How to Promote a Strong Compliance Culture—That’s Effective!

An organization’s commitment to compliance, or its compliance culture, is an important component of its overall organizational culture. Organizational culture is defined in The Cambridge Dictionary as the types of attitudes and agreed ways of working shared by the employees of a company or organization. A strong compliance culture is an organization-wide commitment to adhere to internal policies and expectations and external requirements and standards and is a building block to an effective compliance program.

The Centers for Medicare and Medicaid Services (CMS) requires all Medicare Advantage plans to adopt and implement an effective compliance program. CMS guidance further explains that to be effective, the compliance program must be fully implemented, tailored to each plan’s unique organization, operations, and circumstances, and have adequate resources to do the following:

• Promote and enforce its Standards of Conduct;
• Promote and enforce its compliance program;
• Effectively train and educate its governing body members, employees, and first tier, downstream, and related entities (FDRs);
• Effectively establish lines of communication throughout the organization and between organization and its FDRs;
• Oversee FDR compliance with Medicare Parts C and D requirements;
• Establish and implement an effective system for routine auditing and monitoring; and
• Identify and promptly respond to risks and findings.

Key tips to promote a strong Compliance Culture and an Effective Compliance Program include:  

1. Promote an environment that embraces the core components of compliance:

• Transparency: The expectation should not be that you will never have issues, but that the organization will approach them in an open and honest way. This is essential for understanding and mitigating risk, assessing impact, and identifying and addressing root causes.
• Accountability: From an employee perspective, each employee should understand the specific functions for which they are responsible. From an organization perspective, the organization should ensure that each required function is assigned to and is being completed by an accountable party.
• Independence: The organization should ensure a separation between compliance and operations. This, of course, avoids self-policing but also reinforces that each operational area is responsible for compliance within their area, while compliance is responsible for oversight. Compliance must have the ability to access and review relevant documentation to fulfill their oversight responsibilities.
• Engagement: Everyone within the organization has a role to play under the compliance program. Training and communications should emphasize how each employee contributes to compliance throughout the organization and provide them with practical tools and information to support their effective participation.
• Escalation: Maintain paths and mechanisms to address barriers and high-priority issues, such as a failure of an accountable party to appropriately engage in the compliance program or a high-risk issue that requires additional support and focus. Escalation policies should generally be used when established routine processes have failed. If you find that escalation is used often, consider inserting stronger controls into your routine process.

2. Provide a framework for decision-making that staff can apply to understand and support the underlying purpose of CMS requirements. The central goal of the Medicare Advantage program is to provide Medicare enrollees with medical services and prescription drug benefits within a framework of requirements that provide enrollees with protections. From a fundamental level, CMS rules are designed to ensure that enrollees receive the benefits and services they are entitled to, their rights are preserved appropriately, and that access to medically necessary or life-sustaining drugs is not delayed. Within this framework there are two central considerations:

• Enrollee impact: This includes any potential or actual enrollee harm, both financial and clinical (e.g., higher co-pay, failure to transition care). It also includes any potential or actual barriers to access (e.g., inaccurate provider directories, failure to identify a coverage request).
• Protection of the Medicare Trust Fund: This includes ensuring that Medicare dollars are spent appropriately (e.g., medically necessary services).

Most Medicare Advantage requirements can be understood through the lens of these two overarching considerations. Furthermore, decisions related to mitigating compliance risks, issues and impact should be analyzed under this framework to ensure an effective and enrollee-centric organizational response that aligns with CMS central tenets.

3. To promote this type of environment, each staff member should have tools that support decision-making, align with the compliance cultural components, and introduce the Medicare Advantage compliance framework. These tools include, but are not limited to:

• Policies, Procedures, and Job Instructions: Each employee should have a set of documents that can be referenced to support the performance of the function for which they are accountable. These documents should outline the requirement, provide specific job instructions, and assign accountability. They should be reviewed regularly and kept current. These documents should be distributed to applicable staff upon hire and when updated and maintained in an easily accessible location.
• Training and Education: Two types of training are required for a strong compliance culture: required compliance program training (including fraud, waste, and abuse); and job-specific training. Both sets of training should be reviewed for effectiveness. To be effective, compliance program training should not only articulate CMS compliance program requirements but should also apply those requirements to your specific organization. For example, in addition to general compliance program requirements training, consider meeting with new hires within the first 90 days to talk about how the compliance program works in your specific organization. For job-specific training, assess how employees are educated on the requirements that apply to their job. Job-specific training is an essential piece of providing the resources for effective decision-making.
• Access to Resources to Ask Questions: Provide avenues for employees to ask questions about the requirements and expectations and encourage this type of discussion. When answering questions, provide references to support independent review. Also, consider regularly reviewing requirements and their application to keep compliance discussions a routine part of daily operations.

Cody Consulting is passionate about compliance. Our team of compliance experts has years of experience building, running, and assessing compliance programs. We work with plans nationwide to dig deeper into internal compliance operations, to improve documentation and processes, and support a stronger compliance culture throughout the organization. As industry veterans with first-hand experience, we understand the pain points and barriers that arise and provide practical, real-world solutions designed to meet the unique needs of your program and organization.

We’re here to help—To learn more, contact us today for a consultation.

About us: Founded in 2006, CODY® is an Industry leader in Governance, Risk, and Compliance (GRC) Solutions designed exclusively for health plans. We enable over 70 government-funded, commercial, and ACA health plans across 50 states and Puerto Rico to mitigate compliance risk, maximize efficiencies, and improve outcomes. Our Enterprise technology and innovative solutions reduce administrative costs, increase accuracy, ensure regulatory compliance, and provide a better experience for plan members and providers.