News and Resources

Follow the OIG Guidance to Create a Effective Compliance Program

Apr 15, 2021 | Resources

Create an Effective Compliance Program

Now is the time to confirm your Compliance Program is effectively following the current Office of the Inspector General (OIG) and Department of Justice (DOJ) recommended guidance.

Is your compliance program efffective? Does your organization have written guidance? Is the written guidance comprehensive? Take this opportunity to ensure you can answer an astounding, “Yes!” to all these questions. If you need guidance to create this critical program, we at Granite GRC Consulting will be here to help!

Ask yourself these questions?

The Office of the Inspector General (OIG), Departments of Health and Human Services (HHS) and The Department of Justice (DOJ) have communicated an effective compliance program depends on these three questions.

Is the healthcare system’s compliance program well designed?

  • Is the program being applied earnestly and in good faith?
  • Does the healthcare system’s compliance program work in the practice?

What’s necessary for an effective compliance program?

Below are key policies and documents needed for an effective compliance program. Utilizing these documents in your healthcare system’s day-to-day operations will allow the compliance program to function efficiently and effectively.

  • Code of Conduct. This document is the foundation of your organization and describes how employees should act on day-to-day operations.
  • Executive and Board level oversight committees. An oversight committee shall act in good faith to ensure a reporting system exists and the system is assuring the appropriate information related to compliance will come to its’ attention in a timely manner.
  • Compliance Officer. Per the OIG, the responsibilities include: Managing and monitoring the implementation and ongoing operation of the compliance program. The Compliance Officer should report regularly to the Executive and Board committees.
  • Written Protocols. By having written protocols, the organization will eliminate confusion and promote cooperation between departments.
  • Compliance Education and Training Policy. Training should address specific topics such as Federal and State statues, fraud and abuse laws and the organizations compliance program, including how to report concerns. It is important to validate employees understanding of the training material following the program.
  • Compliance Hotline Policy. Create a process for your organization to receive and handle complaints. Within the policy, describe how to report concerns, inquire, and request direction. Provide submission channels and allow anonymity.
  • Continuous Monitoring Policy. Containing guidance for program managers to assess risk within their respective departments, provide training, implement, and validate these matters are being executed.
  • Auditing Policy. Address the organizations internal monitoring and auditing process. Provide ongoing monitoring designation and timing and provide management guidance on identified problem areas.
  • Non-Retaliation Policy. This detailed document will outline steps taken to protect retaliation for those who report potential misconduct.
  • Compliance Document Management and Retention Policy. This policy will address retention and description for hard copy and electronic documents as per Federal and state guidelines.
  • Disclosure of Overpayments and Violations and Law Regulations Policy. This policy will describe strict rules for overpayments, including timing and context of required overpayments along with directions for returning overpayment in a timely manner.
  • Conflicts of Interest Policy. This document will require all potential conflicts of interest be disclosed.

The above guidance is the perfect foundation to develop an efficient and effective compliance program policy package. Revisit these documents, at minimum, on a yearly basis. Ideally, real time revision of policies that are discovered as irrelevant is strongly advised.

Create standard templates for policies and review, revise and create new policies as needed. Allow everyone in the organization easy access to all compliance program documents for ease of execution. Consistency is key. Create a compliance focused culture within your organization. It is never too late!

The Granite GRC Consulting team is standing by to help. Connect our team at to set up a consultation.  

This article has been provided for informational purposes only. A professional consultant can best provide you with guidance tailored to your company’s specific needs. This information is current as of the publication date listed. Because COVID-19 response measures on all fronts are continually evolving, clients should stay alert to new developments and contact a consultant with critical questions.