Creating a Compliance Program That is Right for Your Organization
An important part of developing an effective compliance program is to make the program scalable and effective for the operations of the specific provider. In some ways, creating compliance program for a large health system is the easiest because you have the resources and breadth of operations to recommend everything; also known as the “kitchen sink” model. The real art in my opinion comes when developing programs for smaller hospitals, physician groups and other organizations that do not have the resources to “do it all.” Taking an overbroad approach to compliance with smaller organizations can actually create additional risk because you are creating a “roadmap” of items that are not being done and which you will never have the resources to complete.
Our job as compliance attorneys is to recommend systems that are workable within the resources and specific risk areas that are relevant to the provider. This takes a level of judgment that is not necessary where the size and resources of the organization permit the “kitchen sink” approach to be taken.
The development of compliance programs for smaller organizations take a surgical approach. Care must be taken to develop systems for identifying the risk areas that are specific to the organization. Risks should be scored and prioritized and the results of this process should be included into a plan to accomplish audits, reviews or monitoring of the various identified risk areas. Small organizations cannot hit every risk area during every budgeting cycle. A longer term approach is called for with the most urgent risks requiring closer and faster review. This all ties into the budgeting process. The work plan needs to be adequately budgeted. The size of the organization will have an effect on the amount that is budgeted for compliance.
The point of a compliance program is not that every problem area will be found. It is most important that a logical system be developed that prioritizes risk and addresses risk areas in a logical fashion. The other side of the coin is that a substantial organization should not hide behind lack of resources for not addressing significant risk areas. A small physician practice is at one end of the spectrum. A hospital system with several facilities, attached physician network, and an array of ancillary services would have little excuse for not allocating sufficient budget amounts to compliance to enable the organization to meet its compliance needs.
Issues of scalability also come into the general structure of the compliance program. A small physician practice will not have the resources to hire a chief compliance officer. Rather, a small practice might designate a partner or administrator as a “compliance responsible individual.” On the other hand, a substantial hospital system should implement a robust structure including a full-time chief compliance officer, a compliance committee and compliance staff. The compliance officer should not serve a dual role in positions that create an inherent conflict of interest such as general counsel, chief financial officer or chief operating officer.
Issues of scope and scalability are at the center of most compliance efforts. These issues require careful and judiciously made decisions. These decisions are important and must be faced by providers of all size, from the smallest medical practice through the largest health system as mandatory affective compliance programs become a requirement.