Health care governing boards must "ask the right questions" about compliance:

Governing boards of health care organizations must ensure that corporate compliance programs are in place and keep the board informed of compliance issues. This duty was strongly affirmed in a newly released guide issued by The Office of the Inspector General of the Department of Health and Human Services (OIG) in collaboration with the American Health Lawyers Association (AHLA), the Association of Healthcare Internal Auditors (AHIA) and the Health Care Compliance Association (HCCA) titled "Practical Guidance for Health Care Governing Boards on Compliance Oversight" (the Guidance). The Guidance does not include anything "new" but it emphasizes the key role that health care organization boards must play in corporate compliance programs.

Demands on boards have never been greater, but compliance is a "must do" for every health care organization. Boards are expected to review existing compliance systems and functions and to develop a formal plan to stay informed of the constantly changing regulatory landscape and operating environment. Boards should ensure that "compliance is a way of life" for the organization and that management has strong processes for identifying risk areas. Legal counsel that understands and has experience with the complexities of the regulatory environment and the operational landscape is essential to this effort.

Certain regulatory risk areas are common to all health care organizations including referral relationships and arrangements, billing issues, privacy breaches, quality of care and patient safety. Because risk involves many different facets of the health care organization, the Guidance asserts that "compliance" must extend beyond the corporate compliance officer and include individuals from the following functions, at a minimum: internal audit, human resources, quality improvement and legal. This multi-disciplinary approach to compliance will be new to some health care organizations but should be considered a "best practice" in light of the Guidance.

Smaller health care organizations, such as small medical practices and smaller hospitals, should pay particular attention to the Guidance. While there is not a "one size fits all" compliance program, the board must put forth a "meaningful effort" to review the status of current compliance programs and make compliance reporting a regular part of the board's agenda. The Guidance states that smaller organizations may require that one individual to perform multiple roles and may have fewer resources than larger organizations, but they should also have fewer risk areas. No matter the size of the organization, boards should implement formal plans to stay current with the changing regulatory landscape and remain committed to ethical conduct and compliance.

The Guidance offers several examples of specific actions that boards can take to make certain that compliance is a core part of the board's oversight including:

  • Conduct a board level assessment of the current compliance program as a baseline. The board may use publicly available materials as benchmarks to evaluate the health care organization's compliance program. These materials include, the Federal Sentencing Guidelines, OIGs voluntary compliance program guidance documents (including the OIG Fraud Alerts, the OIG Annual WorkPlan and the OIG Advisory Rulings) and OIG Corporate Integrity Agreements (CIAs).
  • Create a formal board education calendar to help the board understand compliance issues. Engage outside expertise to educate the board on legal and regulatory risks given the complexity of the regulatory landscape
  • Include compliance updates on board meeting agendas on a regular basis, presented in a manner that is understandable by the board members
  • Hold regular "executive sessions" to receive updates on compliance matters to avoid undue suspicion when such a session is called
  • Make compliance a part of management performance metrics tied to compensation.
  • Use the OIG Self-Disclosure Protocol when the organization identifies a violation

The Guidance is available at http://oig.hhs.gov/compliance/compliance-guidance/docs/Practical-Guidance-for-Health-Care-Boards-on-Compliance-Oversight.pdf.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.