desired outcomes. It should define the characteristics of information and program management at different levels of maturity and provide guidance for staged progresses. Terminology may vary, but the stages or levels generally equate to the following: (0) chaotic, fragmented or ad hoc; (1) defining and structuring the program design; (2) laying the foundation of the program; (3) managing a fully operational program; (4) having a mature, sustainable program; and (5) an optimized program characterized by innovation and forward-looking means for continuous improvement.

The usefulness of a Maturity Model is dependent on the number of describing factors or details for each element at different stages. For example, the Strategic Management Compliance Program Maturity Model includes 15 factors for each of the seven elements of an effective compliance program. Each of the factors are measured across the levels described above. The key point is that the greater the number of factors included, the more precise and useful the result will be. Conversely, the fewer the factors, the more generalized the issue, which in turn provides less value in the result.  

The following are important things to consider: (a) the value of the resulting evaluation is dependent on the expertise and experience of those doing it; and (b) any Maturity Model that permits easy access to “optimization” is not good. The Maturity Model review results should not suggest that the compliance program has reached its zenith, but rather that it is continuously improving. Continuous improvement is something that both the Department of Justice (DOJ) and Department of Health and Human Services (HHS) Office of Inspector General (OIG) stress. Their message is clear: compliance programs should always be improving, and they are never completed. 

For more information on this subject, contact Richard Kusserow (rkusserow@strategicm.com).

About the Author

Richard P. Kusserow established Strategic Management Services, LLC to assist health care organizations develop, implement and assess compliance programs. Mr. Kusserow has worked with health care organizations to conduct compliance program effectiveness evaluations, deliver advisory services, develop policies and procedures and deliver compliance and internal investigations training.

Subscribe to blog