Ongoing Auditing Hotline Effectiveness

Health care organizations cannot afford to forgo operation of an effective hotline given the pertinent guidance from the Department of Health and Human Services Office of Inspector General (OIG), Sentencing Commission, Sarbanes-Oxley Act, and a number of court decisions.  The benefits of operating a hotline significantly outweigh the costs.  A well-managed hotline can alert management to potential exposure to liability. It can also boost workforce morale by allowing employees to feel that management desires their input. Unfortunately, a poorly managed hotline program can do just the opposite: it can diminish employee confidence in using the channel of communication altogether, which can lead to employee silence and even a failure to warn management of a looming problem.  Worst of all, employees with no outlet within the legitimate organizational channels for communication may instead voice their concerns, frustrations, and problems by seeking redress outside of the organization.  There are countless instances where insiders have:

• Leaked incidents to the press;
• Engaged an attorney to sue an employer (regarding sexual harassment, injury, slander, discrimination, and other grounds);
• Informed regulatory authorities of unsafe conditions or other violations;
• Reported a suspected violation of law to a state or federal enforcement agency;
• Filed a qui tam action (whistleblower lawsuit); or
• Left the organization for another job.

In short, channeling information through legitimate avenues of communication is absolutely critical to the effectiveness of any compliance program.  The best practice for an organization is to use a qualified vendor focused on the health care sector to answer calls 24/7 using both live operators and web-based reporting.  Regardless of whether the hotline is internally or externally operated, it is important that the organization arrange for a periodic independent audit to measure the hotline’s effectiveness. The audit results should then be presented to the executive and board-level compliance committees.

Ongoing audits should determine: (1) whether the hotline operates according to established protocols, policies and procedures; (2) how hotline operation adequately assures effectiveness; and (3) whether the hotline achieves its objectives and goals.  Audits of the hotline should focus on actual operations and should be performed by an entity outside of the organization’s Compliance Office to guarantee independence and objectivity.  Additionally, the entity should use a detailed audit guide to ensure that it addresses all potential issues.  The results of the audit should answer the following questions:

1. Is the hotline functioning in accordance with established policies/procedures?
2. Are calls diligently followed up on to resolve issues and problems?
3. Are responsible parties cooperatively resolving issues?
4. Are reports acted upon in a timely manner?
5. Are those tasked with resolving hotline issues properly trained on how to meet their obligations?
6. Are call reports sufficiently detailed so as to permit appropriate follow-up?
7. Are employees reminded that the hotline is available for them?
8. Are the executive leadership and the board informed of the hotline’s results?
9. Does evidence show that employees have confidence in using the hotline?
10. Are the anonymity and/or confidentiality of callers being protected?
11. Were test calls answered by the second ring?
12. Are all calls reported properly on the call log?
13. Is the duration of each hotline call recorded?
14. Is there appropriate file security, and is access limited to authorized persons?
15. Are hotline files kept in a private office, in a locked file cabinet?
16. Is there controlled access to hotline records, and do those records document who has accessed those files?
17. Are the files are organized systematically for easy retrieval?
18. Do the compliance hotline policies address all the key elements of the hotline function?
19. Are policies governing the hotline function comprehensive and easily understandable?
20. Do the policies address proper documentation and resolution of hotline call issues?
21. Are closed files kept separate from open cases?
22. Are logged calls acted upon promptly?