Since 2003, the Department of Health and Human Services’ Office of Inspector General (“OIG”), often partnering with other healthcare related organizations such as the American Health Lawyers’ Association and the Health Care Compliance Association, have authored a series of publications for healthcare organizations and their governing boards on the subject of corporate responsibility and corporate compliance.
An important theme throughout these publications is the board’s duty of due care. The board exercises its duty of due care in two different contexts. The first context is the organization’s board room where individual directors or trustees (hereinafter collectively referred to as “directors”) fulfill their “reasonable inquiry” obligations as an integral step of any decision-making process. The second context is the organization’s day-to-day operations where directors fulfill their “oversight” obligations through an effective, corporate leadership team that acts in accordance with applicable requirements, including but not limited to laws, regulations, ethical principles and industry and professional standards.
In the case of business relationships, there are multiple requirements. First, there are the laws and regulations concerned with fraud and abuse in addition to the business conduct of corporations and other charitable and non-profit organizations. There are also the many ethical codes and standards, published both by industry and professional groups, that offer important guiding principles for business interactions and arrangements that may be the result of a patent, a clinical trial, an ownership or investment interest or even a simple compensation arrangement involving consulting or other professional services.
As advanced by the OIG publications referenced previously, there are many safeguards that deliver on the governing board’s duty of due care. In the board room context, the directors’ regular reliance on dashboard and other, meaningful reports, in addition to face-to-face exchanges with the organization’s corporate team, and in particular, the corporate compliance officer, are essential.
In terms of the organization’s day-to-day operations, the directors should also expect infrastructure that delivers not only on the organization’s vision, mission and core values, but also on the organization’s promise to deliver quality services, lawful business relationships and truthful communications that comply with all applicable requirements. In the case of business relationships specifically, this infrastructure turns on numerous key components, including but not limited to the following:
- Organizational policies and procedures that apply not just to employees but to all “representatives” including but not limited to directors, officers, executives, medical staff, professional students, volunteers and other personnel subject to the organization’s direction and control;
- Governing board and medical staff bylaws, rules and regulations that address essential duties and obligations;
- An “effective” corporate compliance program (“Program”) infrastructure that integrates each of the seven elements espoused by applicable requirements, OIG compliance guidance, and even the Federal Sentencing Guidelines;
- As part of this Program, particularly as it relates to business relationships,
- An integrated code of conduct and business ethics that expects compliance not only with laws and regulations, but also those ethical principles and standards arising from related professional and industry groups;
- A business relationships policy that cites all applicable requirements and which governs the review and implementation of any business relationships or the exchange of gifts and other gratuities involving the organization’s representatives, as defined; and
- A comprehensive investigation policy that requires a step-by-step procedure that is consistently used to review any question, incident or complaint involving a representative’s actual or suspected non-compliance.
- Conflict of interest policies and disclosure statements that require ongoing reports regarding outside activities involving, at a minimum, certain representatives acting for or on behalf of the organization and their immediate family members;
- An institutional review board charter and related policies that require ongoing oversight and management of research related activities involving the organization, its representatives and its patients; and
- Key provisions in employment contracts and other “medico-administrative” agreements for chief medical officer, medical director, service line or other management roles that specify the particular duties and obligations related to outside activity reporting and management.
Whether in the board room or as part of the day-to-day operations, the governing board is obligated to act with due care in regard to the business relationships of the organization and its representatives, because it is these obligations that remain the essential safeguards intended to protect not only the assets and resources, but also the relationships and reputations of both the organization and all of its representatives.