Ambulance organizations need to have a compliance plan, just like billing companies, just like any entity handling sensitive healthcare and financial information. There is no blueprint for how that plan should be designed, and in part because of this, we recommend agencies seek legal counsel in developing their plans.
Certainly, the stories are out there – whistleblowers, strike forces, large settlements, audits, third party contractors paid to find errors, prison time! All legitimate concerns in an age of unparalleled scrutiny on EMS and the medical transport community, leading one to ask: Where does the hammer fall next?
Of course, the best way to approach such concerns is not to worry about hypotheticals, but instead, to focus on what can be controlled. Consider the Evaluation of Corporate Compliance Programs, issued by the U.S. Department of Justice (DOJ) in February 2017.
While specifically intended to address a compliance plan’s effectiveness at determining appropriate resolutions to criminal investigations, the DOJ’s guidance laid out several talking points, most useful for any ambulance organization looking to design a new program or evaluate the effectiveness of an existing one.
Analysis and Remediation of Underlying Misconduct
Focused on root cause analysis, contributing systemic issues, who in the company was involved in making the analysis, and whether there were prior opportunities to detect the issue, such as audit reports.
Senior and Middle Management
Focused on how senior leaders demonstrate leadership in compliance, how senior leadership’s own behavior is monitored, the specific actions taken to demonstrate sound leadership, and how information is shared with others in the company.
Autonomy and Resources
Focused on how compliance functions fit within the corporate hierarchy, the relative autonomy of those personnel, if they are themselves senior leadership or report to senior leadership, how compliance personnel are involved in assessing misconduct or violations, and if the personnel has sufficient experience and credentials.
Policies and Procedures
Focused on process of designing and implementing policies, how they are communicated and enforced, what training the personnel responsible for the policies have received, and how policy effectiveness is evaluated.
Risk Assessment
Focused on how a company identifies, analyzes and addresses its risks, including what metrics and information was used to inform the risk assessment.
Training and Communications
Focused on the extent to which compliance training is tailored to risk areas, how the company assesses the effectiveness of this training, how senior management communicates the company’s position on misconduct, what resources have been made available to staff to provide guidance, and how the company has assessed whether its employees know when to seek advice.
Confidential Reporting and Investigation
Focused on how information is collected, analyzed and used, along with how proper scope is defined, and objectivity ensured, during investigations.
Incentives and Disciplinary Measures
Focused on how employees are held responsible, who is involved in making those determinations, if discipline is administered consistently, and the extent to which incentives exist which promote ethical behavior.
Continuous Improvement, Periodic Testing and Review
Focused on the type, frequency and effectiveness of internal audits, whether they are targeted to his risk areas, how controls are established and measured, and the extent to which updates are made to relevant policies and procedures.