Chief Compliance Officers have a tough job. It does not matter what industry they are working in, CCOs face a myriad of challenges.
The healthcare industry, however, has its own set of challenges. While there has been a “long” tradition (since the 1990s) of compliance in the healthcare industry, that has not translated into a robust commitment to elevating CCOs and ensuring they have access to adequate resources.
If you talk to CCOs in the healthcare industry, you hear a familiar set of concerns: lack of resources, failure to elevate CCOs to the C-Suite, overwhelming risks and challenges, and lack of senior management and/or board commitment to compliance. It is hard to understand how this can occur, especially given the aggressive enforcement environment at both the federal and state level.
Medical providers and suppliers are on everyone’s radar screens. Prosecutors and regulatory agencies often conduct parallel criminal and civil investigations with complicated issues and huge risks, both financial and reputational. The criminal laws have been stretched, amended and otherwise twisted to use against medical providers and suppliers.
The continuing challenge for CCOs at medical care providers and suppliers is to keep their focus on these common issues:
1. Building and Maintaining a Culture of Compliance: A company’s culture is the single determinant of an organization’s ability to ensure compliance with its code of conduct and applicable laws and regulations. CCOs face a continuing challenge in promoting a culture of compliance. It is difficult enough to do so while measuring the organization’s culture and responding to weaknesses in the culture throughout the organization. The ethics and compliance message has to be consistently communicated throughout the organization.
2. Changes in External Environment: Healthcare providers and suppliers face a number of external changes including legal and regulatory requirements. More significantly, the healthcare industry is includes rapid technological changes that have a significant impact on healthcare providers and suppliers. For example, the industry has become more dependent on electronic data (e.g. health records) and faces significant data security risks. For CCOs, this new technology has made their jobs even more complex, especially given new legal and compliance requirements for data security.
3. Use of Relevant Data: Healthcare CCOs can easily be swamped in a mass of data. Healthcare providers who are dependent on claims and measurement of quality and services maintain mountains of data. CCOs have to be smart about picking data that is relevant to the compliance function. In particular, CCOs have to design data collection procedures so that they can monitor relevant activities. CCOs also need to identify and define relevant benchmarks for comparison so that compliance resources are allocated to risks based on some relative ranking system.
4. Resource Limitations: CCOs face significant shortages in resources, personnel and support. Some mid-size hospitals have limited compliance staff in the single digits – by definition such compliance programs are ineffective. It is almost indefensible for healthcare organizations to restrict resources while repeating statements of commitment to compliance. In the end, CCOs have to be realistic about what they can and cannot accomplish given the resource limitations. After a careful and honest assessment, CCOs have to decide whether the current resources and immediate plans to increase resources are sufficient for them to carry out their responsibilities.
5. Organizational Structure: Healthcare organizations are committed to growth, either through acquisitions or internal expansion. As a result, CCOs face huge challenges in designing a compliance program to meet the needs of an organization that is growing in its complexity and its compliance needs. Training and auditing programs are hard to maintain when an organization becomes more complex.