Laboratory compliance officers have many duties to oversee or perform throughout the calendar year, some more vital than others. It is important to understand which of those should be prioritized over others when it comes to allocating resources. Identifying new risks the laboratory faces in the coming years, both near-term and long-term, are essential to an effective compliance program. The best way to accomplish this is through a standardized process at year’s end for review of the year’s compliance activities, and then using the results of that review to plan for the coming year.This does not mean that a compliance officer should wait until the end of the current year to update a lab’s programs or evaluate current risks. Laboratory compliance officers should be updating the risk the lab faces throughout the year and making changes to their programs as needed. However, at some point in time, all these changes need to be summarized, discovered compliance problems should be addressed to ensure they have been resolved, and policies and procedures updated to reflect the changing environment. The compliance officer then will use the information to plan for the upcoming year. This implies that a standardized process is in place to make sure these tasks can be efficiently and effectively carried out and that nothing falls through the cracks. What Should That Process Look Like? Compliance guidance documents issued by the Health and Human Services Office of Inspector General (OIG) are useful in the respect that they lay out a foundation for laboratory compliance officers to use in creating a template of the essential elements of a compliance program. However, for laboratories, the section of the document that discusses the compliance risks for laboratories is hopelessly out of date and does not identify compliance risks as they exist today. One of the essential tasks that laboratory compliance officers must undertake to ensure their compliance program is effective and up-to-date is an annual review of compliance activities and events designed to identify new risks and determine if current risks have been resolved. This should be memorialized in a written policy and procedure that lists the essential elements of such a review, such as a checklist or an electronic tool that helps ensure that everything is covered and nothing is overlooked. Internal or Outsourced The compliance officer has the choice to conduct these reviews and evaluations internally or to hire an outside vendor to help accomplish them. If the compliance officer prefers to keep the task internal, here are some guidelines to follow:

• The task should be shared among the members of the compliance committee to better use the human resources and expertise available and spread the work around.
• One of the problems is that laboratories start out with good intentions but soon get bogged down in the day-to-day operational issues and the reviews go undone or are done so poorly in the haste to complete them that they actually create potential risks rather than provide benefit. This is a real problem, so do not take it lightly. Whatever process or tools are used for this should be as easy to use as possible. The goal is to identify potential risks, not necessarily to resolve them at the time they are discovered unless they are high-priority items (see below).
• To make sure the reviews are conducted by competent people, each compliance committee member should be assigned to carry out the part of the review that covers his or her area of responsibility in the laboratory. In other words, don’t have the sales or business manager review the billing department and vice versa. While this may be less objective than another approach, it is often the most efficient.
• One common practice in the health system or hospital setting is for a single department, such as risk management or corporate compliance, to conduct these reviews. While there are some advantages to this approach, many laboratory issues are unique to the laboratory. If an internal department is doing these reviews, it is preferable, even essential, that someone on the review team has current experience with laboratory compliance risks.

Using an outside vendor can have certain benefits, such as objectivity and broad compliance experience, but is usually more expensive than using employees. If you can afford it or have budgeted for it, it is very useful to bring in an outside vendor to conduct the reviews, assess the results, and make recommendations for what needs to be done and what are high-priority items for your laboratory. However, pick the vendor carefully and use a request for proposal (RFP) process that allows for more than one vendor to bid on your project. The compliance committee should be involved in the development of the RFP and selection of the vendor. The more specific the RFP is, the better chance you have of choosing the right vendor and getting the results you desire. Highest-Priority Compliance Tasks Life must go on at the laboratory, and compliance problems have a way of poking their heads up at just the wrong time. That said, here are some tips for prioritizing compliance issues on a daily basis.

• The highest priority for any compliance program at any time throughout the year is making sure that identified problems and compliance issues have been resolved, or are on schedule to be resolved, in a timely manner. Federal requirements that any overpayments be reported and refunded within 60 days of when they are discovered raise resolution of overpayment to a high level. In other words, ongoing investigations and audits of any situation where an overpayment refund is involved or suspected is the highest priority for laboratory compliance officers.
• Responding to demands for records or refunds by the Centers for Medicare and Medicaid Services or any of its contractors must be the second-highest priority. Failing to ensure these demands are met in a timely manner can lead to serious problems for the laboratory. In some cases, neglecting these responsibilities can lead to increased risk for the laboratory in addition to the original issue about which the demands were made.

At first glance, the tasks look overwhelming. If your laboratory does not already have a process in place such as what has been discussed in this article thus far, you should make developing the processes, policies, and procedures to get this implemented a priority for the coming year. This will certainly strengthen your compliance program and increase the probability that you will discover your problems before anyone else does. It also serves to provide evidence of an ongoing and active compliance program. Developing the Process, a Suggested Approach Anyone who has reviewed or assessed the current state of affairs of compliance programs in the laboratory industry quickly learns that many of these laboratory compliance plans or programs have not been meaningfully reviewed or updated within the last several years. While laboratory compliance officers worry about this state of affairs, very often other tasks take priority. Additionally, it is difficult to see the real benefit of taking on this task during a time when resource constraints are being applied throughout health care to deal with falling reimbursement and increased claims denials. Even without regular updates or reviews, these programs still have benefit for the laboratory. However, if a problem occurs that could have been avoided if the plan was regularly updated, those benefits could quickly disappear. In today’s world of data mining and technology that allows for analysis of huge amounts of data quickly and relatively easily, all providers are at risk all of the time. Let us say that your laboratory is in this situation and you, as the compliance officer, want to fix it and prevent it from happening in the future. Here is one suggested process that can help. This process will take a year to complete the first time, but after it is established it can become a regular part of an end-of-the-year routine process. A Step-by-Step Process If the laboratory does not already have an ongoing process in place to keep tabs on compliance events, activities, and policy and procedure changes, this is the first thing that needs to be done. Such a process can be as simple as keeping a file where the raw information collected throughout the year can be kept for review at the beginning of the end-of-the-year compliance program assessment and update process described below. A better option is an electronic tool that tracks compliance activities. This has benefits at the end of the year but requires time throughout the year to compile information. It is sort of a pay-now-or-pay-later concept. The end-of-the-year assessment and update process should begin as early as the beginning of the fourth quarter, but not so late that it cannot be completed by year’s end. Given that the tracking system is put in place in January of the coming year, the foundation is in place to review and update your compliance program annually.

1. The first step is schedule a compliance committee meeting specifically to initiate the assessment and update process. The compliance activity that has been collected throughout the year is reviewed during this meeting. If the compliance officer has decided to outsource the assessment and update process, the vendor should already have been selected and a representative would attend this meeting. That should be included in the RFP.
2. Next, conduct a meaningful review of your compliance program to determine how much needs to be done. This does not need to be a complicated, quantitative review but is better served through the use of a checklist that is easy to use and includes all of the basic elements of the OIG compliance guidance for labs, as well as a current list of laboratory compliance risks specific to your laboratory. Include a review of ongoing or active investigations in the checklist. The checklist could be split up between the members of the compliance committee, or the compliance officer can conduct the review herself depending on preference, resources available, and time constraints. If an outside vendor is going to be doing the review, this step should be included in the RFP.
3. The compliance committee then will review the results and analyze the information. Combine the results of the tracking process with the results of the checklist review, and the compliance officer has a pretty complete picture of what needs to be addressed. These results provide a road map for setting priorities, budgeting, and assigning tasks in the upcoming year. If using an outside vendor, make sure this step is included in the RFP as a point of interface between the vendor and the compliance officer or the entire committee.
4. Create a formal report of the process and include recommendations and priorities. If the review determines that more resources need to be applied to the compliance program, then that should be included in the report. The report can be included in the annual report to the board, leadership, or corporate compliance as is appropriate for your laboratory.
5. Summarize the information and use it to make changes to your training material and annual audit plan as well as plan for the upcoming year’s compliance activities.

Conclusion An annual review and update of the laboratory compliance program is an essential step in keeping the program current and active. There are many ways to accomplish this, and the approach described here is just one way. Regardless of the process, the compliance officer needs to make certain it is getting done if she expects to get the benefits a compliance program is supposed to bring her laboratory in the event of a problem. Also, conducting an annual review and update has many benefits, not the least of which is to increase the laboratory’s ability to detect its own problems and be able to deal with them on its own terms. The process should be memorialized in a written policy and the necessary supporting procedures, but by taking a year to implement the new process, this task can be spread out over time. Meantime, the compliance office must rely on the existing policies and procedures to help mitigate problems, which is the reason for including the section on prioritizing problems above.