Auditing the Hotline Operations

Best Practice Tips

One of the compliance office’s primary responsibilities is to ensure that the hotline conforms with compliance program objectives. In its compliance guidance, the Department of Health and Human Services Office of Inspector General calls for ongoing auditing and monitoring of all programs and operations for compliance, including the hotline program. Failure to properly develop and implement an effective hotline may result in employees turning to outside parties to report problems.  Employee reporting to external parties, such as the media, government agencies, and private tort attorneys, could give rise to serious liability. A compliance officer is responsible for ensuring the ongoing monitoring and auditing of the organization’s hotline program. Ongoing auditing involves reviewing and determining: (a) if the hotline is operating in accordance with established protocols, policies and procedures; (b) that there is evidence to show that the hotline’s operations are effective; and, (c) if objectives for the hotline operation are being achieved.

Daniel Peake of the Compliance Resource Center (CRC) works with clients to provide a variety of services.  Through the CRC, clients can receive services from the Hotline Service Center and the Policy Resource Center, which provides templates for compliance-related documents, including codes of conduct, charters, policies, and audit guides. Additionally, for over 25 years, the Compliance Survey Center has employed validated compliance surveys which test employee knowledge and perceptions concerning the compliance program. Mr. Peake notes that organizations should follow a detailed audit guide to ensure that all issues are addressed in detail, including:

1. Detailed policy and document review;
2. Hotline promotion;
3. Hotline report examination;
4. Testing of call answers;
5. Monitoring the handling of calls;
6. Complaint tracking through to the issue’s resolution;
7. General file review; and,
8. Testing of employee knowledge and attitudes towards the hotline.

Mr. Peake advises that the audit begin by gathering key documents such as:

1. Hotline policies and procedures;
2. Procedures to protect caller confidentiality or permit anonymous calls;
3. Forms used to track information from callers;
4. Data captured on the hotline log for each call;
5. Reports to track resolution of calls and to identify any trends;
6. Reports to track steps taken to investigate and resolve caller information; and
7. Procedures for numbering and filing complaints.

Key document templates, related policies and procedures, and audit specific templates, are available from the Policy Resource Center. The critical policies and procedures govern the overall hotline operation and should address: how calls are answered and handled; hotline staff training; privacy and confidentiality of caller information; and logging and tracking of information received.  In addition, there needs to be effective supporting policy documents in place regarding the following topics:

• The duty to report wrongdoing;
• Confidentiality;
• Anonymity;
• Non-retaliation;
• Investigation of complaints; and
• The working protocols between the compliance office and Human Resource Management, and between the compliance office and legal counsel.

Mr. Peake also noted that the real test of hotline program effectiveness is evaluating what employees know and how they feel about the program. The best way to discover this is through a survey. However, a survey focused solely on the hotline is not cost effective.  Instead, the best practice is to employ validated compliance knowledge surveys that include questions about the hotline, such as how to call, types of information they may report, comfort level in calling, level of concern about potential retaliation, the option to report anonymously, and whether the organization is trusted to take calls seriously. Mr. Peake explained that the Compliance Knowledge Survey© was designed to include such information.

The SAI Global/Strategic Management 2018 Healthcare Compliance Benchmark survey report revealed another factor to consider when auditing a hotline operation. The survey noted that a majority of organizations rely upon a vendor to take calls. No audit of the compliance program is complete without determining whether the calls were received by the vendor in compliance with contractual terms. Also, in these cases, the auditors should call the hotline to determine how quickly the call was answered and how well the vendor’s operator was able to consistently report the information provided.

For more information, contact Daniel Peake at [email protected] or (703) 236-9854).