Establishing an effective corporate compliance program, then managing and maintaining the program, is a complex and often difficult proposition for the traditional health care provider or health system.  When the health system is part of a “hybrid” organization, those tasks amplify in complexity to connect traditional care delivery to a completely parallel concept business workflow.  While business and health care compliance have underlying principal similarities to ‘always do the right thing’ regardless of the service being delivered, compliance needs for the health care delivery business component can be vastly different from the needs of the business entity.  In some cases, there may even be separate compliance plans and expectations for each business entity component within the larger organization.

The seven (plus one) elements of an effective compliance program are well known.

  • Compliance Officer / Commitment to Compliance Program (“Tone from the Top”)
  • Written Standards (e.g., Compliance Plan, Code of Conduct, Policies and Procedures, etc.)
  • Training / Education
  • Audit
  • Open Communication / Hotline
  • Investigation of Complaints
  • Well-Publicized Disciplinary Standards
  • Risk Assessments / Risk Management

However, some of the elements may not uniformly fit every aspect of the larger healthcare organization.  Specifically, compliance plan focus, policies and procedures, training and education, audits and risk assessments may be different.

Here are a few examples of these types of hybrid entities below.

Health System and Charitable Foundation

A corporate compliance program for a health system includes training and education geared toward healthcare rules and regulations on scopes of practice, provision of care, and billing and coding claims, at a minimum.  These types and amounts of training are not appropriate for a charitable foundation staff or Board of Trustees.  Additionally, the most appropriate and effective training formats may be significantly different (e.g., online vs. in-person.)  While there may be some cross-over in topics, such as Anti-Kickback Statute issues, among others, these are few.

Audits and risk assessments of the entities will focus on quite different things as well, similar to the training topics.

Health System and University

As opposed to healthcare systems, university compliance plans may focus on academic issues, government issues, athletic issues, Title IX, and others. These are not the type of issues one might expect to see in a typical health system compliance plan.

Health System and Private Equity Firm

Private equity firms must address Sarbanes-Oxley Act requirements, as well as SEC regulations, if publicly traded.  The focus of the compliance efforts for this part of an entity would be vastly different in terms of training and audits.

It is important for these entities to find common threads to support each other in their respective compliance functions and obligations.  Be aware of the differences, but make sure to address compliance in all entities.  Focusing on communication between the entities to eliminate duplication of effort and to leverage resources appropriately is one key to success.

Please contact Allison K. Luke, JD, CHC, Executive Consultant, Pinnacle Enterprise Risk Consulting Services, at with any comments or questions.