Is Your Compliance Plan a Bible?

With Easter and Passover just behind us, it seems timely to share this story. Some years ago I had the opportunity to conduct a healthcare compliance program assessment for a sizable client. They were a mature organization with several hundred employees and several locations in a couple states. As is my routine, I reviewed all of the pertinent documents. To my delight, they presented a most impressive compliance plan. Maybe the best one I had ever seen (and I’ve seen many). Nearly 60 pages long, the plan outlined, in compelling line and verse, all of the various structural components of an effective compliance program, including systems, processes, risk areas, and safeguards. Plus immaculate supporting legal citations. Everything was there. Of course, as an independent, objective outside reviewer, I was pleased. If they did even half of what was in the plan, I thought, it would clearly evidence to any observer, inside or out, the company’s strong commitment to ethics and integrity. Unfortunately, there was a rub. No one in the organization knew anything about the plan. In fact, as interviews from c-suite executives down to front line service staff confirmed, almost no one had ever heard of the document, and the few who had were completely unfamiliar with its contents. Upon further investigation, it seems the company had purchased the document from a law firm some years before. That was certainly a great step. But as far as I could see, there had likely been no execution of the plan after it was adopted. So now, years down the road, instead of having a well-established plan, fully integrated into and evolving with the company’s culture, they had one that apparently had never been fully implemented, if implemented at all. In other words, they had invested but got no return whatsoever. Even worse, they could possibly be harmed by it, if something were to go wrong and an investigator learned of the plan. After the assessment, I delivered my report, including my findings and recommendations. After receiving my report, the client rightly recognized that they had work to do and hired a new Compliance Director to implement my recommendations. I was pleased because (and this may seem hard to believe) my clients don’t always act on my recommendations, and even when they do, it’s not always in the form I had proposed to them. In this case, however, they seemed to have taken my thoughts to heart, and were resolved to act upon them. As of today, I believe that they still have a Compliance Director with them. One with impressive credentials. To me, this entire experience presents as a cautionary tale. The literal embodiment of the classic compliance refrain, “better to have no policy in place than to have even a good one, and not follow it.” This was that very scenario, writ large. A big, impressive program document that was completely buried. Truly a bible of a compliance plan. Well intended and even aspirational. But hidden from the entire organization and therefore at least totally useless, and potentially damaging.

Even a five-page plan document, properly implemented, would’ve been better. At least it would have had value, relevance, impact and simplicity. There are far too many bible compliance plans out there. Dusty, shelved tomes, these do nothing to identify and contain risk. But, if something blows up, and the plan comes to light, it could certainly do harm. So friends, my question to you is, do you have a bible of a compliance plan? Reid Pearlman, JD, CCEP is an independent healthcare compliance consultant in Atlanta, Georgia. He advises healthcare entities of all types on compliance program development, integration and administration. Reid welcomes comments and inquires at Reid@MyComplianceOfficer.net.