Effective communication in compliance programs involves communications going in two directions:
- Information flowing from management and the compliance officer and committee to employees about the compliance program and their obligations to participate in the program and comply with applicable laws and company policies. This is the education and training function described in the preceding section; and
- Information flowing from employees and contractors back to the compliance officer and management. This involves creating systems for employees to ask questions about the compliance program and to report suspected violations of applicable law or company compliance policies to supervisors, other members of company management and/or the compliance officer.
Employees and contractors must be able to ask questions about the compliance program (including applicable laws and company policies) and report problems, including suspected violations of the compliance program. The OIG’s compliance guidance contains the following recommendations about developing effective lines of communication:
- Normally, employees should ask questions of or report suspected violations to their immediate supervisor;
- Facilities should develop policies on confidentiality and non-retaliation for reporting to supervisors;
- Employees should also be able to access the compliance officer in order to report problems and ask questions about the facility’s policies, and responses to questions about the facility’s policies should be documented and, when appropriate, shared with staff;
- Facilities should consider establishing hotlines for use by employees, residents, and family members to keep the lines of communication open. The hotline number should be widely-publicized and made available to all employees and contractors. The hotline may be maintained and operated in-house by the provider or outsourced to a professional company. A log of calls to the hotline should be maintained;
- Facilities should also consider using e-mails, newsletters, and suggestion boxes to encourage communication by employees and contractors about compliance questions or reports of suspected compliance violations;
- Facilities must post the names, addresses, and telephone numbers of State client advocacy groups – licensure office, ombudsman program, Medicaid Fraud Control Unit, and so forth;
- Employees should be permitted to report anonymously under the condition and understanding that it may be necessary at some point for the employee’s identity to be revealed; and
- If a report is made that indicates a potential substantial violation of internal compliance policies or federal or State regulations, the report should be documented and investigated. The compliance officer should also maintain a log of these reports and the response to each.
Note: Throughout this guidance, it is suggested that employees contact their immediate supervisor first regarding possible compliance violations. Employees should be directed to the compliance officer only when the employee’s direct supervisor cannot or will not address the employee’s concerns. Supervisors should be directed to transmit all employee reports of suspect activity, or questions the supervisor cannot answer, to the compliance officer. If the employee’s supervisor is the subject of a question, concern, or report, the employee should be instructed to report the matter to another individual selected by the provider or to the compliance officer.