The State of Healthcare Compliance

By Christine Kern, contributing writer

A PricewaterhouseCooper report reveals how well healthcare compliance is faring.

According to a PricewaterhouseCooper survey of healthcare chief compliance officers, many don’t work the job full-time. Additionally, while a majority of CCOs report directly to the CEO or board, 43 percent of respondents “still said they are responsible for other functions and those other duties and responsibilities generally took precedence over compliance.”

Survey respondents reported there is “still progress to be made in the perception of the role of compliance. According to the report, although most organizations concur that the CCO is the manager or regulatory risk, work remains to ensure that compliance is at the forefront of the minds of those on the board and in senior leadership positions when planning for and undertaking strategic initiatives and even in daily business and operations.”

CCOs are cognizant that to “maintain compliance, establish balanced risk tolerance, and obtain the necessary staffing and budget, they must demonstrate the value they and a compliance program bring to an organization, especially since compliance is generally not revenue producing, and it exists in a healthcare environment where reimbursement is down, costs are up, and competition to survive is driving alliances through mergers, acquisitions, and affiliations that prior to now were virtually unknown.”

About half of CCOs have stagnant budgets and 10 percent of those surveyed reported a decrease in funds compared with last year. Healthcare organizations realize the necessity of compliance functions but dollars get allocated elsewhere; particularly to areas that affect treatment outcomes, revenue and strategies to survive in a competitive market. Half of respondents report five or fewer FTEs working on compliance functions.

HIPAA privacy and security remains the top compliance concern. Penalties for violations are increasing and reputations can be damaged, not to mention the imminent start of privacy audits from the HHS Office for Civil Rights. Compliance officers are challenged to fill gaps in their policies and procedures and be ready to demonstrate compliance with HIPAA requirements.

The top five areas of current perceived level of risk to the business are privacy and confidentiality (49 percent), industry-specific regulations (45 percent), security (25 percent), fraud (23 percent) and conflicts of interest (22 percent).

CCOs increasingly are using internal social media channels to communicate about compliance and ethics topics. About 52 percent use those channels to build workforce awareness, compared with one-third last year.

Compliance committees are well-established in provider organizations; 88 percent respondents in 2014 have such a committee, compared with 85 percent last year. The top departments serving on a committee are compliance (90 percent), legal (79 percent), internal audit (74 percent), finance (72 percent), human resources (61 percent), operations (56 percent), information technology (48 percent) and business units (41 percent).

Given those challenges, CCOs have started diversifying the talent and resources assigned to the compliance function so they include data analysts and professionals with clinical and

business knowledge. Such talents combined with regulatory knowledge have begun to transform compliance from being a back-office function to serving as an active voice in strategic and business operations. Most would agree, however, that there is still room for both improvement and true integration and acceptance by business units.

With proper attention and direction, however, the study suggests that CCOs can succeed.