Blog Post

Board-Level Compliance Literacy

Richard P. Kusserow | November 2021

Compliance officers should educate their organizations’ boards of directors about the importance of compliance literacy.

Enforcement entities have little patience for organizations that simply view the payment of fines and penalties as a cost of doing business. They have called for increased accountability for compliance beginning at the board of directors (Board) level. In recent years, the Department of Health and Human Services Office of the Inspector General (OIG) and American Health Law Association have issued several documents on this subject, including Practical Guidance for Health Care Boards on Compliance Oversight, The Health Care Director’s Compliance Duties: A Continued Focus of Attention and Enforcement, and Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors.

In addition, the 2020 Department of Justice (DOJ) Evaluation of Corporate Compliance Programs guidance advises prosecutors to consider many questions concerning Board-level commitment to compliance, including how the Board exercises compliance oversight, the type of information it is provided, how often it meets with the Compliance Officer, whether such meetings take place as executive sessions, how matters raised to the Board are subsequently managed, etc. One of the questions summarizes these considerations: “What compliance expertise has been available on the board of directors?”

The OIG believes that a key factor in determining the effectiveness of a compliance program is the extent to which the Board has been meeting its fiduciary duties and compliance oversight responsibilities. In most enforcement cases, the OIG has found that the Board provided inadequate oversight, often a result of lacking relevant expertise. Where the OIG finds inadequate Board involvement in oversight and support for the compliance program, it will include stringent requirements for the Board in Corporate Integrity Agreements (CIAs). CIAs often include a mandate for the Board to engage a Compliance Expert to assist the Board in meeting its obligations and enabling it to adopt a resolution summarizing its review and oversight of the organization’s compliance with federal health care program requirements and the obligations of the CIA.

Most organizations would posit that their Boards include members with compliance expertise and point to those with legal or risk management backgrounds. However, it is difficult to convince enforcement officials that there is compliance expertise on the Board if no director has ever held a compliance officer role or participated in auditing and evaluating compliance programs. Compliance officers face the challenge of educating their organizations’ Boards on the importance of having members who are “compliance literate” and can ask relevant questions, evaluate the information they are provided, assess compliance program progress, and hold executive leadership accountable. It is important to recognize that failing to do this may result in personal liability for Board members.

For more information on this topic, contact Richard Kusserow at [email protected].

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog