The ABCs of an effective investigative process: Part 2

By Ahmed Salim, JD, CHC, CHPC, CHFP, David M. Rapasadi, and Palak Desai

Ahmed Salim (ahmed.salim@irhythmtech.com) is Director of Ethics and Compliance with iRhythm Technologies in Lincolnshire, IL. David M. Rapasadi (drapasadi@medline.com) is Senior Compliance Specialist at Medline Industries Inc. in Northfield, IL. Palak Desai (pdesai14@mail.depaul.edu) is a student at DePaul University College of Law in Chicago, IL.

As we mentioned in the first of this two-part article, a well-defined investigative process is integral to an effective compliance program. We broke the process into two parts to get a better understanding of developing an investigation:

  1. Receiving/triaging a concern and conducting the investigation, and

  2. Benchmarking and reporting.

In the first part, we discussed the importance of having a well-defined investigative process to allow individuals inside and outside the organization to bring good-faith concerns forward. In addition, we examined the importance of documenting and including the process within an internal policy while also providing education to all interested stakeholders. This education would include highlighting the current policies while inviting all identified compliance concerns prior to commencing the investigation.

We also discussed the process of conducting a thorough investigation and provided the following checklist to facilitate an effective investigation:

  1. Document all necessary/required information and attach any applicable documents within a central repository (e.g., an occurrence reporting system or Microsoft Excel).

  2. Alert all individual stakeholders related to the concern, including human resources, leadership (if necessary), and any other individuals with interest in the investigation.

  3. Prepare and conduct the investigation.

  4. Review all collective information and determine the next plan of action.

Aside from having policies and procedures in place to guide the investigative process, it is important to ensure the appropriate resources and time are dedicated to an individual reported concern.

Capturing applicable and accurate data

With a well-defined investigative process in place, including all issues having been reported and investigated, the next step is to capture data and report out metrics to all necessary stakeholders.[1] Data can be a strong source of information for any program within any industry. Specifically, data provide individuals with the ability to tell a story based on facts that can help drive change within an organization. Data within compliance are no different. As we dig deeper into the importance of data and communicating information to stakeholders, it is imperative that your program ensure all data captured are accurate and pertinent to your program. It is important to understand the significance of not only benchmarking and reporting data, but also capturing the necessary data to report.

As we discussed in part one of this article, it is important to have a policy in place to help outline the organization’s triage process when receiving a compliance concern. A robust triage process will help ensure that the organization is accurately capturing the necessary information to conduct a thorough investigation as well as capturing the necessary data points for tracking purposes.

In order to successfully benchmark data, there must be a set of consistent data points collected. For example, it is important to identify where a concern occurred, not only to investigate but to be able to track and trend the information. This would help to determine if areas with higher numbers of concern need additional information. The ability to track and trend will help use and focus limited resources on areas that need additional education/training. It is important that the necessary data points to benchmark, track, and trend a compliance program are in place and serve as a required field during the intake process.

As stated above, the lack of good data can hurt your program just as much as good data can benefit your program. It is important to ensure all data points within your program are accurate and necessary to report out. As you pull data from sources within your organization, ensure their accuracy and, most importantly, ensure whoever is pulling the data does so in an organized and careful manner. Pulling data can be an exhaustive process that can lead to a number of errors, including issues with data manipulation. It is important that the owner of the data extraction process is properly trained and can identify issues within the data if they occur.

Below is an example of key data points to help track and trend compliance issues within an organization:

  • Location of the issue

  • Date reported

  • Date investigation closed

  • Reported source (mail, call, in person, etc.)

  • Type of issue

  • Outcome/closure

There are several other data points that may be essential to telling an organization’s story through data, and it is important these points are flagged and completed during the intake process.

Tracking and trending

Once you have been able to collect enough data to conduct a tracking and trending analysis, it is important to communicate the story the data are trying to portray. It is important to determine who the audience will be and determine the best way to communicate the story using the data. Typically, compliance will report this information out to a compliance committee, board of directors, or senior leadership. Once it is determined whom the information will be reported to, the next step is to decide how best to report it. Regardless of the audience, it is important to use reports that will easily convey your message.

Typically, an effective tool to relay information related to tracking and trending data would be to enter the information into a dashboard. The information can be laid out over several graphs and metrics and be compared by quarter to see the comparison through time. Organizations should use graphs that provide the best visual representation of the applicable metrics to tell the story. For example, a pie chart or bar graph can easily illustrate data related to the location of an issue, compared to the same type of graphs used at the close of an investigation. Determining the best and most visually simplistic way to lay out the information will lead to the audience clearly understanding the information.

There is also the issue of the frequency of tracking and trending. Typically, we have seen a number of organizations track and trend data on a quarterly basis, but this may not work for every organization. A good rule of thumb is to report out new data when it comes time to report out to an organization’s compliance committee. If the compliance committee is meeting quarterly, it is imperative to update all information and provide updated reports quarterly. If meetings are held monthly, then reports should be updated at the same time. It is also important to be able to provide effective data to illustrate the hard work the compliance department is contributing to the program.

Benchmarking

Another useful tool is benchmarking. A robust program can use its data and benchmark using prior data to see how the program has or has not evolved. This would only occur if the program had the ability to capture data over a course of time. If it is difficult for an organization to benchmark against its own program due to minimal data, several vendor resources provide benchmarking data on issues. Some of these services are paid or are complimentary as part of service agreement with the vendor. It is best for a company to reach out to a vendor if it is using an occurrence reporting system to determine whether they currently run a benchmarking report. Though the benchmarking will not be against data within a corporation’s own program, it is still a good way to measure the success of a corporation compared to other programs within the industry. If planning to use an outside benchmark report, it is critical to compare outside compliance programs to organizations and departments that are similar in size and resources. A single hospital system would not benefit by looking at how many compliance issues are reported in a thirty-hospital system. One way would be to take the average number of concerns, but there still is a difference in resources between the two compliance programs, which will lead to skewed data to benchmark against.

Reporting

Finally, once it has been decided who is going to tell the story and the way it is going to be communicated, it is important to understand the story the data are conveying. Oftentimes reports built on data do not capture the actual information being told within the data, when the focus of the report is not on the true underlying issue, but on irrelevant issues. It is important to allow time to build a report and highlight issues that have been identified to build and grow a program. Next, this information needs to be communicated to leadership.

Investigations are an imperative part of any successful and effective compliance program.[2] For a compliance program to thrive, it is important to establish a well-defined process. Once the process is put into place, information is documented within a well-publicized policies and procedures document. It is also important that each investigation be given the necessary time and resources to illustrate the compliance department’s commitment to reported concerns and investigations. Finally, using information received from investigations to help tell the story of the compliance program is vital for any program.

Takeaways

  • Capture applicable and accurate data for benchmarking your program.

  • Define appropriate metrics and when to use tracking and trending investigation concerns.

  • Benchmarking investigations data can improve your compliance program.

  • Work with stakeholders to address weaknesses and gaps within your program identified using data.

  • Communicate investigation types and occurrences to help drive focus of limited resources.

 
1 Gail Gibson, “Compliance investigations, step by step,” CEP Magazine, May 2019, https://bit.ly/3m3U7zR.
2 Meric Craig Bloch, “Guide to Conducting Workplace Investigations,” 2008, https://bit.ly/35BvA09.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings