On October 15, 1976, President Ford signed into law legislation creating an Office of Inspector General (OIG) at the Department of Health, Education and Welfare (HEW).  HEW OIG would become HHS-OIG in 1980 when the Department was redesignated as the Department of Health and Human Services (HHS).

The OIG and HHS oversee various segments of the healthcare industry, such as hospitals, nursing homes, third-party billers and durable medical equipment suppliers to monitor adherence to applicable statutes, regulations and program requirements.

OIG compliance programs provide oversight toward promoting ethical and lawful corporate conduct that focus on encouraging prevention, detection and resolution of occurrences of conduct that do not meet federal and state law, and a hospital or health system’s business policies.

The OIG, HHS, Association of Healthcare Internal Auditors, American Health Lawyers Association, Health Care Compliance Association created a guide titled Practical Guidance for Health Care Governing Boards on Compliance Oversight that highlighted five key areas healthcare stakeholders should understand so that they can develop a comprehensive compliance program.  The elements listed below provide hospitals with the overarching elements the OIG relies upon in making conclusions as to the effectiveness of hospital compliance programs.

IHS implements compliance in all that it does.  Every relationship and exchange in a healthcare interaction must conform with state and federal guidelines.

What Is Healthcare Compliance? 

Healthcare compliance is the ongoing process of meeting, or exceeding the legal, ethical, and professional standards applicable to a particular healthcare organization or provider. Healthcare compliance requires healthcare organizations and providers to develop effective processes, policies, and procedures to define appropriate conduct, train the organization’s staff, and then monitor the adherence to the processes, policies, and procedures. Healthcare compliance covers numerous areas including, but not limited to, patient care, billing, reimbursement, managed care contracting, OSHA, Joint Commission on Accreditation of Healthcare Organizations, and HIPAA privacy and security to name a few.

Healthcare compliance is not a new concept. One of the earliest forms of healthcare compliance was the establishment of minimum standards for surgery facilities by the American College of Surgeons in 1918. Today, the volume of regulations applicable to healthcare organizations and providers requires they have dedicated team members specifically focused on healthcare compliance.

Each of the government agencies that regulate healthcare approaches its regulatory framework based upon its own area of control. For example, the Drug Enforcement Administration (DEA) is charged with enforcing the laws regarding controlled substances. The DEA’s healthcare compliance is understandably directed toward ensuring that controlled substances are only used appropriately.

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) is focused on protecting the federal healthcare programs from fraud, abuse and waste. The OIG has published some of the most comprehensive guidance for healthcare organizations on the elements of an effective healthcare compliance program. According to the OIG, an effective healthcare compliance program must, at the very least, address the following seven areas:

The development, distribution and implementation of written standards of conduct and written policies and procedures that describe and further the organization’s commitment to meeting and exceeding the legal and ethical standards applicable to the organization;

The designation of a chief compliance officer and other appropriate committees and individuals that are responsible for operating and monitoring the compliance program and who report directly to the organization’s chief executive officer and the governing body;

The development and delivery of effective employee education and training programs;

The development and maintenance of effective lines of communication that allow individuals to report compliance concerns without retaliation, including the ability to anonymously report concerns and complaints;

The development and implementation of a process to respond to complaints that includes the imposition of appropriate corrective action including discipline of employees when required;
The use of internal monitoring and audits to measure compliance and address known deficiencies; and

Responding appropriately and quickly to detected offenses and implementing corrective action.

Why Is Healthcare Compliance Important? 

Ultimately, the purpose and primary benefit of healthcare compliance is to improve patient care. Patient care is improved when healthcare decisions are based upon appropriate and current clinical standards. Patient care decisions based upon improper motives rarely results in the delivery of quality care.

Healthcare compliance also aids healthcare organizations and providers in avoiding trouble with government authorities. An effective healthcare compliance program can identify problems and find solutions to those problems before a government agency finds the problem. An effective healthcare compliance program can also mitigate against the imposition of sanctions, or financial penalties that might otherwise be imposed on the healthcare organization or provider. A review of the recent OCR settlements for HIPAA breaches shows that the OCR imposes higher fines when the healthcare organization had not developed and implemented effective HIPAA compliance.

A large number of healthcare organizations and providers have self-disclosed matters identified through their compliance programs to government agencies. The penalties imposed upon those self-disclosing organization and providers were far less than the penalties and other sanctions imposed on organizations and providers that were prosecuted for their misconduct.

An effective compliance program can also help a healthcare organization or provider avoid liability for malpractice. A consistent theme in healthcare compliance is documentation that the organization or provider is following current clinical standards. A healthcare organization or provider that is following best clinical practices is less likely to be the subject of a malpractice claim.