Sized for Success—A Small, Rural Critical Access Hospital Is Big on Compliance
Published August 31, 2022

Sized for Success — A Small, Rural Critical Access Hospital Is Big on Compliance

It is not the size of an organization that determines the success of its compliance program—it is the effort, leadership support, and compliance accountability that drive its success. Healthcare organizations should focus on creating a program that can adapt to their unique needs, while simultaneously focusing on promoting a culture of compliance that permeates the entire organization. While there is no “one size fits all” standard, employing the Seven Elements of an Effective Compliance Program[1] lays a solid foundation on which to build that culture and help proactively identify potential vulnerabilities.

Proof that size, in and of itself, does not limit an organization’s ability to implement a successful compliance program can be found at a small critical access hospital (CAH) in a rural community in the western U.S. PYA recently performed a compliance program assessment (Assessment) for this facility, which provides inpatient, home health, and hospice services, and also owns a provider-based clinic.

With a rural setting and limited resources, one might “assume” a small CAH would not have a mature compliance program. On the contrary. PYA began its Assessment of the CAH’s program by evaluating its governance and management support, or “Tone at the Top.” The Tone at the Top is a program’s foundation, beginning with the board’s oversight responsibility,[2] followed by the CEO’s commendation of the program, support by a senior leadership team, and a Compliance Officer who facilitates organization-wide accountability for compliance issues. 

PYA has observed compliance officers in larger organizations struggle with being a member of senior leadership, having unfettered access to the board, and/or participating in strategic planning. What we found at this facility during our Assessment interviews was clear evidence of trust, transparency, and collaboration between leadership, organizational departments, and the compliance department. In addition, various leaders spoke positively of the compliance team’s accessibility and willingness to collaborate with organizational departments and leadership.

At this CAH, the Chief Quality & Compliance Officer (CQCO) reports to the CEO and the board, and is a long-standing member of the Executive Leadership Team, an active participant at the senior leadership level, and has secured the ability to stay abreast of endeavors and guard against reactive responses to compliance issues. (Taking a proactive stance is encouraged by the Office of the Inspector General, though some organizations have resisted this approach). On top of these other duties, the CQCO also attends monthly board meetings and is involved in strategic initiatives.

At a CAH, it is expected the compliance officer will “wear many hats”—perform additional job responsibilities outside of compliance management. While some may view additional obligations as an impediment, they can also be of benefit, such as increasing visibility in different organizational capacities. Having better knowledge of operations can facilitate collaboration among departments and break down “silos.” Increased interaction with departmental leadership and staff can afford teachable compliance moments. Efficiencies develop from the need to manage with limited time. With a small CAH’s limited resources, a compliance officer must heavily rely on the local experts in their respective disciplines.

The CAH we assessed demonstrates how, through necessity, wearing many hats has benefitted the compliance officer and the organization. In other words, the organization has managed to “right size” or customize compliance to fit its organizational needs and promote a culture of compliance. We consistently heard one over-arching message from leadership, department, and staff interviews: compliance is everyone’s responsibility. Raising concerns or potential compliance issues is viewed as a shared responsibility with no fear of blame or retaliation.

Program success includes the ability to leverage other members of the organization for compliance responsibilities. In this case, the program is strengthened by including expertise from areas such as Revenue Cycle, Health Information Management (HIM), Information Technology (IT), and Human Resources (HR). According to the CQCO, “We don’t have the luxury of having a ‘compliance department’ with an auditing team, education staff, legal staff, etc. We have to function practically and use the working managers of our hospital departments to accomplish these tasks. At the same time, we need to recognize when we are beyond our capabilities and seek outside assistance.”

One best practice we noted during our Assessment was the CAH’s denial management program. Denials are reviewed monthly, and a report is given to department managers so they can investigate the cause of each denial, correct the cause, and change the process to avoid future denials. Findings of the monthly reviews are summarized and shared with the Compliance Committee and in an annual report to the board. This was just one example of practicing “Monitoring and Auditing”—one of the Seven Elements of an Effective Compliance Program. The CAH effectively executed a decentralized review with a centralized reporting process. Using this integrated process, it not only was able to educate staff on correct billing and coding practices that were meaningful to its operation, but also experienced a 75% reduction in lost revenue, proving that doing the right thing doesn’t always mean you have to lose something.

The CAH’s “right-sized” compliance program has resulted in trusted and effective communication and an ability to implement change quickly in response to detected issues or potential concerns. For example, PYA provided a draft report of recommendations to further enhance the organization’s program, and in between its review of the draft report and PYA’s issuance of the final report, the facility had already implemented several recommendations in less than a month!

Even with all these accomplishments and level of compliance maturity, the CAH recognized the need to continue seeking knowledge and input from an independent third party to continue to augment its program and provide reassurance and validation of current program strengths. During Assessment report discussions the CQCO stated, “I didn’t know what I didn’t know.” Armed with our Assessment recommendations, the CAH has new clarity for augmenting the compliance program and direction to move forward, noting: “Scary places are not so scary when guided by someone with a good flashlight.”

This rural CAH proves though it may be small, it is mighty, with a mature compliance program that “fits” its unique needs and is supported by not only leadership, but also the workforce. Compliance is top of mind and is an important part of day-to-day responsibilities.  Size definitely does not hinder this program’s success!

If you would like additional guidance related to compliance program assessments or augmenting your organization’s compliance program, or with any matter related to compliance, valuation, or strategy and transaction services, one of our executive contacts would be happy to assist. You may email them below, or call (800) 270-9629.


[2]  OIG, Association of Healthcare Internal Auditors, American Health Lawyers Association, et al. (OIG, et al.). Practical Guidance for Health Care Governing Boards on Compliance Oversight. April 20, 2015. Retrieved from [hereinafter, Practical Guidance]. 


Executive Contacts

Interested in Learning More?

Sign Up for Our Latest Thought Leadership!

    Select Your Subscriptions