3 Areas of Your Compliance Program to Check on Now

Posted by Mary Shirley on October 17, 2023 in Mary Shirley,

Audit, continuous monitoring and review – and associated improvements – are key expectations in our Compliance programs.  Here are three areas to review if you’ve not re-visited these aspects of your program in a while, with some specially curated tips for healthcare Compliance officers.

1. Hotline abandonment rates

One of the areas we care about in respect of our Compliance programs is the abandonment rate of our hotline calls.  We often consider this to be an indicator of the quality of service of our external hotline provider – we want their call intake staff to answer the phone promptly and we want them to provide language support immediately where required.  Would it shock you to know that colleagues or third party stakeholders may be deterred from following through with their report due to… dun dun dun… us?  Mystery shop your hotline and listen to the preliminary recording supplied by the company. Does it drone on and on?  Are there scary references to data privacy and other legal points that aren’t explained in layman’s terms?  If it isn’t short, snappy, to the point and sounding welcoming, what can you do to address that?  Personally I’d go so far as to say that ideally it should sound warm and welcoming given reports are a gift and it is incredibly nerve wracking to make one.

2. Key Performance indicators

When we think of continuous monitoring and review, we often think of this practice in respect of the hard elements of our Compliance program.  But what about how we choose to measure our Compliance program? Have you ever gone back to the KPIs you created years ago and considered whether they are still fit for purpose? Have you thought about incorporating newer areas that are relevant to today’s Compliance Officer such as data analytics, behavioral science, AI/machine learning?  Even increased possibilities for discussing automation are likely to have presented themselves since you set up the KPI framework. Will you have any KPIs in respect of your ephemeral messaging policy (I know y’all are busy working on the logistics of audit and enforcement of those right now!). Where, if at all, should ESG, including DEI fit in? Would service level agreements be appropriate to introduce?

Given that this blog post is for Streamline Verify, it would be remiss of me to not suggest a KPI especially for our healthcare Compliance Officers in the community administering the exclusion checks process for their healthcare system:

Zero instances warranting voluntary disclosure to the OIG for employing or contracting with an excluded party.

Pro tip to keep in mind with the above KPI: If you’re never getting an exclusion or sanction hits, you should confirm everything is configured correctly – courtesy of Samantha Kelen, Chief Compliance Officer of Stellar Health.

3. Your Compliance Policies

You probably already know that it’s best practice to review your Code of Conduct and update it every once in a while.  This is especially important for healthcare companies that, unlike many other industries, have not been as fast to adapt to more visually appealing, easier on the eye Codes that no longer represent pages of black and white text in Times New Roman font.  Compare your Code design and appearance with that of organizations such as Kohls’s, L’Oreal, and Nokia.  Note how much easier it is for your mind to process the information when it’s broken up and segmented carefully.  Thumbs up to Cleveland Clinic for a rare, clear and concise Code that is user friendly for stakeholders in the healthcare space!

Snap Inc re-launching their Code in 2021 was a great example of leveraging the revised document to highlight how they prioritize kindness.  Is your primary focus patient care as a healthcare company?  How might you re-imagine your Code to weave that signature theme into this document? The year before, Novartis told the story of their new Code that incorporated behavioral science and was “co-created” with the business.  These novel approaches reminded the rest of us about the value and necessity of keeping our Codes modern and fresh. But what about all of your other Ethics and Compliance policies? Has it been too long a sip between drinks since reviewing them?  Do you still have policies that sound like they were drafted by lawyers, for lawyers? Have you incorporated tone from the top? Have you thought about leveling up your tone from the top, for example by way of including ethics quotes from leaders across many areas of the business, a la the McDonalds Supplier Code of Conduct? (Source: https://corporate.mcdonalds.com/content/dam/sites/corp/nfl/pdf/Supplier_Code_of_Conduct.pdf) Have you considered modernizing them at all?  For example, would infographic style policies suit your organization?  Have you ever tried asking key business stakeholders who must apply certain policies to explain to you in their own words what the policy requires and what feedback they’d have for you if you were to revise it?  Have you started to draft a policy around your company’s use of Artificial Intelligence yet?

We hope these questions help to inform your Compliance program activities this year and address an opportunity or two to supplement your best practices with even more of them and perhaps even inspire you to do some trail blazing, just like McDonalds, Novartis and Snap!

About Mary Shirley

About Mary Shirley

Mary Shirley is a New Zealand-qualified lawyer with 18 years of ethics and compliance experience that includes working for data privacy and antitrust regulators, in-house and private practice/consultancy across five countries and four regions of the world. Most recently she was global Head of Culture of Integrity and Compliance Education at Fresenius Medical Care, assisting the company with an FCPA monitorship, serving both the legal and compliance departments.

Related Articles

COVID-19 Health Care Changes that May ...

January 4, 2021

The COVID-19 pandemic has changed the face of the health care industry on multiple fronts. These range from the multiple blanket 1135 temporary waivers issued by CMS that control how care for federal ...

Permissive Exclusions Updates from the OIG ...

May 2, 2016

Recently on April 18, 2016, the Inspector General of the famed OIG issued a review and updates on their exclusion policies and how they go about permissive exclusions. The OIG was established back i...

5 New Year’s Resolutions for the ...

December 31, 2014

As 2015 begins, here are five things that you can do to tighten up compliance at your facility. 1) Check OIG exclusions monthly. Every month.  Religiously.  Because the LEIE is updated monthly......

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

Our Culture

We build the best, so you can perform at your best.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking




Average workload reduction by implementing the Streamline Verify program



Establishments trust Streamline Verify nationwide



Serving the healthcare industry’s unique compliance needs since 2011



Setting standards with hourly synchronization to primary source data