How can external stakeholders see and feel your culture of compliance?
As with anything we do in life, truly knowing how we are performing a certain task requires some form of measurement. If you want to know how fast you’re driving your car, look at your speedometer. If you want to know if you’re eating right and exercising enough, look at your blood pressure and cholesterol readings.
When it comes to knowing if your compliance program is effective, we have measurement: the so-called “8th element” of an effective compliance program. This concept comes from the Office of Inspector General (OIG), in its 2005 Supplemental Compliance Program Guidance for Hospitals memo.
During this particular CPG, the OIG strongly encouraged a periodic review of how the compliance program is meeting each of the seven elements of an effective compliance program from the various industry sector GPGs issued back in 1998. According to the OIG, the intent is to assess any weaknesses in the compliance program and implement appropriate changes.
I define a culture of compliance as a commitment throughout all levels of an organization to do the right thing and do things right. Assessing whether you have designated a compliance officer is straightforward. But do you know how to demonstrate you have a culture of compliance? That people in your organization do the right thing in difficult situations?
You could retain a consultant to conduct a compliance program effectiveness analysis that includes measuring your culture of compliance. While most of us would love to have this insight, the cost is out of reach for many healthcare organizations. Potentially you have another problem.
“Nearly 60% of respondents reported relying only upon internally generated information to evidence their ‘culture of compliance’, rather than independent evidence by parties outside the control of the organization. If the DOJ or OIG were investigating an organization, they would give little credence to internally generated information that was not supported by independent outside reviewers.”
This could create a problem. Government investigators may be suspicious because the metrics appear subjectively cultivated by the compliance department to give an appearance of a culture of compliance.
– Richard P. Kusserow, former DHHS Inspector General and CEO of Strategic Management Service, 2022, Current State of Healthcare Compliance Programs: 2022 Benchmark Survey Results.
How can you internally, and objectively, measure your healthcare organization’s culture of compliance?
Here are two sources of objective metrics to help determine whether your organization walks the talk.
#1 The Office of Inspector General, OIG Supplemental Compliance Program Guidance for Hospitals (2005)
The 2005 CPG emphasizes that organizations should “endeavor to develop a culture that values compliance from the top down and fosters compliance from the bottom up.” Put another way, it takes a village that includes employees across all levels of the organization.
One way to objectively measure your organization’s culture of compliance is to source some of the compliance-culture related questions from this CPG. The ones that establish whether the organization is valuing compliance from the top down and fostering it from the bottom up.
Direct access to leadership?
For example, one question from the 2005 CPG asks if the compliance officer has direct access to leadership. This includes the governing body, the president or CEO, all senior management, and legal counsel.
Access to legal counsel?
Another question asks if the compliance officer can retain outside legal counsel. It’s one thing to say the organization has a commitment to compliance at all levels of the organization. Actually allowing this level of access puts those words into action. It demonstrates that compliance is valued from the top down.
Compliance from the bottom up?
In another example, the 2005 CPG asks questions related to the number of hotline calls. This includes the types of calls coming in, as well as questions related to seeking feedback from staff to identify shortcomings in training programs. Responses to these questions target whether compliance is fostered from the bottom up.
Consider measuring your program based on questions from the 2005 CPG that are not directed at the work of the compliance officer. This data can help provide a more objective view of your organization’s culture of compliance.
#2 U.S. Department of Justice, Criminal Division’s (DOJ), Evaluation of Compliance Programs”
Another external source for objective compliance culture measurements can be found in the most recently updated version of the U.S. Department of Justice, Criminal Division’s (DOJ) memo. The “Evaluation of Compliance Programs, Updated June 2020” (2020 DOJ Memo) assists prosecutors in assessing whether an organization has an effective compliance program. They use this in their investigation to help determine appropriate resolution.
Under the 2020 DOJ Memo, there is an established framework the DOJ uses to analyze corporate compliance programs. The memo focuses on three questions:
- Is the corporation’s compliance program well-designed?
- Is the program being applied earnestly and in good faith?
- Does the corporation’s compliance program work in practice?
Using the 2020 DOJ Memo, you can source some of the culture-related questions. Some notable examples include the following:
- How have senior leaders, through their words and actions, encouraged or discouraged compliance?
- Have managers tolerated greater compliance risks in pursuit of new business or greater revenues?
- Have senior leaders and middle-management persisted in their commitment to compliance in the face of completing interests or business objectives?
- Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?
- What actions have senior leaders and middle management taken to demonstrate their commitment to compliance or compliance personnel, including their remediation efforts?
- Does the company seek input from all levels of employees to determine how they perceive senior and middle management’s commitment to compliance?
These questions can help you objectively measure your culture because they focus on operational leaders and how they are modeling certain behavior to subordinates.
Objective Measurement
When it comes to measuring your organization’s culture, it’s not enough just to measure the framework of your compliance program. It’s also not enough to measure with data internal to the compliance department.
You need to know to what extent employee behavior aligns with the organization’s compliance department and regulatory requirements. You need to know how people will behave when no one is watching them. Collecting the data above can help you objectively measure your organization’s culture of compliance to determine whether it can be seen and felt by outsiders.
Never miss an article about compliance culture from Jay Anstine
How does YouCompli help?
Measuring your compliance culture is critical to knowing if your regulatory change management efforts are effective. YouCompli can reduce your compliance risk and free your time to focus on relationships, communications, and culture change. Take a look at our regulatory change management solution today.
Jay P. Anstine, JD
Jay is a compliance professional and consultant in Colorado. Jay is a healthcare lawyer with significant industry knowledge of the U.S. healthcare market. Over the past 20 years, he has worked for large for-profit and non-profit health systems and small physician-owned entities. In tackling the countless regulatory and operational issues for these diverse organization types, he has developed a deep understanding of the business of healthcare and the regulations governing the industry. In 2018, Jay became an adjunct faculty member with the University of Southern California, Gould School of Law, designing and teaching healthcare compliance courses.
Jay obtained his law degree from the University of South Dakota, where he focused on healthcare law. From 2012-2016, he served on the Board of a non-profit organization serving the medically underserved in Colorado (ClinicNET). He is also a member of the Health Care Compliance Association (HCCA), serving on the planning committee for the Mountain Regional Conference since 2008. He is writing a series of articles on compliance culture for the YouCompli blog.