5 Best Practices for Conducting Annual Compliance Program Reviews

Marketing Director

Annual compliance reviews are an important tool to protect your organization against risk. But healthcare organizations often simply go through the motions without really digging into issues and looking for improvements.

“Most assessments focus too much on the standard seven elements of a compliance program, and too little on the extent to which the compliance program actually mitigates risk,” says Jessica Santos, Global Compliance and Quality Director at Kantar Health.

Here’s how to make sure your annual review goes above and beyond.

Designate an Owner

Compliance reviews too often are an extra task added on to someone’s overworked schedule. This is especially common in smaller practices, says Yulian Shtern, a Healthcare Attorney at Abrams, Fensterman, Fensterman, Eisman, Formato, Ferrara & Wolf. But compliance should be treated like a way of doing business, not just following a manual, he says, and having someone in charge of it is key.

“Organizations should designate a compliance officer and ensure that person has enough time to work on compliance-related issues and activities,” Shtern says. If an organization can’t hire a dedicated compliance officer, it’s paramount that leaders ensure whoever owns the process is given the time and resources to do it right.

Establish a Data-Driven Culture

Healthcare organizations thrive on data, and compliance should be no exception. Organizations that measure reports and events can track issues over time. During the year, test employees on policies and training and examine communication procedures.

During the annual review, go over the measuring and data analysis processes themselves. High numbers of violations could indicate that employees don’t understand a rule completely. If you have policies or procedures that no one in the organization is aware of or understands, something is missing or not working, Santos says.

Take a Year-Round Approach

If your approach to compliance is a binder of the seven elements that gets dusted off once a year, you’re asking for trouble. “If there’s a manual but it’s not being implemented, that’s almost worse than not having one at all,” Shtern says. “It’s important to treat it as a living, breathing document, not just a manual.”

Stay updated on regulation changes, even if it’s just signing up for newsletters and updates, Shtern says. Conduct periodic self-assessments throughout the year, rather than waiting for the annual review. Shtern also recommends reviewing the work plan from the HHS’ Office of Inspector General, which can provide some insight into what the government will be focusing on in the coming year.

Invest in Training

Policies and procedures are nice, but training that educates on the “why” as well as the “what” is vital. It can be easy to get by on training programs that just go through the motions, but everyone needs to understand the obligations to the workforce, Shtern says. “The tool isn’t worth the paper it’s written on if you’re not using it,” he says.

You can use the annual compliance review to make sure you’re up-to-date with new training, says Richard Best, Technical Director and Corporate Director of OSHA Compliance at Stericycle. “Entering a new calendar year brings with it requirements for periodic or updated compliance with various regulatory agencies,” he says. OSHA in particular may have annual updates.

Protect Whistleblowers

Compliance can sometimes turn into a “gotcha” policy rather than one that strives for constant improvements. Some states include an eighth point on the list of compliance elements: non-retaliation. Even if your state doesn’t require it, Shtern recommends making it part of your policy.

“It’s very important that the workplace understands that retaliation is not tolerated,” Shtern says. Whether it comes from supervisors, peers or subordinates, it’s one of the biggest challenges that compliance organizations face. Review any legislative changes your state may have made to whistleblower rules, and ensure communication plans include information about non-retaliation.

Compliance is more than checking off boxes on a list; it must be seen as a way of doing business at all levels to protect the healthcare organization against unnecessary risk. Use the annual review to strengthen your policies and procedures.

PreCheck Pulse Report: Healthcare Employment Screening Trends Report