Celebrating 10 years! 2007-2017

Healthcare Compliance

Anyone on here work in healthcare compliance? Specifically f mrtor03/08/17
I am in a combined in-house/compliance role in this sector. onehell03/08/17
Oh and as to your other questions. Salaries in my experience onehell03/08/17
Hey onehell, do you have a throwaway email? I actually want 3lol03/08/17
Thanks for all of the insight! Do you recommend get a compli mrtor03/10/17
The main certification specific to healthcare compliance is onehell03/10/17
Any way to spin relevant private firm work to make one eligi 3lol03/12/17
If the actual work you did for the firm is relevant, then ye onehell03/14/17
Onehell, they want someone who will serve as an in-house exp mrtor03/17/17
On paper it's one of the good ones. But it's really more of onehell03/20/17
I made it past the earliest pre-screen. We will have to see mrtor04/03/17
Onehell, how is the pay in the industry? The general "compli mrtor04/03/17
The problem is that "compliance officer" is a pretty broad t onehell04/04/17
How is the long term income potential? It doesn't seem like mrtor04/05/17
Well if you make it to chief compliance officer, you're on t onehell04/05/17
mrtor (Mar 8, 2017 - 10:34 am)

Anyone on here work in healthcare compliance? Specifically for medical and hospital groups. I am curious about the daily work (duties, hours, work/life, etc.), pay (starting, raises, etc.), promotional prospects, and the future of the profession. If it helps, I am in a secondary Midwest market and the positions I have seen are with a large hospital group.

Reply Like (0)
onehell (Mar 8, 2017 - 12:26 pm)

I am in a combined in-house/compliance role in this sector. I also have a certification in healthcare compliance in addition to the JD.

The job varies a lot. I'd say there are three basic versions of a healthcare compliance job that is a real compliance job, and a fourth variation that should be avoided:

1. Internal Audit: These types of compliance officers basically look at spreadsheets and bell curves of Medicare claiming activity. Stuff that falls outside the bell curve gets flagged and you look at the charts to make sure everything is coded correctly. Medicare coding and billing, and perhaps a finance or nursing background is more helpful than a JD for this kind of compliance.

2. Another kind of compliance officer is more focused on training. They put on various "if you see something, say something" type of trainings. They try to make it fun. They make games and stuff during the trainings, pass out schwag during "compliance week" and so forth. I've literally seen them license cartoon characters for this purpose. (see e.g. https://captainintegrity.com/branding.php ). Fundamentally, this job is to make people feel OK about reporting issues they see so they can be handled internally. A bad company culture full of disgruntled employees is a big predictor of a qui tam suit, so you're the friendly face of the compliance program that is designed to make people actually believe that won't get retaliated against for complaining, and that they'll be happier resolving compliance issues internally than going to qui tam lawyers who essentially pursue actions as private attorney generals, with their clients recouping payments that essentially amount to bounty hunting. This type of compliance tends to fit the more extroverted types. It also can end up feeling like being a glorified secretary and when things are slow, you may even find yourself being given quasi-secretarial tasks.

3. A third kind of compliance officer, and the kind that is most fulfilling for a JD, is focused on fraud, waste and abuse, and who also oftentimes serves as the Privacy Officer for HIPAA compliance and stuff like that. They look for referral arrangements that could implicate the kickback statute (e.g. medical director arrangements) and stuff like that. They also make sure there are no shenanigans in the credentialing/privileging and peer review processes. This can require a pretty sophisticated level of legal knowledge because the various safe harbors for Stark and anti-kickback get pretty complex and hard to apply. It would also work closely with MIS departments for HITECH issues and the numerous legal issues related to electronic medical records. This is the kind of compliance role that also often gets combined with counsel, or at least works very closely with counsel, although the compliance profession (and regulators too) can be suspicious of this sort of thing, because issues of privilege tend to arise whereas compliance is generally much more open with regulators (even to the point of making self-disclosures).

4. Lastly, there's the worst kind of compliance job. The kind that only exists because it is required to exist, for example because the organization is under a Corporate Integrity Agreement as part of a regulatory sanction, or is otherwise on the radar of the regulators. These types of compliance people tend to get walled off from what the executives are up to precisely because the hospital business depends so heavily on referrals from physicians and wants so badly to skirt the legal line and find a way to compensate docs who refer a lot of stuff there. A compliance officer like this finds himself twiddling his thumbs a lot or getting blamed for stuff he didn't even know was going on. They are resented and not seen as part of the team, but almost like an internal cop who must be kept in the dark. An organization that does not have a "culture of compliance" will be like this and should be avoided. Compliance people tend to call this a "check the box" compliance program, i.e., one that only exists because it is required to exist and that no one really cares about.

Whatever compliance job you look at, make sure you know the 7 effective elements of a compliance plan and other basic knowledge. I would recommend reading this book:


Reply Like (0)
onehell (Mar 8, 2017 - 1:32 pm)

Oh and as to your other questions. Salaries in my experience are in the 75-150k range. Work-life balance is good (unless you're going through a RAC Audit or something), and promotional prospects are good. The Chief Compliance Officer is usually part of the C-suite and reports directly to the board or CEO, so if you report to that person, you're pretty high up.

As to the future of the profession, I'd say that depends on what the regulators do. Shifting to value-based purchasing changes the incentives away from the bounty-hunting RAC auditors and qui tam relators and indeed the whole "pay and chase" approach which has justified a lot of compliance jobs, and hospitals themselves are often money-losers for their owners, who have found more lucrative opportunities in things like managed care, outpatient surgery centers, free-standing ERs, etc. Also, Trump and Ryan mucking with Medicaid expansion and stuff can be a real revenue hit for hospitals if they start getting a lot of uninsured patients again.

But overall, it's relatively secure simply by virtue of the vital nature of the service provided. This is particularly true of rural and critical access hospitals, which in a lot of ways really cannot be allowed to fail. Overall, there are a lot of changes to keep up with but I don't really see healthcare regulation getting less complex.

That said, while the profession as a whole will exist, security in individual jobs can vary. There are hospitals that have too much competition in their geographic areas and I'd generally avoid them. Also, hospitals do get bought and sold a lot so expect disruptions from mergers and acquisitions (if job security is a concern, you actually don't want to rise too high).

Reply Like (0)
3lol (Mar 8, 2017 - 1:44 pm)

Hey onehell, do you have a throwaway email? I actually want to ask you a few questions about healthcare compliance if you don't mind entertaining them.

Reply Like (0)
mrtor (Mar 10, 2017 - 9:06 am)

Thanks for all of the insight! Do you recommend get a compliance certificate before applying to these types of jobs? Is there a particular certificate that is most common? Do you know the approximate time commitment and cost of obtaining a certificate? I am assuming the training can be completed online through an association or other governing body.

Reply Like (0)
onehell (Mar 10, 2017 - 6:19 pm)

The main certification specific to healthcare compliance is the CHC, offered by CCB which has a number of other compliance-related certs too:


As to getting it, the cost and time commitment isn't monstrous, but you do have to have a year's worth of experience that you can spin as compliance work, plus a bunch of CEUs, before you can apply. Then you take a test either on paper at a conference or at one of those electronic administration centers. It's a pretty long test, takes over half a day to do I think. A lot of people fail, but most of them aren't lawyers. I passed it by reading the book I linked to above and going to a couple of conferences hosted by the CCB's affiliate, the HCCA.

Reply Like (0)
3lol (Mar 12, 2017 - 7:31 pm)

Any way to spin relevant private firm work to make one eligible for the CHC?

Reply Like (0)
onehell (Mar 14, 2017 - 2:53 pm)

If the actual work you did for the firm is relevant, then yes. It's basically a matter of reading the rules and making your case, e.g. having your supervisor sign a letter that sets forth how your work at the firm was related to healthcare compliance.

In my case, my initial role in healthcare was that I was brought in-house to handle administrative hearings (basically disputes between payers and providers about whether a certain service was covered, whether the appropriate rate was paid, etc.) Like this:


In my case, I had no trouble spinning this work experience as compliance, because obviously it involves applying the rules of a federal program to the facts of individual cases. Private firms were occasionally retained to handle the same work, so I'm sure the result would have been no different if I had worked for a firm rather than in-house. I took the appropriate CEU classes beforehand by going to a couple of Healthcare Compliance Association (HCCA) conferences and tracking the sessions I attended. Then, with evidence of my CEUs and payment of the appropriate fee, I filed the form to register for the exam. I enclosed a letter from my supervisor (which I had ghost-drafted) explaining my job and how it related to compliance, and they approved it.

BTW: Even if you don't have compliance experience specific to healthcare, you may also be able to qualify the experience for one of the more general compliance certifications like the CCEP. If you gave advice to clients in some kind of regulated business on what the law is and how to comply with it, it can probably be spun.

Reply Like (0)
mrtor (Mar 17, 2017 - 10:32 am)

Onehell, they want someone who will serve as an in-house expert on federal and state regulatory compliance matters. Job duties include researching and analyzing statutes and regulations concerning various Medicare provisions, coverage determinations, fraud and abuse, and EMTALA. Does this sound like one of the more fulfilling compliance routes, or is it likely a dead end gig?

Also, can anyone compare compliance jobs with government gigs? Government jobs are tougher to come by in my smaller market, so I would have to hold out for an opening. Is compliance comparable, or will government always trump the former?

Reply Like (0)
onehell (Mar 20, 2017 - 3:18 pm)

On paper it's one of the good ones. But it's really more of a culture thing. Research the organization on PACER. See if they've had qui tam suits. Check their SEC filings (if applicable) or their 990 forms if they're a nonprofit. If for-profit, who owns them? Check parent companies, private equity, etc. Have they recently been acquired? Is there likely some M&A stuff in the pipeline? Listen to earnings calls. Who is on their executive team? How long have they been there and what kinds of trouble (if any) did they get into in prior posts? Typical due diligence stuff.

Google them to see what employees say on Glass Door. Are they losing money? That can create a lot of pressure to skirt the rules. Ask them if they are currently under, or have ever been under, a corporate integrity agreement and if so, for what. Ask them about their relationships with government payers, commercial insurers and managed care companies. Some amount of push-and-pull is expected there, but if such people are seen as "the enemy" that's a red flag. How about patient satisfaction surveys? Do they do them? What were the results? How are their qualify metrics? HEDIS measures and such. What's their average length of stay, readmission, etc. Are they earning quality incentives from payers? How do they feel about value based payment structures? Are they on board, or are they defending fee-for-service (which rewards overuse) to the bitter end? How have they done in RAC audits?

But most important of all, it's really all about culture. An organization that is struggling with financial viability or with an epidemic of disgruntled employees (any of whom is a potential qui tam relator) is an organization at risk for being in the crosshairs of regulators. And an organization with such an antagonistic relationship with regulators may see a compliance officer as a position that just exists to shut them up.

I realize that figuring out organizational culture from the outside is a tough and often subjective endeavor. But if I had to point to any one single factor that predicts an organization that is committed to compliance as opposed to one that sees it as a necessary evil, it's culture. And bad culture is best reflected in things like turnover rates, employee and patient satisfaction, etc.

Reply Like (0)
mrtor (Apr 3, 2017 - 10:58 am)

I made it past the earliest pre-screen. We will have to see where it goes from here.

My research shows that the organization has been historically, and currently, financially stable, with excellent bond rating assessments. Patient and employee satisfaction are fairly high. They have demonstrated progressive expansion and attempted acquisitions (FTC competition issues). FWIW, it is a catholic non-profit so I think they are a little more conservative and also more dedicated to their cause.

They seem to be one of the regional powerhouses so I hope they're above board. An interview may reveal more about their culture.

Reply Like (0)
mrtor (Apr 3, 2017 - 11:25 am)

Onehell, how is the pay in the industry? The general "compliance officer" category appears to have a median of $65k. What have you seen/heard? Are there regular raises? What are your whereabouts for purposes of comparing market size and expectations?

Reply Like (0)
onehell (Apr 4, 2017 - 6:06 pm)

The problem is that "compliance officer" is a pretty broad title. It could imply anything from an executive position as chief compliance officer all the way down to some bachelors-level certified coder who reviews stacks of medical charts all day to make sure they were billed correctly. 65k sounds more like the latter than the former. For the "jd preferred" sort of health compliance gig I would expect to see a starting wage closer to 100.

Reply Like (0)
mrtor (Apr 5, 2017 - 10:31 am)

How is the long term income potential? It doesn't seem like there is a lot of room for growth beyond making the jump to chief compliance officer. Is there incentive for employers to pay experienced compliance officers more, or are they easily replaceable?

Reply Like (0)
onehell (Apr 5, 2017 - 12:56 pm)

Well if you make it to chief compliance officer, you're on the executive team and their payscale applies, so you could probably make it into the 200-250 range, plus there can be bonuses and such. You're right that CCO is probably as high as you can go, but so what? At that point, you report directly to the CEO and board so short of actually becoming CEO, there wouldn't be any higher to go in any department.

In large hospital systems, there's also the distinction between being chief compliance officer for a specific hospital within the system, vs. the CCO at the corporate level, because each hospital will have its own executive team and then the parent company over all the hospitals will have its own executive team. So you might start at a hospital, move up to its C-suite, and then move to corporate.

So I'd say there's as much upward mobility as there realistically can be. You won't make as much as the CEO, CFO, CMO or general counsel, but you can get pretty high up.

Reply Like (0)
Post a message in this thread