If you are new to compliance or new to building a compliance program, you may be asking yourself “where do I start?” As an educator and compliance professional, I’ve heard this question many times and even asked it myself. Even those who have been compliance officers since the beginning (circa 1998) may find value in asking these questions when re-evaluating their programs.

The first thing that comes to mind is, completing a risk assessment. How do you know what to comply with or what risks to mitigate if you don’t assess your business? My first recommendation is to sit down with those in the business, in the day-to-day operations and ask them – “what keeps you up at night?” What do the service line leaders see as the biggest risks or potential impacts to the business? A compliance officer cannot know each and every operational factor and needs to rely on compliance champions within the business. Whether you perform a formal risk assessment or meet each leader for coffee, completing a risk assessment will help set the framework for your program. These contacts may also serve actively on your compliance committee.

Along with a risk assessment, a compliance officer also needs some training in what building a compliance program entails – the Seven Elements of an Effective Compliance Program, which include:

  1. Implementing written policies, procedures and standards of conduct;
  2. Designating a compliance officer;
  3. Conducting effective training and education;
  4. Developing effective lines of communication;
  5. Conducting internal monitoring and auditing;
  6. Enforcing standards through disciplinary guidelines; and
  7. Responding to detected offenses and corrective action.[1]

Of course, you can read the U.S. Sentencing Guidelines and the OIG Compliance Program Guidance but it’s also useful to hear from other compliance officers on how each elements can be implemented or what has worked and what has not worked. The Health Care Compliance Association (HCCA) posts past conference handouts online and articles in its monthly publication, Compliance Today. If your budget allows, I highly recommend attending one of HCCA’s Basic Academies to give you the baseline understanding for implementing an effective compliance program.

Having a network of compliance professionals available to ask questions and run things by is also a valuable asset of a compliance officer. Professional associations provide platforms for discussion and document sharing, some of which are free. Educational events are also key places for networking. HCCA hosts regional one-day conferences where local compliance professionals can network and share contacts.

Rome wasn’t built in a day and neither will be your compliance program. By investing in some training and establishing your compliance network early on, you will be better prepared for the questions and situations to come. Completing a risk assessment now and periodically will provide you with a better understanding of your business and how to build an effective program that represents and fits your organization.


By Aurae Beidler, MHA, RHIA, CHC, CHPS 

[1] Office of Inspector General (OIG). Health Care Compliance Program Tips. Retrieved from https://oig.hhs.gov/compliance/provider-compliance-training/files/Compliance101tips508.pdf