Federal Sentencing Guidelines for an Effective Compliance Program

The Federal Sentencing Guidelines identify seven minimum requirements that an organization must meet in order for its corporate compliance program to be considered "effective." These requirements are as follows:

1. The healthcare entity must establish compliance policies, standards and procedures for employees and other agents that help them comply with the law and avoid criminal conduct.
   
   The integrity and reputation of an organization depends on the individual actions of its employees, representatives, agents and consultants. Essentially, standards of conduct are written statements that reflect the company's management philosophy. They govern the organization's business decisions and actions and, together with the facility's written policies and procedures, demonstrate the governing body's commitment to corporate compliance. Anyone working on behalf of the company - whether as a full-time employee or an outside agent or consultant - should be held personally responsible for compliance with the organization's code.
   
   
2. In each company, high-level personnel must take responsibility for compliance plan oversight and monitoring.
   
   Every organization must designate a chief corporate compliance officer to operate and monitor the compliance program. This should be a senior manager with sufficient authority and have some experience in the area he or she is overseeing. Designating a compliance officer with the appropriate authority is critical to the success of the compliance program, as are that person's professional credentials, moral character and understanding of corporate compliance.
   
   
3. Your compliance plan must prevent inappropriate assignments of discretionary authority to anyone with the propensity to violate the law.
   
   A reasonable, mandatory background investigation should be conducted on all new employees who are being given discretionary authority to make decisions that involve compliance with the law. The compliance program should prohibit the employment of individuals or companies recently convicted of a criminal offense related to healthcare or who are listed as disbarred or otherwise ineligible for participation in federal healthcare programs. Pending the resolution of any criminal charges or proposed disbarment or exclusion, the OIG recommends that such individuals be removed from any involvement in a federal healthcare program.
   
   
4. The plan must provide educational and training programs to all employees.
   
   As part of an effective corporate compliance plan, all corporate officers, managers, employees, and physicians must be trained and re-trained on a continuing basis, starting during the orientation process. An integral aspect of this training is imparting an understanding of the compliance program itself, fraud and abuse laws, coding requirements, claims development and submission processes and marketing practices that reflect current legal and program standards.
   Targeted training should be provided to any officers or employees who have a role in submitting bills to the government, such as employees involved in coding, billing and cost reporting. Such training should be carefully coordinated by the compliance officer because of the overlap of duties and responsibilities and interrelationships between departments. Finally, each facility should require of its employees a minimum educational credit requirement per year as part of their job responsibilities.
   
   
5. The plan must use audits and other evaluation techniques to monitor compliance and ensure reduction in identified problem areas.
   
   In order to test the usefulness of a compliance program, ongoing monitoring and regular, periodic audits by internal or external auditors who have the necessary expertise in the pertinent statutes, laws and regulations are necessary and even critical. The OIG suggests that these audits address compliance with laws governing kickback arrangements, the physician self-referral prohibition, coding, claims development and submission, reimbursement, cost reporting and marketing. All audits should be written up as a report and kept on file with the compliance officer and be shared with the organization's senior management and governing body.
   
   
6. A compliance plan must include procedures for the company to take prompt action in response to any violations that are detected.
   
   The company must then take steps to prevent future violations.
   Upon receiving reports or indications of suspected noncompliance, it is vital that the compliance officer promptly conduct a thorough investigation - including interviews of personnel and a review of relevant documents - to determine whether a violation has occurred and, if it has, take steps to correct the problem. Depending on the circumstances, these steps may include referral to criminal or civil law enforcement authorities, a corrective action plan, a report to the government or the submission of any overpayments, if any.
   
   
7. The plan must provide for the discipline of employees for noncompliance with the company's compliance standards through the use of appropriate disciplinary measures.
   
   An effective compliance program must include guidelines for appropriate disciplinary action against those who fail to comply with the company's standards of conduct, policies and procedures, or federal and state laws or have committed any acts that could impair the facility's status as a reliable, trustworthy healthcare provider. The written standards of conduct should include procedures for handling disciplinary problems and indicate who is responsible for taking appropriate actions. The consequences of noncompliance should be consistently applied and enforced on a fair and equitable basis.
   It is vital to publish and disseminate the range of disciplinary standards for improper conduct and to educate officers and other employees regarding these standards.