Moving From Reactive to Proactive Compliance May Reduce Risks

Health Care Compliance Association (HCCA)

Health Care Compliance Association (HCCA)

Report on Medicare Compliance 29, no. 45 (December 21, 2020)

When an orthopedic surgeon demanded very generous compensation, the hospital weighed its clinical and business needs against the compliance risks. It had to act fast, because the orthopedic surgeon threatened to go elsewhere. With the clock ticking, the vice president in charge of high-risk arrangements had no time to analyze data, including the orthopedic surgeon’s clinical patterns and productivity, and make an informed hiring recommendation. She crossed her fingers and sent the contract to the CEO for a signature.

“You’re in a hostage-like situation,” said Amit Vaishampayan, vice president of the Coker Group. “It may backfire.” The hospital could be paying the physician above-market value, which is risky under the fraud and abuse laws, and the VP may be personally on the hook in light of the Department of Justice Yates memo.

This is a classic example of the fallout from a reactive regulatory compliance program, which is less effective than a proactive compliance program, Vaishampayan said at a Dec. 14 webinar[1] sponsored by the Health Care Compliance Association. With reactive compliance programs, hospitals are often “held hostage” to physician demands when under pressure to recruit them quickly, for example, he said.

“If you have a proactive approach and the systems in place, and they’re working correctly, they should be able to identify high-risk arrangements early on and have documented procedures to follow,” he said. “There will always be one-off, last-minute stressful arrangements—there’s no avoiding bumps in the road—but that should be the exception and not the norm.”

Vaishampayan used an analogy of health care and “sick care” to explain the difference between proactive and reactive compliance programs. Patients see the doctor after they have symptoms, but the better model is staying healthy with preventive and primary care. “Many clients are fighting fires,” he said. “Accepting that as the norm is a dangerous place to operate.”

He recently heard from a client who has a medical director with a contract that hasn’t been updated in 15 years. “The duties and compensation may not be appropriate now,” Vaishampayan said. Maybe the physician is still receiving bonuses for quality or performance metrics that were achieved five years ago. The fact it hasn’t been revised tells Vaishampayan there isn’t a clear, documented process for ensuring contract terms are appropriate for the organization. “It creates risk,” he noted.

Organizations also often develop a new contract for every physician instead of having a structure they can apply to every arrangement, said Justin Chamblee, senior vice president of the Coker Group, at the webinar. “It’s recreating the wheel, and it becomes a highly complex environment to manage,” he explained. “It’s an ad hoc approach, and it’s all reactive. It’s a great example of where compliance risks pop up.” There may be too much reliance on the judgment of a business development executive, who may be fast-tracking contracts one at a time.

It May Take a ‘Nudge’ to Do Proactive Programs

So why are many organizations slow to embrace proactive compliance? For one thing, there’s a perception that change is hard, which is true, Chamblee said. “It will take processes and budgets,” although he noted there’s a return on investment. “Another reason why people are stuck in reactive mode is the notion of, ‘If it ain’t broke, don’t fix it,’” he said. They tend to stay in a reactive mode until a “nudge” pushes them to the proactive approach, Chamblee said. A nudge could be the realization they are spending enormous sums assessing transactions one by one.

Proactive regulatory compliance programs include well-documented policies and procedures; periodic reviews; and internal controls, supporting documents and processes that reduce risk. “They should be less time consuming, less costly and preserve the ability to enter into prudent financial relationships but balance compliance risks,” Vaishampayan said. Here are some of the key elements:

  • Compensation policy document. One governing policy document with clear, concise language should apply to all physician arrangements, Chamblee said. It articulates how physicians in the organization are compensated. “When you have that from a compliance standpoint, it makes thing smoother. If there’s no overarching document and each physician arrangement is separately negotiated, it opens you up to a host of regulatory compliance risk and operationally creates a more challenging environment to manage.”

  • Compliance governance structure. The first leg deals with delegation responsibility, Vaishampayan said. “It’s imperative to know who has what responsibility for oversight.” The second leg is documentation of that responsibility, and the third leg is internal controls. He said hospitals could implement several types of internal controls. For one thing, periodic contract reviews would ensure all arrangements are reviewed at least once every X number of years. “Specifically, the control would be to ensure the duties, responsibilities, allocated hours and payment rates are appropriate and still applicable,” he said. This is very important, especially when organizations use evergreen, auto-renewing agreement language (e.g., they automatically review every 10 or 15 years). Organizations can stagger reviews of evergreen contracts to avoid being overwhelmed. Another type of internal control is time sheet reviews. They ensure time sheets submitted by certain physicians, who probably have administrative positions, are reviewed by people across different departments, Vaishampayan said. “Specifically, the control would be for both the accounting department and the service line leadership to review for different reasons,” he explained. “The accounting department is reviewing to ensure accurate payment adjudication, while the service line leadership is reviewing to ensure the duties and responsibilities are still relevant and the allocated hours are still appropriate.”

  • Additional reviews. When their compensation arrangements are considered higher risk, physicians will be subject to additional reviews. That could include procedures performed by physicians who are compensated at more than the 90th percentile.

Contact Vaishampayan at and Chamblee at

1 Amit Vaishampayan and Justin Chamblee, “Take Your Regulatory Compliance Program to the Next Level with a Proactive Approach,” webinar, December 14, 2020,

[View source.]

Written by:

Health Care Compliance Association (HCCA)

Health Care Compliance Association (HCCA) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.