Compliance board reporting: Relationships and trends worth tracking

Compliance departments most often report to the board of directors or CEO, a survey by the Health Care Compliance Association and the Society of Corporate Compliance and Ethics found.

Meanwhile, an article by payer consultant Kirk J. Nahra lists privacy and security issues worth noting for both compliance directors and their CEO or board in 2014.

The online survey polled 626 compliance professionals late last year. Despite high-profile settlements requiring a direct reporting relationship between compliance and the board, compliance departments report to the CEO in 62 percent of surveyed healthcare organizations, HCCA found.

More than half the respondents said their written compliance reports to the board are never pre-screened or edited by other departments before submission. And more than three-quarters believed that the chief compliance officer must bring serious non-compliance allegations or investigations to the board's attention.

But what other information merits board oversight? Nahra, a partner in the Washington, DC-based law firm Wiley Rein, advises payers to keep an eye on  business implications of national news. For example, new privacy and security regulations may be affected by Edward Snowden's high-profile national security leaks.

And while Congress hasn't passed cybersecurity legislation, the Obama administration may issue an executive order on the development of a cybersecurity framework, Nahra said. Payers may then need to determine how new requirements mesh with their data security structures.

Nahra counsels clients to brace themselves for more enforcement as a result of "ongoing security breaches, increased nervousness about privacy practices and the expansion (and confusion) surrounding the 'big data' concept." He recommends developing procedures to manage use of healthcare data on mobile devices and decrease the likelihood of employee misuse of protected health information.

Overall, the trend to note is "more laws and regulations coming from more places, covering a wider range of activities and data, and imposing an increasingly broad set of compliance obligations," Nahra wrote.

For more:
- see the HCCA, SCCE survey report
- read Nahra's article