3 Strategies for Compliance Program Annual Reviews
Some of the biggest lawsuits of 2019 involved massive opioid distribution companies. Multiple pharmaceutical companies are set to pay out hundreds of millions of dollars in damages to the states most affected by the opioid crisis.
One of the primary charges against many of these pharmaceutical giants? Lack of resources dedicated to maintaining compliance. The New York Times reported in April that before 2007, Cardinal Health and McKesson had dedicated almost no resources to evaluating and maintaining legal compliance.
These are extreme cases, but they underscore the importance placed upon issues of legal compliance in healthcare. Compliance program evaluations are expected in healthcare and even required for some organizations. One way to keep compliance in the forefront at your healthcare organization is by running an end-of-the-year annual compliance program review. This helps you to ensure compliance throughout the year and moving forward.
But what should an annual review consist of? And what unique challenges should healthcare organizations consider in the coming decade to stay ahead of changing expectations of compliance?
Here are some steps for structuring an annual compliance review at your organization that will prepare you for 2020 and beyond.
Take a Cue from Regulatory Guidelines
Guidance issued by the Department of Justice and the Department of Health and Human Services Office of the Inspector General is the best starting point when conducting a compliance review, says Callan Stein, Partner at Pepper Hamilton LLP. Some items these departments are looking for in a compliance program are responsive updating, customization to the organization and risk assessment, Stein says.
Risk assessment extends to third party vendors. Data security is especially susceptible, says Amelia Roberts, BSN, RN and Principal at Solutions by Amelia. “Many of the recent data breaches involved vendors that healthcare systems used rather than the healthcare systems themselves,” she says. “Consider auditing business associates and related vendors, and then document how these partners are staying HIPAA compliant.”
Dedicate Enough Resources to Compliance
As your organization changes and grows, it’s critical to keep tabs on your compliance department and to have sufficient resources. “You want to make sure that you have enough employees whose job is dedicated to compliance and that the department is commensurate and proportional with your operations,” Stein says.
When compliance issues arise, you need enough resources to be able to take disciplinary action to deter recurrence, which is a practice that the DOJ and HHS OIG will be watching for. Discipline should be consistent across all organizational levels and proportionate to the violation. “The government wants to see significant consequences for compliance violations,” Stein says. “They want to see it across the board, whether the violation comes from the bottom or the top.”
Monitor Your Organization’s Data and Use It Proactively
Your healthcare organization generates huge volumes of data every year, and it’s precisely that data that the government mines when conducting investigations. Monitoring that data for trends in noncompliance can help you identify and head off potential violations, Stein says. “If you identify something amiss, you can investigate it using counsel,” he says. “You can then take preemptive action to correct it, if need be.”
Mining your own organizational data throughout the year is a good practice to stay ahead of violations. When problems do arise, the data tells the story. Use it to conduct a root-cause analysis and determine where the problem started. Once you know the cause, Stein says, you can pinpoint why it happened. Then, you can take disciplinary action to ensure that it doesn’t recur.
The bottom line? An annual compliance review allows you to be responsive to potential compliance violations at your healthcare organization and stay ahead of changes to compliance guidelines. And when conducted at the end of the year, a review sets the stage for compliance success in the months to come.