Measuring Compliance Program Effectiveness: A Resource GuideHCCA-OIG Compliance Effectiveness RoundtableRoundtable Meeting: January 17, 2017 | Washington, DC

ISSUE DATE: MARCH 27, 2017

1

MeasuringComplianceProgramEffectiveness–AResourceGuide

HCCA-OIGComplianceEffectivenessRoundtableRoundtableMeeting:January17,2017

WashingtonDCIntroductionOnJanuary17,2017,agroupofcomplianceprofessionalsandstafffromtheDepartmentofHealthandHumanServices,OfficeofInspectorGeneral(OIG)mettodiscusswaystomeasuretheeffectivenessofcomplianceprograms.Theintentofthisexercisewastoprovidealargenumberofideasformeasuringthevariouselementsofacomplianceprogram.Measuringcomplianceprogrameffectivenessisrecommendedbyseveralauthorities,includingtheUnitedStatesSentencingCommission(see,Chapter8oftheUnitedStatesSentencingGuidelines).Thislistwillprovidemeasurementoptionstoawiderangeoforganizationswithdiversesize,operationalcomplexity,industrysectors,resources,andcomplianceprograms.DuringthemeetingonJanuary17,theparticipantsbrokeinto4groupsof10attendeestodiscuss2elementsofacomplianceprogramatatime.Duringfoursessions,everyparticipanthadachancetosuggestideasabout“whattomeasure”and“howtomeasure”withrespecttoallsevenelementsofacomplianceprogram.Weusedthefollowingcategories,fromtheHealthCareComplianceAssociation’sCHCCandidateHandbook:DetailedContentOutline,asaguidetoensurethatallelementsofacomplianceprogramwerecovered:ComplianceProgramElements:1. Standards,Policies,andProcedures2. ComplianceProgramAdministration3. ScreeningandEvaluationofEmployees,Physicians,VendorsandotherAgents4. Communication,Education,andTrainingonComplianceIssues5. Monitoring,Auditing,andInternalReportingSystems6. DisciplineforNon-Compliance7. InvestigationsandRemedialMeasuresWehavelistedbelowmanyindividualcomplianceprogrammetrics.Thepurposeofthislististogivehealthcareorganizationsasmanyideasaspossible,bebroadenoughtohelpanytypeoforganization,andlettheorganizationchoosewhichonesbestsuititsneeds.Thisisnota“checklist”tobeappliedwholesaletoassessacomplianceprogram.Anorganizationmaychoosetouseonlyasmallnumberoftheseinanygivenyear.Usingthemallorevenalargenumberoftheseisimpracticalandnotrecommended.Theutilityofanysuggestedmeasurelistedin

2

thisreportwillbedependentontheorganization’sindividualneeds.Someofthesesuggestionsmightbeusedfrequentlyandothersonlyoccasionally.Thefrequencyofuseofanymeasurementshouldbebasedontheorganization’sriskareas,size,resources,industrysegment,etc.Eachorganization’scomplianceprogramandeffectivenessmeasurementprocesswillbedifferent.Somemaynotapplytotheorganization’senvironmentatallandmaynotbeused.Anyattempttousethisasastandardoracertificationisdiscouragedbythosewhoworkedonthisproject;onesizetrulydoesnotfitall.Element1:Standards,Policies,andProceduresA.Conductperiodicreviewsofpolicies,procedures,andcontrols.B.Consultwithlegalresources.C.Verifythatappropriatecodingpoliciesandproceduresexist.D.Verifythatappropriateoverpaymentpoliciesandproceduresexist.E.Integratemission,vision,values,andethicalprincipleswithcodeofconductF.Maintaincomplianceplanandprogram.G.Assurethatanonretribution/nonretaliationpolicyexists.H.Maintainpoliciesandproceduresforinternalandexternalcomplianceaudits.I.Verifymaintenanceofarecordretentionpolicy.J.Maintainacodeofconduct.K.Verifymaintenanceof:

1.Aconflictofinterestpolicy2.Appropriateconfidentialitypolicies3.Appropriateprivacypolicies4.Policiesandprocedurestoaddressregulatoryrequirements(e.g.,theEmergencyMedicalTreatmentandLaborAct(EMTALA),ClinicalLaboratory

ImprovementAmendments(CLIA),Anti-Kickback,research,laborlaws,Starklaw).L.Verifyappropriatepoliciesoninteractionswithotherhealthcareindustrystakeholders(e.g.,hospitals/physicians,pharma/devicerepresentatives,vendors).M.Assurepoliciesandproceduresaddressthecomplianceroleinqualityofcareissues.N.Verifymaintenanceofapolicyongiftsandgratuities.O.Verifymaintenanceofstandardsofaccountability(e.g.,incentives,sanctions,disciplinarypolicies)foremployeesatalllevels.P.MaintainaComplianceDepartmentoperationsmanual.Q.Verifymaintenanceofpoliciesonwaiversofco-paymentsanddeductibles.R.Assuregovernancepoliciesrelatedtocomplianceareappropriatelymaintained.Source:CHCCandidateHandbook:DetailedContentOutline

3

Element1:Standards,Policies,andProcedures

WhattoMeasure HowtoMeasure

Access:

1.1

Accessibility

• Reviewlinktoemployeeaccessiblewebsite/intranetthatincludestheCodeofConduct• Survey-Canyoureadilyaccessorreferencepoliciesandprocedures?(Yes/No/Don'tknow)• Survey-Howandwheredoemployeesactuallyaccesspoliciesandprocedures?• Testkeywordsearch(searchable)• Auditandinterviewstafftoshowpolicies

1.2 ActualAccess Audithowmanyactual"hits"onpoliciesandprocedures

1.3 Accessiblelanguageforcode,standardsandpolicies FleschKincaidmeasuringstandard–nomorethan10thgradereadinglevel

1.4

Complianceprogramawarenessandcommunication

• Surveyemployeestodeterminetheextenttowhichthecodeofconductandothercompliancecommunicationsareavailabletoemployees

• Reviewtoensurethestandards,policies,andawarenessmaterialisupdatedanddistributedwithinorganization’sguidelines

1.5 Impairedordisabledaccessibility Reviewaccessibilityoptions.Lookatmethodsandspeaktoindividuals.

1.6 Policycommunication Communicationstrategyofpolicies

1.7 Availabilityofpolicycontent Conductsurveysandobservation

Accountability:

1.8 Accountability PolicyCoordinatordesignated

1.9 Ownershipandaccountabilityofpolicies Auditprocessofhowpoliciesgetenforcedbychainofcommandwhencomplianceisnotthefinalapprover.Ismanagementtakingresponsibilityforimplementingandfollowingpolicies?

1.10 Routinepoliciesandprocedures Confirmthatlistedownerofeachpolicyandprocedureistheactualowner.

4

Review/ApprovalProcess:

1.11 AnnualreviewandBoardapprovalofCompliancePlan Audit:ReviewofBoardminutes

1.12 Compliancedocumentationoperationsmanual Complianceorotheroversightcommitteetoreviewannuallytoensureitisuptodate.

1.13 Maintenanceofpolicies Checklastrevieworrevision

1.14 Numberofpoliciesreviewedandisthereviewtimely Processreview/audit.Usechecklisttoensureallbasicpolicyelementsareinplace,updatedconsistentlyandreviewed/approvedbyappropriateparties.

1.15 Policyapprovals Checklistaudit.Createlistofpolicies,reviewcommitteeandboardminutestoensureallapprovalshavebeenobtained.

1.16 Policyreviewprocess Auditprocessbywhichpoliciesandproceduresareprepared,approved,disseminated,etc.

1.17 Processforensuringfullorganizationalparticipationinpolicyandproceduredevelopment

Reviewdocumentation/minutestoverifyinputconsideredandsolicitedforpolicyandproceduredevelopmentandreview

1.18 Processforreviewandapproving Checkforwrittenprocess

Quality:

1.19 Arepolicies(andprocedures)asgoodasindustrypractice Peerreviews

1.20 IntegrityofProcessfordevelopingandimplementingpoliciesandprocedures Auditpolicyandprocedureonpolicyandprocedures

1.21Languageandreadinglevelofpolicies

Arepolicieswritteninplainlanguage,appropriategradereadinglevelandwritteninapplicablelanguagesfororganization?Policyreview,Wordgradelevelreviewandinterviewsofstafftomakesuretheyunderstand.

1.22 Languagetranslation Auditorprocessreview.Arepoliciesandthecodeofconducttranslatedintoappropriatelanguagesfororganization?

1.23 Usefulness SURVEY-Dodepartmentpoliciesandproceduresassistyouindoingyourjobeffectively?(Yes/No/Don'tknow)

5

1.24 Needforpoliciesthatdon’texist Interviewstafftodetermineiftheyneedthecertainpoliciestostrengtheninternalcontrols.

1.25 Policiesandprocedures Requestreviewfromexternalexperts

Assessment:

1.26 Assessmentofallcompanypolicies Checklistofpolicies;whicharecomplianceandwhicharebusiness

1.27 Essentialcompliancepoliciesandproceduresexist Canstaffactuallyarticulatepoliciesandprocedures;teststaff

1.28 Existenceofproceduretosupportpolicy Auditforproceduretosupportpolicy

1.29 Fundamentalpoliciesandproceduresinplace Havefocusgroupsofworkunits/departmentstodeterminewhethertheyunderstandthepoliciesandproceduresnecessarytodotheirjobs.

1.30Identifiability • Indexofpoliciesavailableandcurrent

• Numberedpolicies,notjusttitles

1.31 Listofpoliciesareapplicabletoemployees Supervisorstoassessdirectstaff

1.32 Arethoseaffectedbypolicygiventheopportunitytoweighinonpolicywhendeveloped? Focusgroupsandinterviewsofthoseaffectedbypolicy.

1.33 Listofrequiredpolicies Createchecklisttomakesureminimumpoliciesareinplaceandthenauditagainstthelist.

1.34 Effectivenessofpolicies Effectivenessofpoliciesbasedonthesubmissionhotlinecalls

1.35 Policiesandproceduresthathavebeenidentifiedaspartofcorrectiveaction

Processreview.Conductannualmeetingwithcomplianceandlegaltolookatdatabasesandcontrolandprioritizereviewtoensureimplementationandongoingcompliancewithpoliciesandprocedures.

1.36 Policiesforhighriskandoperationalareas Audit

1.37 Policies,standardsandproceduresarebasedonassessedrisks

Riskassessment,policyexistsforeachriskidentifiedintheriskassessment(coverageofaspecificrisktopic)

1.38 Policyinventorytoensurenooverlapandcontradictionofpolicies

Createinventoryandanalyzeinventory.Analyzeandreviewpastefforts.Lookatvariousdepartmentsthatmighthaveoverlappingpolicies.

1.39 Policyreviewfollowinginvestigation/issue Toppoliciesimplicatedinaninvestigationarereviewedtodetermineifpolicyambiguous,complex,failstoadequatelysafeguardissues.Validatethroughaudit.

6

1.40

Routinepoliciesandproceduresareaddressedandfilterdown. Reviewdepartmentandcommitteeagendastoensurepoliciesareaddressed

CodeofConduct:

1.41 CodeofConduct Audit:Reviewdates,boardapprovals,distributionprocesses,attestations,surveyemployeesforunderstanding,conductfocusgroups.

1.42 Complianceprogramawarenessandcommunication SurveyemployeestodeterminetheextenttowhichtheyknowthecontentoftheStandardsofConduct(SOC)andhowtoaccessit.

1.43 Integratemission,vision,values,andethicalprincipleswithcodeofconduct

Comparecodewithmissionandvisionstatementstoseeifitincludeselements/statements.Checktoseeifcodeisaccessibletoemployees

1.44 Maintenanceofcodeofconduct Iscodewritten,postedforemployees,documentedfrequencyofreviews,andsurvey/testemployeesonabilitytolocateit

1.45Distribution

DocumentationofCodeofConductdistributiontrackingandresultsoverpasttwoyearsforallemployees,employedphysicians,alliedhealthprofessionals,independent(contracted)physicians,volunteersandvendors/contractor/consultantsintheorganization

1.46 Orientation AudittoensureallemployeesreceiveorientationtotheSOCandcompliancepolicieswithin30daysofhire.

1.47 Staffunderstandingofcodeofconductandpoliciesandprocedures

• Reviewtestscoresaftertraining.• Conductinterviews.

Updates:

1.48 Complianceprogramcommunicationofrulechanges Reviewperiodicallyandatrulechanges–Audittoensurethereisadequatecommunicationtoemployees,includingchangesinpolicy/procedure.

1.49 Newandupdatedpolicydistributionandeducationofappropriatestaff

Processreview-Doesorganizationhaveformalprocesstomakeworkforceawareofnewpoliciesorchangesinpolicies?

1.50 Practicesimplementedafternewpolicy Auditpracticesandreviewcommitteeminutesandotherdocumentationtodeterminehownewpoliciesareimplemented.

Understanding:

1.51 UnderstandingofPolicies/Procedures • Conductsurveysand/orfocusgroupsonspecificpolicies

7

• Auditadherencetopolicy/procedure

1.52 Orientation Ensureemployeesareprovidedinstructionbyknowledgeablepersonnelforquestions/clarity

1.53 Policiesreflectpractice Usepoliciesasaudittoolandtheninterview,observeandconductdocumentreviewtoensurepoliciesarebeingfollowed.

1.54 Questionsaskedbyemployees Systeminplacetotrackemployeequestionsandconcernstoensureconsistentguidance.Trackdepartmentswherequestionscomefromtodeployadditionaleducationwherenecessary.

1.55 Understandabletoboardandc-suite Testboardandc-suiteonlocationandunderstanding

1.56Understandabletoemployees

• Readingcomprehensiontest• Situationaltests• Testoflocation

CompliancePlan:

1.57 Maintaincomplianceplanandprogram Reviewwrittenplanorwrittenscheduleofcomplianceactivities

1.58Maintaincompliancedepartmentoperationsmanual • Auditexistenceofwrittenmanual,handbook,orreferenceguide

• Testwhetherthemanualiscurrent

ConfidentialityStatements:

1.59 Verifymaintenanceofappropriateconfidentialitypolicies

• Auditprocedureforobtainingconfidentialitystatementsfromemployees• Auditemployeefilesforsignedconfidentialitystatementsfromemployees

Enforcement:

1.60 Compliancewithpolicies Conductinterviews,observation.

1.61 Policyviolations Auditpolicyandprocedurestomakesurepracticeconsistentwithpolicy.

1.62 Adherencetopoliciesandproceduresforcasesinvolvingpatientharmandreportingtoregulatoryagency

Reviewpoliciesandproceduresandcasesinvolvingpatientharmandvalidateproperreportingtoregulatoryagency

8

Element2:ComplianceProgramAdministration

A.Maintainacompliancebudget(e.g.,contributetoplanning,preparing,andmonitoringfinancialresources).B.Reportcomplianceprogramactivitytothegovernanceboard/committee.C.Coordinateoperationalaspectsofacomplianceprogramwiththeoversightcommittee.D.Collaboratewithotherstoinstitutebestcomplianceprogram.E.Coordinateorganizationaleffortstomaintainacomplianceprogram.F.Definescopeofcomplianceprogramconsistentwithcurrentindustrystandards.G.Assurethatthecomplianceoversightcommittee’sgoalsandfunctionsareoutlined.H.Evaluatetheeffectivenessofthecomplianceprogramonaperiodicbasis.I.Maintainknowledgeofcurrentregulatorychangesandinterpretationoflaws.J.Assurethecredibilityandintegrityofthecomplianceprogram.K.Recognizetheneedforoutsideexpertise.L.Overseeacomplianceeducationprogram.M.Verifytheorganizationhasdefinedtheauthorityofthecomplianceofficeratahighlevel.N.Verifythegoverningboardunderstandsitsresponsibilityasitrelatestothecomplianceprogramandculture.O.Assurethattheroleofcounselinthecomplianceprocesshasbeendefined.P.Definetheresponsibilities,purpose,andfunctionforallcompliancestaff.Q.Assurestaffingforthecomplianceprogram.R.Verifycomplianceriskassessmentsareconductedperiodically.S.Participateinthedevelopmentofinternalcontrolsandsystemstomitigaterisk.T.Incorporaterelevantaspectsofregulatoryagencies’focusintocomplianceoperations.U.Overseeintegrationofthecomplianceprogramintooperations.V.Developanannualcomplianceworkplan.W.Demonstrateindependenceandobjectivityinallaspectsofcomplianceprogram.X.Maintainanindependentreportingstructuretothegoverningbody(e.g.,Board,PhysicianPracticeExecutiveCommittee).Source:CHCCandidateHandbook:DetailedContentOutline

9

Element2:ComplianceProgramAdministration

WhattoMeasure HowtoMeasure

BoardofDirectors:

2.1ActiveBoardofDirectors

• ReviewminutesofmeetingswhereComplianceOfficerreportsin-persontotheAuditandComplianceCommitteeoftheBoardofDirectorsonaquarterlybasis

• Conductinventoryofreportsgiventoboardandapplicablecommittees.

2.2Boardunderstandingandoversightoftheirresponsibilities

• Reviewoftrainingandresponsibilitiesasreflectedinmeetingminutesandotherdocuments(trainingmaterials,newsletters,etc.).Dominutesreflectboard’sunderstanding?

• Review/auditboardeducation–howoftenisitconducted?Conductinterviewstoassessboardunderstanding.

2.3 Appropriateescalationtooversightbody • Reviewminutes/checklistincomplianceofficerfiles

2.4

Commitmentfromtop

• Reviewcomplianceprogramresources(budget,staff).• Reviewdocumentationtoensurestaff,boardandmanagementareactivelyinvolvedinthe

program.• Conductinterviewsofboard,managementandstaff.

2.5 Processforescalationandaccountability Processreview(documentreview,interviews,etc.).Istheretimelyreportingandresolutionofmatters?

ComplianceBudget:

2.6 Appropriateoversightofbudget Reviewcharterofgoverningbody(Board)toverifyitincludesapprovalofcompliancebudget

2.7 Budgetisbasedonanassessmentofriskandprogramimprovement/effectiveness

IstheBoard’sapprovalofthebudgetbasedonidentifiedrisksandeffectivenessevaluation/programimprovement?

2.8 Sufficientcomplianceprogramresources(budget,staffing) Reviewbudgetandstaffingtoensuresignificantrisksaremanagedappropriately

ComplianceCommittees:

10

2.9 Activeinvolvementofcompliancecommitteemembers Trackpercentageofattendanceofeachcompliancecommitteememberoverthelastyear

2.10 Assurethatthecomplianceoversightcommitteegoalsandfunctionsareoutlined Reviewcharterofcommittee

2.11 Committeestructure Reviewdocumentationofstructureofcommitteesaswellascharters.Ensurenoconflictingcharters.

2.12 Compliancecommitteecompositionandattendance Reviewcharterandminutestoassureattendance.

2.13 Cascadeadministrationofcomplianceprogramthroughouttheorganization Differentoperationalareasgivesomecertification/disclosuretothecomplianceoffice

2.14 CompositionofComplianceCommittee Revieworganizationalcharttovalidatecorrectcomposition

2.15 Effectivenessofcompliancecommitteemeetings Keepexecutivereportcardbymemberqualitative/quantitativewithindicatorsofcontributionontopics

2.16 Engagement Inthelasttwoyears,havethecompliancecommitteemeetingsbeenheldinaccordancewiththecharter?

2.17EngagementofDirectors/Managers

Reviewcommitteestructuretoevaluatehowdirectors/managersareparticipatinginComplianceOperationalCommittee(s)meetingincludesagenda,minutes,attendanceandreportsfromsubcommittees

2.18 ExecutiveLeadershipengagedinComplianceProgram

Reviewfrequencyofmeetings,membership,attendance,agendaandminutesoverthepastyearoftheComplianceExecutiveCommitteetoincludeallmembersoftheSeniorExecutiveteamreceivinginformationdirectlyfromtheComplianceOfficer

Accountability:

2.19

Leadershipaccountability

Auditdocumentationandconductinterviews.Someexamplesmightinclude:• Employeeeducationcompletionrates• Demonstrationofpromotionofcompliance(e.g.,townhallmeetingpresentations,

newsletters,etc.)• Completionofauditorreviewactionitemswithinestablishedtimeframe

2.20 Managementaccountabilityforcompliance Processanddocumentreviewandinterviews.• Isthereamappingofoperationalormanagementresponsibleforchampioningcompliance?

11

• Isthereamappingofmanagementresponsibleforkeyareasofcompliancetoensureaccountability?

• Doestopmanagementsupportthecomplianceteam?

ComplianceOfficer:

2.21Competency • Certification(CHC,CHPC,CHRC)

• Annualevaluation,coaching,correctiveaction,professionaldevelopment

2.22 Isthecomplianceofficerakeystakeholderinthestrategicinitiativesoftheorganization

• Reviewparticipationofcomplianceofficerinstrategicplanningprocessandduediligenceprocesses.

2.23 Compliancedepartmentinvolvementinenterprise-wideinitiatives/entities/strategies(e.g.,involvementorpenetrationinjointventureinitiativesandotherorganizationalinventory)

• Processreview,includingreviewoforganizationalcharttoensurecompliancecapturesenterprise-wideentities.

• Interviewswithcomplianceandothercommittees.

2.24Complianceindependence/compliancestructure • Doesthereportingstructurereflectsthe"express"authorityrequired?

• Auditprogramcharters(complianceprogramorAuditcommittee)

2.25 Complianceintegration Audittodeterminetheextenttowhichcomplianceofficerisinvolvedintraining,policydevelopment,marketingandotheroperationalaspectsofthebusiness

2.26ComplianceOfficerreportingstructureandoversighttoensuredirectaccesstoCsuiteandboard

• Documentreview-Lookatorganizationalchartandconductinterviews.• ReviewboardminutesanddocumentationthatthereareregularmeetingswithCEOandor

appropriateparties.• Ensurecomplianceofficerhasauthorityandiscomfortabletogotoboard.

2.27

Complianceofficer’sindependence/objectivity

• Reviewcomplianceofficer’sjobdescription.Doess/hereportdirectlytoCEO,board(notCFOorLegal)?Conductinterviews,focusedgroups,audit.

• Seatinglocationofcompliancewiththebusiness,seniorteamsaretogether,anddottedlineonorgchart

• Interviewcomplianceofficertoseeiftheyfeeltheyhaveindependence,dotheydocumentdisagreements,isthereexecutivesessionforauditcommittee.

• Interviewtheboard,reviewminutes,andinterviewtheCCO• Reviewofwrittenorganizationalstructure• VerifytheComplianceOfficerhastheindependentauthoritytoretainoutsidelegalcounsel• ReviewifthereisscreeningofcomplianceofficermaterialtotheBoardofDirectors

12

• RegularexecutivesessionoftheComplianceOfficerwiththeAuditandComplianceCommitteeoftheBoard

2.28 Credibilityofcomplianceofficer JobDescriptionreview,ongoingtrainingofcomplianceofficer,basiccompetencies,certifications,reportingstructure

2.29Howmuchauthoritydoesthecomplianceofficerhavetostartaworkinggrouptolookatchanges?

• Haveneededchangesbeenmade,andifnot,whynot?• Whatauthoritydoesthecomplianceofficerhaveandhowdoesheorsheexerciseit?• Whereisthecomplianceteamwithregardstoidentifyingworkinggroupstohelpattacka

newcompliancerisk?

2.30Howsupportedthecomplianceofficerfeels • Interviewcomplianceofficer;

• Documentationreview.

2.31

Organizationalperceptionofcomplianceofficerandcorporatecomplianceprogram

Surveyemployeesregarding:• Theirperceptionofthecomplianceofficerrole.• Whethertheyknowwhothecomplianceteamis,howtogettothemand,whattotellthem.• Isthecompliancestaffapproachable?• Arethecompliancestaffsolutionfacilitatorsorlookedatastheorganizationalpoliceforce?

2.32 Complianceproblemsolvingandadequacyofprocess Processreview

Staffing:

2.33

Adequacyofstaffingandresources

• FTEsassignedtocompliancefunction• Reviewcompliancemattersandiftheyhavebeenaddressedtimely.• Reviewandensurepoliciesandproceduresareimplementedandbeingfollowed.• Reviewdocumentationofreportstocommittee(s)andboard.• Assessstatusofworkplanandanydelays.• Ensuredocumentationofriskassessment.• Reviewdocumentationregardingdiscussionsatboardlevelregardingbudget.• Reviewbenchmarkingdatafromsimilarentities.

2.34 Assuranceofstaffing Reviewqualificationsofstaff;ratioofcompliancestafftobusiness,compensationtothebusiness

2.35 Adequacyofcompliancestaffbasedonriskassessment Riskassessmentconsidersthenumberandcompetencyofstaffrequiredtoaddressrisk

13

CompliancePlan:

2.36

Complianceplanassessments

• Documentreview,includingcomplianceplanandpolicies.• Isthereanexternalreviewconductedperiodically?• Whatistheroleofinternalauditwithregardingtocompliance?• Howdoesinternalauditinteractwithcompliance?• Benchmarkprogramwithsimilarsizeswithinthesameindustry

2.37 Complianceplanprocess Auditprocessfordevelopmentoftheannualcomplianceplan.

2.38 Complianceorganization Assessthepositioningandeffectivenessofthecomplianceorganizationstaff,titles,organizationalchart,pay,promotionrecordscomparedtootherareaswithintheorganization

2.39 Documentthatestablishestheauthorityoftheprogram Documentreview,meetingminutesforapproval.

2.40 Perceptionofcomplianceprogram Surveyemployees

Culture:

2.41 Accountability SURVEY-Doesthecompliancedepartmenthaveanimpactonhowyoudoyourjob?(Yes/No/Don'tknow)

2.42 AccuracyandTrustinMonitoring SURVEY:Doyoubelievetheinformationfromyourdepartmentisreportedwithahighdegreeofintegrityandaccuracy?(Yes/No/Don’tknow)

2.43Culture

Conductculturalsurvey(interviews,confidentialsurveys,focusgroups,etc.)andreportfindingstocompliancecommitteeandboard.Reviewminutestoensurereportoutandactionplanestablished.

2.44 Effectivenessofcomplianceprograminthefield Surveyoffieldcompliancepeople

2.45

Whatiscompanydoingtodrivecomplianceculture?

Surveys.• Whatdoescompanyincentivize?• Whatdoesthecompanypromoteandlookdownon?• Iscomplianceprogramtiedtomission,vision,values?

2.46 Employeecommentsfrom“Rounding” Auditthetrackingofwhatemployeesreportwhenproactivelyaskedbycompliancedepartment(orleadership,etc.)andhowthisinformationismanagedandreported.

14

2.47 Measuringeffectivenessofexecutivecommunicationoncompliance Trackon-lineengagement(clicks)andsurveyaudience

Incentives:

2.48 Aligningperformancemanagementsystem(promotionsystem)withethicsandcomplianceobjectives

Auditcriteriaofpromotion,bonusesandassignments

2.49 ComplianceandEthicsRole/participationfordevelopingtheincentivesystem

Haveanoutsideindependentexpertaudittheincentivesystemandcomplianceofficer'sparticipation

2.50 Isincentivesystemconsistentwithcomplianceprogram EmployeeSurvey

PerformanceEvaluations:

2.51 Properalignmentofcomplianceobjectiveswithorganizationalperformanceincentives(promotions/performanceappraisals/bonuses)

• Auditdisciplinaryrecordsandperformanceevaluationsforconsistencywithcompliance• Audit/Reviewofprocessforperformanceincentives(promotions/performance

appraisals/bonuses)criteriatoincludecompliancecomponents

2.52

“Compliance”asaperformanceappraisalelement

• Auditperformanceappraisals.Someoptionsinclude:o Acknowledgmentofnodisciplinaryactiono Educationcompletiono Documentationofpromotionofcompliance

• Aremeritincreasestiedtoperformance?• Doescompletionofcomplianceeducation,promotionofcompliancethroughwords,actions

ornodocumenteddisciplinaryactionand/or,completionofcorrectiveactionplanswithintheduedatesplayaroleintothecalculationofmeritincrease?

• ComplianceispartoftheannualperformanceevaluationandHRknowshowtoevaluateissuesforcompliance

2.53 Managerperformanceevaluations Managershaveopendoorpolicy,communicatecompliancedirectives/initiatives,addresscompliancemattersandeffectivenessisnotedinperformanceevaluation.

2.54 Iscompliancetakenintoaccountinpromotiondecisions?

Reviewpromotionlistsanddocumentationtosupportpromotion.Didtheindividualactivelypromotecompliance?

2.55 OrganizationalRetaliation Trackwhistleblowerpromotion,bonuses,sickdays,disciplinary,correctiveactionmeasuresandexitinterviewoverlongterm

15

RiskAssessments:

2.56 ComplianceResourceknowledgeandcompetence Survey,focusgroupsandinterviews

2.57 Compliancestaffknowledgeofcurrentregulatorychangesandlaws

Documentreviewandinterviews.Reviewcertificatesofattendanceatconferences/othereducationalevents,“tools”usedtokeepcompliancestaffcurrent,compliancebudget(tosupportaccesstocurrentregulatorychangesandlaws).

2.58

Monitoringofregulationsthatimpacttheorganization

Documentandprocessreview,interviews.• Isthereapolicyandprocedure?• Isthereevidencethatregulations,etc.aredisseminatedandimplemented?• Aretheredesignatedindividual(s)thatmonitorlaws,regulations,policiesthatimpact

organization?• Howdotheygettheinformationandwhatdotheydowithittomakesureitgetstotheright

people?

2.59RiskAssessmentCycle • Auditadherencetoriskassessmentcycle

• Annualdocumentedriskassessmenthasbeencommunicatedtooversightcommittee

2.60 Riskbasedworkplanthatcoverscomplianceplanelementswithboardapprovalandregularreportingonthoseprojectstoboard

ComplianceCommitteeandboardminutesreview.

2.61 Workplandevelopmentbasedonriskassessment Processanddocumentreview.

2.62 Prioritizationofriskandconsultationwithapplicableriskpartners(i.e.,legal,HR,IT,riskmanagement,etc.)

Documentationandprocessreview.Isthereariskbasedplan?Howwasitdeveloped?

2.63 Exitinterview Complianceconcernsthatcomeupinexitinterviewsareaddressed

ComplianceWorkPlan:

2.64 Complianceworkplan Audittoensuretheworkplanisdevelopedandimplementedanditisfollowed-throughandoutcomesarereportedtocompliancecommitteeortogoverningbody

16

2.65 Effectivenessofcomplianceprogram Writtenannualworkplanthatincludesminutes

LegalCounsel'sRole:

2.66Roleofcounselincomplianceprocess

Interviewcounselregardingtheirinvolvement.• Whentheyarebroughtintomatters?• Whereiscounselsituatedinrelationtocomplianceofficeronorganizationalchart?

2.67 Existenceandadherencetopolicyoninvolvementoflegalinhandlingmattersunderprivilege Reviewpolicyandsampleareasthatwerereferredtolegalfollowedthepolicy

Other:

2.68 Jobdescriptionsofmanagement Reviewofmanagementjobdescriptions.DomanagershaveconcretecompliancedeliverablesotherthantrainingandabidingbyCodeofConduct?

Element3:ScreeningandEvaluationofEmployees,Physicians,VendorsandotherAgentsA.Assureorganizationhasprocessesinplacetoidentifyanddiscloseconflictsofinterest.B.Assureinclusionofcomplianceobligationsinalljobdescriptions.C.Assureinclusionofcomplianceaccountabilitiesasanelementofperformanceevaluation.D.Verifybackground/sanctionchecksareconductedinaccordancewithapplicablerulesandlaws(e.g.,employment,promotions,credentialing).E.Assurecompliance-sensitiveexitinterviewsoccur.F.Monitorgovernmentsanctionlistsforexcludedindividuals/entities(e.g.,OIG,GSA,SDN,SDGT).G.Verifyduediligenceisconductedonthirdparties(e.g.,consultants,vendors,acquisitions).H.Assurecorrectiveactionistakenbasedonbackground/sanctioncheckfindings.Source:CHCCandidateHandbook:DetailedContentOutline

17

Element3:ScreeningandEvaluationofEmployees,Physicians,VendorsandotherAgents

WhattoMeasure HowtoMeasure

Accountabilityforscreening:

3.1 Theindividual(s)responsibleforexclusionscreeninghasclearaccountabilityforthescreeningfunction.

• Auditthejobdescription,trainingmaterial,orientationmaterial,andannualperformanceevaluationoftheindividual(s)responsibleforexclusionscreeningtoensurethisresponsibilityisclearlyarticulatedandperformanceismeasured.

• Annuallyreview/discusstheexclusionscreeningprocessindividuallywitheachpersonresponsibleforsanctioncheckscreening;reviewthedocumentretentionprocessestoensuredocumentationofthescreeningfunction,responsetofindings,andcorrectiveactionsareadequatelymaintained.

ConflictofInterest:

3.2 Potentialconflictsofinterestaredisclosed. Audittheconflictofinterestdisclosuresforcompletenessandtheextenttowhichthosewhocompletethedisclosureinformation.

3.3 TheorganizationconductseffectiveeducationonConflictofInterest(COI)

• Reviewtrainingmaterialsandinterviewstafftodeterminetheeffectivenessoftheeducation.• Auditcompletedattestationsordisclosurestoensueindividualsaredisclosingconflicts

accordingtoeducationprovided.

Employeeaccountability:

3.4 Theextenttowhichemployeesaremadeawareofcomplianceexpectations.

Conductfocusedinterviewswithemployeesandaudittheperformancereviewprocesstoensurecomplianceexpectationsarewellunderstoodandemployeesareheldaccountablefortheseexpectations.

3.5 Accountabilityforcomplianceisclearlyarticulatedinemployeeperformanceevaluations.

Auditperformanceevaluationstoensurecomplianceobligationsareclearlyarticulatedandperformanceagainsttheserequirementsismeasured.

3.6 Accountabilityforcomplianceisclearlyarticulatedinemployeejobdescriptions.

Auditjobdescriptionstoensurecomplianceobligationsareclearlyarticulated.

18

3.7 Employeesareprovidededucationregardingtheircomplianceobligationsandtheyunderstandtheserequirements.

• Auditemployeeeducationfilestoensureeducationisbeingprovidedaccordingtotheorganizationstrainingplansand/orpoliciesandprocedures.

• Reviewpost-teststoconfirmunderstanding.• Interviewemployeestoconfirmtheirunderstandingoftheircomplianceobligationsand

responsibilities.

Employeedisclosure:

3.8 Theorganizationhasestablishedapolicythatrequiresprospectiveandcurrentemployees,andprospectiveandcurrentvendorstodisclosetotheorganizationiftheyareormaybeexcluded.

• Auditandconductadocumentreviewtoensuredisclosurerequirementsareclearlyarticulatedinthepolicyanddisclosuresarebeingmadeasrequired.

• Conductapolicyreviewtoensurethatthatimmediatereportingisarequirementforemployeesandaprovisioninvendoragreements.

Employeescreening:

3.9 Allemployeesarescreenedpriortohire. Audithumanresourcefilestoensuredocumentationsupportsthatnewlyhiredemployeeswerescreenedpriortotheirfirstdayworked.

3.10 Screeningconsidersothernames/aliasandStatesusedbyaprospectiveemployee.

Reviewapplicationsforeachtypeofscreening(criminal,OIG,SAM,State,SSN,etc.)andaudittodetermineifscreeningwascompletedagainstothernames/statesusedbytheprospectiveemployee.

3.11 Theorganizationhasdefinedwhichemployees,vendors,medicalstaff,andotherswillundergocriminal,financialand/orotherbackgroundcheckspriortohire.

• Performassessment/audittoensuretheorganizationhadidentifiedwhichindividualsreceivecriminal,financial,SocialSecuritytrace,drugscreening,orotherbackgroundchecks.

• Audittoensuresuchbackgroundchecksarebeingperformedandreviewedpriortoemployment.

3.12 Theorganizationhasdefinedcriteriaforreviewofcriminal,financial,and/orotherbackgroundchecksandhiringdecisionaremadebasedonthisestablishedcriteria.

Performassessment/audittoensuretheorganizationhasestablishedcriteriatoevaluatetheacceptabilityofacandidatebasedonfindingsofcriminal,financial,orotherbackgroundcheck(s)usedbytheorganization.

3.13 Employeesareprovidededucationregardingtheorganization’sscreeningprocess.

Interviewemployeesandconductdocumentationreviewstoconfirmthatemployeesunderstandtheimportanceofnotlettinglicensesexpireandtheeffectofexclusion.

19

3.14 Theorganizationensuresthatapplicantsforemploymentunderstanddisclosurerequirements.

Reviewemploymentapplicationstoensuredisclosureismadetoprospectiveemployees,includingexclusionandbackgroundscreeningrequirements,andthesescreeningsarecompleted.

3.15 Theorganizationhasestablishedapolicyregardingthefrequencyofscreening.

• Performadocumentreviewtoensurethefrequencyofscreeningisbeingdoneinaccordancewithpolicy.

• Auditthescreeningprocesstoensurescreeningisbeingcompletedaccordingtopolicy.

3.16 Theorganizationhasestablishedsufficientcontrolsinthehiringprocessandvendorengagementprocesstopreventtheorganizationfromhiringanineligibleindividualorentity.

• Audit,performdocumentreview,interviewsstaffandvendors,andconductdataminingtodetermineifsufficientcontrolsareinplacetopreventtheorganizationfromhiringan“ineligible”individualorentity.

• Usedata-miningtocomparelistsofnewemployeeswithduediligencelists.

• Ensurethevendormasterfileisupdatedwithvendorsthathavebeenscreened.

3.17 Theorganizationhasestablishedascreeningprogramthatisconsistentwithalllawsandregulations.

Conductalegalreviewandanalysisofscreeningprocesstoensureitisbeingadministeredinamannerconsistentwithfederalandstatelaws.

3.18 Theorganizationhasestablishedaprocesstoscreenemployeesandotherrelevantindividualsatleastmonthly.

Auditscreeningprocesstoensurescreeningofemployeesandotherrelevantindividualsisbeingconductedatleastmonthlyandaccordingtopolicy.

3.19 Theorganizationhasestablishedapolicyandprocedurewhichdefinesthescreeningrequirementsforemployees,vendors,medicalstaffandothers.

Thepoliciesincludedescriptionofthedatabasesthatindividualswillbescreenedagainstandthefrequencyofscreening.

• Conductadocumentreviewtoverifythepolicyandprocedurehasbeenestablished,iscomplete,andaudittoensurescreeningisbeingconductedconsistentwithpolicy.

• Performassessment/audittoensureorganizationhasidentifiedwhichliststocheckandhowofteneachischeckedandthescreeningsarebeingcheckedperpolicy.

• Performassessment/audittoensureallrelevanttypesofindividualsandentities(employees,temps,vendors,etc.)arebeingscreenedperpolicy.

3.20 Theorganizationhasaprocesstodeterminewhenadditionalscreeningmaybenecessarybasedonfindingsfromcomplianceinvestigations.(Relevantevent(situational)screening(R.E.S.))

Conductareviewofcomplianceinvestigationfilestodetermineifconsiderationforadditionalscreeningiswarrantedandreviewtheresultsofadditionalscreeningcompletedaspartoftheinvestigationprocess(situational)whenapplicable

20

3.21 Theorganizationhasapolicyandprocedurewhicharticulatestheprocessforscreening,investigationofpotential“hits,”actionstakeninresponsetoapositivefinding,trackingexclusions,andcommunicationtoappropriatestakeholders.

Conductdocumentationreviewandaudittoensurescreeningisbeingcompletedaccordingtopolicyrequirementsandthatallprocesselementsrelatedtoinvestigation,resolution,tracking,andcommunicationarebeingmanagedaccordingtopolicyrequirements.

ExitInterviews:

3.22 Employeeawarenessoforganization’scomplianceprogram.

Revieworganization’semployeeterminationprocesssuchasexitinterviews,surveys,and/orquestionnairestotestforemployeeawarenessoftheorganization’scomplianceprogram.

3.23 Employeeexitinterviewsareconductedandemployeesareaskedaboutthecomplianceprogramandanyconcerns,risks,violationsorfailuresofthecomplianceprogram.

• Revieworganization’semployeeterminationprocesssuchasexitinterviews,surveys,and/orquestionnairestoensurecomplianceprogramquestionsareincorporatedintoexitinterviewsandtheexitinterviewsarereviewedandevaluated.

• Audittoensureallterminated/separatingemployeeshavecompletedanexitinterviewandthatcompliancequestionsareincludedandevaluated.

3.24 Vendorsandother3rdpartiesareinterviewedattheterminationoftheengagementandaskedabouttheirawarenessofthecomplianceprogramandanyconcerns,risks,violations,orfailuresofthecomplianceprogram.

Revieworganization’svendortermination/off-boardingprocesssuchasinterviews,surveys,and/orquestionnairestoensurecomplianceprogramquestionsareincorporatedintotheprocessandinterviews/resultsarereviewedandevaluated.

3.25 Theorganizationhasestablishedapolicyandprocedureforconductingexitinterviewsforemployeesleavingtheorganization.Theexitinterviewprocessincludesquestionsrelatedtocomplianceobligationsandanyknownviolationsoflaw,policies,orprocedures.

Reviewpolicyandproceduretoensuretheorganizationhasanestablishedprocess.Auditexitinterviewfilestoensureinterviewsarebeingconductedaccordingtopolicy.Reviewtoensurethatanyidentifiedviolationsoflaw,policyorprocedurearethoroughlyinvestigated.

HighRiskScreening:

3.26 Theorganizationhasestablishedapolicyidentifyinghighriskpositionsintheorganizationthatmayrequireadditionalscreening.

Conductpolicyreviewtoensurehighriskpositions(e.g.,cliniciansworkingwithchildrenormentalhealth,cashhandlers)areidentifiedinpolicy,andthepolicyincludesadescriptionofany

21

additionalscreeningrequirements(fingerprinting,financialbackgroundchecks,etc.).Reviewemploymentandvendorfilestoensuretheadditionalscreeningisoccurringaccordingtopolicy.

Licensure:

3.27 Theorganizationhasaprocesstoensurethatindividualswhotransferpositionswithintheorganizationareappropriatelylicensedandcredentialedforthejobtheywillbeperforming.

Auditandconductadocumentreview,audittoensureaprocessforexaminationoflicensesandcredentialsisestablishedforemployeestransferringpositionswithintheorganization.Audittoconfirmprocessisbeingfollowedandindividualstransferredhaveappropriatelicenseandcredentialsforthepositiontheyareassuming.

3.28 Theorganizationhasestablishedapolicyandprocedureforlicensureandcertificationreviews,includingreviewuponhire,upontransfer,andduringrenewalperiods.

Performdocumentreviewandaudittoensureapolicyforverificationandreviewoflicenseandcertification,includingsourceverification,existsandlicensesandcertificationsareconsistentlyreviewedaccordingtopolicy.

ResponsetoExclusion:

3.29 Appropriateactionistakeninresponsetopotentialandidentifiedexclusion

Audittoensurerefundsareinitiatedifrequiredandemployment,contract,ormedicalstaffactionistakenupondiscovery(includingvendors).

ResponsetoScreening:

3.30 Theorganizationtakesactionontheresultsofscreening.

Performadocumentreviewtoensurescreeningresultsarebeingevaluatedandappropriateactionistakenwherenecessary.

3.31 Theorganizationhasestablishedaprocessforinvestigationandresolutionofpositive"hits."

Auditprocesstoensure“hits”areinvestigatedandthatfalsepositivesareresolvedwhenthereisconfirmationthattheindividualdoesnotmatchtheexcludedindividual.

3.32 Theorganizationhasapolicyandprocedureinplacethatarticulateshowpotentialsanctionswillbeevaluatedandresolved.

Conductdocumentandprocessreviewandauditrecentidentifiedsanctionstoensuretheevaluationandresolutionisconsistentwithpolicy.

Vendor:

3.33 Vendorsandother3rdpartiesadequatelysatisfycomplianceobligations

Conductauditofvendorsandother3rdpartiestoensuretheyhavedocumentedevidenceofrequiredcompliancetraining,orientationtotheorganizationsStandardsofConduct,orientationtoapplicablecompliancepoliciesandprocedures.

22

3.34 Theorganizationhasestablishedaprocesstoensurevendorandotherthirdpartyagreementsaremanagedconsistentwiththetermsoftheagreement.

Conductadocumentreviewandinterviewstoensurethereiscommunicationbetweenlawyerswhodeveloptheagreementsandfacilitylevelpersonnelmanagingtheengagementtomakesureitisimplementedandbeingmanagedaccordingtothetermsoftheagreement.

3.35 Theorganizationrequiresvendorsandotherthirdpartiestocertifyscreeninghasbeencompletedasrequiredbytheagreement.

Audittodeterminethatvendorsrespondtorequestforcertification.Reviewprocesstodeterminethatactionstakenforfailuretorespondorproviderequiredcertificationsareconsistentwiththeagreement.Ensurethatresponsetocertificationisreviewedbyanappropriateindividualandcommunicatedtofacilityoperations.Audittoensurethatrenewaldecisionsconsidercompliancewithcertificationrequirements.

3.36 Theorganizationhasestablishedapolicyoutliningthecomplianceobligationsofvendorsandotherthirdparties(includingadherencetotheStandardsofConduct).Vendoragreementsincludetherighttoauditthevendortoensurecompliancewiththeirobligations.

Conductdocumentreviewandperformauditstoensurevendorsmeetthecomplianceobligationsrequired.

3.37 Theorganizationhasestablishedapolicyprohibitingvendorsthatareexcludedfromworkingintheorganization.

Auditexclusionstoensurepolicyisbeingadheredto.

VendorScreening:

3.38 Vendorsandother3rdpartiesareadequatelyscreenedforexclusion.

• Auditvendorrecordsandcrosschecktoensurethevendorisadequatelyscreened,inaccordancewithagreementand/orentityrequirements.

• Developchecklistofcriteriaforvendorcompliancereviewandauditagainstthatlistforvendorscreeningrequirements.

• Surveypeerorganizationstoensuretheorganization’svendorand3rdpartyscreeningprocessisconsistentwithindustrypractice.

3.39

Theorganizationhasaneffectiveprocesstoreviewthirdpartyvendors. Auditandconductadocumentreviewtoensure:

• Thirdpartycontractsallowfororganizationtoreviewvendorfilesforcompliancewithscreeningrequirements.

23

• Theorganizationhasrequestedthethirdparty’spolicyandprocedurerelatedtovendorscreeningofemployees.

• Theorganizationconductsreviewsofthirdpartycontracts.

• Theorganizationhasestablishedapolicyonhowoftenscreeningsarerequiredtobedonebythethirdparty.

• Theorganizationhasestablishedapolicyrequiringthirdpartiestoproduceproofthattheyarecheckingtheiremployees.

• Theorganizationhasestablishedapolicyestablishingwhichdatabasesthirdpartiesarechecking,especiallyregardingpractitioners,includinggeographicspecifics(statedatabases).

• Theorganizationhasestablishedaprocessforindependentevaluationofwhatscreeningthevendorissupplying.

3.40 Theorganizationhasrequirements,viapolicyorcontractualterms,forscreeningoffirst-tier,downstreamandrelatedentities(contractors)

Audittoverityevidencethatcontractorsarebeingscreenedpursuanttocontractualrequirements.

Element4:Communication,Education,andTrainingonComplianceIssues A.Disseminateregulatoryguidancematerial.B.Communicatecomplianceinformationthroughouttheorganization.C.Assurecompliancetrainingoccurs.D.Distillcomplexlawsandregulationsintoaformatemployeescanunderstand.E.Assureworkforcestaffareeducatedoncompliancepolicies.F.Assureamechanismexiststoevaluateemployeeunderstandingofcomplianceresponsibilities.G.Promoteacultureofcompliancethroughouttheorganization.H.Encourageemployeestoseekguidanceandclarificationwhenindoubt.I.Participateincontinuingeducationtomaintainprofessionalcompetence.J.Verifyparticipationinongoingcompliancetrainingprogramsistracked.K.Assuregeneralcompliancetrainingisconductedforallemployees,physicians,vendors,andotheragents.L.Assurerisk-specifictrainingisconductedfortargetedemployees.M.ProvideHRandmanagementwithtrainingtorecognizecomplianceriskassociatedwithemployeemisconduct.Source:CHCCandidateHandbook:DetailedContentOutline

24

Element4:Communication,Education,andTrainingonComplianceIssues

WhattoMeasure HowtoMeasure

Training:

4.1

Theorganizationprovidesriskareaspecifictrainingtoemployeesdesignatedtobeinhighriskpositions.

• Audittoensuretheorganizationhasdesignatedthepositionsdeemedtobehighrisk(coding,billing,physicians,etc.)andestablishedtrainingrequirementsforthesehighriskpositions.

• Comparerisksposedbythesepositionsagainsttrainingmaterialstoensurespecificrisksareaddressed.

• Audithighrisktrainingcompletionrates.

4.2Theorganizationhasestablishedacompliancetrainingplan.Theorganizationassuresthattrainingiscompletedaccordingtotheestablishedplan.Thetrainingplanisperiodicallyupdatedorrefreshed.

• Conductdocumentreviewtoensurethetrainingplanexistsandincludesrequiredtraining,expectedaudience,topicscovered,andmethodfordeployment.

• Auditsign-insheetsorothertrackingtoolstoensureindividualsareattendingrequiredtraining.

• Reviewtoensuretrainingplanisperiodicallyupdated.

4.3Theorganizationdefinestheappropriateaudienceforeachtypeofcompliancetraining(general,issuespecific,highrisk,etc.).

• Auditjobcodestoensurethecorrecttraininghasbeenassigned.• Reviewjobcodestoensuretraining,includingjobspecificjobtrainingisbeingconducted

accordingtotheestablishedtrainingplan.

4.4TheorganizationoffersCEU’s,whenappropriate,foritscomplianceeducationandtraining.

• PerformadocumentationreviewtodeterminetheextenttowhichtheorganizationoffersCEUsforcompliancetraining.

• EvaluatetheeffectofofferingCEUsontrainingcompletionrates.

4.5 Theorganizationhasestablishedaprocess,policyand/orproceduretocommunicateandprovidetrainingtoemployeesonnewlaws,regulations,policies,andprocedures.

Conductadocumentreviewtoensureaprocessforcommunicatingandtrainingemployeesonnewlaws,regulations,policies,andprocedureshasbeenestablishedandsuchcommunicationandtrainingisbeingconductedconsistentwiththeestablishedprocess.

4.6 Theorganizationhasestablishedapolicyrequiringcompliancetrainingandeducation.Theorganization

• Conductadocumentreviewtoensureapolicyhasbeenestablishedanditisperiodicallyupdated.

25

regularlyupdatestheeducationpolicyandmonitorscompliancewithtrainingrequirements.

• Confirmbyauditthatemployeesarecompletingeducationalrequirementsaccordingtothepolicy.

4.7Complianceeducation/informationisincludedinalleducationdeployedthroughoutorganization.

Conductadocumentationreviewtoverifythatatleastonecompliancerelatedtopic/slideisincludedineveryeducationalpresentation,program,ormoduledeployedthroughouttheorganization.

4.8 Theorganizationbasestrainingforindividualswhoaredesignatedtobeinhigh-riskpositionsonaformalprocessforassessingriskandevaluatingcontrolvulnerabilities.Theorganizationdevelopsissue-specifictrainingbasedontheresultsoftheriskassessmentandidentifiedinternalcontrolweaknesses.

• Conductareviewoftheprocesstheorganizationhasforassessingriskandevaluatingcontrolweaknesses.

• Reviewthetrainingplanandtrainingmaterialstoensurethetrainingaddressesthoseissuesthatareofsignificantriskandthattheorganizationmaybevulnerableto.

4.9Theorganizationhascreatedtheircompliancetrainingprogramaroundjobfamiliestoaddressspecificrisksidentifiedwithinajobfamily.

• Auditthecompliancetrainingprogramtodetermineiftrainingistailoredtotherisksidentifiedandassociatedwithspecificjobfamilies.

• Audittoensuretrainingisassignedbasedonjobfamilies.

4.10

Theorganizationevaluatespolicyandcompliancefailuresandprovidesre-educationtoapplicablestaff.

• Auditfilesofknownpolicyorcompliancefailurestoensurere-trainingisconsideredaspartofcorrectiveaction.

• Audittoensurethere-trainingiscompleted.• Trackforreoccurrencestodeterminetheeffectivenessofthere-trainingandemployee

understanding.

4.11 Theorganizationtracksdisclosurereports(hotlinecalls,directcontactstothecompliancedepartment)followingemployeeeducationtodeterminetheextenttowhichtheeducationwaseffectiveatraisingemployeeawarenessofspecificareasofvulnerability.

• Monitor,auditandreviewdisclosuretrackinglogstoevaluatetheeffectofeducationondisclosures.

• Trackhowemployeesbecomeawareofissuestoanalyzetheeffecttraininghasonemployeeawarenessandreporting.

4.12

Theorganizationmaintainsdocumentationofalleducationprovided.

• Conductdocumentreviewandaudittoensureallcompliancerelatededucationisdocumented,includingmaterialcovered,attendees,anddeploymentmethod.

• Audittoensuredocumentationofpost-trainingtestsismaintainedtoevaluateemployeelevelofunderstanding.

26

4.13 Theorganizationstrainingplanisregularlyupdatedtoaddressnewlawsandregulations.

Obtainfromcounsellistofnewlawsandregulationsandauditagainsttrainingplantoensurenewlawsareadequatelyaddressed.

4.14

Theorganizationhasconsideredthemosteffectivemethodforcomplianceeducationdeployment.

• Reviewthetrainingplantoensuretheorganizationhasconsideredthemosteffectivemethodofdisseminatingtrainingtoemployees,medicalstaff,contractors,leadership,Board,andothers(on-line,written,in-person,smallorlargegroup,etc.).

• Audittrainingrecordstodetermineiftraininghasbeendeployedaccordingtoplan.

4.15Theorganizationhasestablishedaformalmethodfororientingnewemployeestothecomplianceprogramandtheirobligationsandresponsibilities.

• Audittoensureemployeeshavereceivedtheircomplianceorientationconsistentwiththeorientationpolicy.

• Reviewnames,datesandmaterialsusedtoorientnewemployeestothecomplianceprogramoverthepast2years

4.16 Theorganizationhasconsideredtheaccessibilityofcomplianceeducationtoindividualswithdisabilitiesorlanguagebarriersandprovideseducationinvariousformatstoaccommodateindividualswithdisabilitiesorlanguagebarriers.

Surveyemployeeswithcommunicationissuesordisabilitiestoensuretheeducationwasaccessibleandunderstandable.

4.17 Employeesoftheorganizationperceivecomplianceeducationasusefulandsufficienttoaddressthecompliancerequirementsintheirjob.

Surveyemployeestounderstandtheirperceptionofcompliancetrainingusefulnessandsufficiency.

4.18Theorganizationhasestablishedamethod(s)toevaluatetheeffectivenessofcomplianceeducation.

• Conductdocumentreviewtodetermineiftheorganizationhasestablishedamethodforevaluatingtheeffectivenessofcompliancetraining.

• Auditincidentlogsandhotlinereportstoevaluatetheeffecttraininghashadonbehavior.

4.19Theorganizationmeasurestheeffectivenessoftrainingthoughtheuseofpost-trainingtestsorevaluations.

• Conductdocumentreviewtoevaluatetheexistenceofpost-trainingtestsorevaluations.• Reviewtoconfirmtheresultsofpost-trainingtestsorevaluationsareevaluatedandtracked.• Reviewtoconfirmmodificationstotrainingmaterialsconsidersfeedbackfrompost-training

testsorevaluations.

4.20 Theorganizationintegratesspecificrisksidentifiedthroughtheriskassessmentprocessintocompliancetraining.

Compareriskassessmenttotrainingplantoensurethehighriskissuesidentifiedareincludedinthetrainingplan.

27

4.21Theorganizationsolicitsfeedbackfromemployeesoncompliancetrainingneeds.Employeerecommendationsareincludedintrainingmodulesdisseminated.

• Conductdocumentreviewtoensureemployeessurveyedfortheirtraining/educationneedsandwhatfeeltheyneedtrainingon.

• Interviewstafftoassesseffectivenessoftrainingplan• Confirmthattrainingconsidersemployeefeedback.

4.22 Theorganizationhasestablishedapolicyregardingthefrequencyofrequiredcompliancetraining.

Audittraininglogstoensurecompliancerelatedtrainingisdisseminatedandcompletedasrequiredbypolicy.

4.23Theorganizationupdatescompliancetrainingbasedonnewpolicies,procedures,processes,laws,andregulations.

• Revieweducationupdateprocess.• Verifyissuesidentifiedthroughtheriskassessment,issuetrackingsystem,andotherinternal

andexternaltrackingsystemsareconsideredandevaluatedastrainingprogramsareupdated.

4.24Theorganizationevaluatestrainingeffectiveness. Conductknowledgesurvey6monthsaftertrainingisdeployed.

Accountability:

4.25 Theorganizationhasestablishedanincentiveprogramthatties,inpart,meetingcomplianceobjectivestoincentivepaymentsandotherperks.

Reviewperformanceevaluationstoensuretheyincludecomplianceelementsaspartofperformance,merit,andincentivereview.

4.26Theorganizationhasestablishedmechanismstoensurethatemployeesareheldaccountablefortheircomplianceobligations.

• Reviewjobdescriptionsandperformanceevaluationsforspecificcompliancemetrics.• ReviewStandardsofConductandotherawarenessinformationtoensurecompliance

obligationsareclearlyarticulated,includingtherequirementtoreportcomplianceconcerns.

4.27 Theorganizationhasamechanisminplacetoevaluatetheextenttowhichemployeesunderstandtheircomplianceresponsibilities.

Surveyemployeestotesttheirunderstandingoftheircomplianceobligationsandresponsibilities.

4.28 TheorganizationholdsmanagementemployeesaccountableforensuringtheiremployeesunderstandtheStandardsofConductandcompliancerelatedresponsibilities

Reviewdepartmentmeetingminutesandconductrandomstaffinterviewstodetermineiffirst-linemanagersdiscusscomplianceobligationswiththeirdirectreportsandthatstaffunderstandspecificcompliancerequirementsassociatedwiththeirjob.

28

4.29 Theorganizationhasestablishedapolicyregardingsanctionsforthoseemployeeswhodon’tcompleterequiredcompliancetrainingandsanctionsemployeesaccordingtotheestablishedguidelines.

• Documentreviewandaudittoensureapolicyexistsrelatedtosanctionsforfailuretocompletecompliancetraining.

• Audittoensurepolicyisbeingfollowedasdescribed.

Awareness:

4.30 Employeesareawareofandunderstandtheorganization’scomplianceprogramandunderstandtheirresponsibilitiesundertheprogram.

Surveyemployees.

4.31 TheorganizationpromotescompliancethroughactivitiessuchasComplianceAwarenessWeek,ComplianceFairs,orotheremployeeinvolvementactivities.

Reviewifandhowtheorganizationengagesinactivitiesdesignedtopromotecomplianceawareness.

Board:

4.32 TheorganizationhasestablishedspecificcompliancecompetenciesformembersoftheBoardCompositionandappropriategoverningcommittees.

PerformadocumentreviewtoensuresufficientcompliancecompetenciesexistwithintheBoardandappropriategoverningcommitteemembership.

4.33TheorganizationhasestablishedaformalprogramtoorientnewBoardmembersandseniorleaderstothecomplianceprogramandtheirobligationsandresponsibilities.

• ConductdocumentreviewtodetermineiftheorganizationhasformalizedacomplianceorientationprogramfornewexecutivesandnewBoardmembers.

• Conductanaudittoensureorientationisprovidedasrequiredbytheorientationpolicy.• Reviewnames,datesandmaterialsusedtoorientnewmembersoftheBoardofDirectors

andseniorleaderstothecomplianceprogramoverthepast2years.

4.34 Theorganization’strainingplanprovidesforspecificeducationthatwillbeprovidedtotheBoardandseniorexecutives.Theplanincludesthetopicsthatwillbecovered,thefrequencyoftraining,includescurrentindustrydevelopmentsandresources,andprovideseducationontheirresponsibilitiesforcompliance.

ReviewtrainingmaterialsprovidedtotheBoardandseniorexecutivesandconductpersonalinterviewstoensuretrainingisprovidedpursuanttotheplanandthelevelofunderstandingofthematerialpresented.

29

4.35Theorganizationprovidesseniorleadershipandboardmembercomplianceeducationandtheyadjuststrategyandoperationsinresponsetothetrainingandotherinformationprovidedtothem.

• Conductadocumentreviewtodeterminetheresponses/questionsposedbyseniorleadersandBoardmembersaftertraining.

• Evaluateeffectoftrainingontheorganization’soperationsandstrategy.• TrackquestionsposedbyseniorleadersandBoardmemberstodeterminelevelof

understandingofmaterialpresented.

Communication:

4.36 Theorganization’sperformanceappraisalsandjobdescriptionsincludetherequirementforemployeestopromotecompliance.Employeesatalllevelsoftheorganizationcananddoarticulatethecompliance/ethicsmessage.Thereisarequirementthatmanagersinsertcompliancemessagesintomeetingsandothercommunicationswithstaff.

Performadocumentreview,conductemployeepersonalfileaudits,andintervieworsurveyemployeestoensuretheorganization’scomplianceprogram,includingexpectationsandresponsibilitiesareformallyandinformallycommunicatedtotheemployeepopulation.

4.37

Acomplianceprogramcommunicationplanisdevelopedandimplemented.

• Reviewtheorganization’scommunicationplantoensuretheplanaddresseskeymessagingforemployees.

• Conductfocusgroupdiscussionsandsurveyemployeesontheeffectivenessofthismessaging.

4.38 Thecompliancedepartment/staffregularlypresentcomplianceprograminformationandupdatesatstaffmeetings,otherdepartmentmeetings,boardmeetings,townhalls,andotherforums.

• Conductadocumentreviewtoensurethecompliancedepartment/staffregularlyprovideupdatestotheorganizationandisavisiblepresenceatvariousmeetings.

• Confirmtheorganizationdocumentsandtracksallsuchpresentations.

4.39Theorganizationrequirescompliancerepresentativestobepresentateveryseniormanagementandgovernance-levelmeeting.

• Conductadocumentationreviewtoverifythereisanexpectationforcompliancetoberepresentedatallseniormanagementandgovernance-levelmeeting.

• Confirmbyauditthatacompliancerepresentativehasattendedallsuchmeetings.

4.40Theorganizationprovidescomplianceinformation,training,andupdatesinamannerthatisunderstandableforemployees(readinglevel,languages,casestudies,verbalcommunication)

• Surveyemployeestodeterminetheeffectivenessandlevelofunderstandingbyemployeestothematerialpresented.

• Conductpost-trainingevaluations.• Reviewandtrackquestionsanddisclosuresmadefollowingthedisseminationofinformation

andeducation.

30

4.41 Theorganizationensuresthereisadequatetwo-waycommunicationbetweenthecompliancedepartmentstaffandemployeessuchasperiodiccheck-inswithemployeesandfollow-upwithemployeeswhoreportconcerns.

Surveyemployeestodetermine:

• theirperceptionofhowaccessiblethecompliancestaffis,• iftheyknowtoreportconcerns,and• iftheybelievetheirconcernsaretakenseriouslyandareadequatelyaddressed.

Competency:

4.42 Theorganizationhasdefinedthecompetenciesrequiredforthecompliancestaffincludingrequirementsforcertificationorotherspecificskills/expertise.

Reviewjobdescriptionsandpersonnelfilesforallcompliancestafftoensurespecificcompliancecompetenciesandcertificationrequirementsaredesignatedandthestaffpossesstherequiredcompetencies/certifications.

4.43

Theorganizationrequiresallcompliancestafftomaintaintheircompetencybyattendingappropriateeducationalsessions.

• Conductadocumentationreviewtoverifythatrequirementsforcompliancestaffeducation,includingprofessionaldevelopment,areestablished.

• Audittoverifythatcompliancestaffattendeducationasrequired.• Reviewcompliancedepartmentbudgettoensuresufficientresourcesaredevotedto

providingappropriateeducation(includingconferences)tothecompliancestaff.

4.44Theorganizationprovidesfocusededucationtocompliancestaffmemberstoensuretheyarecompetentinevaluatingandinvestigatingissues.

• Conductdocumentreviewtoevaluatetheeducationprovidedtocompliancestaff.• Reviewtoensurecompliancestaffbeingtrainedonconductinginternalinvestigations,audits,

performingriskassessments,vulnerabilityanalysis,etc.

4.45Developmentplanforcompliancestaff Reviewdocumentationofdevelopmentplanandmonitortoensurethatplanrequirementsare

completedannuallyorasotherwisespecifiedintheplan

Culture:

4.46

Theorganizationhasestablishedacultureofcompliance.

• Surveyallemployeestodeterminetheextenttowhichemployeesbelievethereisacultureofcomplianceintheorganizationandemployeeunderstandingofthecomplianceculture.

• Reviewtheorganization’scompliancetrainingmaterialtodetermineifscenariobasedtrainingand/orotherinteractivetrainingmethodsareusedtopromoteunderstanding.

Incentives:

31

4.47 Theorganizationhasestablishedmethodsfor

rewardingandrecognizingemployeesforcomplianceactivities.

Reviewincentive,rewards,andrecognitionsprogramstoensuresuccessfulachievementofcompliancemetricsareconsideredwhenrecognizingandrewardingemployeesandleadership.

VendorsandVolunteers:

4.48

Theorganizationhasestablishedthetrainingrequirementsforvendors.

• Conductdocumentreviewtoensuretheorganizationhasestablishedtrainingrequirementsforvendors.

• Reviewfilestoensurevendorshavecompletedtrainingasrequired.• Conductsitevisitstoreviewvendoremployeecompletionofrequirededucation.

4.49 Theorganizationhasestablishedthecompliance

trainingrequirementsforvolunteers.• Conductdocumentreviewtoensuretheorganizationhasestablishedtrainingrequirements

forvolunteers.• Reviewfilestoensurevolunteershavecompletedtrainingasrequired.

Element5:Monitoring,Auditing,andInternalReportingSystemsA.Protectanonymityandconfidentialitywithinlegalandpracticallimits.B.Publicizethereportingsystemtoallworkforcemembers,vendors,andagents.C.Assuremonitoringoccursforviolationsoflawsandregulations.D.Conductorganizationalriskassessments.E.Developworkplanbasedonriskassessment.F.Maintainreportingsystem(s)toenableemployeestoreportanynoncompliance(e.g.,hotline).G.Respondtocomplianceconcernsexpressedbyemployeesthroughinternalreporting.H.Assuretheexistenceofproceduresformonitoringadherencetocompliancepoliciesandprocedures.I.Conductcomplianceaudits.J.Analyzecomplianceauditresults(e.g.,track,trend,benchmark).K.Developanannualcomplianceauditplan.L.Evaluateresultsofauditsconductedbyexternalentities.M.Monitorthatretaliationforreportingcomplianceconcernshasnotoccurred.N.Recognizeneedforattorneyconsultationintheauditing/monitoringprocess.O.Employauditingmethodologiesthatareobjectiveandindependent.P.Determinesamplingmethodologyconsistentwithcircumstances.Q.Assureatimelyresponseismadetoreportedcomplianceconcerns.

32

R.Monitormanagement’simplementationofcorrectiveactionplans.S.Providetimelyfeedbacktomanagementoncomplianceconcernsbasedonauditresults.Source:CHCCandidateHandbook:DetailedContentOutline

Element5:Monitoring,Auditing,andInternalReportingSystems

WhattoMeasure HowtoMeasure

ReportingSystem:

5.1 Accessibilityofreportingsystem Interviews.Surveys.Askemployeesandmanagersifthereportingsystemisaccessibletothem.Isitavailableinlanguagesthataremostspokenintheorganization?

5.2Adherenceto60-dayoverpaymentrule Reviewincidenttracker;ensuredaystoopenordaystoclosedonotexceedthattimeframe.Track

effortstoidentify;statusbenchmarksspecificdaystocompletion.

5.3 Trustinthesystem Survey-Doyoufeelyoucanfreelyreportethicsandcomplianceissueswithoutfearofretaliationfrommanagers?(Yes/No/Don'tKnow).

5.4ReportingandInvestigationProcess Reviewexternalbenchmarkingreports(#ofcalls,timeittakestoclosecases,anonymous,etc.).

5.5Reportingsystem–complianceresponsetoreporters

Documentreview.Focusedgroupsandspeakingwithemployeesabouthotline.• Arecallsmadethroughreportingsystemresponsivetoreporters?• Arepoliciesfollowedregardingtheresponsetoreportsreceived?• Arereportsrespondedtoonregularintervalsandupdatedappropriately?

5.6

ReportingSystem:Hotline/Directcontacts

Documentreview,audit.• Arehotlinecallsormattersbroughttotheattentionofthecompliancedepartment

(directcontacts)categorized,trended,andreportedtothecompliancecommitteeandboardlevelcommittee?

• Aretheretracking,trendingandreportingofhowthesemattershavebeenresolved?

5.7 Reportingtocompliance(hotline,reporttothecomplianceofficers,etc.) Reportsreflectcommunicationmethods(call,anonymous,email,direct,etc.)?

33

5.8Thoroughnessofinvestigationfiles Review5investigationfilesforsummaryofissue,interviewsconductedandsummaryof

interviews,investigationsummaryandresults/conclusionandcorrectiveaction(asapplicable).

5.9Timetorespondtoincidentreport Reviewdatereported,dateresponded,dateinvestigationclosed.

5.10

Promotionofreportingsystem

Documentationreview.Interviews,visualwalk-throughs.• Arehotlinepostershanginginconspicuousareas?• Interviewstaff–dotheyknowhowtoreport?• Audituseofreportingsystem(howfrequentlyisitused)?Considerinternalorexternal

reportingbenchmarks.

5.11

Publishedreportingsystem

Survey.• Isthereahotline,complianceofficer?• Howtoreport?• Howtofindinformation?

5.12Demonstrationofaformalcomplianceprogram Documentreview.Isthereidentificationofprioritizationofkeycomplianceindicators;reporting

andescalatingtocomplianceoversightcommittee?

5.13 Documentationtosupportresolutionofreportedmatters. Audit.Documentreview.

5.14

Effectivenessofcompliancedepartment

Documentreview,surveys,interviews,focusgroups.• Isthereareportcardonassociates’comfortlevel?• Dotheyknowwhotogotowithconcerns?• Dotheyknowwhomtotrust?• Istherefollow-through?• Whatisthetrustandintegrityaroundmembersofcompliancedepartment?

5.15 Disciplinefornon-compliance Documentreview,interviews.Monitortoensuredisciplinepoliciesarefollowed.

5.16 EffectivenessofFollow-uptoComplianceConcerns Interview/surveycallerforsatisfactionwithfollow-upofconcern.

5.17CultureSurvey

Documentreview,assessmentofresponses.Doculturesurveysincludequestionssuchas:• Doyouknowhowtoreportconcerns?• Areyouwillingtoreportconcerns?

34

• Doyoutrustthatconcernswillbeaddressedfairlywhenreported?

5.18 Awarenessandeffectivenessofinternalreportingsystem

Reviewsystemuse.Looktomakesureemployees,vendors,contractorscanreport;gaugethelevelofretaliation;individualcomfortofreportingsystems;survey.Conductinterviews.

5.19 Awarenessofthediscipline Survey.

5.20

Hotlinereportingsystem/vendor

Monitor.• Aretestcallsofthesystemconducted?• Arethecallsanswered?• Ifexternalvendor,aretheyfollowingtheorganization’sdocumentednotification

protocol?

5.21

Internalreportingfrombusinesspartners,contractors,etc.

Contractreviewandinterviews.• Iscompliancedepartmentawareofthecontractswithbusinesspartners,contractors,

etc.?• Isthereaninventoryofpartners?• Dotheyknowhowtocontactcompliancedepartmentwithissues?

5.22Investigationresolutionandtimeliness

Documentationreview.• Arereportsclosedtimely?• Aretherecompletionnotesanddatesmattersandsubmittedtoboard?

5.23PresenceofInternalReportingSystem

Reviewpoliciesandproceduresandmechanismsforinternalreporting.Aremattersbeingreportedaccordingtopolicy?Whatshouldbereportedupinregardstocompliance?Checktoseeifithasbeenreportedupappropriately.

5.24 Processofhowaconcernishandled Reviewdocumentationthatreflectsthisprocess;auditcasefilestodemonstratethisdecisionprocesswasfollowed.Isitamanagementissue,legalissue,other?Isthereatriagetree?

5.25 Subordinateconduct Interviews.Documentreviews.Doesorganizationmeasurewhetherlinemanagersaremonitoringtheconductoftheirsubordinates?

5.26 Writtenescalationprocess Documentationreview.Isthereawrittenproceduretodetermineatwhatpointamattermustbereportedtotheboard,committee,orgovernmentagency?

RiskAssessments:

5.27RiskAssessment

Documentation/processreview.• Isthereadocumentedenterprise-wideriskassessment?

35

• Whatistheworkplancreationprocess?• Isinternalauditincluded?• Isafraudriskassessmentconducted?• Isthisinformationusedasabasisforcreatingtheauditingandmonitoringplanorwork

plan?

5.28

RiskAssessmentProcess

Processmapofriskassessmentprocess.• Whoparticipates?• Howaretopicsprioritized?• Whatistheprocess?• Howaremitigationstepsdetermined?• Iseducationprovided?• Howaretheresultsreported?

5.29 Riskbasedwork/auditplan Documentreview.Isthecompliancework/auditplanbasedonadocumentedriskassessmentandisitriskbased?

5.30Follow-uptoRiskAssessment

Reviewprocessforfindingsofriskassessmentandwhetherimplemented;auditormonitorimplementation;auditandmonitorasnecessaryafterimplementationtomitigaterisk(closingtheloop).

5.31 Frequencyofriskassessment,scopeandcoverageandtoolsusedforriskassessment Audittheriskassessmentprocessfortheseareas.

5.32 Informationflowfrombusinessunitstocompliancedepartmentfortheriskassessmentprocess Interviews.

5.33

Internalauditdepartment’srelationshipwithcompliancedepartment

Documentreview,interviews.• Isriskassessmentutilizedtocreateannualauditplan?• Whoparticipatesintheriskassessment?• Arethereroutineinteractionsbetweencomplianceandinternalaudit?• Howmanyinternalaudithoursaredesignatedforcompliancerelatedwork?• Or,howareauditsdelegatedtointernalauditorcomplianceafterriskassessmentis

completed?

5.34 Isauditingandmonitoringbasedonriskareasidentifiedinriskassessmentprocess Reviewriskassessmentprocessandwhatauditsandmonitoringareonworkplans.

36

5.35 Monitoringeffectiveness Documentreview.Isthemonitoringplanlinkedtoriskassessmentstomakesurehighestriskareasarecovered?

5.36

Participationofbusinessleadershipinriskresolution

Verifythatriskreportingisgoingtobusinessleadership;routineinclusionofrisksatcompliancecommittee;assessmentofeffectivefollow-upwhenriskresolutionisoff-track.

MonitoringandAuditingWorkPlan:

5.37

Methodtocreateauditplan

Document/processreview.• Whatinternallyandexternallyareusedtocreatetheriskbasedplan?• Isareviewofsubmittedcorrectiveactionplansincludedinthereviewandplanning

process?

5.38 Auditandmonitoringbasedonriskassessment Documentreviewcomparisonofaudit/monitoringplan.

5.39 Approvalprocessofworkplans ReviewminutesofBoardandComplianceCommitteemeetings.

5.40 Auditingandmonitoringprocess Documentandprocessreview.Howisannualworkplandeveloped?Whoisresponsibleforit?

5.41 Aretheresufficientauditsconducted? Documentationreview.Lookatauditplan,including“adhoc”auditsthatwereunplanned,butconductedinresponsetoamatter.

5.42 Auditinventory Documentreview.Isthereaninventoryofallauditsbeingconductedeitherbyinternalstafforexternalconsultantsintheorganization?

5.43 Compliancedepartmentroleinestablishingauditplan Reviewofauditplanandprocesstoensurecomplianceiskeystakeholderandpartoftheprocess.

5.44 Definedprocesstohireoutsideexpertstoconductaudit/investigationandreview

Reviewpolicyandproceduresandinterviewdecisionmakersontheprocessandcriteriatotriggerthehiringofoutsideexpertstoconductaudit/investigationandreview.

5.45

Completionrateforcomplianceworkplan

Auditordocumentreview.• Weretheitemsontheworkplancompletedbytheduedate?• Ifnot,docompliancecommitteeandboardlevelcommitteeminutesreflectdiscussion

aboutthis?• Ifworkplanwaschanged,istherecompliancecommitteeandboardcommittee

documentationtosupportthis?

37

5.46Periodicreviewsofmonitoringandauditingplan

Documentreview.Ismonitoringandauditingplanreviewedperiodicallyatthecompliancecommitteeandboardlevelcommitteetomakesureitisstillfitforpurposeandfocusedonhigh-riskareasfortheorganization?

5.47 Randomauditingisconductedtoidentifyunknownrisks Portionoftheauditplanisbasedonrandomselection.

5.48 Effectivenessofgiftpolicyandprocedure SurveyongiftpolicyawarenessandauditgiftregistryorsystemforcompliancewithP&P.

AuditProcess:

5.49 Theneedfortheadviceofcounselrelatedtoaudits Reviewofreferralprocesstotrackattorneyreferral.Isorganizationtrackingthatattorneyis

consultedwhenauditfindingsnoteissues?

5.50 Validatetheorganizationisconductingaudits Processreview.

5.51 Auditresultsandactionsinresponsetoauditisreportedtothegoverningbody Reviewofminutes.

5.52 Auditresultsarepartofperformancereportsand/orincentives Documentationreview.

5.53

Authoritytoinitiateaudit

Documentreview.Interviews.Audit.• Istheredocumentationoutliningwhoisauthorizedtoinitiateanaudit,includingthe

engagementofoutsideconsultants?• Howisthisdone?• Howthoroughisit?

5.54 Auditprocess Processreview.Documentationreview.Areauditsdefinedwithissue,scope,objectives,andresources?

5.55 Accountability Createauditreportsforcomplianceauditsidentifyingpurpose,scope,sampleselection(ifapplicable),findings,conclusion,andrecommendations.

5.56 Auditbenchmarks Auditofauditsforbenchmarking-Aretheauditfindingsactionable?

5.57

Complianceauditresults

Processreviewanddocumentreview.• Areauditresultsbeinganalyzed,tracked,trendedandreported?• Forexample,howoftenareeducationorpoliciesandprocedurechangesneeded?• Ismanagement(notcompliance)responsibleforcorrectiveactionplans?

38

• Iscompliancemonitoringcorrectiveactionplanstocompletionandthenconductingfollow-upauditstoensuretheactionsremaininplace?

5.58 Meaningfulnessofaudits Reviewofaudittool.

5.59

Reportresults

Documentationreview.• Howisresolutionofdeficiencydocumented?• Howdoesthedepartmentdocument?Howdoesthedepartmenttrackwhatwas

accomplished(metric:spreadsheet-database)?

5.60

Reportingofauditresults

Processreview.Documentationreview.• Areauditresultsarereportedtooperations?• ComplianceCommittee?• Governingbody?

CorrectiveActionPlans:

5.61 Depthandbreadthofrootcauseanalysis Auditandinterviewprocesstodetermineifproperdepthandbreadthofrootcauseofconcernandproperincorporationintocorrectiveactionplan.

5.62 Accountabilityofcorrectiveaction Reviewagendas,minutesandreportstocompliancecommitteeoncorrectiveactionplans.

5.63 Actionplansinresponsetoanauditfinding Auditofauditstoensureactionplansaredocumented.

5.64 Areidentifiedrefundstracked,documentedandreturnedtimely? Auditandreviewofdocumentationtoensurecheckwentout.

5.65 Auditandinvestigationtrending Validationreviewsofcorrectiveactionplans.Areauditandinvestigationfindingstrackedfortrends?Rootcauseanalysis?Fixforentiresystem?

5.66

CorrectiveActionPlans

Documentreview.Audit.• Isthereadocumentedfollowupprocesstomakesuremanagementhascompleteditems

incorrectiveactionplans?• Werethecorrectiveactionssuccessfulincorrectingthedeficiency?• Arefollowupauditsconductedtoensurecorrectiveactionsdonotlapse?

5.67 Reportingofuntimelycorrectiveactions Validationaudits/follow-upaudits.Ifthereareun-timelycorrectiveactions,aretheyreportedtothecompliancecommitteeandgoverningbody?

5.68 Timelycorrectiveactions(newsafeguards/controls) Audittoensureauditshavecorrectiveactiondocumentedinatimelyfashion.

39

Auditors:

5.69 Auditingtheauditors Hirethirdpartytoauditauditorsorindividualcontributors;validateauditresults.

5.70 Auditorsdevelopauditinstructions Documentreview.Arethereguidelinesinplace?

5.71 Auditorsskillsetandcompetencytoaudittheissue Reviewauditworkproduct,personnelfiles,etc.

5.72 Independence AuditforIndependence-Reviewtoensurenovestedinterestinoutcomes,meetindependencerequirementasdefinedbyyellowbook.

5.73 Processtoevaluateauditorskillsettoensuretherightauditresourcesareselected(internalaudit,outsideauditor,etc.)

Reviewofauditorbackgroundandskillset.

5.74 Standardizationofauditprocess-auditorsapproachauditsinthesameway Auditreviewtomonitorforconsistency.

Non-Retaliation:

5.75 Monitoringforretaliation Exitinterviews/employeesurveys.

5.76 Retaliation Surveys,focusgroups,individualquestioning,exitinterviews.

Vendoroversight:

5.77Vendoroversight

• Reviewvendorcertifications;trackconsequencesforvendorsnotadheringtocomplianceprogram.

• Ensureallvendorcontractsincludeconsistentcompliancelanguage.

40

Element6:DisciplineforNon-Compliance

A.Recommenddisciplinaryactionwhennoncomplianceissubstantiated.B.Promotedisciplineproportionatetoviolation.C.Promotedisciplineconsistentwithpoliciesandprocedures.D.Verifythatdisciplineisenforcedconsistentlythroughoutalllevelsoftheorganization.E.Monitorforconsistentdocumentationofdisciplinaryaction.F.Recommendactionforindividualsandentitiesthathavebeenexcludedfromgovernmentprograms.G.Verifythatcompliance-relatedviolationsareaddressedindisciplinarypolicies.H.Coordinatewithmanagementthattimelydisciplinaryactionistaken.I.Verifythatdisciplinaryactionisreportedtoregulatorybodywhenrequired.Source:CHCCandidateHandbook:DetailedContentOutline

Element6:DisciplineforNon-Compliance

WhattoMeasure HowtoMeasure

Consistency:

6.1

Fairnessandconsistencyindisciplinaryprocess

Sample–audit.• Isthedisciplinaryactionpolicyconsistentlyfollowed?• Doesthecompliancecommitteereviewandmeasurefairnessandconsistencyinpolicy

application?• Auditdisciplinepersonnelfiles–considercreatingpredefineddisciplinematricesand

auditagainstthese.• Interviewonperceptionofdisciplineapplied,surveyonperception.• Isdisciplinaryactioninproportiontomatter?• Isthereconsistencyforsimilarmatters?

6.2

Approachtodeterminingtypeofdisciplinaryaction

ReviewofP&P.• Auditing/testingtodeterminewhetherthereisacommonapproachtoanalyzingthe

disciplineaspectofresolution.• Aretherestepsembeddedintoprotocol?

41

6.3 Complianceofficerinputintodisciplinaryactiondecisions

InterviewCCO,outcomesreview,andaudit.Arecomplianceofficer’srecommendationstakenseriously?

6.4

Decision-makingparties

• Auditpersonnelfiles.• Policyreview.• Isthereadisciplinaryactioncommitteeapproachtoreviewresultsofinvestigationand

previousactionsandtomakedecisions?• Aretheappropriateparties(e.g.Legal,HR,Compliance,etc.)partofdisciplineactiondecision-

makingprocess?

6.5 ThoroughnessofdisciplinaryP&P Reviewcriteriaofincludingcomplianceviolationsandwell-definedsanctionsforconsistentapplicationofdisciplinarypolicies.

6.6 Timelinessofdisciplinaryaction HRauditoffiles.Istimelydisciplineandactioncarriedout?

Awareness:

6.7Understanding Survey-Ispoorperformanceoncomplianceresponsibilitiesgroundsfordisciplinaryaction?

6.8Accuracy Verifyingthatpersoncompletedthecomplianceexpectationsthatwereattestedto.

6.9 Compliancegoals Documentationreview.Isthereconsiderationofcomplianceactivitiesindailyactivities?Reviewperformanceevaluations-Weregoalsaccomplished?

6.10 Complianceincentives Processreview;interviewsofleadershipandstaffinterviews.Whatistheroleofcompliancewhenitisimplemented?

6.11

Incentivepolicy

Documentreview,interviews,andfocusgroups.• Doestheorganizationdistributebadgesforcenters,ordepartmentsforparticipationin

compliancetraining?• Aretherecontestsforcompliancetrainingandpublishingoftestscores?

6.12 Distinctionbetweendisciplinaryactionandnon-retaliation

Interviews,reviewsofpolicies,etc.Assesstheeffectivenessoftheorganizationaldistinctionbetweendisciplineandnon-retaliationandmakesurethereareappropriateprotectionsregardingnon-retaliation.

42

6.13 Educationtoensureemployeesknowexpectations Auditcommunicationsregardingexpectationsanddisciplinepossible.ComparepolicyandStandardsofConducttoensuretheyareclearregardingdisciplinaryaction.

6.14 Employeeawarenessofdisciplinaryactionpolicy Interviews,surveys,etc.Doemployeesunderstandtherearedisciplineconsequencesfornon-compliance?

6.15Employee,vendor,contractorknowledgeofcodeofconductandtheircomplianceresponsibilities

Auditdocumentation.• Doemployees,vendors,andcontractorsknowtheirresponsibilitiesregardingcodeof

conduct?• Dotheysignannualattestations?

6.16 Transparencyregardinglessonslearned Documentreview.Arethelessonslearnedfromdisciplinaryactionconveyedandusedasaneducationaltoolfororganization?

6.17 Culture Survey-Doyoufeelemployeeswhoengageinimproperwork-relatedactivitieswillbecaught?

6.18 Non-retaliationforgoodfaithreporting Reviewdemotions,terminationsandconductemployeesurveys.

6.19 Proactiveeducationonviolationanddiscipline Reviewpolicyandprocedureandeducationandtraining

6.20

Recognitionandappreciation

Focusgroups,interviews.• Arethererecognitionandappreciationprogramsthatdonotincludeincentivizingwith

money?• Forexample,aretherenewsletters,reportstogoverningbody,websiteannouncements

torecognizethoseforexhibitingcomplianceandethicalbehaviorsandactions?

Documentation:

6.21Disciplinetransparency Documentationreview.Arehigh-levelresultsfromdisciplinaryactionpublished(e.g.,#of

terminations,#ofcounseling,#ofsuspensions,and#ofcorrectiveactionplans)?

6.22 Oversight ReviewminutesfornumberofdisciplinaryactionsforcomplianceandHIPAAviolationsinlastyearreportedtotheComplianceCommittee(dashboard)

6.23 Adequatedocumentation Review/auditdisciplinaryfilesforsupportingdocumentationofdisciplinaryaction.

6.24Complianceinbusinessplans

Document,processreview.• Istherealeadershipscorecardthatincludescompliancemetrics?• Aretherecomplianceincentivesbuiltintobusinessplans?

43

6.25 Notificationoflicensingboards HRfileaudit-beforeissueisclosed,isdocumentationpresentandincludedintrackingsystem?

6.26 Policy Documentreview.Audit.Isthereadocumentedpolicyaddressingdisciplinefornon-compliance?

6.27 Policyexceptions Filereviewofexceptions.Areexceptionstracked,documented,andevaluated?Whogetstomakethedecisionregardingexceptions?Isthisprocessdocumented?

6.28

Reportingtoregulatoryauthorities

Audit.Documentreview.• Lookatcriteriaforreportingandtimelinessachieved.• Auditcasesandtrack.• Ensuretimelyreportingtoregulatoryauthoritiesofpotentialviolationsanddisciplineto

demonstrateorganization’scommitmenttocompliance.

6.29 Scopeandinclusionofdisciplinaryactionpertainingtotheculture

Investigatebreadthofdisciplineandinclusion,auditdisciplinaryfiles,andconductinterview.Doesdisciplineincludethosewhoknowaboutitanddidn'treportitorcausedittohappenbutdidnotactuallydoit?

6.30 Scopeofdisciplinaryaction Audittoverify-Aretheredisciplinaryactions/consequencesfornotreporting?

6.31 Systemallowsfordocumentationofcomplianceissues

Document/Systemreview.DoesHRsystemhavemechanismforrecordingandtrackingcomplianceoffenses?

PromotionCriteria:

6.32 PromotionCriteria Reviewifcomplianceconsiderationswereincludedinpromotionprocessandcriteria.

6.33

Seniorexecutiveperformancereviews

Process,documentreview.• Beforepromotion,doescomplianceconductinterviewtoidentifyordiscusscompliance

issues?• Doesheadofcomplianceparticipateinthereviewsofseniorexecutives?• Istheretalkaboutcomplianceinitiativeswithregardstoseniorexecutiveperformance

reviews?

6.34

Performancereviews

Documentreview.• Isthererecognitionofcomplianceeffortsinperformancereviews?• Iscompliancebuiltintotheperformanceevaluationforrewardingemployeesand

disciplinaryaction?

44

Element7:InvestigationsandRemedialMeasuresA. Communicatenoncompliancethroughappropriatechannels.B. Assuredevelopmentofcorrectiveactionplansinresponsetononcompliance.C. Monitortheeffectivenessofcorrectiveactionplansinresponsetononcompliance.D. Assureremedialeffortsareimplementedtoreducerisk.E. Cooperatewithgovernmentinquiriesandinvestigations.F. Investigatemattersrelatedtononcomplianceinafair,objective,anddiscretemanner.G. Assurerecordsaremaintainedoncomplianceinvestigations.H. Participateinnegotiationwithregulatoryagencies.I. Assurethatoverpaymentstopayersarerefundedinatimelymanner.J. Collaboratewithlegalcounselregardingvoluntarydisclosures.K. Coordinateinvestigationstopreserveprivileges,asapplicable.L. Facilitateindependentinvestigationswhennecessary.M. Recommendmodificationofcorrectiveactionplans.N. Recognizeneedforsubjectmatterexperts.O. Assuredocumentsrelevanttoaninvestigationarepreserved.P. Assureinvestigationpersonnelhavethenecessaryskillsets.Q. Instituteimmediatemeasuresasnecessarytomitigateongoingharm.R. Recommendmeasurestoaddresssubstantiatedincidenceofretaliation.Source:CHCCandidateHandbook:DetailedContentOutline

45

Element7:InvestigationsandRemedialMeasures

WhattoMeasure HowtoMeasure

GuidelinesforConductinganInvestigation:

7.1 Theorganizationhasguidelinesestablishedtoensurethorough,credible,andcompleteinvestigationsaredoneinaconsistentmanner

Reviewguidelines,policyandprocedureand/orprotocolonconductinganinvestigation.

7.2 Effectivenessofinvestigativeprocess Reviewprocessforcommonstepstoembedintoaprotocol.Conductabaselinereviewtounderstandwhatthemandatorypartsoftheinvestigationframeworkareandwhatmaychangeduetosituationorcircumstance.• Istheoverallinvestigationprocessdrivenbyapolicyandprocedure,subjectmatterresource

involvement,objectivereviewer?• Istheprocesstransparent(noteverythingplacedunderattorneyclientprivilege)?• Isthereadocumentedinvestigationsprocessorprocedure?• Areinvestigationsbeingconductedconsistentwithwrittenprocedures?• Istheresomethingthattriggersasentinelevent,immediatereporting,theneedforexternal

consultantsorattorneys?• Whatistheapprovalprocess?• Whataretimelineswithregardsto60-dayrule?• Isthereacentralizedprocessforkeepingupwithallinvestigationsinprocess?• Howmuchflexibilityduetosituationorcircumstancesisappropriateandhowmuchneedsto

becontrolled?• Nextyear,istheprocesstightenedupgoingforward?

7.3 Individualaccountabilityaspartofinvestigativeplan. Audit.Documentreview.Interviews.• Isthereabaselineinvestigativeplanthatoutlinescommunicationplanforinterviewing

currentorprioremployees?• Doestheinvestigativeprocessincludespecialattentiontoindividualaccountability?• Isthereinvestigativemappingandoutlinetoaskquestionsaboutwhomaybeintheloopso

compliancecanbesuretheyarenotpartofreportinggroup?• Arethereappropriateprotectionsforpeoplebeinginterviewedandtherepresentationof

organization?

46

• Istheredocumentationthattheindividualisnotgivenassurancesthattherearenorepercussionsforhim/her?

7.4 Typeofdocumentationrequiredforremedialmeasuresandinvestigation

Reviewpoliciesandproceduresonrecordretentionandtypesofdocumentation

ContentofInvestigationFiles:

7.5 Assurerecordsaremaintainedoninvestigation Audittoask:• Isthereapolicyandprocedurefordocumentationthatneedstobemaintained?• Doinvestigativefilesmatchthepolicyrequirements(determinewhatshouldbeinthe

attorneyfileversustheinvestigationfile)?

7.6 Qualityofthedocumentation Assesswhetherthewho,what,whenandhowisansweredineveryinvestigation;samplelogentries

7.7 Assuredocumentsrelevanttoaninvestigationarepreserved

Readwrittenpolicyandprocedureforinvestigationrecords;readinvestigationfilesofHR,compliance,and/orlegaltoconfirmcompliancewithretentionperiod

QualityandConsistencyofInvestigations:

7.8 Qualityandeffectivenessofinvestigations Auditinvestigationstolookat:• qualityofquestionsaskedandcontentconsidered,involvedparties,andreportoutof

findings;• didtheyinvolvetheappropriatepartsoftheorganization;• aretheybroadenough;and• didtheyuseinternalorexternalauditors?

7.9 Thoroughness,timelinessandconsistencyofinvestigationprocessamonginvestigators

Auditinvestigationfiles

7.10 Triageprocess • Auditprocesstoreviewwhetherallegationswereappropriatelyandtimelyhandled• Dryrun,test,mockreport

7.11 ConsistencyofInvestigations Multipleanonymous(mock)reportsondifferentissuestotestprocess

47

7.12 Credibilityofinvestigationandremediationprocesstothirdparties

Demonstratingitbymockpresentation(devil’sadvocate)-roleplayingwhataregulatormightaskregardingtheinvestigationandremediationprocess.

TrackingandTrendingInvestigations

7.13 Investigationcategorizationprocessandtrending Documentationreviewandaudittrackingsystem.Areinvestigationsbeingcategorizedsotheycanbetracked,trendedandreportedtocompliancecommittee,seniormanagementandboard?

7.14 Retainingdocumentationofinvestigationsinrecordsmanagementsystem(tracking,trending,review)

Reviewofdocumentationinsystem

7.15 Documentingwhenissueissubstantiatedornotandreporting/trending

Reviewreports/process

7.16 Compliancelog(logandtrackinvestigations) • Doesalogexist;• Doesithaveinvestigationsandactionstaken;and• Aretheresupportingfilesforeachentrysothattheycanbereportedon(HR,Billing)toreport

thetrends?

EscalationofInvestigations

7.17 Ensureadequateandtimelyescalationofinvestigationoutcomes

Auditsampleofinvestigationfiles

7.18 Significantinvestigationsarereportedtothegoverningbody

Reviewboardminutes,reviewpoliciesrelatedtoboardreportingrequirements.

7.19 Investigationreportingtoseniorleadershipandboard

Documentreview,interviews.Areinvestigationsbeingreportedtoseniorleadershipandtheboard?

CommunicationofInvestigationOutcomes

7.20 Theappropriatecommunicationoftheinvestigationoutcomes(education)

• Conductanassessmentattheconclusionofaninvestigationofadditionalcommunicationtotheorganizationfororganizationallearningandcultureofcompliance

• Documentreviewofmeetingminutesand/orinterimreports.Wereinvestigationsresultsreportedtoseniorleadershipandboard?Howweretheresultscommunicated?

48

• Reviewhowresultsofinternalinvestigationsaresharedwiththeorganization'sgoverningbody,leadershipandrelevantdepartments.

7.21 Culture Surveyforwhetheremployeesbelievethatmanagementand/orthecomplianceofficerfollowsuponreportsofcomplianceconcernsandtakesappropriateactionwhenevernecessary?(Yes/No/Don'tknow)

7.22 Perceptionofinvestigationresultsbyemployeesandstakeholders

Focusgroupsorsurveyofemployees

7.23 Communicatenoncompliancethroughappropriatechannels

Readworkgroupmeetingminutesoremailstodeterminedistributionlistincludesappropriateindividuals(stakeholders,decisionmakers)

TrainingofInvestigators

7.24 Staffwhoconductinternalinvestigationshavetheeducationnecessarytoconductinvestigations

Peerreviewonsimilarorganizations.Reviewofcertificationsandeducationprovided.

7.25 Numberofemployeeswithappropriatecertificationsthatareconductinginvestigations

Reviewlistofinvestigatorsandtheircertifications

7.26 Investigatorshavetheskillset Interviewinvestigatorsandlookatworkproductforfacts

7.27 Training/competencyofinvestigators • Evaluatetrainingtranscripts,trainthemoninvestigationtechniques;• Reviewthetypeoftraininganyoneconductinginvestigationshasreceivedoverthepast2

years

ProfessionalismandCompetencyofinvestigators

7.28 Ensuringinvestigatorsareconductinginvestigationinprofessionalandrespectfulmanner

Interviewsubjects

7.29 Professionalismandeffectivenessofinvestigators Conductandobservemockinterviews

7.30 Strengthandcredibilityofinvestigationprocess Roleplayofinvestigationprocess

7.31 Investigatemattersinafairmatter,objectiveanddiscreetmanner

Peerbenchmarkingtoevaluate:• thetimeitshouldtaketoconductaninvestigation;

49

• whatpeersdotomakesureinvestigationsoccurdiscreetlyandtimely

Independenceofinvestigator

7.32 Objectivityofinvestigator Interviewsbyexternalsourcewithgoaltoensurenointernalorganizationalpressureontheinvestigatorsthatisimproper.

7.33 Assessinguniformityofusingoutsidecontractorsandexpertsintheinvestigationprocess

Reviewpoliciesandproceduresandauditfilesforcompliance

7.34 IndependenceandObjectivityofInvestigation Reviewpoliciesandprocedures,surveyemployeeperception,qualitycontrolprocess,etc.

7.35 Independenceofinvestigation(nointimidationisoccurring)

Workproductandinterviews;qualityofprocess(avoidreportingstructureconflictsofinterest;direct-report)

InvolvementofLegalCounsel

7.36 Coordinatinginvestigationstoprotectprivilegewhennecessary

Auditagainstpoliciesandprocedurestodetermineappropriateattachmentofprivilege

7.37 Collaboratingwithlegal • Lookatworkproducttodeterminequality;• Ensurecomplianceleadstheinvestigation(unlessinvestigationisbeingconductedunder

privilege);• Interviewcomplianceofficerandlegalcounseltodeterminethelevelofcollaboration.

TimelinessofResponse

7.38 Areimmediateactionstakenimmediately Auditinvestigationoutcomestoseeiftimely

7.39 Complianceofficerauthority Interviews,documentreviews.Ifconcernisraisedanditisharmful,managementneedsabilitytoreactimmediatelyevenifitisbeforeinvestigationiscomplete.Doesthecomplianceofficerhavetheabilityandauthoritytostopanaction(e.g.,billing)?

7.40 Timetoinvestigationclosure • Tracktimelinessagainstbenchmarkestablishedbyorganization;• Documentationreview.Islengthtocloseinvestigationsbeingdocumented,tracked,trended

andreported?

50

• Areresolutionactions(e.g.,education,newpolicy/procedure,correctiveactionplan,disclosure,repayment,etc.)beingdocumented,tracked,trendedandreported?

7.41 Timelyprocessingofrefunds,self-disclosures Audit,monitor,documentreviewofinvestigationsthatresultedinrefunds,disclosurestoensuretheywereprocessedinatimelyfashion.

7.42

Self-Disclosureguidelines Documentreview,interviews.• Aretherewrittenguidelinesforself-disclosures?• Dotheyaddressmembersimpacted,informationtobesharedwithregulators?

CorrectiveActionPlans/RemedialMeasures

7.43 Businessleadersareaccountableforfollow-uptoinvestigations

• Verificationthatinvestigativereportissharedwiththoseresponsibleforfollow-up.• ClosurereportsareprovidedtoComplianceCommittee.• Auditpostinvestigationtoensureresolutionismaintained.

7.44 Effectivenessofcorrectiveactions Documentationreviewofcorrectiveactionstimeframesmet,issuesclosedout,effectiveresolution.

7.45 Structure Reviewhowcorrectiveactionplansarecreated

7.46 Validatethatcorrectiveactionplansareappropriate,implementedandeffective

Review3correctiveactionplanstoensureidentifiedallissuesandconductvalidationvisits

7.47 Accountability • Reviewhowcorrectiveactionplansaretracked;• ReviewhowcorrectiveactionplansarereportedtoComplianceExecutiveCommittee

7.48 Ensureremedialmeasureforlikefindingsareconsistentlyimplemented

Audit

7.49 Measuringsufficiencyofcorrectiveactionplansthataredeveloped

Samplecasesthatweresubstantiatedandreviewthecorrespondingcorrectiveactionplanstoensuretheyrespondtoissuesidentifiedininternalandexternalauditsandinvestigations

7.50 Remedialactions-Appropriateremedialactionoccurred

Reviewinvestigationdocumentation,PowerPoint,trainingattestationisinthefile.

51

7.51 Ensureremedialeffortsareestablishedtoreducerisk

Basedontheoutcomeoftheinvestigation;deficiencywasfixed,evidenceitwasfixed,thereareotheritemstoreview(ex.Chargemaster)lookatthedownstreamimpact-employees,systemicissues(beyonddisciplinaryaction)

Rootcauseanalysis

7.52 Conductrootcauseanalysistodetermineiffindingsneedtobeaddressedinotherpartsoftheorganization

Auditdocumentation

7.53 Resolutionofinvestigations Audit.Wasrootcauseresolved?

7.54 Accountability/Structure Obtainalistofadhoccommitteesformedaroundspecificcomplianceissueoverthelast2years

Adherencetonon-retaliationpolicy

7.55 Monitoringhowthereporterfeelsabouthavingreported

Interview

7.56 Ensureconfidentialityofinvestigationprocess Surveyorfocusedgroups,interviewparticipantsininvestigations

7.57 Exitinterviewprocessqueriesforretaliation Reviewofexitinterviewprocess

7.58 Culture:Retaliation Surveys,interviews,exitinterviews.• Isthereapolicystatementinnewemployeeorientation?• Aretherecommunications?• Doemployeesknowhowtoreportpotentialinstances?• Doestheorganizationconductculturesurveys?• Isthereapolicystatementregardingnoobstructionofinvestigation?

7.59 Adherencetonon-retaliationpolicy Surveyparticipatesininvestigationtodetermineiftheyfeltorfearedretaliation

7.60 Substantiatedretaliation Audit

GovernmentInquires/Investigations

52

7.61 Cooperatewithgovernmentinquiries/investigations • Auditcreditreceivedforcooperation;• Readrecordsthatcontaingovernmentcorrespondencewithentity.Reviewandconfirm

appropriateresponsesweresubmittedonorbeforerequesteddate.

7.62 Strategicrelationshipwithregulators Interviews.• Isthereafocusedapproachtobuildingrelationshipswithregulators?• Doesstaffseekoutregulatorsatconferences,etc.tobuildrelationships?

7.63 Mockpresentations

Documentationreview.Interviews.• Doestheorganizationconductmockpresentations(e.g.,in-houseattorney“acts”as

governmententity?• Compliancepresentsadisciplinepartofcomplianceprogramtoin-houseattorneyfor

his/herreviewandcomment.)

MonitoringResults

7.64

Validationthatinvestigationsarecomplete

• Auditing,documentationreview,interviewsafterinvestigationsarecomplete.• Isthereadocumented(3-6-9months)timingintervaltoassesswhether“actionhastraction?”• Isthereaprocesstogobackandprioritizeorverifythatplansorworkunitsarefollowing

throughonrecommendedactions?

7.65 Reviewofinvestigationsinfutureworkplanning • Documentationreview.• Isthereananalysisofinvestigationstohelpinformfutureworkplans?

7.66 Longtermeffectivenessofremedialmeasures Audit-oneyearofremedialmeasureswhereactivemonitoringended6monthspriortovalidatethatremediationstillinplace

7.67 Howlargerlessonscanbeconveyedtotheorganization

COcouldreviewannuallythereportstotheboardorbroadercommunicationstotheentireorganization;revieweducationontrendsandthemes.

AwarenessofInvestigationProcess

7.68Educationoninvestigationsprocess

• Audit,monitortrainingrecordsandeducationalcontent.• Istrainingregardingtheinvestigationsprocessprovidedathireandongoingsoemployees

knowwhattoexpectregardingtheinvestigationsprocess?

7.69 Strategicrelationshipwithriskpartners(i.e.,Legal,HR,riskmanagement,etc.) Interviewriskpartnerstodetermineinteraction,involvement,knowledge.

53

ContractProvisionsregardingInvestigations

7.70 Thirdpartyandnon-employedcliniciancontractstoensuretheyhaveanobligationtocooperateininvestigations.

• Contractreview.• Inventoryofagreementswith3rdpartiesandnon-employedclinicianstomakesurethey

understandtheirobligationtocooperatewithinvestigations.

7.71 Inventoryofrequirementsincontracts Audit.Documentreview.Aretherestandardtermsthatmustbeincludedincontracts?Atemplatecanbeusedtoensureallrequirementsareincontracts.