Understanding Who Is Responsible for Compliance Program Failures

(Hint: It’s You)

Let’s be honest with ourselves.

For years, many organizations have viewed having a comprehensive compliance program as a “check the box” activity. If there was a binder on the shelf labeled “Compliance Program,” then organizational leadership felt like they were covered.

Then, along came the role of Compliance Officer, and it became that person’s issue. Except, the comprehensive compliance program was one problem among many. While the compliance officer was busy putting out fires, programs moldered on shelves, with few tangible updates. Meanwhile, compliance requirements grew exponentially, with little opportunity for corporate leadership to integrate those changes into their daily operations in a holistic way.

Then, there was the pandemic. Businesses went from “firefighting” compliance into full operational triage. Now, that the pandemic has ended, the Centers for Medicare & Medicaid Services (CMS), the Department of Health and Human Services (HHS), Office of the Inspector General (OIG), and the Department of Justice (DOJ) continue to work to catch up and return back to the normal surveying procedures and enforcing compliance failures.

And they are going to hold you personally responsible.

In the 2023 DOJ updates, the DOJ continues to push organizations to take the necessary steps to evaluate and review their compliance programs and the processes that are in place to hopefully prevent misconduct. But, in the unfortunate event that there is a reportable offense, the DOJ is pushing organizations to take the steps to self-report.

What should this mean to operators and leaders, especially those working in healthcare settings?

DOJ has said that when bringing a criminal complaint, their agents will consider a broad range of issues, including reward and compensation metrics tied to compliance, the imposition of financial sanctions for compliance failures, and the role leaders play in allowing those failures to occur. Active participation is no longer the key issue; passivity or inaction will likely be just as damning evidence going forward.

What’s a provider to do?

The answer is simple. Pick up that Compliance Program binder and get to work!

As mentioned, an effective, updated, and independently reviewed compliance plan is the best strategy to ward off misconduct; and such a plan will likely be considered if a compliance breach comes before DOJ officials. If your plan does not include actionable compliance incentives, such as those tied to compensation, promotion, and hiring practices, you are likely already behind the proverbial “8 Ball.”

Ethical behavior and compliance are no longer a “corporate” problem. It’s a “you” problem. Your career may be on the line for compliance failures if you do not take an active role, right now, in making sure your programs are comprehensive, effective, implemented, and enforced.

Is your Compliance Program up to date, or do you need assistance with reviewing your Compliance Program? Contact one of our experts to learn more about how we can help!