As a compliance professional, auditing and monitoring is a key component to an effective compliance program. In the past I used to ask my students which of the Seven Elements of an Effective Compliance Program they felt was the most important (which is my first point, and it is a kind of a trick question because the OIG states that you need  all 7 elements to have an effective program). The most popular answers were education and training, appointing a compliance officer, sanctions, written policies and procedures and code of ethics.  But, the one that I feel is the most important is Auditing and Monitoring. 

Auditing and monitoring is most important because it shows due diligence.  Also, if you don’t audit/monitor, how will you know if your controls are working? Or how do you know you’re in compliance if you’re not auditing against your policies and procedures, and national guidelines?

And my second point, once you identify a risk or that a control is not working, you must address it or plan to fix it, otherwise what is the good of knowing? A risk assessment or audit is not a one-time activity that can be done in isolation; it’s a cycle or a continuous process to ensure compliance. In simple terms you must:  1) define your scope, 2) audit/measure, 3) analyze/evaluate your findings, 4) improve/fix/educate, 5) re-audit/monitor and continue over and over.

Taking a proactive and preventative approach through continuous review of your controls can be beneficial in several ways. First, it can help you “stop the bleeding” if a potential issue is identified.  By taking quick action to stop errors from continuing until an investigation can be completed and it can be fixed. Second, it assures overall compliance. This is especially important if you receive reimbursement from federal programs, such as Medicare. The Affordable Care Act established a new requirement that once an overpayment is identified it must be returned within 60 days (https://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2016-Fact-sheets-items/2016-02-11.html).Huge penalties such “potential False Claims Act (FCA) liability, Civil Monetary Penalties Law (CMPL) liability, and exclusion from federal health care programs” can occur “for failure to report and return an overpayment.” By engaging in monitoring and auditing, providers can help identify errors early on before they become larger issues.

The more proactive and preventative approach is what the OIG is looking for in an effective compliance program.  I challenge you to think about compliance in our workplace. How can you help complete the audit cycle and make it more of a continuous and compliant process?


By Aurae Beidler, MHA, RHIA, CHC, CHPS