New Compliance Audit Guidance for Health Care: What You Need to Know

by Brad Garland

In the past, the compliance guidance from the Office of Inspector General at the U.S. Department of Health and Human Services emphasized that health care governing boards focus on three key areas: 

  1. Fully engage themselves in their responsibilities to oversee compliance audits
  2. Make compliance a priority for management
  3. Inquire the effectiveness of compliance management software
compliance audit

New compliance audit guidance means that these three key areas will be expanding with the inclusion of a fourth aspect of compliance guidance: suggestions for health care compliance officers, auditors, and other members of health care governing boards.


What can I expect from the new compliance guidance?

These suggestions will provide additional insight into corporate compliance programs. Given that information security is a continually evolving process which is never perfect, they should be seen as a way to make any compliance process just a little better.

Large health care organizations must have a reporting system in place to ensure the board receives compliance related information and reports as quickly as possible. Small practices should also have a similar system in place to ensure compliance information is easily accessible, even if there is no board overseeing the organization.


Specifics of the compliance program

Corporate compliance programs are not a “one size fits all” type of project. These programs must be custom tailored to meet the specific needs and size of each organization. Every compliance program must have a formal plan for keeping decision makers up to date on regulatory changes. Additionally, these reports need to address the organization's current regulatory compliance.

These compliance reports can be delivered to board members or discussed at regular meetings. Additionally, they should be reviewed by compliance audit consultants and integrated into organizational education programs.


Roles and structure of internal audit and compliance functions

The most important thing to get right when setting up an internal audit and compliance system is to clearly define roles. Communication between compliance teams, HR teams, and all employees will hinge on clearly defined roles and responsibilities. This collaboration between teams is the most efficient way to address internal compliance audits.

Within your organization, you must consider how management is working to address risk and resolve compliance conflicts. This means someone must have the responsibility to identify problems and implement solutions that will impact the whole organization.


Compliance auditing process and culture

The governing board and/or management needs to establish a process by which areas of risk can be identified. Once found, these areas must be constantly reviewed and audited to create an action plan to correct the situation. 

Management and any governing board must also encourage a “culture of improved compliance” in which employees feel comfortable discussing concerns. There must be no fee or any consequences when an employee discloses these compliance concerns. If you have any questions about the new compliance audit guidance for health care, feel free to contact us any time.