OIG Evolving Positions on Compliance Program Standards are Well Publicized
No health care provider should be surprised about where its Compliance Program stands at any given time, as keeping current of OIG positions is not difficult. For decades, the OIG has (1) published compliance guidance documents for various segments of the health care industry; (2) testified before Congress regarding its findings; (3) published Semi-Annual Reports on its activities; (4) issued annual Work Plans; (5) promulgated “safe harbor” regulations; (6) published Advisory Opinions to clarify its position regarding the Anti-Kickback Statute; (7) negotiated Corporate Integrity Agreements (CIAs); (8) produced Podcasts on compliance topics; and (9) presented at the American Health Lawyers Association (AHLA), Health Care Compliance Association (HCCA), and other conference forums.
Recent “White Papers”
The OIG has also published several “White Papers” in conjunction with the AHLA, stressing that effective compliance programs must begin at the top with the Board and executive leadership and cascade down through the Compliance Office to all those engaged in the work environment. The OIG focused on Board corporate fiduciary duties and responsibilities in overseeing an organization’s compliance program. These documents include: “An Integrated Approach to Corporate Compliance: A Resource for Boards of Directors,” “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors,” and the most recent, published a year ago, “Practical Guidance for Health Care Governing Boards on Compliance Oversight.”
Corporate Integrity Agreements
The OIG continues to modify and enhance provisions in CIAs to increase oversight and accountability of those who agree to settlement terms. Compliance Officers will find these CIAs useful for reviewing intelligence on what the OIG considers “best practices.” For example, at the recent HCCA Compliance Institute, the OIG sparked spirited questions and discussion over new and more stringent requirements with the (1) increased use of certifications; (2) mandates for Boards to engage a Compliance Expert (CE); and (3) increased role and oversight of Independent Review Organizations (IROs).
Increased Reliance on Certifications
The OIG has added more CIA requirements for holding executives, program managers, Compliance Officers, and Boards personally responsible for compliance. Carrie Kusserow, who has 20 years experience as a Compliance Officer and consultant, sums up all this by noting, “The introduction of new certifications in CIAs is a ‘game changer,’ as it places a heavier personal burden on Boards, executives, and Compliance Officers. With my clients, it certainly has been a wake-up call. They have taken note and understand that falsely signed mandated certifications in CIAs can result in heavy penalties. These mandated certifications are indeed serious business.” When the OIG announced the increased use of and reliance upon certifications in CIAs at the recent HCCA conference, many raised concerns that certifications of the type mandated in CIAs are so strict that no one can reasonably give a categorical certification, which may put innocent individuals at risk. The OIG responded that its intent is not to use enforcement measures in connection with these certifications. However, CIAs often include a stipulated penalty for each day an organization is out of compliance, with deadlines and a $50,000 penalty for each false certification. Also, any false certification may implicate the False Claims Act.
Board Mandates to Engage a “Compliance Expert”
Many CIAs now call for Boards to engage independent “Compliance Experts” to assist them in meeting their Compliance Program effectiveness oversight obligations. Boards must include their Compliance Expert reports as part of each Annual Report filing. Steve Forman, a CPA with more than 20 years of experience as a Compliance Officer, consultant, and Board engaged Compliance Expert, noted: “The Practical Guidance issued by the OIG was particularly significant in providing insights of its reasoning as to why Boards should engage Compliance Experts, whether or not there is a CIA. The guidance provides almost identical language about Boards’ use of Compliance Experts as today’s CIAs do. A close reading of this document is a must for Compliance Officers.”
Increased Role and Oversight of the IRO
Under CIAs, entities must engage an IRO to ensure compliance with specific standards related to the underlying violations, but the OIG reserves the right to approve or deny the IRO. If the OIG determines the work of the IRO or Compliance Expert is inadequate, the OIG may conduct its own review or appoint a Monitor to oversee compliance with the CIA. At the recent HCCA conference, questions were raised about how the OIG ensures IRO independence and qualifications in light of press reports that many IROs may not meet the OIG independence standard. The OIG responded that it was in the process of reviewing this matter.