In April, the Office of the Inspector General for the U.S. Department of Health and Human Services (“OIG”), in conjunction with the American Health Lawyers Association, the Association of Healthcare Internal Auditors, and the Health Care Compliance Association, released “Practical Guidance for Health Care Governing Boards on Compliance Oversight.” Rather than merely discussing aspirational goals or stating governing principles, the guide lives up to its name in giving practical suggestions for how health care governing boards oversee compliance programs, a true product of a partnership between the OIG and associations that represent those regulated by the office. The document stressed new compliance challenges for healthcare governing boards, such as value-based payment systems and the effect of ever-expanding publicly available data (under the Sunshine Rule, for instance). The guidance covered specific topic areas of concern, each of which will be discussed briefly.
Expectations for Board Oversight of Compliance Program Functions
Reporting and communication systems need to be in place that will provide assurance to the governing board that necessary information with regard to compliance will come to the fore in a regular and timely fashion. The guidance suggests using widely-recognized public compliance resources as benchmarks to establish baseline assessment tools, such as the Federal Sentencing Guidelines, the OIG’s voluntary compliance program guidance, or OIG Corporate Integrity Agreements. The guidance stressed that no compliance program design is “one size fits all,” and boards should evaluate programs in light of the size and complexity of an organization.
Roles and Relationships
Organizations should be structured clearly and with defined spheres of responsibility and functional boundaries while supporting collaboration and cooperation among functions. The guidance recommended a structure with several delineated roles – the compliance function, the legal function, the internal audit function, the human resources function, and the quality improvement function. In addition, the guidance suggested that boards should evaluate how management addresses risk and the roles each plays in identifying compliance risks, investigating compliance risks and avoiding duplication of effort, identifying and implementing appropriate corrective actions and decision-making, and communicating between the various functions throughout the process.
Reporting to the Board
Stressing the oversight role of a board, the guidance suggested that a board should receive regular reports on the organization’s risk mitigation and compliance efforts. In implementing this, boards could use a ‘dashboard’ that presents all key information in a well-organized fashion. A board could also consider conducting regular “executive sessions” with leadership from the various functions that encourages more communication.
Identifying and Auditing Potential Risk Areas
Healthcare governing boards need strong processes for identifying risk areas from both internal and external resources, and those areas should be consistently reviewed and audited, with appropriate corrective actions developed and implemented. Boards should look to recent industry trends in the design of risk assessment plans, taking into account an increased emphasis on quality and value of care, as well as the ways in which new payment models create both incentives and compliance risks. Boards also need to be aware that if physicians are employed by both their organization and another entity, these relationships may have consequences for clinical and research decision-making.
Encouraging Accountability and Compliance
As a general rule, the OIG encouraged governing boards to create a culture of compliance through the creative implementation of compliance programs, stressing the need for communication of expectations, as well as clear communication channels throughout an organization. Boards should also foster a level of trust and comfort so that employees can raise compliance issues free of retaliation fears. The guidance emphasized the benefits of operating an aware and proactive organization, such as fast resolutions of cases with the OIG, lower payments and exclusion release as part of a settlement.
The overall tenor of the guidance stressed the necessity of unobstructed flow of information throughout an organization from the lowest levels to the board, structuring roles and responsibilities with an eye to strengthening and preserving communication. Simply put, a board cannot respond to information it doesn’t have, and a backbone of communication throughout an organization will assist in the assessment and mitigation of risk.