Evaluation of Corporate Compliance Programs: Operational Integration and Risk Assessment

Dear friends,

The following article is about new guidance from the Department of Justice
regarding the evaluation of compliance plans, specifically with regard to
policies and procedures. Feel free to share this information. If you
decide to use this material, please include our copyright designation that
is shown at the end of the article and send us a copy of any publication in
which the material appears.

Please do not hesitate to contact us with comments, questions, or requests
for additional information.


Elizabeth E. Hogue, Esq.

Office: (877) 871-4062

Fax: (877) 871-9739

Twitter: @HogueHomecare


Part 4 - Evaluation of Corporate Compliance Programs: Policies and

Fraud enforcers recently declared that their expectation is that every
provider has a Compliance Program. Consequently, enforcers will now focus
on implementation of quality Compliance Programs. As part of this new
focus, the U. S. Department of Justice (DOJ) issued new guidance on February
8, 2017, entitled "Evaluation of Corporate Compliance Programs." This new
guidance provides a "road map" for providers to use to evaluate their
Compliance Programs, including the factors that regulators are likely to
take into account.

Specifically, the U.S. DOJ provided sample topics and questions it is likely
to use to evaluate providers' Compliance Programs. These factors include
providers' policies and procedures. The specific factors used to evaluate
Compliance Programs with regard to policies and procedures are outlined

Fraud and abuse enforcers will first evaluate the design and accessibility
of providers' policies and procedures based on the following questions:

- Design of Compliance Policies and Procedures - What is the
provider's process for design and implementation of new policies and
procedures? Who is involved in design of policies and procedures? Are
business units/divisions consulted prior to implementation?

- Applicable Policies and Procedures - Does the provider have
policies and procedures that prohibit misconduct? Has the provider assessed
whether these policies and procedures have been effectively implemented?
How are responsible individuals held accountable for supervisory oversight?

- Gatekeepers - Has the provider given clear guidance and/or training
to key gatekeepers; such as persons who submit claims, for example; that is
relevant to any misconduct? What is the process to raise concerns?

- Accessibility - How do providers communicate policies and
procedures relevant to misconduct to relevant employees and third parties?
How do providers evaluate the usefulness of these policies and procedures?

The operational integration of providers' policies and procedures is another
factor to be considered, based on responses to the following questions:

- Responsibility for Integration - Who is responsible for
implementing policies and procedures? With whom have they consulted? How
have policies and procedures been implemented? Do compliance staff members
assess whether employees understand policies and procedures?

- Controls - What controls failed or were absent that would have
prevented or detected misconduct? Are such controls operative now?

- Payment Systems - How was the misconduct in question funded? What
processes may have prevented or detected improper conduct? Have these
processes been improved since the misconduct was identified?

- Approval/Certification Process - How have staff with authority
identified the misconduct? Do they know when and how to escalate concerns?
What steps have been taken to remedy failures identified?

- Vendor Management - If vendors are involved in the misconduct, what
is the process for vendor selection and was it applied to vendors involved
in misconduct?

More information will be provided on this topic in future articles. Stay

C2017 Elizabeth E. Hogue, Esq. All rights reserved.

No portion of this material may be reproduced in any form without the
advance written permission of the author.
Sign In or Register to comment.