Blog Post

2020 DOJ Compliance Guidance: Organizations must conduct periodic compliance program reviews

Richard P. Kusserow | June 2020

Key Takeaways

  • The DOJ stresses how critical it is to evidence program effectiveness
  • Regular, rigorous, and consistent independent reviews is expected
  • Do health care organizations conduct periodic reviews and enhancements
  • Effectiveness relates to the outcome of a process, not the process itself

The Department of Justice (DOJ) recently released an update to its guidance on the Evaluation of Corporate Compliance Programs (referred to as “2020 Guidance”). It notes that to be effective, a compliance program must be regularly reviewed and enhanced which includes adequately addressing ever-changing risks. Based on the new 2020 Guidance, the DOJ will scrutinize whether a company engages in periodic auditing of the compliance program to assure its effectiveness.

By definition, an audit is an examination performed by parties independent of the function being reviewed. The DOJ’s goal is to determine whether the compliance program is a paper program or one that is fully implemented, reviewed, and revised, as appropriate, in an effective manner. Regular, rigorous, and consistent independent review of compliance programs is now the expectation. All of this supports the need for periodic independent evaluations that include independent parties and that are in addition to the ongoing internal monitoring conducted by the organization’s Chief Compliance Officer. Periodic evaluations by experts external to the organization are needed to verify proper ongoing monitoring of the program and validate that goals and objectives are being met. This expectation has been reinforced repeatedly, not only by the DOJ, but also the Department of Health and Human Services Office of Inspector General (OIG). The OIG now includes, in its Corporate Integrity Agreements, mandates for Boards to engage compliance experts to advise on the organization’s compliance program and personally certify the program’s effectiveness.

As a result, the question becomes whether most health care organizations are doing all of this. About half of the respondents to SAI Global’s 2020 Healthcare Compliance Benchmark Survey (Survey), developed in collaboration with and analyzed by Strategic Management’s compliance experts, reported that independent reviews are a top priority and that they had such reviews conducted within the last three years. However, elsewhere in the Survey, only about one third reported using independent experts to review their compliance program, relying instead upon self-assessment tools, checklists and internally generated surveys. This approach can be useful for ongoing monitoring but lacks credibility with outside parties. At best, these can be used as tools for elements that may be missing from the program. They provide little evidence of how effectively these elements function in the day-to-day operations of the organization. In the Survey, about one out of four respondents reported that their organization is planning an independent program effectiveness evaluation in 2020

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog