The Department of Health and Human Services, Office of Inspector General (OIG), in conjunction with the Health Care Compliance Association, recently released a resource document to help healthcare organizations measure the effectiveness of their compliance programs. While the OIG has encouraged healthcare organizations to develop effective compliance programs for decades, it has not, until now, provided much guidance on how to determine whether compliance programs are, in fact, effective.

The new guide, titled Measuring Compliance Program Effectiveness: A Resource Guide and published March 27, 2017, is the product of a January roundtable discussion involving OIG staff and compliance professionals. Participants framed their discussion around the oft-cited seven elements of an effective compliance program. Their goal was to provide metrics for measuring compliance program effectiveness that would be helpful to a wide range of healthcare organizations differing in size, operational complexity, industry sectors, and resources.

Historically, healthcare organizations have had to create their own tools to evaluate their compliance programs by cobbling together various sources of guidance from the OIG and other sources, including the OIG’s provider- and industry sector-specific compliance program guidance documents, OIG audits and workplans, and corporate integrity agreements. The Resource Guide likely will become a starting point for healthcare compliance program assessment tools, regardless of the type of organization conducting the evaluation.

Purpose of the Resource Guide

The stated purpose of the Resource Guide is to give healthcare organizations as many ideas as possible for measuring the effectiveness of their compliance programs, be broad enough to help any type of organization, and let the organization choose which metrics best suit its needs. While the Resource Guide lists over 400 individual compliance program metrics, its authors emphasize that it is not meant to be a checklist or applied in its entirety. In fact, using all of the measurement tools—or even a large number of them—is “impractical and not recommended.” Rather, healthcare organizations should treat the Resource Guide as an idea bank from which they can select those metrics most suited to their needs, resources, and risks. As the authors succinctly put it, “one size truly does not fit all.”

Content of the Resource Guide

The Resource Guide is divided into seven sections, which generally track the seven elements of compliance program effectiveness identified by the U.S. Sentencing Commission. Each section contains suggestions for “what to measure” to evaluate the effectiveness of an organization’s compliance program and “how to measure” those standards.

1. Standards, policies, and procedures. This Resource Guide highlights the importance of having the relevant policies and procedures in place to form the structure of an organization’s compliance program. The metrics focus on basic compliance functions, including measuring employees’ access to the policies, implementing internal processes for periodically reviewing the policies, assessing the quality and applicability of the policies, maintaining an organizational code of conduct, and ensuring an organization-wide understanding of compliance policies and procedures.

2. Compliance program administration. A key component of an effective compliance program is a well-functioning administration that involves everyone in an organization—from the governing body to employees at all levels—in compliance processes. The metrics highlighted in this section of the Resource Guide offer ideas to judge the effectiveness of an organization’s board of directors, compliance committees, compliance officer, compliance staff, and general culture of compliance.

3. Screening and evaluation of employees, physicians, vendors, and other agents. This section includes ideas for measuring how well organizations evaluate employees, vendors, and affiliated individuals for possible exclusion and conflicts of interest, and whether the organization has a plan for responding to these issues. The metrics remind organizations that an effective compliance program concerns not only the organization’s own employees, but also the organization’s third- party vendors, agents, and affiliated individuals.

4. Communication, education, and training on compliance issues. The Resource Guide provides organizations with tools to measure whether individuals receive effective job-appropriate training, whether the organization’s governing body is adequately trained in compliance efforts, and whether that training is updated when necessary due to regulatory changes or compliance failures. The Resource Guide also provides ideas to measure whether an organization has established a culture of compliance, such as surveying all employees to determine the extent to which employees believe there is a culture of compliance in the organization and reviewing the organization’s compliance training material to determine if scenario-based training or other interactive training methods are used to promote employees’ understanding.

5. Monitoring, auditing, and internal reporting systems. This section contains metrics that an organization may use to evaluate whether its processes for monitoring violations of laws and regulations, its internal reporting system for noncompliance, and its routine risk assessments and compliance audits are effective. This section also highlights the importance of an organization’s response to compliance audits or instances of noncompliance, including corrective action plans.

6. Discipline for noncompliance. The Resource Guide provides several metrics that organizations will find helpful in analyzing whether employees understand the consequences for noncompliance and whether the discipline imposed in instances of noncompliance is consistent across the organization. The questions in this section also help organizations assess whether incentive and promotion criteria are appropriately aligned with the organization’s compliance concerns.

7. Investigations and remedial measures. This section includes metrics that organizations may use to evaluate the effectiveness of compliance investigations, including the independence and competence of the investigators, communication regarding investigations, and whether the organization responds appropriately to identified compliance concerns.

How to Use the Resource Guide

As noted above, the Resource Guide is not meant to be a one-size-fits-all compliance program framework. It does, however, include several hundred different compliance program features that compliance officers and other leaders can use to identify the particular elements that apply to their organization based on its risk areas, size, resources, and industry segment. In this respect, the Resource Guide offers a far-reaching toolkit that may reduce the amount of effort required to prepare an assessment tool for measuring compliance program effectiveness.

On the other hand, although the authors took care to discourage “[a]ny attempt to use [the Resource Guide] as a standard or certification,” and although the Resource Guide does not have binding legal authority, the document places responsibility for selecting appropriate compliance effectiveness measures and processes on the healthcare organizations. Because OIG staff participated in the creation of the Resource Guide, it would be prudent for legal and compliance staff, boards of directors, and compliance committees to carefully consider the suggestions contained in the document when designing compliance program assessment. The Resource Guide represents the most thorough presentation of the OIG’s thinking on compliance program evaluations to date; healthcare organizations should proceed accordingly.