Tips for Choosing a Compliance Hotline Vendor.
Date posted: June 2, 2017
Effective compliance programs should include a compliance hotline, by definition. Both the United States Sentencing Commission and the Department of Health and Human Services (HHS) Office of Inspector General (OIG) call for the use of compliance hotlines as part of an organization’s comprehensive compliance program. Compliance hotlines provide an important avenue of communication between employees and management. These hotlines allow employees to report sensitive matters outside of their normal supervisory channels. Failure to establish positive internal compliance reporting channels often results in ‘whistleblowers’ reporting matters externally to the OIG and the Department of Justice (DOJ). Establishing effective internal compliance communication is challenging. Internal hotlines are generally inadvisable because they are inefficient, costly and seldom meet any minimum standards. Compliance hotlines require special technical and operational safeguards to ensure confidentiality. For example, compliance hotlines should use “backstopping” features to prevent caller tracing, and all caller identification systems must be blocked. Additionally, because callers are often nervous and afraid, they may question the anonymity offered by calling an internal compliance employee. Accordingly, in-house call operators should be minimally visible to the work force. Caller confidence is strengthened by a structure where both parties are unknown to the other. Most organizations outsource the management of their hotlines because the advantages of internally operated hotlines are outweighed by the disadvantages. Hotline vendors have the training and experience to handle confidential complaints. Moreover, speaking with an independent outside party is generally reassuring to the complainant.
Tips for compliance officers to consider when evaluating hotline vendors:
- Service Provided by Vendors – Vendors should provide two levels of service. Callers should have the option to speak with a live operator or use a web-based reporting system that prompts individual complainants. Over the last decade, there has been a trend towards web reporting. In the health care sector, web-based reporting nearly equals operator answered calls.
- Hotline Operations Experience – Vendors should provide a statement of their experience. Experienced firms can avoid startup firm problems and mistakes that can ultimately affect the organization.
- Industry Expertise – Health care sector organizations should consider a vendor’s level of health care related expertise. Duly qualified vendors will have a strong understanding of the health care legal and regulatory issues facing them. The vendor staff must be able to recognize and ask questions about such issues and high risk areas identified by the HHS OIG, including those related to the Stark Laws and the Anti-Kickback Statute.
- Avoid Restrictive Contracts – Organizations should avoid contracts that make it difficult to cancel the vendor’s hotline services. The contracts should permit cancellations without cause with a 30 day written notice.
- Report Timeliness – The vendor should provide clear and comprehensive reports on a timely basis. The reports should be received on the same day of the complainant’s call, or immediately if the matter is urgent. Any compliance hotline vendor contract should include this requirement in the contract.
- Anonymity Issue – The hotline must provide an option for caller anonymity. The United States Sentencing Commission, DOJ, and the OIG guidelines call for anonymity of reporting and in the healthcare sector, nearly two thirds of all hotline reporters request anonymity. The hotline vendor should also provide a means of communication between the Compliance Officer and an anonymous reporter. Compliance officers may require additional information about the complaint.
- Method of Report Delivery – The report delivery manner is important. Avoid vendors that provide reports by facsimile or email, as they are not secure. Further, where PHI may be involved, there could be a complicating HIPAA privacy factor. Web-based reporting is the most secure method with notification of a report being provided via email.
- Cost of Service – Vendors should be able to provide their services at a set fee which organizations should compare. Generally, a hotline service should not cost more than one dollar per employee per year. Additionally, organizations should periodically compare their current vendor’s costs against others.
- Included Ancillary Services – Organizations should look for any inclusive vendor services, such as provision of operating protocols for following up on allegations and complaints received through the hotline, as well as other related policies. More reputable firms also provide newsletters or report updates to keep clients abreast of issues relating to their hotline function.
- Personalized Service – If possible, organizations should seek an identified and knowledgeable accounts manager who will be responsible for any and all issues that arise under the contract.
- Insurance – The vendor should have at least one to three million dollars of liability coverage.