FoxPointe Security Hub

By Rebecca Renna, Consulting Manager, Fox Pointe Solutions- a Division of The Bonadio Group:

Maintaining an effective Compliance Program is a complex process that takes well-trained and qualified people to keep it running smoothly and is a non-negotiable part of many organizations.  In this article, we will be reviewing the benefits of Outsourced Compliance Services and how to make them work for your agency.

Why outsource compliance services?

Organizations must ensure that they are meeting all applicable Federal and State Regulations, which includes having an effective Compliance Program that addresses all of the elements listed below:

1. Implementing written policies, procedures, and standards of conduct
2. Designating a Compliance Officer and Compliance Committee
3. Conducting effective training and education
4. Developing effective lines of communication
5. Conducting internal monitoring and auditing
6. Enforcing standards through well-publicized disciplinary guidelines
7. Responding promptly to detected offenses and undertaking corrective action

Responsibilities for the Compliance Program are often designated to staff who are already overworked, overwhelmed, and not trained to manage the complexities of a Compliance Program.  Even if the assigned staff can handle the day-to-day operations of the Compliance Program, handling complex fraud investigations or other urgent situations, common in the compliance arena, is often beyond their capabilities.  Hiring qualified staff to manage the Compliance Program internally can be difficult and costly, as the median salary for Corporate Compliance Officers is ever increasing while the pool of qualified applicants is decreasing.  Small organizations often do not have the need or financial resources to employ a full-time Compliance Officer.  Because of these factors, many organizations are choosing to outsource their Compliance Program services.

What does it mean to outsource Compliance Program services?  In simple terms, it means partnering with an external organization that specializes in Compliance and employs highly skilled Compliance professionals to provide ongoing Compliance Program supports.  An organization can customize these supports to best meet their unique needs.  Outsourced Compliance services can be used for small or large entities, and outsourced services can include but are certainly not limited to dedicating a person to act as the organization’s Compliance Officer, conducting risk assessments, hosting the compliance hotline, developing, and updating policies and procedures, providing compliance training, performing audits, or conducting investigations.

Organizations providing Outsourced Compliance Services have many advantages over internally managed Compliance Programs, the biggest advantage being that this is all they do.  Outsourced Compliance Consultants are not bogged down with finding coverage for the overnight shift or making sure that budgets are being met; they just handle compliance.  They also have the advantage of objectivity, seeing industry best practices, and bringing both to an organization’s Compliance Program.

How do you make Outsourced Compliance services work for you?

For all the reasons mentioned above, outsourcing Compliance Program services is a viable option for any organization of any size, but the following are things that will help make outsourcing more successful.

1. Work with the consultant(s) to conduct a gap analysis against the seven elements of a Compliance Program.
2. Use the gap analysis to identify what Compliance services are required to fill in the gaps.
3. Clearly define the scope of the services and assign roles and responsibilities.
4. Identify an internal champion who will act as a liaison between the organization and the consultant(s). This person will internally implement Compliance actions and promote buy-in for the Compliance Program.
5. If needed, develop a project plan that outlines goals and objectives with target completion dates and key performance indicators.
6. Hold a kick-off meeting to allow all parties to communicate and ask questions about the services being provided.
7. Provide frequent updates about the Compliance Program to all parts of the organization, including the Board of Directors – awareness and support from all levels is important to the success of a Compliance Program.
8. Meet agreed upon deadlines or communicate if a deadline cannot be met.
9. Annually complete an effectiveness review of the Compliance Program to be certain that the Compliance services have been successful at addressing any gaps in the program.

Remember that Compliance in every organization is fluid due to internal and external risks and frequent regulatory changes; therefore, perfection or remediation of all Compliance risk is an unrealistic goal.  However, there are resources available to help every organization maneuver through complex regulatory environments.

The Compliance Solutions team at FoxPointe Solutions, a Division of The Bonadio Group, has been providing Outsourced Compliance Program Services for more than 20 years.  If you need further guidance or have any questions on this topic, we are here to help.  Please do not hesitate to reach out to discuss your specific situation.  We have resources available to you as well, learn more.

Rebecca Renna, CHC, is a Consulting Manager of Compliance with FoxPointe Solutions, a division of The Bonadio Group.  She has over 20 years of experience in healthcare and not-for-profit settings.  Rebecca has held the positions of Corporate Compliance and Privacy Officer, Vice President of Quality and Compliance, and Director of Quality Assurance for organizations regulated by local, state, and federal laws.  She also has a certification in Lean Six Sigma and brings extensive experience in Quality Management and Compliance, HIPAA/Privacy, and process improvement.  Rebecca is a member of the Health Care Compliance Association and is Certified in Healthcare Compliance (“CHC”).

This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.