In late April, the Office of Inspector General, U.S. Department of Health and Human Services (“OIG HHS”) issued Practical Guidance for Health Care Governing Boards on Compliance Oversight (“Compliance Guidance”)1. The Compliance Guidance assists health care organization boards (“Boards”) with compliance plan oversight obligations. Highlighted below are a few of the Compliance Guidance’s numerous practical tips for proactive compliance oversight and review of health care organizations.
As a starting point for compliance assessment, the Compliance Guidance recommends the following publically available compliance resources:
- The Federal Sentencing Guidelines2
- OIG voluntary compliance program guidance documents3; and
- OIG Corporate Integrity Agreements (“CIAs”)4
With a nod towards the “ever-changing regulatory landscape and operating environment,” the Compliance Guidance promotes the development of formal plans, including periodic updates from informed staff, to stay current with the changes in regulations and operating environments that impact the organization and its Compliance Program. The following four areas are emphasized in the Compliance Guidance:
Roles and Relationships. First, the Compliance Guidance recommends that an organization “define the interrelationship of the audit, compliance, and legal functions in charters or other organizational documents.” It notes the Office of Inspector General (“OIG”) recommends the separation of the compliance officer’s function from that of counsel to the organization or subordinate to the legal department. Although these functions should be independent and separated, the Compliance Guidance encourages collaboration between an organization’s counsel and compliance officer. In addition, the Compliance Guidance indicates both large and small organizations must demonstrate the same degree of commitment to ethical conduct and compliance, however, a compliance program design is not “one-size fits all.” Meaningful effort by Boards to review the scope and adequacy of existing compliance systems and functions considering the size and complexity of their organizations is required.
Reporting to the Board. The Compliance Guidance points out the Board’s need for compliance-related information including risk mitigation. Recommendations include the Board’s establishment of clear compliance expectations, performance, regular reporting and accountability for the management team. Executive Board sessions, excluding senior management, with the compliance, legal, internal audit, and quality functions departments may result in more open compliance issue communication.
Identifying and Auditing Potential Risk Areas. Certain areas of health care susceptible to fraud and other violations are identified as common to all health care providers. The Compliance Guidance encourages Boards to identify additional regulatory risks from internal sources, such as compliance hotlines and external sources, including OIG-issued guidance, professional organization publications, or reports of compliance failures in similar organizations. The Compliance Guidance also suggests that recent industry trends such as payment policies that align payment with quality care should be considered in designing risk assessment plans. Not only should risks be identified and audited, but corrective action plans should also be implemented.
Encouraging Accountability and Compliance. The OIG is “increasingly requiring certifications of compliance from managers outside the compliance department”—a development that signals the importance the government places on enterprise-wide responsibility for compliance. The Compliance Guidance encourages inquiries by the Board regarding compliance issues such as Medicare or Medicaid overpayments. Importantly, the Compliance Guidance recommends the Board “should request and receive sufficient information to evaluate the appropriateness of management’s responses to identified violations of the organization’s policies or Federal or State laws.”
At its core, the Compliance Guidance’s message is that Boards must be active participants in the organization’s health care compliance program. A health care organization would be well-served by incorporating the practical Compliance Guidance into its compliance programs.
Practical Guidance for Health Care Governing Boards on Compliance Oversight