New DHHS OIG Integrity Obligations Imposed on Members of Health Care Boards of Directors

Members of corporate boards of directors are subject to two main responsibilities — the Duty of Loyalty and the Duty of Care. In recent years, the United States Department of Health and Human Services, Office of the Inspector General ("OIG") has issued publications to make it clear to members of the boards of directors of health care companies conducting business with federal health care programs (directly or indirectly) that these fiduciary duties include an obligation at the board level to assure that the health care company maintains an effective corporate compliance program.[i]

Recent Developments

A few recent developments with Corporate Integrity Agreements ("CIAs")[ii] reveal a trend that delineates with more specificity how the OIG believes that boards of directors of health care companies should act to demonstrate that they are satisfying this obligation with respect to corporate compliance programs and with respect to quality of care. Companies conducting business directly or indirectly with federal health care programs and with the U.S. Food and Drug Administration ("FDA") should consider these new CIA requirements as they operate their companies, even in the absence of a CIA.

The new requirements of these CIA provisions regarding corporate compliance programs include quarterly board or board committee meetings to review and oversee the companies' compliance with federal health care program requirements; FDA requirements (if applicable); the obligations in the CIA (if applicable); and the compliance program (such review and oversight may be required to be conducted with the assistance of a third party). The new contractual obligations of these CIA provisions also include the adoption of board resolutions stating that the board or a board committee has concluded, after a reasonable inquiry, that the companies have implemented "effective" compliance programs, as well as individual certifications from board or board committee members stating that each member of the board or board committee agrees with the board's resolution.

In particular, the Eli Lilly and Company ("Eli Lilly") CIA, signed on January 14, 2009, and another recent pharmaceutical manufacturer CIA, demonstrate a trend by the OIG of including specific board provisions in pharmaceutical manufacturer CIAs.[iii] Previous CIAs with pharmaceutical manufacturers (as well as other health care companies generally) only required that the company's compliance officer "shall make periodic (at least quarterly) reports regarding compliance matters directly to the Board of Directors [or to a Committee of the Board] of [the Company], and shall be authorized to report on such matters to the Board of Directors of [the Company] at any time." The Eli Lilly CIA includes the following new governance-level requirements:

Board of Directors Compliance Obligations. A Committee of the Board of Directors (Committee) shall be responsible for the review and oversight of matters related to compliance with Federal health care program requirements, FDA requirements, and the obligations of this CIA. The Committee shall, at a minimum, be responsible for the following:

a. The Committee shall meet at least quarterly to review and oversee Lilly's Compliance Program, including but not limited to evaluating its effectiveness and receiving updates about the activities of the Chief Compliance Officer and other compliance personnel.

b. The Committee shall consist of at least three members, all of whom shall be independent directors. The Chief Compliance Officer is required to make at least four reports a year to the Committee or more often, if requested by the Committee or the Chief Compliance Officer.

c. The Committee shall arrange for the performance of a review on the effectiveness of Lilly's Compliance Program (Compliance Program Review) for each Reporting Period of the CIA and shall review the results of the Compliance Program Review as part of the review and assessment of Lily's Compliance Program. A copy of the Compliance Program Review Report shall be provided to OIG in each Annual Report submitted by Lilly.

d. For each Reporting Period of the CIA, the Committee shall adopt a resolution, signed by each individual member of the Committee, summarizing its review and oversight of Lilly's compliance with Federal health care program requirements, FDA requirements, and the obligations of this CIA.[iv]

The Eli Lilly CIA further states that, at a minimum, the board resolution shall include the following language:

'The [insert name of Committee] Committee of the Board of Directors has made a reasonable inquiry into the operations of Lilly's Compliance Program, including but not limited to evaluating its effectiveness and receiving updates about the activities of its Chief Compliance Officer and other compliance personnel. The Board also has arranged for the performance of, and reviewed the result of, the Compliance Program Review. Based on its inquiry, the Committee has concluded that, to the best of its knowledge, Lilly has implemented an effective Compliance Program to meet Federal health care program requirements, FDA requirements, and the obligations of the CIA.'[v]

It is unclear what is required for a "reasonable inquiry." This is likely to be subject to a facts and circumstances analysis. While it is helpful to specify in the CIA that a "reasonable inquiry" includes at least an effectiveness review and receipt of updates about the activities of its compliance personnel, it is unclear what more should be done and what steps should be included for an "effectiveness review" to be truly "effective." Also, what types of reports or interviews should board members request so that their knowledge is not limited in a way that could suggest that a contractual or fiduciary obligation was not fulfilled appropriately?

Board Member Liability

By way of background, in the 1996 Caremark case,[vi] the Chancery Court of Delaware established the potential for personal legal liability for board members if they breached their Duty of Care. The Caremark Court stated that:

a director's obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.[vii]

The Court further stated that "only a sustained or systematic failure of the board to exercise oversight -- such as an utter failure to attempt to assure a reasonable information and reporting system exits -- will establish the lack of good faith that is a necessary condition to liability."[viii]

Several years after the Caremark decision, the OIG began issuing papers to encourage the boards of companies involved in federal health care programs to be more involved in the oversight of their companies' compliance programs.[ix] Working with the American Health Lawyers Association, the OIG released a guidance document for health care boards of directors that specifically referenced the Caremark Duty of Care to health care corporate compliance programs. Citing Caremark, the OIG elaborated that "[c]learly, the organization may be at risk and directors, under extreme circumstances, also may be at [personal] risk if they fail to reasonably oversee the organization's compliance program or act as mere passive recipients of information."[x]

On September 27, 2006, the OIG entered into a CIA with Tenet Healthcare Corporation, together with its subsidiaries, affiliates, hospitals, and other health care facilities. The OIG published a press release stating that the Tenet CIA:

also includes unprecedented provisions requiring the Quality, Compliance, and Ethics Committee of Tenet's Board of Directors to undertake a review of the effectiveness of Tenet's compliance program and adopt resolutions with respect to this review. Tenet is required to submit annual reports to OIG, which will include certifications by Tenet officers that the company is in compliance with the requirements of the Federal health care programs.[xi]

The requirements for the Tenet Board of Directors under the Tenet CIA includes the following:

Quality, Compliance, and Ethics Committee of the Board of Directors. Tenet's Board of Directors currently has, and shall maintain during the [five year] term of the CIA, a Quality, Compliance, and Ethics Committee comprised of independent directors of Tenet (hereinafter "Board Committee"). The Board Committee is responsible for the review and oversight of matters related to compliance with the requirements of Federal health care programs and the obligations of this CIA. The Board Committee shall, at a minimum, be responsible for the following:

a. The Board Committee shall meet at least quarterly and shall review and oversee Tenet's Compliance Program, including but not limited to the performance of the Chief Compliance Officer, Regional and Hospital Compliance Officers, the Ethics and Compliance Department, the Clinical Quality Department, the Corporate Compliance Committee, and Regional and Hospital Compliance Committees.

b. The Board Committee shall arrange for the performance of a review on the effectiveness of Tenet's Compliance Program (Compliance Program Review) for each Reporting Period of the CIA and shall review the results of the Compliance Program Review as part of the review and assessment of Tenet's Compliance Program. A copy of the Compliance Program Review Report shall be provided to OIG in each Annual Report submitted by Tenet.

c. The Board Committee shall retain an independent individual or entity with expertise in compliance with the Federal health care program requirements (Compliance Expert). The Compliance Expert shall assist the Board Committee by creating a work plan for the Compliance Program Review, overseeing the performance of the Compliance Program Review, and supporting the Board Committee's responsibilities for reviewing and assessing Tenet's Compliance Program.

d. For each Reporting Period of the CIA, the Board Committee shall adopt a resolution, signed by each individual member of the Board Committee, summarizing its review and oversight of Tenet's compliance with the requirements of Federal health care programs and the obligations of this CIA.

At a minimum, the resolution shall include the following language:

'The Quality, Compliance, and Ethics Committee of the Board of Directors has made reasonable and due inquiry into the operations of Tenet's Compliance Program, including the performance of the Chief Compliance Officer, Regional and Hospital Compliance Officers, the Ethics and Compliance Department, the Clinical Quality Department, the Corporate Compliance Committee, and Regional and Hospital Compliance Committees. In addition, the Quality, Compliance, and Ethics Committee has retained an independent expert in compliance with the Federal health care program requirements to support the Committee's responsibilities. The Quality, Compliance, and Ethics Committee has also arranged for the performance and reviewed the results of the Compliance Program Review. Based on all of these steps, the Committee has concluded that, to the best of its knowledge, Tenet has implemented an effective Compliance Program to meet the requirements of the Federal health care programs and the obligations of the CIA.'

If the Board Committee is unable to provide such a conclusion in the resolution, the Board shall include in the resolution a written explanation of the reasons why it is unable to provide the conclusion and the steps it is taking to implement an effective Compliance Program at Tenet.

Tenet shall report to OIG, in writing, any changes in the composition of the Board Committee, or any actions or changes that would affect the Board Committee's ability to perform the duties necessary to meet the obligations in this CIA, within 15 days after such a change.[xii]

The Tenet CIA included detailed contractual provisions that required more active participation from Tenet's board of directors.

Similar to the CIA provisions regarding corporate compliance programs, CIA provisions regarding quality of care require boards of directors of providers to review and oversee a function of the Company. For example, in the Corona Care Convalescent Corporation CIA, effective March 21, 2008, the CIA provisions include a requirement that the provider: "create a committee as part of its Board of Directors to provide oversight on quality of care issues."[xiii] Specifically, the CIA requires this board committee to:

(a) review the adequacy of Provider's system of internal controls, quality assurance monitoring, and patient care; (b) ensure that Provider's response to state, federal, internal, and external reports of quality of care issues is complete, thorough, and resolves the issue(s) identified; and (c) ensure that Provider adopts and implements policies and procedures that are designed to ensure that each individual cared for by a Covered Facility receives the highest practicable physical, mental, and psychosocial level of care attainable. The individuals who serve on this committee shall be readily available to the Compliance Officer and the Monitors required under this CIA to respond to any issues or questions that might arise.[xiv]

Although CIA contractual governance requirements regarding quality of care issues already had appeared prior to the Tenet CIA in CIAs for certain providers, provisions imposing requirements on boards of directors regarding quality of care issues appear to have been included more consistently in the OIG's CIAs during 2007 and 2008. The trend for including contractual governance requirements regarding the effectiveness of corporate compliance programs in the OIG's CIAs appears to have begun in late 2008 and into early 2009.

* * *

For questions regarding this alert and topic, please contact:

This Epstein Becker Green Client Alert is published by EBG's Health Care and Life Sciences practice to inform health care organizations of all types about significant new legal developments.

Lynn Shapiro Snyder, Esq.

EDITOR

If you would like to be added to our mailing list or need to update your contact information, please contact, Jennifer Sunshine, [email protected] or 202/861-1872.



Endnotes

[i] See, e.g., Final Compliance Program Guidance for Nursing Facilities, 65 Fed. Reg. 14289 (March 16, 2000); Final Compliance Program Guidance for Pharmaceutical Manufacturers, 68 Fed. Reg. 23731 (May 5, 2003).Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors, United States Department of Health, Office of the Inspector General and The American Health Lawyers Association, April 2, 2003, available at

http://oig.hhs.gov/fraud/complianceresources.asp; An Integrated Approach to Corporate Compliance: A Resource for Health Care Boards of Directors, United States Department of Health, Office of the Inspector General and The American Health Lawyers Association, July 1, 2004, available at http://oig.hhs.gov/fraud/fraudalerts_other.asp; Corporate Responsibility and Health Care Quality - A Resource for Health Care Boards of Directors, States Department of Health, Office of the Inspector General and The American Health Lawyers Association, September 13, 2007, available at http://oig.hhs.gov/fraud/fraudalerts_other.asp.

[ii] Health care companies may seek to settle matters resulting from government health care fraud investigations or qui tam civil lawsuits. Some health care fraud allegations give rise to the OIG's permissive exclusion authority under 42 U.S.C.1320a-7(b)(7). In consideration for the OIG's waiver of this authority to exclude the companies from future participation in federal health care programs, these companies may enter into agreements with the OIG, such as CIAs or Certification of Compliance Agreements, that impose integrity obligation on the companies.

[iii] See also the Cephalon, Inc. CIA, effective September 29, 2008, which has similar, but not identical, board of director provisions.

[iv] Corporate Integrity Agreement between Eli Lilly and Company and the United States Department of Health and Human Services, Office of the Inspector General, Section III.A.3., January 14, 2009 (emphasis added).

[v] Id. (emphasis added).

[vi] In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).

[vii] Id. at 970.

[viii] Id. at 971.

[ix] See, e.g., Final Compliance Program Guidance for Nursing Facilities, 65 Fed. Reg. 14289 (March 16, 2000); Final Compliance Program Guidance for Pharmaceutical Manufacturers, 68 Fed. Reg. 23731 (May 5, 2003).

[x] Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors, United States Department of Health, Office of the Inspector General and The American Health Lawyers Association, April 2, 2003, available at

http://oig.hhs.gov/fraud/complianceresources.asp (emphasis added).

[xi] OIG Executes Tenet Corporate Integrity Agreement: Unprecedented Provisions Include Board of Directors Review, United States Department of Health, Office of the Inspector General, September 28, 2006, available at http://oig.hhs.gov/publications/newsroom_archive.asp. Prior CIAs, such as the HealthSouth CIA, effective January, 1, 2005, also contained provisions requiring board of director oversight, but do not include all of the requirements or the detail included in the Tenet CIA.

[xii] Corporate Integrity Agreement between Tenet Healthcare Corporation, together with its subsidiaries, affiliates, hospitals, and other health care facilities, and the United States Department of Health and Human Services, Office of the Inspector General, Section III.A.7., September 27, 2006 (emphasis added).

[xiii] Corporate Integrity Agreement between Corona Care Convalescent Corporation and the United States Department of Health and Human Services, Office of the Inspector General, Section III.A.3., March 21, 2008 (emphasis added).

[xiv] Id. (emphasis added).

Resources