When the current Senior Vice President of Internal Audit and Compliance first started at this northeastern medical center, one of the first things she did was begin a review process to find a complete compliance software tool that would assist her staff in all areas. Together, her team defined what it was they wanted the tool to do, then looked for a product to meet their needs. ComplyTrack® software solution was the easy answer.
The following case study, based on an interview with this executive, provides insider insights into the highly effective techniques she and her staff have instituted to run their compliance department. It reveals how the team uses ComplyTrack to complete many different compliance functions, including reporting to the CEO and the Board, developing and distributing compliance surveys, tracking all compliance department activity, identifying trends, and maintaining an enterprise-wide culture of compliance.
Finally, it covers how ComplyTrack enables the executive and her staff to accomplish tasks with levels of efficiency, consistency and stability not available through other approaches.
Tracking compliance activities before ComplyTrack: time-consuming and tenuous
Compliance activities are multi-dimensional, and the very act of managing risk can create risks of its own. “In one of my prior roles as Chief Compliance Officer, I had created an Excel spreadsheet to track the activities of our department,” this Senior Vice President told us. “While it was an easy, user-friendly way to log everything, I started to be concerned about what would happen if I lost that spreadsheet. Of course it was password protected. And while I could track things manually as I was keying them in, I still started to worry about security and stability issues. So when I came to the medical center, I decided that it was time to look for a solution with security behind it, one that could give us statistics and reports on the types of investigations that we were involved in.”
That’s when she convened her staff, and they began to brainstorm on their requirements for a compliance tool. “When you look at a product after you’ve decided what you really want to get out of that product, it makes it much easier to pare down. It made the decision to purchase ComplyTrack much easier. I took it to the COO, and the purchase decision was very smooth because it was so clear that ComplyTrack would accomplish everything we needed.”
The perfect solution for a particular approach
The Senior Vice President has developed her own unique approach to running a compliance department, and ComplyTrack fully supports her strategy. “In compliance, I don’t just log in investigations. I also keep track of all of my audits, and every inquiry that comes in—I created this system where every time someone had questions relating to compliance or issues surrounding processes that they wanted to confirm met regulations or hospital policy, I would log in the question and track the time it would take us to provide the answer. Some questions would require a lot of research, some less. Some would require conversations with outside counsel. I logged them all. My old Excel spreadsheet had numerous tabs: case log, advices, audits (contractor, internal, financial, work plan, special request audits), a tab for training and education and in-services. I thought, if I lose this thing, I’m losing the base for managing my whole department.”
When first considering ComplyTrack compliance software, she saw that not all the features would meet her particular needs precisely. “I want sequential numbering for every log. The regulations do not require you to have a log for audits, but they do require it for investigations. Investigations needed to be totally numerical, so there would be no missing numbers. That’s how I wanted it done, and Wolters Kluwer was able to give me exactly what I needed in [ComplyTrack’s] Activity and Event Manager (AEM). We can run a report and say give me all the activities for 2014; give me all the external audits; let me see not only the audits or activities but let me filter them by type. Then off of those we generate graphs.”
Those graphs often end up on-screen in front of the CEO and the entire medical center Board of Directors.
Support informed decision-making and make real-time decisions based on current information
The information this Senior Vice President manages through ComplyTrack directly informs high-level decision-making at the hospital. “When I go to the Board, I can show a pie graph. Here are the types of activities—HIPAA security, HIPAA privacy, exclusions, EMTALA questions, general policy questions, code of conduct questions. The Board can instantly absorb all the key data on compliance activity.”
Manage risk and maintain an enterprise-wide culture of compliance
The medical center is using ComplyTrack’s Risk Assessment Manager (RAM) to focus resources through risk assessment and to show management what’s going on in their areas and why. All of this helps reinforce a facility-wide culture of compliance.
“In our risk assessment, every year, we use similar reports on an annual comparison basis. We can compare all the activities for the last three years. We can use that in a risk assessment to see the areas of risk that are growing And changing. Three years ago, maybe there was very little HIPAA activity, and now there’s a lot. Why? Maybe new rules and regulations, things that we may not have in place yet. This type of analysis can help us identify the areas where we need to focus. The board and the CEO can, without reading all the details, see charts that create comparisons over time.”
“This tool can show if the compliance program is working. But it also gets everyone on board and saying, ‘Why is my department sticking out?’ The compliance officer and their team should not be the only one doing it. Everyone has to be on board. Compliance is the responsibility of the facility as a whole. The compliance team is not responsible for the error, and they can’t directly fix it. If audits aren’t being followed up on, people need to be held accountable. Accountability is very important. It’s hard to quantify a culture of compliance, and without this type of tool, you wouldn’t be able to track your success. It’s not just about the number of audits that you do. It’s the number of investigations that never need to happen. Without this tool you can’t track that so clearly.”
Not just active compliance—proactive compliance
“It was my decision to track everything that comes in the door. But how do you quantify all that without a tool like this to show your resource effectiveness and what you’re doing to be proactive? You can say you did 100 audits, but did you follow up and close? Did you track that everything in the corrective action plan was in place? Our use of ComplyTrack AEM and RAM helps us to be proactive and also helps us to show that we’re being effective. Basically, we use ComplyTrack to tell us what’s been going on. We pull reports: volume reports, highest dollar, top-ten and twenty by various measures. Then we go in and pull relevant questions from the RAM question set library and tailor the ones we want to use. We keep it short (10-15 questions) and bring a streamlined survey to targeted areas, to physicians, ER, cardiologists. Based on the answers, we compile other statistics and put together a full risk Assessment.”
Can you imagine a world without ComplyTrack?
To close, we asked this executive what she would do without ComplyTrack compliance software. Her answer was instructive: “Don’t say that! That would be a big issue for me. I think this tool is the best thing ever. The most important thing—the thing I love—is its flexibility. Then there are the features that Wolters Kluwer contoured for me specifically that I think are very important to how we run our department. I believe in ‘keep it simple.’ And I think this is simple.”