Blog Post

Q & A Series on the Current State of Healthcare Compliance Programs – III

Richard P. Kusserow | May 2024

On April 30, 2024, Strategic Management Services and SAI360 hosted the Current State of Healthcare Compliance Programs: 2024 Benchmark Results Webinar. The speaker, Richard Kusserow, former HHS Inspector General and CEO of Strategic Management, reviewed the results of the 15th Annual Healthcare Compliance Benchmark Survey and provided his analysis of the results and the changing landscape of compliance departments.

The Webinar was well attended, and many participants asked thoughtful and insightful questions that would be informative to our blog readership at large. We are kicking off a four-part series answering the questions received related to the results and findings discussed during the Webinar.

Part III of the series will focus on questions related to how organizations can undertake an effective compliance program evaluation.

It is not a question of size. Maturity depends on a variety of factors, including (a) the structure of the program (b) services being provided, (c) size and location of operations, (d) characteristics of the workforce, and (e) locations where services are provided. Within that context, determining the maturity level of the compliance program involves having controls in place that support compliance with all applicable legal obligations, business requirements, and industry best practices, evidence that policies and procedures are accessible for, and followed by all covered persons.

It is difficult to produce evidence of a compliance program’s effectiveness if you rely solely upon internally generated information. The DOJ will likely not be receptive to internally generated evidence of compliance program effectiveness. After all, the DOJ would only be asking questions of organizations where they have found that the organization is involved in violating federal laws or regulations. As such, it is reasonable that they would suspect any unsubstantiated information provided by the organization.

When you look closely at all the guidance offered by various authorities, you most often see the term “periodic” used. The only time you see a call for annual independent reviews is as a condition in an OIG Corporate Integrity Agreement. Compliance ongoing monitoring is every program manager’s responsibility, and this includes the compliance program. As such, the Compliance Officer should annually assess the progress of the program. However, engaging outside experts to conduct full-fledged independent compliance program effectiveness evaluations can be done about every three years. If other independent evidence of the program is desired, consider using in off years independent evaluations and administering compliance knowledge or culture surveys. As a side note, it is advisable to have such an independent evaluation any time an organization engages a new Compliance Officer from outside the organization.  That person would benefit greatly from having a report on the results of such an evaluation as it would tell them what they have inherited and how to draft a work plan to address any weaknesses or opportunities for improvement in the program. Quite frankly, I would make it a condition of engagement to have such a review. For more information on this question see

It is not a problem. In fact, it is expected. Compliance Officers, like all program managers, should be engaged in compliance and ongoing monitoring of their areas of responsibility. Using internal checklists, tools, and compliance surveys as part of this effort can assist in managing and advancing the program, however, they are not equivalent to an independent evaluation. Program Effectiveness Evaluations are reviews, assessments, or audits that, by definition, must be conducted by parties independent of the program to be credible to outside authorities. Internally generated reports are generally viewed as biased and self-serving. For more information on this topic see

First, there is nothing wrong with conducting internally developed and implemented surveys. They can be a useful tool as part of ongoing monitoring and are often employed by HR. However, using the results of surveys to evidence the effectiveness of compliance programs is another issue. The reasons why results may lack credibility to outside authorities include:

  • Most internally developed surveys are not professionally developed or validated;
  • Many employees suspect the motive behind such surveys leading to skewed results;
  • Many are concerned that questions may be tricks to make the organization look better;
  • There is fear that their responses will not be anonymous; and
  • Internally generated surveys cannot be benchmarked against other organizations.

As a side note, the cost of time and effort for developing an internal survey is more likely than using a professionally developed, validated, and administered survey. For more information on this topic, see

You can keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog