Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Tips for Implementing an Effective Compliance Program

OIG reviews Tips for Implementing an Effective Compliance Program.

Podcast thumbnail image


My name is Susan Gillin, I am an attorney with the Office of Inspector General. We see cases every day where compliance programs have failed and health care providers submit false claims to the health care programs. So how do you implement an effective program?

Here are six steps you can take toward that goal. First, foster a culture of compliance. How can you create a compliance-focused culture? Support your compliance program with sufficient resources. Your staff will notice if you spend money everywhere but compliance. Committing financial resources to promote compliance also shows that integrity is valued in your organization.

Also, no matter how much money you have, you can support the compliance function with your attitude. Be creative, talk about compliance issues in staff meetings, or celebrate employees who have brought compliance concerns to your attention. After you've established that you are committed to compliance, how do you get specific? Create useful policies and procedures. Your policies should be specific to each job function in your organization. Review them frequently, and update them. Most providers forget to update the policies once they're set. Include real life compliance issues you've faced, and make the policies available. Leave multiple copies in common areas, and send them to your employees by email.

Another great way to stay compliant is to train your staff. Think of training as exercise. You can't exercise once a year and expect to see results, and the same is true for compliance training.

Offer training often. Your staff is probably not going to ask for more compliance training, so you have to take the initiative. Be Creative. One compliance officer created a jeopardy tournament with compliance questions, and had staff compete in teams for the right answers. Stay current with compliance. Attend conferences, read publications, and use networking opportunities to stay in the loop on developing compliance issues and enforcement trends. Now that you're doing great training, what's next? Promote communication. Encourage lots of it. How? Be visible and approachable. Weave the compliance message through meetings and informal conversations. Talk about your nonretaliation policy in a staff meeting. Encourage employees to use the hotline. Give staff frequent opportunities to tell you what you're doing right, and what you're doing wrong. One great way to encourage communication is to use anonymous online surveys to give employees a chance to report whether your compliance efforts are working.

If you're successfully communicating the compliance message, you will likely get some issues reported. So how do you deal with those issues? Take appropriate corrective action. Develop a system to track and respond to complaints quickly and thoroughly. Investigate issues of potential non-compliance promptly, and take appropriate corrective action. One approach that can work well is to have a team of staff members who understand the issues be involved in the investigation. Just be careful to watch out for conflicts of interest. Lastly, track the resolution of complaints and educate yourself on the OIG self disclosure protocol.

How do you make sure you remain compliant with program rules and regulations? Conduct regular audits. Use some of those resources you set aside to do this. Each year, figure out what your risk areas are. Those are what you should be auditing. You can learn more about risk areas by reviewing the applicable compliance program guidance on the OIG's website.

Some common health care risk areas are coding, contracts, quality of care. If you submit lots of claims to Medicare, audit them. Don't wait for Medicare to tell you that you are coding incorrectly.

If you enter into lots of agreements with physicians, hire a lawyer to make sure you are complying with the Anti-kickback Statute and the physician self-referral law. If you find quality of care issues in your practice, investigate the root causes, and consider hiring a consultant to help with corrective action.

Also, remember to review your compliance program. Ask, are you meeting your benchmarks? Are people using the hotline? Are your corrective action plans sufficient? Now you have six tools to implement your compliance program. No matter the size of your practice or the number of employees, everyone can use these tools to create and foster a culture of compliance.