Part 1 of 2: Measuring the Effectiveness of Your Healthcare Compliance Plan

Jun 4, 2020 | Blog

How to Measure the Effectiveness of your Healthcare Compliance Plan

Health care entities understand they must meet a variety of regulatory and legal standards. Compliance with Office of Inspector General (OIG) regulations will mitigate risk for your organization, but the compliance process can still be very complex. How effective is your organization at meeting these standards, and how do you measure compliance program effectiveness?

This list acts as a guide to measure compliance program effectiveness and can help you meet OIG guidelines; further, it can be adapted to your organization’s needs. This document is not a checklist detailing how to meet OIG requirements, but it suggests ways healthcare entities can measure compliance using whatever resources they have available. For guidance on your specific segment of the healthcare industry, see OIG’s compliance program guidance documents.

According to the Health Care Compliance Association’s CHC Candidate Handbook: Detailed Content Outline, compliance program elements fall under seven categories. This, the first part of a two-part series, will discuss the first three categories of an effective healthcare compliance plan.

11 Steps to Measuring Compliance Policy and Procedure Effectiveness

  1. Review Access: Review access to standards, policies, and procedures against OIG guidelines. Survey employees to learn whether they can easily find the information. Make sure your information is ADA-compliant.
  2. Define Accountability: Clearly define the owner of each policy and designate a policy coordinator. Maintain escalation policies in case of necessity.
  3. Maintain a Compliance Plan: Maintain a written compliance plan and keep it current. If your organization doesn’t have one or needs to update the compliance plan, OIG maintains a Compliance Resource Portal with toolkits organizations can use.
  4. Ensure Quality: To determine quality, compliance professionals can measure policies against industry standards. They can also request reviews from internal and external stakeholders. Check language for readability and translation quality.
  5. Check Understanding: Check employees’ comprehension of the compliance program through surveys and focus groups and audit how well they are followed by everyone, including the Board and C-suite. Communicate how employees may ask questions about compliance issues.
  6. Create a Review and Approval Process: A clear procedure for review, maintenance, and approval should exist for the creation of new policies or review of current policies. Generally, the Board should perform regular reviews and approvals.
  7. Provide Updates: Create a procedure and communication plan for changes to policies and procedures.
  8. Assess Policies: Create a list of necessary policies and audit current policies against the list; specifically, ensure policies are in place for risk areas, required policies, and routines. Check that policies don’t overlap and that they are well-organized so they can be easily found. Solicit feedback from members affected by the policies.
  9. Review the Code of Conduct: Determine if the code of conduct matches the organization’s mission and values. Review the code for proper implementation. Verify that the code is displayed publicly and distributed to all relevant parties. Test employees on their knowledge about and understanding of the code.
  10. Maintain Confidentiality Statements: Audit employee files and procedures to ensure the maintenance of appropriate confidentiality statements.
  11. Conduct Interviews: Conduct interviews and audits to ensure that the organization adheres to stated compliance standards.

14 Ways to Provide Administrative Support for Your Compliance Program

  1. Support the Compliance Officer: Verify certification and conduct annual reviews of the compliance officer. Evaluate the integration of compliance into other aspects of the business. Ensure the compliance officer feels comfortable addressing issues with the Board and has the independence to complete job responsibilities. Complete reviews of the compliance process.
  2. Address the Board of Directors: Review minutes of meetings where the compliance officer reports to the Board. Ensure the Board has adequate resources and is involved in resolving compliance issues.
  3. Track Committee Attendance: Track attendance and involvement of committee members. Review the organizational chart to ensure optimal representation on committees. Address potential conflicts of interest. Ensure that members of the executive team attend and are engaged in meetings.
  4. Compliance Budget: Verify board approval of the compliance budget and budget sufficiency for managing risks and ensuring compliance effectiveness.
  5. Conduct Reviews: Conduct reviews or audits to ensure leadership promotes and supports compliance.
  6. Ensure Adequate Staffing Resources: Ensure staffing and resources are adequate to support the compliance plan. Document risk assessment. Compare compliance data with data from similar organizations.
  7. Review Compliance Plan: Conduct internal and external reviews of the compliance plan. Audit the process for annual compliance plan development. Evaluate the effectiveness of internal audits in creating compliance plans.
  8. Evaluate Culture: Create surveys on the following: impact of the compliance department on staff, accuracy and integrity of reported information, the compliance program’s relationship to mission and values and OIG regulations, communication of compliance procedures, and culture. Track survey completion, employee comments, and general compliance reports.
  9. Audit Incentives: Audit how bonuses and promotions are given and whether compliance is a factor. Conduct a survey or perform an outside audit of incentives.
  10. Review Performance Evaluations: Audit evaluations for their compliance consistency. Determine the relationship between compliance and incentives or disciplinary action. Does HR know how to evaluate compliance issues and is compliance part of the annual evaluation? Track disciplinary action to ensure there is no organizational retaliation for reporting compliance issues.
  11. Audit Risk Assessments: Review documents and processes for the work plan, OIG regulations, and risk management. Audit risk assessment cycle observance. Review compliance committee and board meeting minutes with respect to compliance program elements. Evaluate staff knowledge of risk assessment knowledge and competence.
  12. Make a Compliance Work Plan: Make sure the compliance work plan is adequately developed and effectively implemented. Set up a regular plan to measure compliance program effectiveness.
  13. Review Legal Counsel’s Role: Review policies to ensure appropriate referral of legal counsel.
  14. Review and Evaluate: Review management job descriptions and evaluate for compliance deliverables.

12 Ways to Evaluate the Effectiveness of Employee and Third-Party Screening

Accountability for Screening: Ensure that the person responsible for exclusion screening has a clear understanding of and accountability for their role through training, reviews, and performance evaluations.

  1. Conflict of Interest: Audit conflict of interest disclosures and conduct training on conflict of interest issues.
  2. Employee Screening: Verify that new hires are screened and document the types of screening performed, especially for OIG and state exclusions, which should be checked against OIG’s LEIE Database. Determine if controls would prevent the organization from hiring an ineligible individual. Conduct a legal review to verify that screening standards match legal requirements. Verify that the organization has policies in place for actions taken toward individuals flagged during the screening process.
  3. Employee Accountability: Verify that the organization clearly explains employee responsibilities for healthcare compliance through job descriptions, employee education, performance evaluations, and interviews. Survey employees to evaluate compliance program effectiveness.
  4. Employee Disclosure: Conduct policy reviews and document reviews to ensure comprehension and adherence to disclosure and reporting requirements.
  5. High-Risk Screening: Review policies regarding high-risk positions that may require additional screening.
  6. Licensure: Review policies for verification that individuals in positions requiring licensing and credentialing verify appropriate qualifications.
  7. Response to Exclusion: Audit the organization’s policies for the taking of appropriate action in response to exclusion.
  8. Exit Interviews: Audit the organization for policies regarding the inclusion of compliance in exit interviews and the termination process. Review vendor contract termination procedures.
  9. Response to Screening: Review documents for screening, investigation, and action consistent with policy
  10. Vendor: Audit vendors for evidence of compliance, including certification, training, and orientation. Conduct document reviews to ensure the clarity of compliance obligation communication to vendors.
  11. Vendor Screening: Ensure the organization has written policies for third-party screening, including a list of databases checked, frequency of screening, review of contracts, and the vendor’s self-screening procedures.

Healthcare compliance is an important part of your effort to provide safe, high-quality, care for your patients. Part 2 of this series will detail four more categories of ways to measure healthcare compliance program effectiveness.

Stay compliant by screening against FACIS® by Verisys. FACIS is the gold standard in healthcare data used to screen providers for exclusions, sanctions, debarments, and disciplinary actions. Verisys keeps your organization safe, secure, and compliant while meeting government standards and regulations. Enhance your compliance program with real-time access to the most comprehensive dataset for screening and monitoring providers, allowing your organization to operate with full transparency.

Learn more about how Verisys can assist your HCOs in meeting all government and regulatory standards.

Verisys Written by Verisys
Verisys transforms provider data, workforce data, and relationship management. Healthcare, life science, and background screening organizations rely on our comprehensive solutions to discover their true potential. Visit to learn how we turn problems into power.

  • Secure, configurable, and proven solutions
  • Accurate, compliant, and complete information
  • NCQA, URAC, and ISO accreditations/certifications

Follow us on LinkedIn