The Inspector General of the Department of Health and Human Services (HHS OIG), the American Health Lawyers Association, the Association of Healthcare Internal Auditors and the Health Care Compliance Association have released a joint educational resource to assist governing boards of health care organizations in carrying out their compliance plan oversight obligations.

This new resource touches on many elements found in the HHS OIG’s voluntary compliance program guidance documents for several sectors of the healthcare industry. The HHS OIG suggests that a good first step for a board is to ensure that the organization’s senior management is aware of the U.S. Sentencing Guidelines, the HHS OIG’s compliance program guidance documents, and relevant corporate integrity agreements. The principles in the Sentencing Guidelines are the basis of the HHS OIG compliance program guidance documents.

The HHS OIG continues to recognize that there is no “one size fits all” compliance program for healthcare providers, acknowledging that the design of a compliance program will depend on the size and resources of the organization. It also advises boards to stay abreast of the ever-changing regulatory landscape and operating environment, suggesting that one way to do so is to require updates from staff involved in the organization’s compliance program.

The HHS OIG calls upon organizations to define the interrelationship of the audit, compliance, and legal functions in charters or other organizational documents. As healthcare providers review their compliance programs, they should note the HHS OIG reiterated that an organization’s Compliance Officer should “neither be counsel for the provider, nor be subordinate in function or position to counsel or the legal department, in any manner.” The HHS OIG also suggests that boards should receive regular reports regarding the organization’s risk mitigation and compliance efforts — separately and independently — from key players, including those responsible for audit, compliance, human resources, legal, quality, and information technology.

Finally, the HHS OIG states that “compliance is an enterprise-wide responsibility” and suggests that boards may assess employee performance in promoting and adhering to compliance and use these assessments either to withhold incentives or to provide bonuses based on compliance and quality outcomes. Recent enforcement activity by the Health Care Fraud Prevention and Enforcement Action Team (“HEAT”), an interagency task force coordinating efforts between HHS and the Justice Department, further highlights the importance of promoting a culture of compliance throughout any healthcare organization.

In addition to reviewing their current compliance programs, healthcare employers should consider enhancing compliance training programs for employees at all levels of the organization.