Epstein Becker Green Health Care and Life Sciences Client Alert

On April 20, 2015, the Office of the Inspector General of the U.S. Department of Health and Human Resources (“OIG”), in collaboration with the American Health Lawyers Association, the Association of Healthcare Internal Auditors, and the Health Care Compliance Association, published guidance directed in particular at health care organizations’ boards of directors and trustees regarding compliance oversight.[1] This guidance reaffirms that federal enforcement authorities are increasingly focused on boards, both as a check on potential violations by management and for potential liability on the part of boards and individual board membership.

This guidance reflects the heightened challenge for boards to ensure their organizations’ compliance with applicable federal and state laws concerning, among other things, referral relationships and arrangements, billing issues (such as upcoding and submitting claims for services not rendered and/or medically unnecessary services), privacy breaches, and quality-related events.

The focus on governing boards not only mandates enhanced compliance oversight but also might require boards to obtain legal, billing-audit, and other professional advice independent of management, especially in the context of an official government investigation or where, at the conclusion of a matter, the board faces duties imposed upon it by Corporate Integrity Agreements (“CIAs”) or other settlement obligations.

The following suggestions are essential for creating and maintaining a program that can best promote effective corporate compliance as well as offer protection to governing boards:

Board Oversight

  • Ensure that there is a corporate reporting system in place that will deliver pertinent information to the board in a timely manner relating to compliance with applicable laws. At a minimum, your organization’s chief compliance officer should periodically report directly to the board or its compliance or audit committees independent of management. It is a best practice that this person should not be the General Counsel or function as an attorney advising management but be limited to a compliance role.
  • Create benchmarks as to goals and functions for your organization’s compliance program as described in the Federal Sentencing Guidelines,[2] OIG’s voluntary compliance program guidance documents,[3] and published OIG CIAs.
  • Include data privacy (including HIPAA compliance) and cybersecurity as a compliance element.
  • Insist that the compliance department provide periodic documentation of its training and quality control activities, including quantitative data on outcomes concerning discipline and remediation.
  • Ensure that the scope and adequacy of the program is adaptive to changing conditions and is reflective of the size and scope of your organization.
  • Develop a formal plan to stay updated with the constantly changing regulatory and legal compliance landscape.
  • Create charters or similar documents defining the organization’s audit, compliance, and legal functions. The OIG suggests that, even though these functions can collaborate, they should be independent, particularly as to the legal function.
  • Implement a formal process to ensure that appropriate access is granted to information needed by the audit, compliance, and legal entities within the organization.
  • Create and enforce clear expectations for receiving specific types of compliance information from members of your management team. The OIG suggests that the board should receive regular comprehensive reports that include information about the organization’s risk mitigation and compliance efforts. Boards should receive this information in a format that satisfies the interests and concerns of its members by using special tools to deliver the information, such as a customizable dashboard.
  • Consider carefully those board members who are tasked specifically with compliance oversight functions and ensure that they have the necessary training and experience for this role.

Auditing and Correcting Potential Risk Areas

  • Besides reviewing internal and external audits, require a complete corrective plan if deficiencies are indicated.
  • If board members have financial relationships with referral sources or recipients, analyze how the organization is reviewing these arrangements for compliance with Stark and anti-kickback laws.
  • If you discover a violation of any laws, consider disclosing under the OIG’s Self-Disclosure Protocol in order to have a faster resolution of the case, lower monetary penalty, and exclusion release.

Epstein Becker Green attorneys can be key participants and advisors to the governing boards of health care organizations to ensure adherence to this guidance, prevent violations, identify potential risks, address and remedy any known violations, and otherwise comply with relevant federal, state, and local laws.

* * *

This Client Alert was authored by George B. Breen, Stuart M. Gerson, and Wandaly E. Fernández. For additional information about the issues discussed in this Client Alert, please contact one of the authors or the Epstein Becker Green attorney who regularly handles your legal matters.

ENDNOTES

[1] OIG, Association of Healthcare Internal Auditors, American Health Lawyers Association, and Health Care Compliance Association, Practical Guidance for Health Care Governing Boards on Compliance Oversight (April 20, 2015), available at http://oig.hhs.gov/compliance/compliance-guidance/docs/Practical-Guidance-for-Health-Care-Boards-on-Compliance-Oversight.pdf.

[2] U.S. Sentencing Commission, Guidelines Manual (2013), available at http://www.ussc.gov/sites/default/files/pdf/guidelines-manual/2013/manual-pdf/2013_Guidelines_Manual_Full.pdf.

[3] OIG, Compliance Guidance, available at http://oig.hhs.gov/compliance/compliance-guidance/index.asp

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.