7 Essential Elements of an Airtight Compliance Plan

In Louisiana, the Cajuns like to say “Laissez les bons temps rouler”—“Let the good times roll.” But you can’t let the good times roll unless you take steps to prevent the bad times from stopping you in your tracks.

Is your compliance plan strong and up to date for 2018 and beyond? If you plan ahead and do some work up front to update it for your practice’s current realities, you can relax and roll right into the good times ahead.

Back to Basics

To assess whether you have a quality, up-to-date plan, it’s helpful to take it old school. Remember back in 2000 when the HHS Office of Inspector General published its guidelines for physician practices? Around this time, the watchdog agency developed “The Seven Elements of an Effective Compliance Program,” which applies not only to medical offices but also to most health care sectors.

Seventeen years later, those elements are still good guidelines for evaluating and maintaining your practice’s compliance program. If your practice does these seven things, you probably have a culture of compliance. If you don’t, the seven elements can help you create policies and procedures that reduce your risk.

#1: Have you implemented written policies and procedures?

Your practice should have a written compliance plan that you review annually and revise if necessary. Don’t let them sit in a dusty binder or on a seldom-visited corner of your server, experts warn. Give them a hard look to make sure they address the realities of your practice today.

“Your eye care practice’s compliance plan doesn’t need to be fancy. It just needs to be simply written and specific to your practice’s particular risk areas.”—Tricia Packer, CPC, OCS, COPC

“For example, if you have a doctor in your practice who’s not so great at documenting, that’s a particular risk area,” says Tricia Packer, CPC, OCS, COPC, client account manager for Eye Care Leaders’ Revenue Cycle group. says. Put that in your plan as a risk area and document any efforts to review audit charts and train. It’s crucial that you record progress. Keep records of steps you’ve taken to execute your written plan as addenda to the plan itself.

“Say what you’re going to do, say what you mean, and document what you do to execute the plan,” Packer stresses. “Don’t put stuff in there that you’re not going to do.” Empty promises in your compliance plan could increase your risk because, in the event of an audit or investigation, a lack of follow-through could signal that your practice doesn’t take compliance seriously.

If your compliance plan is so old and irrelevant that it needs a complete overhaul, you should resist the temptation to buy an “off-the-shelf, cookie cutter plan,” Packer warns. To be meaningful and effective, the plan must be custom-tailored to your practice.

#2. Have you designated a compliance officer and compliance committee?

In many cases, a physician is named as the formal compliance officer, and designates an employee (or employees) to perform the day-to-day compliance responsibilities. “Make sure that doctors, board members and the practice administrator sign off on the plan,” Packer advises.

#3. Have you conducted effective training and education?

“In my experience, most eye care practices are wonderful at training employees when they first start,” Packer says. Where practices typically fall short is ongoing training. While she doesn’t recommend that you outsource writing the plan itself, she does recommend that you outsource training. “The regulations change too often for practices to keep up with them, and the trainers who work for many compliance training companies are pros at keeping employees engaged,” she says. Some trainers even incorporate comedy or magic into their lessons.

Three compliance areas where many practices are falling short these days are HIPAA privacy, cybersecurity, and OSHA.

Even if you plan formal training for all employees, don’t miss opportunities for everyday teachable moments. “I’ve gone into practices and seen material from patient charts in the trash can,” she notes. “That’s an opportunity to pull the employee aside for a little one-on-one conversation about HIPAA.”

Another idea for informal training? Packer knows of practices that do OSHA bingo or OSHA ‘Jeopardy’ to give compliance training a fresh, competitive edge. They do 30 minutes of a compliance-themed game and then have some time for eating and socializing afterwards.

Make sure you document all training efforts, whether you’ve conducted training one-on-one or in groups. Don’t forget to note outside conferences, webinars, publications, and other continuing education activities that you make available to individual staff. Many practices keep an appendix alongside their compliance plan that documents training and education activities.

#4. Have you developed effective lines of communication?

Everyone in the practice should know they can voice their compliance concerns without fear of retribution. Ideally, they should be able to report these concerns directly to their supervisor and get feedback on the problem’s resolution.

However, the world is not perfect and neither is your practice. Sometimes bad supervisors threaten employees in order to mask their own poor performance. To prevent this kind of problem from causing larger compliance problems at your practice, you need to make sure that all employees know they can report their concerns to your practice’s compliance committee if their supervisor does not appear to be responding to their concerns or seems to be threatening them with retaliation.

If a compliance problem is reported, make sure you follow up and document what steps you took to correct the problem and prevent it from happening again.

 #5. Do you conduct internal monitoring and auditing?

Make sure that the audit routine you describe in your compliance plan matches what you actually do. For example, if you say in your plan you’ll review 30 charts per physician and you never get to more than ten, amend your plan. Small snapshot audits are more manageable, especially when you factor in the necessity to do provider education and monitoring to resolve any problems that the audit uncovers.

Before you dig into an audit, it’s imperative that you rigorously define the scope, Rhonda Buckholtz reminded attendees at a recent auditing webinar sponsored by Eye Care Leaders. “If you ask a lot of questions up front and articulate how you’re going to handle what you learn, you make your auditing job easier,” said webinar co-presenter Jaci Johnson, CPC, CPMA, CPC-H, CPC-I, CEO of Practice Integrity. Doing this work on the front end means you have less work on the back end writing up the report and training providers to correct any problems you’ve found.

Even if you do internal audits, you should have an external auditor come in every three years to audit coding and billing at your practice, attorney Alan Reider of Arnold & Porter Kaye Scholer told attendees at the 2017 Millennial Eye Live conference in Nashville.

#6. Do you enforce standards through well-publicized disciplinary guidelines?

If there aren’t clear consequences for staff behaviors that thwart compliance, your risk is higher. Therefore, the OIG advises that practices clearly articulate the consequences of non-compliant behavior to all providers and staff — during orientations, in written employee manuals, and in staff trainings. You should keep a copy of your disciplinary policies in your compliance plan.

#7. Do you respond promptly to detected problems and undertake corrective action?

It’s become a cliché among compliance professionals — but it’s a cliché rooted in truth: You can’t run a good compliance program if you stick your head in the sand like an ostrich. Investigating a potential problem may be the very last thing you want to do in your busy eye care practice, but you must do it anyway to protect your practice. As with all other activities related to compliance, don’t forget to document the steps you took to resolve the problem.

Let’s Connect

Drop a line for our sales representative to get in touch with you

  • This field is for validation purposes and should be left unchanged.

Latest Article


The Benefits of Combining EHR and PM Systems

  • 27 Apr 2023

Electronic health record (EHR) systems are valuable tools. So are medical practice management (PM) systems. As powerful as they are on their own, when they’re combined, they’re even better. Usin...


Could Slow POS Systems Be Costing You?

  • 20 Apr 2023

Does your health care practice also sell products, such as medical devices, eyeglasses, contact le...


Five Things You Need to Know Before Growing Your Practice

  • 13 Apr 2023

Like life, medical practices don’t stand still. You might be looking to change or expand your practice but might wonder how. To start thinking of change, you might want to ask yourself a few que...

Download Article

Book a Callback