New OIG Guidance For Health Care Boards

On April 20, 2015, Dan Levinson, the Department of Health and Human Services (HHS) Inspector General (IG), announced the issuance of a new tool for healthcare boards entitled “Practical Guidance for Health Care Governing Boards on Compliance Oversight”.  The OIG developed the tool with the American Health Lawyers Association (AHLA), the Association of Healthcare Internal Auditors (AHIA), and the Health Care Compliance Association (HCCA).  Its purpose is to assist governing boards of health care organizations carry out their compliance plan oversight obligations, and to assist internal auditors, lawyers, and compliance officers which report to those boards.  The document focuses on providing “practical ideas” for board consideration in meeting their organizational oversight obligations.  It suggests processes for identifying risks, tools for improving adherence to program objectives, and effective reporting tools for board meetings.  The 2015 guidance and previous guidance have consistently emphasized the need for fully engaged boards in oversight responsibility. OIG references three previous guidance documents:

• OIG and AHLA: Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors (2003);
• OIG and AHLA, An Integrated Approach to Corporate Compliance: A Resource for Health Care Organization Boards of Directors (2004); and
• OIG and AHLA, Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors (2007)

It is clear that the OIG has underscored their concern that boards may only be “going through the motions” of providing compliance oversight to organizations and are not fully meeting their fiduciary duties and obligations.  The new guidance may be viewed as a warning notice to boards to “step up to the plate” and take the role more seriously.

Levinson emphasized that the guidance is designed to provide practical information and suggests diverse tools and tips that boards of various sizes and resources may use.  It expands on issues presented in prior documents and offers real-world best practices while encouraging boards to utilize public resources that will aide in their oversight efforts.  It urges boards to review OIG Corporate Integrity Agreements (CIAs) for currently identified risk areas and for methods to ensure that the problems that led to the CIA do not reoccur.  The guidance provides tips and advice to boards; their compliance and audit committees; compliance officers; auditors; and others to support a “corporate culture of compliance” and to better understand their organization’s compliance program functions, including:

• Interplay between the organization’s audit, compliance and legal departments;
• Reporting mechanisms and processes within the organization;
• Regulatory risk assessment approaches; and
• Ways to achieve compliance goals and objectives through enterprise-wide cooperation.

The new OIG guidance serves as a firm reminder that boards need to take an active role in oversight of the organization’s compliance program and act in good faith in the exercise of its oversight responsibility for its organization.

Tips And Suggestions For Boards

1. Ensure corporate reporting systems effectively bring appropriate information, relating to compliance with applicable laws, to the board’s attention as a matter of course and in a timely fashion.

2. Stay abreast of regulatory, enforcement and industry developments by following news of enforcement actions, especially cases involving the organization’s industry sector.

3. Establish a formal plan to stay informed about regulatory developments and the organization’s operating environment.

4. Participate in educational programs that develop a better understanding of industry risks, regulatory requirements, and effective operation of compliance and ethics programs.

5. Require management to provide a formal education calendar that updates the board on the organizations’ highest risks.

6. Ensure the compliance officer is not the organization’s legal counsel, nor subordinate to it.

7. Ensure the audit, compliance and legal functions are defined in charters or other organizational documents that assure independence of roles and professional obligations.

8. Evaluate adequacy, independence and performance of different functions within an organization on a periodic

9. Make a “meaningful effort” to review the scope and adequacy of existing compliance systems and functions.

10. Consult with a regulatory, compliance, legal professional or add such a professional to the board to increase substantive regulatory and compliance expertise.

11. Ensure receipt of regular compliance-related reports on issues such as risk mitigation and ensure that reports are actionable and useful.

12. Invite the compliance officer to report directly to the board committee overseeing compliance.

13. Conduct regular “executive sessions” with leadership from the compliance, legal, internal audit and quality functions that exclude senior management in order to encourage candid discussion.

14. Draw upon internal and external sources to establish an effective process for identifying risk areas, including auditing, monitoring and implementation of corrective action plans.

15. Keep current with regulatory and payment models through sources such as Sunshine Act reports and Medicare Part B data.

16. Keep abreast of the organization’s efforts to comply with the 60 Day Rule for voluntary self-disclosures and its process for addressing the identification of potential compliance violations.

17. Work with management to address risks appropriately, including risk identification and investigation and implementation of corrective actions.

18. Ensure existence of effective mechanisms for timely reporting of suspected violations and for the evaluation and implementation of remedial

19. Use public compliance resources such as the Federal Sentencing Guidelines, the OIG’s voluntary compliance program guidance documents, and OIG Corporate Integrity Agreements (CIAs) for benchmarking organization’s compliance program.

20. Request development of objective scorecards measuring how well management executes the compliance program, mitigates risks and implements corrective action plans.

21. Ensure a process to assess individual, department or facility-level performance and consistency in executing the compliance program.

In conclusion, the guidance strongly encourages boards to increase its knowledge of relevant and emerging regulatory risks; the role and functioning of the organization’s compliance program in the face of those risks; and the flow and elevation of reporting of potential issues to senior management.  Overall, the board serves to encourage a high level of compliance accountability across the organization and therefore, must understand the gravity of their duty to effectively oversee the compliance program.