Is Healthcare Compliance Outsourcing an Option for Your Compliance Program?

Richard P. Kusserow | October 2012

Under the Affordable Care Act, CMS has been charged with developing mandated Healthcare Compliance Program (CP) standards that will be a condition of enrollment or participation. This will be certainly a “game changer” in that organizations will have to attest or certify their CP as effective and in meeting those standards. In all likelihood that certification will come from senior management and not just the compliance officer.

For most healthcare organizations (hospitals, doctors, etc.) this will not be a huge problem, in that over the years CPs have take root in that sector. However for many other types of providers, this will have a major impact for the fact is that most organizations outside of hospitals have not been very aggressive in developing effective CPs. SNFs, DMEs, emergency transportation companies, physician practices, etc. have viewed the cost and effort of developing effective CPs as too costly and have deferred on developing them as a business risk decision. That decision will no longer work and outsourcing healthcare compliance must be considered.

Where the size of a health care organization does not justify a full-time in-house qualified Compliance Officer, or where there are difficulties in filling a compliance officer vacancy, compliance outsourcing may be a viable option. This is time for these entities to re-examine their position on compliance. For those providers/suppliers that believe the cost of developing and operating an effective CP may be too expensive, hiring a compliance outsourcing company to independently manage the program may be an appropriate option to consider.

As the complexities of being a health care provider grows, it is critical that management maintain focus on the core activities of the business. As such, in all sectors, outsourcing those activities that are not core services is becoming increasingly common.

The Department of Health and Human Services (DHHS) Office of Inspector General (OIG) has long indicated that it understands that health care organizations may reasonably decide to outsource compliance duties and activities. Its general Compliance Program Guidance states: “For those companies that have limited resources, the compliance function could be outsourced to an expert in compliance.” Further, the OIG in its guidance on a “Compliance Program for Individual Physician and Small Group Practices” suggests that, one solution for ensuring compliance in a small entity would be to designate a staff person to serve as a liaison with an outsourced compliance officer.

The OIG noted that if the compliance officer responsibility is outsourced, it would be beneficial for the compliance officer to have sufficient interaction with the entity to be able to effectively understand its operations.

Therefore, there is a need for an internal liaison person to keep the outside consultant informed of activities and to assist in implementing compliance actions. Furthermore, the OIG and CMS some years ago co-sponsored a government-industry roundtable devoted to discussing compliance-related topics. One of the topics discussed was compliance outsourcing.

Compliance outsourcing companies have experts that know what it takes to operate an effective program and require no on the job training. Their credibility with management is likely to be higher than someone in house doing the work part time. Also, the costs to keep current with compliance standards, changes in regulatory and legal requirements are amortized over a number of clients and therefore more affordable than trying to do all this in house.

There are also the benefits of gaining access to compliance “best practices” by virtue of an independent expert’s broader exposure to the compliance discipline, ongoing verification of internal compliance processes, and the ability to supplement limited internal resources.

While many providers/suppliers have opted for partial outsourcing of compliance functions, mostly for hotlines, sanctions screening, and auditing and monitoring related to claims/medical records; only a relatively small number have outsourced their entire CP, even when there are inadequate internal resources to implement and operate a fully effective CP.

It is common for smaller organizations to add the duties of “Compliance Officer” to the already extensive responsibilities of other staff members. This results in a Compliance Officer being able to provide only a limited amount of their energies to the CP.

Compliance outsourcing offers a number of potential benefits for CP development and enhancement, such as:

  • More efficient, no learning curve on compliance
  • Experience in laws/regulations, clinical, coding/claims processing, physician arrangements
  • Experts should be able to deal with a wide range of compliance issues
  • Reduced cost of recruiting, supporting full-time staff and employee benefits.
  • Full regulatory compliance and reporting
  • Better risk protection
  • Lower fixed costs
  • Reduced staff workload
  • No redundant operations
  • Executive-level reports on all compliance functions
  • Senior executive and shareholder confidence
  • Accurate compliance budgeting
  • Risk assessments
  • Claims analysis
  • HIPAA/HITECH privacy and security compliance

The scope of duties for the experts could include:

  • Serving as the focal point for and work to develop and integrate the elements of the CP
  • Developing/updating of the Code of Conduct
  • Drafting/revising compliance policies and procedures
  • Effectively overseeing auditing and monitoring activities.
  • Assisting in resolving hotline or other compliance issues
  • Working under direction of legal counsel as called for by circumstances
  • Developing and delivering compliance training and education programs
  • Performing an annual review/examination of the CP
  • Assisting management with ongoing auditing and monitoring plans of specific risk areas
  • Developing CP policies/procedures
  • Staffing and managing the hotline
  • Providing overall direction for the CP
  • Keeping management and Board informed on the status and progress of the CP
  • Educating management and Board on the ever-changing regulatory environment
  • Providing ongoing healthcare compliance support
  • Conducting background, exclusions and sanctions checking
  • Conducting risk assessments

If there is a decision to outsource compliance activities, it is critical that the party engage to perform this service be properly qualified undertake these duties. It is important to select someone with a wide range of CP experience over a number of years that includes program development, implementation, management, and evaluation.

Smaller entities may not necessarily need to engage a full time outsourced compliance officer. A highly experienced healthcare compliance outsourcing company should be more efficient in carrying out the duties on a part time basis. However, what any organization must have is someone to act as a liaison or primary contact with whom to coordinate the compliance activities.

And finally, high level executive staff must interface on a regular basis with the outside compliance expert regarding all operations in the organization to ensure that all the necessary elements of an effective CP are effectuated.

If the decision is made to outsource management of the healthcare compliance program, the experts selected should be prepared to certify the status of the program, so as in turn provide senior management with a reasonable basis to attest to and certify their CP as being effective. They should meet the highest standards of expertise, competence and authority.

The compliance outsourcing company should be able to evidence meeting the General Accountability Office (GAO) General Accepted Government Audit Standards for independence and objectivity in assessing business practices to quickly identify and resolve problems before they turn into potential violations. They should first evaluate the existing CO to identify any gaps and move quickly to fill them. If needed, they should be able to build the CP from the ground up.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.