Compliance has become part of the landscape, especially in highly regulated industries like healthcare. If you ask any leader in the field of healthcare why you must have a compliance program, they will likely reference government laws, such as the Affordable Care Act, or will state that it is important for keeping the organization out of trouble. Compliance Officers themselves will tell you that a compliance program is no longer an optional best practice, and will talk about guidance from the Office of the Inspector General (OIG).
It is true that the OIG does expect healthcare organizations to have a Compliance Program, and various laws do, as well. The OIG, in fact, states that the Compliance Officer needs to independent, and strongly advises the Compliance Officer reports to the Board in order to preserve the autonomy of that role and should be part of the senior management or leadership team. Given all this guidance, why is it that the Compliance Officer is still frequently not at the leadership table? Shouldn’t they be? Most organizations who are ‘doing it right’ and have the Compliance Officer reporting to the Chief Executive Officer and the Board still do not include the Compliance Officer in many of the leadership functions.
I’ve worked with many organizations, some new and some well-established, some huge and some very small. This issue is common among many, regardless of their size or scope. I believe that this is an artifact of how Compliance is perceived, and the historic origins and role of that function. Back in the ‘beginning’ of compliance programs, there were audits by the government that identified various patterns of fraud and abuse. The government issued guidance for the development of compliance programs in order to prevent and detect fraud and abuse proactively. With that basis, compliance programs started out as a ‘police function’, where the Compliance Officer rooted out bad behavior and put a stop to it, often forcing operations to change how they were doing things in favor of a less efficient or cost effective process in order to meet regulatory requirements. Obviously this was not popular, and the reputation of Compliance was created. Those early Compliance Officers were also often technical people, strong in auditing or coding, in order to most effectively identify the risks. The Compliance Officer was not seen as a leader, and was relegated to the role of a necessary evil that cost money better spent elsewhere.
As time has gone on, however, compliance programs have matured, with the scope and expectations evolving to include almost every aspect of operations. No longer focused on coding and billing, compliance programs now get involved in business and financial arrangements, purchasing, employee relations, and even quality of care/clinical issues. On any given day, the Compliance Officer may be requested to weigh in on a proposed arrangement with a lab, asked whether certain documentation meets ‘incident-to’ billing requirements, and requested to review a policy addressing OSHA. The Public Relations department may ask the Compliance Officer to review proposed signage, and Human Resources requests a consult about a claim of retaliation. Medical Records calls and inquires about releasing records to a patient’s attorney. These types of activities are common in the everyday work of a Compliance Officer. Clearly this role has evolved from a police function to a support function that touches every aspect of the organization.
So, back to my earlier question. Shouldn’t Compliance have a seat at the leadership table? Different organizations have different structures and names for that group, and often there is more than one team. I’m talking here about that C-Suite group that routinely meets to discuss key critical issues, strategies, and initiatives facing the organization. If you look at the organization chart, there is the Compliance Officer, reporting directly to the CEO, but is nowhere to be seen at those leadership meetings as a routine matter. To be fair, there are many organizations who have evolved with the changing role of compliance, but many still just do not see how or why top leadership should include that function.
There are key reasons why this should change, and why leaders should reconsider the value of the Compliance Officer to leadership.
The first thing that should be understood by leaders is that an experienced Compliance Officer has line-sight into operations across the organization. While members of the executive team are well-versed in the lines of business and strategy of the entity, they don’t typically get into the weeds of day to day department-level operations. The Compliance Officer, on the other hand, attends department meetings and helps the various functional areas and lines of business by reviewing their policies, auditing operations, and answering questions particular to the different functions. Given this role, the Compliance Officer knows who is doing what, where risks may reside, and where functions overlap and could be creating inefficiencies. The Compliance Officer also knows where gaps are and routinely works to advise operations on how to fill them. So when the executive team is thinking about a joint venture, expanding a line of business, or who to have lead a business unit, the Compliance Officer is the person who likely knows the inner workings already, and can assess the proposed strategy from the standpoint of how it will interact with existing operations and how inherent risks should be addressed, given existing resources.
In addition, the Compliance Officer is necessary to help evaluate business arrangements, and should know about them from the beginning. Will that new clinic build-out be set up in a way that patients have privacy during the registration process? Did we get a Fair Market Value assessment on that space we want to lease to a clinical laboratory? When we bring on an agency to do background checks, will they also be doing monthly OIG checks of all our vendors and employees? What about Medical Staff? What are the security measures available for that new IT system? What is their liability if they have a breach? And sometimes proposed arrangements don’t consider the compliance function itself. For instance, the leadership team decides to enter into a management services agreement to run a multi-specialty physician practice. Does that agreement include compliance oversight? Or is that something that won’t come up or be identified until there is a privacy breach or some other problem? Often the Compliance Officer isn’t even told about that arrangement, much less advised that they have additional responsibilities. Nobody ever thought of that when they were planning the agreement.
One issue that should be obvious is that the Compliance Officer has knowledge of laws, regulations, and enforcement trends that may be relevant to proposed activities or issues that arise. Even if General Counsel is at the table, the Compliance Officer is monitoring things from a different perspective and is watching what the government is targeting. That insight can save a company a lot of grief on the front end. The Compliance Officer might advise the team to think twice about a lucrative lease arrangement with a radiology company, because the OIG has just issued a fraud alert about those very arrangements.
Lastly, an experienced Compliance Officer brings a wide range of skills to the table. Education, auditing, communication, research, policy development, project management, and strategic thinking are core skills necessary for a good Compliance Officer. Those skills can add a lot of value to help move various initiatives forward and to help manage and implement new measures. A Compliance Officer, if they are good at their job, has great strengths in navigating politics and difficult players in the organization. They likely know where your problem people will be in a new project, and can advise on strategies to get them on-board. It’s what we do in compliance, every day.
My main point here is to ask that organizational leadership takes a second look at the Compliance Officer, especially if they are not closely aligned with the leadership team. You could be missing out on a huge asset to your group, and could benefit in many ways by reducing risk, improving project implementations, managing incidents, and gaining insights into potential trouble spots that may not otherwise come to your attention in such a timely manner. Those of us working in the compliance field want to make a difference for our organizations, so please, let us come to the table! We want to help.