Communication is the key to success in employee-employer relationships. It’s also much easier said than done because it takes a lot of time. However, in my previous blog post, Compliance Checkup: Is Your HIPAA Compliance Plan Effective?, I emphasized the importance of an effective compliance program. The Department of Justice (DOJ) and Office of Inspector General (OIG) have established that one element of determining compliance program effectiveness is to have open lines of communication. The rationale is that open lines of communication help health care providers identify potential areas of non-compliance and address them.
Having an organized, well-established communication plan for employees to report compliance concerns, or any concerns for that matter, is often daunting because providers believe they are opening the floodgates for problem-seekers. However, the opposite is actually true. By proactively creating a system for employees to report potential concerns to management, providers have communicated that they take compliance seriously and that they want to mitigate and address issues before someone gets harmed, or the provider violates the law.
While the DOJ and OIG may not provide an exact measurement tool for an effective compliance program, they will consider the effort and outcome of such programs. Taking all factors into consideration, they would likely assess your entity in the context of its size, compliance efforts, and overall quality ratings and history. When it comes specifically to your open lines of communication, here are a few questions you can ask yourself to determine your grade in this area:
1. Do you have a policy for employee communication of compliance concerns, and is it routinely updated?
2. Do you have a communication method by which employees can report potential issues anonymously? (The sophistication of your response will likely be driven by the entity size—e.g. hotlines, dedicated email address, suggestion boxes.)
3. Are employees keenly aware of the process, how to utilize it and what types of issues to report?
4. Do you take inquiries seriously, and do you conduct investigations in a timely manner?
5. Do you circle back with the reporting employees (when not anonymous) and inform them that their concern is/was being investigated?
6. Does your entity document and trend the kinds of issues being reported?
Finally, if your entity is not receiving any concerns, perhaps you will want to determine whether employees are not educated as to the issues, or whether they understand the process for reporting. This will ensure that your system is working effectively since it is unlikely that there aren’t some areas of opportunity or risk.
It is unlawful to retaliate against any employee who brings forward potential violations of the law. The creation and maintenance of a compliance policy that includes open lines of communication can minimize the risks of a formal whistleblower claim against your entity. As risky as it sounds to call attention to such a process, it may be the ounce of prevention that keeps your practice on the right track and out of more substantial legal claims.