I read a blog post by a guy who sells packaged compliance plans for physicians and healthcare facilities. He’s not a lawyer, but I believe he was formerly with the OIG and, upon retirement, started the business.
His post made me wonder whether the existence of form compliance plans (or, indeed, the concept of compliance plans in general) is bad for actual compliance.
I think that many people believe that compliance is a plan that can be bought. They’ve either missed the point or were misled. Compliance isn’t the purchase of a plan or even the adoption of a plan; compliance is an ongoing process, not a document or even a set point in time.
The process not only involves you vetting proposed arrangements in real time, but that you also regularly revisit arrangements that are in place to see if a compliance problem was missed or has arisen. The process as applied to ongoing operations can be accomplished using a “red team” to conduct what is essentially a mock government investigation.
Here’s your easy reference tool: Compliance isn’t the plan, compliance is the process.
If what you have is a plan without a process, you’re missing the mark.