Over 90 Total Lots Up For Auction at One Location - WA 04/08

Making the business case for compliance

September 20, 2017
From the September 2017 issue of HealthCare Business News magazine

By: Rebekah Sharpe

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently fined Children’s Medical Center of Dallas a whopping $3.2 million for what OCR described as the hospital’s noncompliance "over many years with multiple standards of the HIPAA Security Rule.”

Multimillion-dollar noncompliance fines like this have become almost routine in American health care. Our friends at Children’s are not alone.



The need for a comprehensive compliance program in hospitals has never been more apparent. Yet compliance professionals often find themselves fighting an uphill battle when asking C-suite executives and board members for the resources necessary to do the job properly. Many of us in the compliance space struggle to understand, even with the financial pressures health care is facing, why anyone would diminish or constrain the capabilities of an effective compliance program.

We need to accept the fact that a solid compliance program is simply a cost of doing business in modern American health care. Change is afoot in the industry, but this is one area that is not going to change.

Addressing organizational resistance to the allocation of appropriate resources for compliance programs requires today’s compliance leaders to understand what is causing leadership to consider downsizing these programs so they can address the objections in a logical, fact-based manner.

Understand what is driving these cuts
Many executives in the chief compliance officer or general counsel role (being responsible for compliance) must deal with the routine mandate from senior management to cut or trim their compliance resources. The reasons typically include:

• The organization does not understand the risk of noncompliance.
• The organization does not believe it will ever be investigated for noncompliant actions.
• The organization believes it can defend against claims of noncompliance.
• Management decides that it must cut compliance resources to protect the organization’s financial health.

Let’s look at each of these objections and suggest ways a compliance officer might deal with them.

• The organization does not understand the risk of noncompliance.
If you have C-suite executives or board members who don’t understand or appreciate the risk, this means you have not been effective in your compliance education. Begin by instituting a refined compliance education program targeted to those individuals. Focus on the current high-risk compliance areas in health care and give examples. If you cannot effectively convey this message internally, consider engaging an external expert to meet with and educate your leadership and board on what is taking place in the health care industry related to compliance risk. We strongly advise against bringing in attorneys at this juncture, as they typically do not have a specialized focus on health care compliance. Resist involving friends of the board, who may not be compliance experts, to perform the task. After completing compliance education, have each attendee certify that they understand the elements of your compliance program and recognize the importance of compliance within your organization.

You Must Be Logged In To Post A Comment