With increased frequency, organizations are exploring the notion of outsourcing their compliance programs and trying to determine if, when, and under what circumstances this would make sense. Before making this analysis, it is worth noting that the DHHS OIG has recognized that this may be an acceptable alternative to an in-house compliance officer. They noted in various compliance guidance documents that it may make sense to have one individual could serve as compliance officer for more than one entity; and in situations where staffing limitations mandate that the entity cannot afford to designate a person(s) to oversee compliance activities, the practice could outsource all or part of the functions of a compliance officer to a third party, such as a consultant. However, if this role is outsourced, it is beneficial for the compliance officer to have sufficient interaction to be able to effectively understand the inner workings of the practice.
So, it is permissible from the government’s viewpoint to consider outsourcing a compliance program. The next question is when it makes sense to do it. The OIG noted that it may be reasonable to consider this where the entity is relatively small and having an employee designated to do the work may not make good sense. Examples of this are smaller physician practices, DME suppliers, stand along SNFs, etc. In these cases the cost of having a full blown internally operated compliance program is not financially sound and is complicated by the close proximity of the person charged with compliance to other employees in a confined work environment. Under these circumstances, they may be better off hiring an established expert with support resources to develop, operate and support the program properly. For larger entities and organizations, such as large hospital systems, outsourcing compliance should not be considered a realistic option.
The next question for smaller entities is a cost benefit analysis. What would it cost to have someone designated internally to operate the compliance program effectively? Could a part time compliance officer be sufficiently qualified and have time to do all that needs to be done? Would the individual designated internally as the compliance officer have sufficient time and expertise to ensure the compliance program is effective? What would it cost in salary and overhead to have someone designated internally versus outsourcing the function? The entity would be far ahead of the game if cost of outsourcing should be less than if operated internally. It would ensure a professionally operated program.
