Compliance and HR Collaboration Can Drive Effectiveness

June 10, 2024

by Amanda Bates, MS; Sarah M. Couture, RN, CHC, CHRC, CHPC; and Kasie Ray, CHC, PHR, SHRM-CP

Originally Posted on: Compliance Cosmos

Scenario

It was a crisp fall night in West Texas. Ellen was one hour into her fifth night shift of the week, working overtime for Sandy, who wanted to watch her son’s high school football game. Football is legendary in West Texas, and the community was aflutter that a win tonight would seal their winning season and bode well as they readied for playoffs.

Ellen’s phone started buzzing with texts. Sandy’s son, Ryan, the star running back, had been injured on a tackle. They were taking Ryan off the field on a stretcher and headed for the hospital. All the neighbors wanted Ellen to check on Ryan and let them know if he’d be back next week.

Ellen was busy caring for a first-time mom in the mother–baby unit. Ellen felt bad for Sandy, a friend who was always worried about the rough and tumble of football. Out of concern and expectation, Ellen made a mental note to check the record on break. Two hours later, Ellen read in the electronic medical record that Ryan had a concussion. Ellen sent a text to Sandy expressing her support and asking if Sandy wanted her to do anything.

Unfortunately, situations like this happen in healthcare. Caring healthcare workers, wanting to be helpful, sometimes insert themselves in patient records for which they do not have a clinical or business reason. When these breaches or other issues related to noncompliance occur, successful organizations see the compliance and HR departments working in partnership and lockstep. When collaboration exists, addressing lapses in compliance goes much better. Without collaboration, an unfortunate situation can worsen, causing much more trouble than needed.

Most readers have undoubtedly experienced some version of this scenario. How this breach plays out from organization to organization is largely a function of cooperation, alignment, and shared goals of the compliance and HR functions. This article makes a case for taking the time and effort to build collaborative partnerships between two key departments that can synergistically influence the organization’s culture and compliance mindset.

Collaborative partnership

Compliance and HR are essential strategic functions in every healthcare organization. While each has distinct responsibilities, compliance and HR have significant touchpoints in many areas, including culture, accountability, discipline and enforcement, education, training, communication, investigations, job descriptions, performance evaluations and promotions, incentives, exit interviews, hotline and reporting, and exclusion screening—to name a few.

With so many common areas of focus, it makes sense that compliance and HR should collaborate and that leaders and team members from each department should have strong working relationships. In fact, compliance will be more effective at its primary goal—prevention and detection of fraud, waste, and abuse—as it more successfully works in partnership with HR. The U.S. Department of Health and Human Services Office of Inspector General’s (OIG) Compliance Program Guidance discusses how collaboration drives effectiveness: “Coordination and communication are the compliance officer’s key tools for planning, implementing, and monitoring an effective compliance program. The compliance officer should strive to develop, and the entity should strive to promote, productive working relationships with organizational leaders. Coordinating work and sharing information with leaders of other support functions, including (as applicable), Legal, Internal Audit, IT and Health Information Management (HIM), Human Resources, Quality, Risk Management, and Security will enhance the strength and success of the compliance program.”[1]

However, this meaningful collaboration is not always the case. In some healthcare organizations, compliance and HR function in silos with little or no interaction or communication on what areas of alignment and partnership should be. In other organizations, there may be turf wars, where compliance program leadership and HR leadership do not understand the functional distinctions. One or both may attempt to “own” what the other department should be responsible for.

Success for the effectiveness of the compliance program and HR function—and the organization as a whole—starts with intentionality and a relationship. The following section will describe why compliance and HR should collaborate and how they should work together more productively, and it will provide tips and recommendations for specific areas of cooperation. By improving collaboration, both compliance and HR stand to broaden their influence, mitigate potential risks, and increase their strategic impact within the organization.

Foundation for collaboration

While collaboration between compliance and HR might seem like a matter of common sense, government guidance underscores this expectation. OIG’s Practical Guidance for Health Care Governing Boards on Compliance Oversight discusses the roles and relationships of various functions, including compliance and HR, and the importance of establishing functional boundaries between functions “while also setting an expectation of cooperation and collaboration among those functions.”[2] The expectation of collaboration is not limited to HR and compliance; however, it extends to legal, internal audit, and other departments, emphasizing the importance of a shared framework and definitions around “governance concepts, such as accountability, risk, compliance, auditing, and monitoring.” This guidance indicates that “[t]he compliance function promotes the prevention, detection, and resolution of actions that do not conform to legal, policy, or business standards. This responsibility includes the obligation to develop policies and procedures that provide employees guidance, the creation of incentives to promote employee compliance, the development of plans to improve or sustain compliance, the development of metrics to measure execution (particularly by management) of the program and implementation of corrective actions, and the development of reports and dashboards that help management and the Board evaluate the effectiveness of the program.”

The guidance addresses some key HR focus areas; “[t]he human resources function manages the recruiting, screening, and hiring of employees; coordinates employee benefits; and provides employee training and development opportunities.”

Considerations

There are several distinctions between compliance and HR. The first is regarding how differently each function operates within the organization. HR plays a crucial strategic role in shaping the organization’s culture, utilizing data and people analytics to drive business growth, and developing talent to meet changing needs within the industry. While the strategic component of HR is critical, HR has several primary activities that are more operational than strategic. As the guidance highlights, core HR operations include recruiting employees, managing benefits and compensation, and ensuring training and development. These activities—along with payroll, employee relations, and employee engagement—are undeniably vital for the organization, and HR is primarily responsible for their planning and execution. Compliance, on the other hand, does not perform any operations for the organization. Compliance is by nature independent of operations, so it can be objective in its responsibilities, including investigating and auditing the various functions and operations of the rest of the organization.

Compliance approaches its work by applying the seven elements of an effective compliance program to the organization’s risk profile:[3]

  • Written policies and procedures
  • Compliance leadership and oversight
  • Training and education
  • Effective lines of communication with the compliance officer and disclosure programs
  • Enforcing standards: consequences and incentives
  • Risk assessment, auditing, and monitoring

Responding to detected offenses and developing corrective action initiatives, HR utilizes many of the types of elements to achieve its strategic and operational objectives in talent acquisition, employee relations, payroll, compensation, benefits, etc.

Another area of distinction is the kind of risk with which each function is concerned. Compliance is concerned primarily with fraud, waste, and abuse risks arising from healthcare regulations (i.e., compliance with regulations). These include, but are not limited to, the False Claims Act, Anti-Kickback Statute, Stark Law, HIPAA Privacy and Security rules, the exclusion statute, beneficiary inducement, and the Emergency Medical Treatment and Labor Act. HR risks arise out of legal and regulatory mandates governing their operational activities. These include the Fair Labor Standards Act, Americans with Disabilities Act, Family Medical Leave Act, Pregnant Workers Fairness Act, National Labor Relations Act, Equal Employment Opportunities Act, Affirmative Action Planning, Employee Retirement Income Security Act, Title VII of the Civil Rights Act, and more. In addition to these regulatory concerns, HR contends with organizational risks beyond legal requirements, such as employee turnover, development, and organizational culture management. Compliance and HR similarly address many of these risks through education and accountability regarding an organization’s code of conduct and its policies and procedures. While compliance and HR have distinct risk profiles, they leverage their functional expertise to ensure that the organization and its operational leaders effectively manage their relevant risks and work to ensure these risks and their mitigation approaches are understood by both leadership and the board of directors.

Working together

Compliance and HR are distinct functions that help mitigate risk for the organization in different ways. While separate and distinct, the departments should not work in silos, nor should there be disagreement over “turf.” It is critical that HR and compliance understand how each function works differently and capitalize on the areas they can work together to improve their impact on the health and operation of the organization.

As previously discussed and to promote “‘speaking the same language” to leaders and the rest of the organization, it is imperative for HR, compliance, and other control functions to work together on a framework and definitions around these areas of commonality or alignment, including but not limited to, governance concepts, risk, accountability, and auditing and monitoring.[4] Each department will be stronger and work more efficiently and effectively by prioritizing good working relationships and identifying where and how to collaborate. HR and compliance should work together to understand each side’s risks and how the approach to addressing those risks can be aligned.

When HR and compliance are not aligned, it increases risk to the organization. Many of the negative effects appear to be minor, such as duplication of work, missed opportunities to be involved in initiatives or investigations, and inconsistencies in processes. However, when examined more closely, these seemingly minor effects can greatly increase the risk of a compliance issue getting out of hand, as our case in West Texas illustrates. Duplication of work may present conflicting information or guidance between HR and compliance training, policies, or procedures—potentially leading to noncompliance. HR is often the first contact individuals make at an organization and the first contact who comes to mind when employees consider raising concerns. It is important that each leader is aware of the other departments’ general risk profiles and how to identify them. HR should be able to recognize not only clear compliance risks but also the potential downstream effects on organizational compliance from seemingly benign issues. Lastly, inconsistencies in processes—especially when it comes to disciplinary action associated with noncompliance—can undermine the compliance program’s effectiveness.

Start with a conversation about whether your HR and compliance departments collaborate well. Reach out to the HR leader and/or team to start the conversation. Explore the relationship and collaboration to date, noting any barriers or challenges that either group has identified. Discuss what collaboration could look like and how to get there. It may help to discover, even document, where the functional responsibilities lie and where there are areas of touchpoint and potential partnership, such as in a Venn diagram. Decide what the path should look like to more intentional and effective collaboration. This should include deciding on which types of matters collaboration is needed, dividing responsibility for areas of collaboration, and defining ongoing communication, to name a few.

There are many specific areas where HR and compliance overlap and/or have natural touchpoints. In these areas, it is vital that the two functions understand one another, derive roles and responsibilities, and collaborate to ensure both efficiency and ongoing effectiveness.

Culture

Both HR and compliance are concerned with the health of the organization’s culture. Culture starts with top leadership and impacts everything: the way decisions are made, what is prioritized, what behavior is appropriate, and how team members communicate with one another. Healthy organizations focus on ensuring healthy cultures. A healthy culture is one where team members can report issues without fear of retaliation, where leaders promote transparency and open communication, and where individuals are held accountable for their behavior. HR and compliance can help drive the culture of compliance; they can focus on culture in communications and actions and educate leadership about culture. They can also ensure perceptions about the culture are measured via employee surveys and then work together to plan for addressing survey findings.

Written standards, policies, and procedures

While the content of compliance and HR standards may differ, the approach to development, implementation, and communication should be aligned. It is critical not only that policies and procedures are written appropriately but that they are effectively implemented and understood by employees. HR and compliance should ensure there is no confusion about where to find policies, how they are rolled out, or what expectations exist regarding employees utilizing them.

Nonretaliation

Like culture, HR and compliance are active promoters of an organization’s nonretaliation policy through communication, education and training, and discipline and enforcement. Nonretaliation flows from a healthy culture and is imperative to successful compliance program effectiveness. If employees fear retaliation, they are much less likely to report suspected noncompliance, preventing the compliance program from knowing about and investigating the issue. Both HR and compliance must be promoted in word form and then supported in action so that retaliation will not be tolerated.

Reporting

Many reports that come to a compliance hotline/compliance department may not be compliance issues but HR issues. Compliance will need to have a triage process to identify reports that do not seem to have a compliance component and are for HR, then have a process to “hand off” the report to HR for further investigation (or have a process for a dual investigation into an issue with both compliance and HR components). Both departments should have a role in socializing the reporting mechanisms—how to report a concern and what issues should be reported. Communication and transparency are needed to help prevent duplication of effort or omissions and promote healthy collaboration instead of turf issues.

Risk assessment and compliance committee

Compliance should include HR in the ongoing compliance risk assessment process, ensuring that HR perspectives on potential compliance risks and their likelihood and impact are considered. This may be done via interview or survey or could be part of the ongoing work of the compliance committee, where HR should be included in the membership.

Investigations

Both HR and compliance functions conduct investigations. Sometimes, HR and compliance are both involved in an investigation and may work together on interviews, document review, etc., as needed. It is essential that investigators—whether for HR or compliance—have appropriate training, appropriately scope the investigation, and ensure thorough documentation.

Accountability, discipline, and enforcement

As previously mentioned, holding individuals accountable for noncompliant behavior helps preserve the culture of compliance. When individuals are not held accountable, it erodes the culture of compliance, sending the message that noncompliance is not a big deal and/or that certain individuals are above the rules. Accountability is generally carried out through education, monitoring, enforcement, and discipline. Discipline and enforcement are among the seven elements of an effective compliance program, but compliance does not “own” discipline and enforcement; it is HR’s responsibility. Because of this, both HR and compliance must understand their roles regarding discipline and enforcement and prioritize transparency, communication, and respect for one another’s professional perspectives. Compliance should ensure thorough communication to HR regarding noncompliance and may make recommendations to HR regarding discipline and enforcement. Compliance should also confirm the implementation of the disciplinary measures and document them. Based on risk assessment, compliance may perform a review of discipline and enforcement action documentation regarding noncompliance to confirm fairness and consistency. The disciplinary policy should specifically include the potential for discipline for failing to report, discipline for retaliation, and, in concert with the March 2023 updates to the U.S. Department of Justice (DOJ) Evaluation of Corporate Compliance Programs, that bonuses or other financial incentives may be “clawed back” in cases of noncompliance.[5]

Incentives, job descriptions, performance evaluations

While incentives have long been part of the suite of the seven elements canon, the previously mentioned Evaluation of Corporate Compliance Programs put even more emphasis on the importance and expectations of having robust compliance incentives to drive the program’s effectiveness. This may be an area where many healthcare organizations are under-focused, so initiating a fresh and proactive collaboration and working relationship with HR could be a good area. The organization should have a documented approach to compliance incentives. This should start with job descriptions documenting specific compliance expectations that increase with role responsibility. Compliance should also, therefore, be an element of performance evaluations and have a tangible impact on promotions, pay increases, and bonuses. There are other ways to incentivize compliance, including small tokens for achieving compliance milestones (i.e., a department having a 100% education completion by a deadline) and recognizing compliant actions in newsletters and other communications. HR and compliance should work together with leadership to brainstorm, develop, document, and implement the organization’s approach to compliance incentives.

Exit interviews

While HR has traditionally been responsible for exit interviews in most organizations, it has become a best practice for compliance to also have a role. Exiting employees may be willing to share their experiences, including those regarding retaliation, culture, and any potential compliance issues of which they may be aware. Compliance involvement is fundamental for the recognition and exploration of these compliance-specific concerns.

Other considerations

In some smaller organizations, HR and compliance may exist within the same department, often under the leadership of a single individual. While it is crucial to delineate the functions within this integrated department to ensure the proper execution of HR and compliance responsibilities while maintaining the required compliance independence, the collaborative opportunities highlighted earlier in the “Working together“ section may allow for a more effective approach. Another significant consideration is that individuals throughout the organization may not clearly understand each function’s distinct roles and responsibilities, exacerbating the potential risk of missed opportunities to identify the previously discussed issues. Effective communication from leadership—as well as coordinated efforts from both the HR and compliance functions—is imperative. This approach helps define the functions, ensuring that employees and leaders alike are well informed about where to direct specific issues or concerns.

Conclusion

The effort it will take to build a relationship, define distinctions and areas of collaboration, and lay a solid foundation for ongoing collaboration will be worth it. This collaboration will increase both departments’ efficiency and effectiveness. For compliance, it will increase the effectiveness of its ability to prevent and detect fraud, waste, and abuse. Collaboration on culture, reporting and investigations, enforcement and discipline, incentives, and other specific areas will result in better outcomes for each department, the organization, and patients.

If there is currently no working relationship or communication between HR and compliance, or if there have been barriers to working together, start with a conversation. Set up a call to discuss where the departments have been, where they need to go, and how to get there. Spend time getting to know the leaders from HR, how the group functions, and how they may have worked (or struggled) with compliance in the past. Discuss the specific areas where collaboration is essential for the effectiveness of each function, and work on a plan to enhance cooperation and partnership over time. Inform organizational leadership of the plans and progress in collaboration and how it drives effectiveness.

Takeaways

  • HR and compliance are separate functions with distinct organizational risks and responsibilities.
  • Government guidance discusses how various functions, including HR and compliance, should collaborate and share a framework around risk concepts.
  • Compliance and HR functions should collaborate to ensure effectiveness and the best outcomes.
  • Areas of collaboration should include, but are not limited to, culture, accountability, reporting, nonrelation, education and training, enforcement and discipline, and incentives.
  • Developing a documented and effective approach to compliance incentives may be a good starting point for collaboration.

1 U.S. Department of Health and Human Services, Office of Inspector General, General Compliance Program Guidance, November 2023, https://oig.hhs.gov/documents/compliance-guidance/1135/HHS-OIG-GCPG-2023.pdf.

2 U.S. Department of Health and Human Services, Office of Inspector General, Association of Healthcare Internal Auditors, American Health Lawyers Association, Health Care Compliance Association, Practical Guidance for Health Care Governing Boards on Compliance Oversight, Practical Guidance for Health Care Governing Boards on Compliance Oversight, April 2015, https://oig.hhs.gov/documents/root/162/Practical-Guidance-for-Health-Care-Boards-on-Compliance-Oversight.pdf.

3 U.S. Department of Health and Human Services, Office of Inspector General, General Compliance Program Guidance.

4 Practical Guidance for Health Care Governing Boards on Compliance Oversight, Practical Guidance for Health Care Governing Boards on Compliance Oversight.

5 U.S. Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs, updated March 2023, https://www.justice.gov/criminal-fraud/page/file/937501/download.

Copyright 2024 Compliance Today, a publication of the Health Care Compliance Association (HCCA)

Connect with me!

I’d love to hear your thoughts on this Perspectives or discover if I’m the right fit for your compliance advisory needs!
GET STARTED
crossmenu