Management of Pathology Practices

February 2007

Management Home Page


The Case for Compliance:

Why You Need an Effective Compliance Program 

by John R. Outlaw, CHC, Chief Compliance Officer, PSA


Health care compliance programs have become well established largely due to the Office of the Inspector General (OIG), and recent occurrences of corporate fraud have made corporate responsibility and accountability front-page news.  However, the model for today’s compliance programs is actually the Federal Sentencing Guidelines for Organizational Defendants (Guidelines), developed in 1991 by the United States Sentencing Commission (USSC).  The USSC developed the Guidelines to promote consistent treatment of individuals and organizations convicted of federal crimes, including fines and restitution, imprisonment and probation or exclusion from participation in various federally funded programs. 


The USSC Guidelines also allow organizations to mitigate their sentences if they have adopted, implemented and maintained a set of seven standards demonstrating an effective compliance program to identify, prevent and report improper conduct.  While the Guidelines apply to all corporations and organizations, these seven standards were co-opted by the OIG for its Model Compliance Program Guidances published for the health care industry in 1997.


OIG Model Compliance Program Guidances


The OIG began developing Model Compliance Program Guidances (also called model compliance plans) in the late 1990’s in an effort to develop “a higher level of ethical and lawful conduct throughout the entire health care community” through the establishment of internal controls which the OIG believed would “significantly advance the prevention of fraud, abuse and waste in the (health care) industry.”  The OIG has since developed and issued Guidances covering nearly every segment of the health care industry, including hospitals, physician practices, pharmaceutical manufacturers, clinical laboratories, home health agencies and third-party medical billing companies. 


The standards to follow for any pathology practice developing or revising its compliance program are in two guidances issued by the OIG:  Compliance Program Guidance for Clinical Laboratories and Compliance Program Guidance for Individual and Small Group Physician Practices, accessible at


These model plans include seven common elements that the OIG feels provides a solid basis for practices to develop an effective compliance program.  These elements closely follow those defined by the USSC in the Federal Sentencing Guidelines, and can be summarized as follows:

·                    Develop written policies and procedures

·                    Designate a Compliance Officer and other appropriate bodies

·                    Conduct effective training and education programs

·                    Develop effective lines of communication

·                    Enforce standards through well-publicized disciplinary guidelines

·                    Conduct internal monitoring and auditing

·                    Respond promptly to offenses and develop corrective action.


Why Do I Need a Compliance Program?


For publicly held corporations, the Sarbanes-Oxley Act of 2002 made having a compliance program a requirement to be listed on stock exchanges, but there is no such requirement for privately held corporations.  The OIG is promoting voluntarily compliance programs and is offering “critical guidance for providers who are sincerely attempting to comply with the relevant health care statutes, regulations and other requirements of Federal, State and private health care plans.”  While the OIG recognizes that implementing compliance programs by itself will not eliminate fraud and abuse, it believes that establishing a compliance program helps the provider fulfill its “legal duty to ensure that it is not submitting false or improper claims” and “significantly reduces the risk of unlawful or improper conduct”.


Many of the model plans developed by OIG just make good business sense.  Although nobody wants to write them, who can argue the value and benefit of written policies and procedures which ensure that everyone understands the rules of the business and the expectations of each individual as a contributor to its success?  Can you imagine a football game without rules?  Having written rules ensures that everyone can learn them to prevent penalties to an individual and the entire organization, and that they are applied uniformly.   How can a coach teach the offense to run a play without a playbook that clearly explains each player’s role?  Have you ever seen a quarterback throw the ball to a spot on the field where there was no receiver, because the receiver didn’t know where he was supposed to be on that play?  It wasn’t easy developing that playbook.  It took considerable time and resource, but the offense is more effective and efficient because someone invested the time to develop a playbook.


Still Not Convinced?


There is another benefit to implementing and maintaining a compliance program, although nobody wants to think about needing it.  The Federal Sentencing Guidelines provide relief for any entity convicted of a crime that has an effective compliance program in place.  In determining the amount of any fine, the Guidelines require a court to determine a “culpability score” by calculating aggravating and mitigating factors.  Having a compliance program doesn’t excuse the crime, but demonstrates that the organization took reasonable efforts to prevent, detect and correct any improper conduct.  It may lower the organization’s starting “culpability score” by 60%, and not having a compliance program is actually considered an aggravating factor which increases the culpability score!  


We Have One (Somewhere . . .)


In a January 20, 2003 memorandum explaining the basic principles to be followed in prosecuting business organizations, Deputy Attorney General Larry D. Thompson instructed U.S. Attorneys to place “increased emphasis on and scrutiny of the authenticity of a corporation’s cooperation”.  Among the specific factors to be considered in deciding whether to charge an organization are “the existence and adequacy of the corporation’s compliance program” and “the corporation’s remedial actions, including any efforts to implement an effective compliance program or to improve an existing one”, which the memo explains requires the prosecutor to “attempt to determine whether a corporation’s compliance program is merely a ‘paper program’ or whether it was designed and implemented in an effective manner.” 


Remember the football playbook?  Well, no coach worth his salt develops a playbook and then puts it on the shelf.  The successful coach is always reviewing which plays work and which don’t.  His playbook is dynamic – it must be updated regularly to account for changes in the rules, new players with different skill sets, and the evolution of defenses.  An effective compliance program is no different.  It is not merely a project to be completed and checked off as done, but a process that requires continuous review and improvement.  In football it’s been said that a good defense beats a good offense; but in the health care compliance arena, none of us ever wants to be on the defense!  So how good is your offensive playbook?       


PSA's Compliance Office can assist you with the development of a corporate compliance plan if you don’t have one, and we can help you update or improve the one you have.  We can also provide you with sample policies and procedures which can be tailored meet your needs, and we can assist you in developing training programs and materials for your office.  We can’t do it for you, but we will be happy to help you in any way that we can.  We invite you to take full advantage of the resources of the PSA Compliance Office by contacting PSA’s Chief Compliance Officer, John R. Outlaw, CHC, at (800) 832-5270, ext. 2945 or by email at