- Ongoing compliance program monitoring is not an independent evaluation
- Only independent evaluations are likely to be credible to the DOJ and OIG
- Those facing enforcement should have, and act upon, an independent evaluation
When moving to address and settle fraud cases, the Department of Health and Human Services Office of Inspector General (OIG) and the Department of Justice (DOJ) will evaluate an organization’s compliance program and culture to determine prosecutorial or administrative actions. These reviews will govern each government agency’s respective enforcement decisions as to aggravation or mitigation of penalties. Of note, the OIG will consider this review when deciding whether to seek a Corporate Integrity Agreement (CIA) and, if so, the severity of the terms of the agreement.
The DOJ will employ its Compliance Program Effectiveness Evaluation Guidelines, consisting of hundreds of questions, to assess whether an organization’s compliance program is a “paper program” or one “implemented, reviewed, and revised, as appropriate, in an effective manner.” The OIG uses its Compliance Program Guidance Documents to assist in determining its course of action. The OIG will also question whether the compliance program’s effectiveness is evaluated periodically, how it is performed, by whom, and by what process.
It is important to remember that the only reason the DOJ and OIG would be asking questions about compliance program effectiveness evaluations is that they have determined the organization was involved in fraud, false claims, and/or corrupt relationships. As such, they will have little reason to give credibility to or trust any representations by the organization or its compliance officer concerning results of internally generated compliance reviews and evaluations without corroborating independent and objectively gathered evidence.
Having objective evidence of compliance program effectiveness by independent experts is important, especially for those facing potential enforcement action. However, the 2021 Compliance Benchmark Survey Report of healthcare compliance professionals found only slightly more than one-third of respondents reported having had an independent review of their compliance program by outside experts. Most reported evaluating their compliance program internally using a checklist, a scorecard, or an automated tool. These activities could be categorized as types of ongoing monitoring, which are sound practices. The compliance officer, like any other program manager, is responsible for ongoing monitoring of their program and verifying it is operating as designed, but, by definition, ongoing auditing must be done by parties independent of the program being reviewed. Periodically, it is advisable to have an independent evaluation by experts to verify proper ongoing monitoring of the program and validate effectiveness in achieving goals and objectives.
Final Thoughts. The OIG and DOJ have repeatedly emphasized that a compliance program should always be a “work in progress,” continuing to evolve and respond to changing regulatory, legal, and organizational changes. An independent compliance program evaluation should reflect as such. The review should not serve as a report card on the program that focuses on the negative. It should have a positive orientation that would (a) evidence and document the progress of the program, (b) identify opportunities for improvement, and (c) set forth actionable steps to enhance the program effectiveness. The OIG and DOJ expect that any such review would find weaknesses or gaps that need to be addressed, and would be suspicious of any result finding no opportunities for improvement. The most important part of an independent evaluation is acting upon the findings to move the program forward.