Blog Post

Compliance Offices are Continuing to Take on More Duties

Richard P. Kusserow | March 2018

The annual Healthcare Compliance Benchmark Survey for 2018 (Survey) was conducted by SAI Global and Strategic Management Services. It further evidences an ongoing trend of compliance offices assuming additional responsibilities. In this ninth annual survey, there were 388 respondents representing a cross-section of organizations from nearly every state, ranging from very small entities to large healthcare systems.

The evidence strongly suggests that many organizations are tightening their financial belts and looking to the compliance office as a convenient department to absorb other duties. However, the burdens of meeting growing compliance expectations from regulatory and oversight agencies have already placed much strain on compliance programs. Survey respondents expressed that these additional duties are often assigned without providing additional resources, thereby compromising the compliance office’s core program responsibilities. In light of such trends, compliance officers should be wary of assuming new duties beyond their traditional compliance responsibilities, especially where it risks undermining the compliance program.

Survey respondents revealed the following results regarding their compliance offices:

  • Seventy-five percent of the respondent’s compliance offices have responsibility for HIPAA privacy functions.
  • Fifty percent have responsibility for internal audit functions.
  • Thirty-seven percent have responsibility for risk management functions.
  • Thirty-three percent have responsibility for HIPAA security functions.
  • Twenty-four percent have responsibility for quality management functions.
  • Fifteen percent stated that they were responsible for legal functions.

Have Compliance Concerns? We Have Solutions.

Consult Our Compliance Experts Today

Compliance experts question the appropriateness of placing some of these tasks within the compliance office’s purview. For example, risk management should be the primary responsibility of the organization’s program managers, as associated tasks clearly extend beyond the boundaries for corporate compliance. In many cases, risk management encompasses clinical issues outside the expertise of the compliance office. Another example is the responsibility for HIPAA security functions. HIPAA security is far more closely associated with the Information Technology (IT) Department, and few compliance officers have the expertise to manage this area. One of the most concerning scenarios arises when legal counsel is placed under the compliance office. Both the Department of Justice (DOJ) and the Department of Health and Human Services Office of Inspector General (OIG) have trouble accepting this setup. The DOJ and OIG have encountered many instances where legal counsel has attempted to place information under privilege, to avoid disclosure to the government. As such, these authorities tend to view legal counsel as advocates representing the organization and its leadership, rather than as compliance professionals furthering compliance objectives.

A full report and analysis of the 2018 Healthcare Compliance Benchmark Survey will be available at the 22nd Annual Compliance Institute in Las Vegas, April 15-18, at the booths for SAI Global (#1403) and Strategic Management Services (#412). Richard Kusserow will be at booth #412 to answer any questions concerning the Survey results.

Looking for Help Managing Your Compliance Program?

The consultants at Strategic Management Services have decades of experience providing outsourced compliance officer services and acting as interim or designated compliance officers to address gaps in various compliance programs. For questions about our interim compliance consultants or any of our other compliance program services, please feel free to contact our experts online, or give us a call at (703) 683-9600.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog