The Compliance Plan Check-Up

Medical Billing Compliance Checkup form and a stethoscope

By: Pat Kroken, FACMPE, CRA, FRBMA
Radiology Business Management Association Bulletin – September/October 2020 issue

Compliance Issues 

Compliance issues represent one of those “wake up at 3:15 a.m.” topics. You know something is wrong and worry you could be personally liable for the actions of someone else in the group. Do you self-report? Will there be a penalty? Is your compliance plan still current now that you merged with another group? When was the plan last reviewed and updated? The only person who hasn’t faced a compliance issue is one who hasn’t been in the business long enough—or worse, the one who doesn’t yet know a problem occurred!

The U.S. Department of Justice Criminal Division released a valuable updated document in June 2020, titled “Evaluation of Corporate Compliance Programs.”

It provides guidance for prosecutors conducting compliance investigations, determining whether to bring charges and negotiating plea or other agreements. While not limited to the field of healthcare, it addresses appropriate issues that can help assess our compliance programs.  

In addition, the document quotes the United States Sentencing Guidelines, a set of guidelines with which we all hope to never become acquainted. Those guidelines advise “consideration be given to whether the corporation had in place at the time of the misconduct an effective compliance program for purposes of calculating the appropriate organizational criminal fine.”


The radiology organization needs to know prosecutors are advised to ask three “fundamental questions” to evaluate the overlying compliance environment of an organization:

  1. “Is the corporation’s compliance program well designed?

  2. “Is the program being applied earnestly and in good faith?”
     In other words, is the program adequately resourced and empowered to function effectively?

  3. “Does the corporation’s compliance program work” in practice?

Using the Guidelines Proactively

The guidelines provide an opportunity to prepare not only for a potential government investigation but also offer a checklist we can proactively use to ensure our compliance plan adequately protects the organization.

Just what does this mean practically in terms of what we should be checking to ensure our plans are effective?

The prosecutor is advised to evaluate the degree to which a culture of compliance is integrated within the organizational structure, including whether a code of conduct makes it clear the company will not tolerate misconduct, with that stance supported by training and policies and procedures.

One of the measures addresses whether training and/or policies and procedures were updated following a compliance incident and that’s something we should be able to easily check and document as part of the functioning plan.

Questions include, but are not limited to, the following:

  1. What, if any, guidance and training has been provided to key gatekeepers in the control processes (e.g. those with approval authority or certification responsibilities)? Do they know what misconduct to look for? Do they know how and when to escalate a concern?

  2.  Is the compliance program in practice disseminated to, and understood by, employees? Have supervisory employees received additional training? Does training address lessons learned from prior compliance incidents?

  3.  Is the plan, along with any training/educational documents, readily accessible to all employees? Is it easy to navigate and updated regularly?

  4. Is there an anonymous reporting mechanism and if not, why not? Does the organization test whether employees are aware of the hotline and comfortable using it?

  5. How have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation?

  6. Do compliance personnel have other responsibilities? Do they have appropriate experience and qualifications for their roles? Is there sufficient staffing to effectively audit, document, analyze and act on results of the compliance effort?

  7. Do company communications convey that unethical conduct will not be tolerated and will bring swift consequences, regardless of the position or title of the employee who engages in the conduct? Have disciplinary actions and incentives been fairly and consistently applied across the organization?

  8. Does the plan have the capacity to improve and evolve to ensure it is not stale? How often has the company updated risk assessments and reviewed its compliance policies, procedures and practices?

The Plan in Practice

Prosecutors are advised to determine if the compliance program is a “paper program” or one “implemented, reviewed and revised, as appropriate, in an effective manner.” They will also evaluate plan effectiveness at the time of an incident under investigation, especially if the incident was not immediately detected.

Another indication of an effective plan involves the timely and thorough investigation of
suspected misconduct, including documentation of any disciplinary or remedial measures taken.
Were investigations used to identify root causes, system vulnerabilities or accountability lapses,
including the conduct of supervisory managers and senior executives?

One section of interest applies to practices involved in mergers and acquisitions and reminds those organizations to include a review of each entity’s compliance protections and activities as part of due diligence activities. In addition, there should be a post-acquisition integration of plans. There is also a reminder misconduct at one of the companies can negatively impact the other one involved in the transaction.


In many of our practices, compliance is just one more responsibility stacked on the administrator’s long list. Very often the compliance plan was put in place, checked off the list and consulted again only when a problem cropped up.

The Department of Justice document provides clear language and some valuable tips regarding how to review and update an existing plan. It is a valuable resource document for the busy manager. 

Patricia Kroken, FACMPE, CRA, FRBMA
has an extensive background in radiology practice management and directs education and corporate communications for MSN Healthcare Solutions. 

She worked as a consultant for radiology practices, billing companies, software developers, and hospital radiology departments for 20 years before joining MSN.

She is a regular contributor to the RBMA Bulletin and a frequent speaker on topics related to radiology practice management. 
Pat can be reached at
or 505-856-6128