Health industry clients face regulatory and enforcement challenges on multiple fronts.  It can be difficult to prioritize and allocate resources properly when government agencies’ initiatives are constantly shifting.  The first, fundamental step is to develop an effective compliance program that aims to recognize, prevent  and address the major risk areas affecting the organization as a whole. 

The institution must also continue to evolve its practices and outlook as it develops new care delivery models and affiliations, each of which may involve its own compliance risks. 

In this environment, it becomes critical to understand the full regulatory and enforcement context and to balance the competing and sometimes conflicting interests within an organization. A comprehensive appreciation of all these demands will allow you to put together a compliance program as sophisticated as the environment you work in.

The foundation for a compliance program is support from key players 

The United States Sentencing Guidelines for Organizations originally set forth the seven elements of an effective compliance program that are now widely adopted in the healthcare industry.  The Guidelines and the compliance program principles on which they are based have been amended over time to include more detailed diligence requirements, raising the expectation that healthcare organizations will have effective compliance programs.    

An organization can only have a strong and effective compliance program if its board of directors, management and key stakeholders provide necessary support.  Although an organization initially constructs its compliance program on paper, with elements such as a code of conduct and policies and procedures, these documents are meaningless unless the organization embraces the program and empowers its members to apply the compliance principles to their daily responsibilities. 

A healthcare organization can validate whether it has an effective compliance program by commissioning an independent assessment.  Such an assessment should begin with legal review of the elements as applied to the organization’s specific circumstances and a high-level gap analysis to identify unaddressed regulatory risks.  The assessment should also involve interviews with key personnel to determine whether the compliance program is truly meaningful and useful to stakeholders across the organization.  An organization can use independent assessment results to develop improvements, to implement recommend strategies and to serve as a baseline resource as future regulatory and enforcement risks develop and the compliance program evolves. 

Ongoing risk assessments and monitoring 

Once an organization has established an effective compliance program, it must shift its focus toward predicting and preventing regulatory violations.  The US government is changing its focus from retroactive enforcement toward more preventive measures and earlier detection of noncompliance.  In response, healthcare organizations must also continue to develop compliance practices that are more proactive. 

For example, organizations should periodically conduct compliance risk assessments to identify particular legal and regulatory risks and to prioritize measures to detect and prevent them, based on their severity.  A thorough risk assessment should address not only the likelihood of a specific risk, but also the likelihood that a violation will be detected.  It is preferable to conduct such risk assessments under the protection of attorney-client privilege.  This approach allows for honest and open communication without creating a trail of discoverable  documents that expose the organization’s regulatory vulnerabilities.  Having protected, candid responses of key personnel provides great value to executives and senior leaders in accurately assessing and prioritizing compliance work plans. 

Further expansion: new models, new risks 

As the healthcare industry shifts toward more innovative care models, organizations are becoming more forward-thinking and proactive.  The current healthcare environment is generating an array of novel business arrangements.  However, some ventures and referral arrangements that are compliant in other industries may be prohibited or create risk in the healthcare environment

It is therefore crucial to conduct transactional diligence in consultation with counsel experienced in dealing with the substantial regulatory risks that healthcare organizations face.  Targeted diligence reports help business leaders mitigate future risks, while uncovering assumed risks arising from former management or ownership’s activities.  Robust transactional due diligence also empowers an organization to negotiate more favorable terms or to require corrective actions prior to closing.

Transactional arrangements may also create licensing matters.  Because of  increased healthcare regulation in recent years, purchasing entities must coordinate government approvals and satisfy applicable licensing or certificate of need requirements, which may be more stringent than those experienced or anticipated by grandfathered selling entities.  Many of these requirements have regulatory deadlines that must be coordinated with the transactional team to help ensure a seamless transition after closing.  

Putting it all together in a constantly evolving environment 

In the current sophisticated environment, healthcare organizations need to develop comprehensive viewpoints of both shifting regulatory and enforcement initiatives and evolving risks.  An organization will benefit most from a team of lawyers who have the depth of experience to competently handle specific regulatory, enforcement and transactional issues, while also helping key stakeholders to place the differing components into an overall strategy and perspective.  This approach will best equip the organization to succeed within a constantly evolving healthcare environment.