On April 20, 2015, the Office of Inspector General ("OIG"), in collaboration with the American Health Lawyers Association, the Association of Healthcare Internal Auditors and the Health Care Compliance Association, released Practical Guidance for Health Care Governing Boards on Compliance Oversight (the "Board Guidance"). The Board Guidance offers practical tips for governing boards of health care organizations ("Board(s)") as they carry out their compliance program oversight obligations. Specifically, the Board Guidance addresses: 1) expectations for Board oversight of compliance program functions; 2) roles and relationships between the organization's audit, compliance and legal functions; 3) mechanisms and processes for issue reporting within an organization; 4) approaches for identifying regulatory risk areas; and 5) methods of encouraging accountability for achieving compliance goals and objectives throughout the organization. A copy of the Board Guidance is available here.
First, the Board Guidance stresses that a Board must act in good faith in the exercise of the Board's oversight responsibility for the organization. From a compliance perspective, this includes making inquiries to ensure that: (1) a corporate information and reporting system exists; and (2) the reporting system is structured to ensure that compliance information and issues will be brought to the Board in a timely manner. The Board Guidance recommends that Boards consider public compliance resources, such as the Federal Sentencing Guidelines and OIG's voluntary compliance program guidance documents, when assessing the adequacy of their organizations' compliance systems and functions. Further, the Board Guidance suggests that Boards should develop strategies for keeping up to date on current regulatory issues and expanding their level of substantive knowledge with respect to regulatory and compliance matters. The Board Guidance notes that this can be done by adding members to the Board or consulting with professionals, such as experienced regulatory and compliance counsel, who are knowledgeable and can act as a resource with respect to such matters. Engaging with these professionals sends a strong message about the organization's commitment to compliance and plays a key role in helping the Board fulfill its compliance oversight functions.
Next, the Board Guidance provides suggestions for organizations regarding the roles and responsibilities of the organization's audit, compliance and legal functions while recognizing the need for cooperation and collaboration among the different functions. Operationalizing these suggestions will be highly dependent on current organizational structures, processes and resources. In situations where there is overlap between the functions, the Board Guidance further identifies strategies for addressing the challenges associated with serving in dual roles such as allowing individuals to execute each function independently and providing independent reporting opportunities with the Board and executive management.
In order to ensure that the Board maintains effective oversight of compliance functions, the Board Guidance also suggests that Board members should also expect to receive regular and timely updates on risk mitigation and compliance efforts throughout the organization. The Board should expect these reports to include, but not be limited to, information on the status of current internal and external investigations, serious issues identified during audits, compliance hotline call activity and significant regulatory changes and enforcement events that may impact the organization's business. Further, reports should be in a format sufficient to convey the information to Board members with the necessary level of detail. Ultimately, the goal is to assure the Board that there are mechanisms in place to ensure that suspected violations are timely reported, evaluated and appropriately remedied.
The Board Guidance further stresses the importance of having strong processes in place to identify and audit potential risk areas. As noted in the Board Guidance, Boards and management should work collaboratively to identify risk areas, taking into consideration internal and external information sources such as internal audits, compliance hotline calls, recent enforcement trends, professional organization publications, new media and other information provided by consultants or others with substantive knowledge of regulatory and compliance matters. Boards should also ensure that once risk areas or potential regulatory or compliance problems are identified, that management appropriately develops, implements and monitors corrective action plans, including reporting and refunding any identified overpayments as required and within the time frames specified under applicable law.
Finally, the Board Guidance recognizes that compliance is an organization-wide responsibility. To enforce this concept, the Board Guidance recognizes that Boards may assess employee performance in promoting and adhering to compliance and then use such assessments when implementing compensation incentives (or penalties) based on successful attainment of (or failure to meet) identified compliance goals. This is suggested as an effective way of communicating to those in the organization that everyone is responsible for compliance. The Board Guidance also recognizes that Boards have multiple incentives to encourage self-identification of potential compliance violations and voluntary disclosure of potential violations. Importantly, these incentives may include, but may not be limited to, faster case resolution, lower payments/penalties and imposition of fewer compliance obligations such as corporate integrity agreements or other compliance monitoring. In this regard, Boards should ask management about their policies for identifying and correcting potential compliance issues to ensure that the organization maintains a proactive approach to compliant practices. Boards are also encouraged to consider whether individuals are comfortable raising compliance concerns or questions without fear of retaliation or retribution.
Health care organization Board members must take their roles seriously when it comes to compliance program oversight. Board members should take advantage of the practical tips offered in the Board Guidance and consider external resources that may be available to help them better understand regulatory and compliance matters as necessary to succeed in their oversight roles. This is a key way that the Board fulfills its responsibility of making sure that the organization has an effective compliance program in place and is otherwise complying with applicable laws and regulations and timely identifying and resolving compliance issues.