What is a Board To Do?: Some Guidance from the OIG

personal-365964_1280A practical guide for the governing boards of healthcare organizations was recently released through the joint effort of the Office of the Inspector General (“OIG”) of the Department of Health and Human Services, the American Health Lawyers Associated, the Association of Healthcare Internal Auditors and the Health Care Compliance Association.  The guide builds upon previous commentary from the OIG about the role of a healthcare organization’s board when it comes to overseeing compliance activities.  As the guide states, it is important to define roles within an organization.

Prior OIG guidance set out the path for implementing a good compliance program and explained why the OIG expects a compliance program to exist.  A good compliance program will assist organizations in uncovering potential criminal, fraudulent or wasteful conduct.  Uncovering such information can, in turn, enable an organization to self-disclose and self-police its own conduct, which can reduce potential penalties in the event improper conduct did occur.

However, from the OIG’s perspective it is not enough to just put a compliance plan into place, or expect an organization’s officers to run it.  The Board of Directors/Trustees (the “Board”) must also play a role.  The Board should actively oversee the compliance plan, which includes reviewing the plan and receiving reports about what compliance issues are being presented and resolved.  The size and complexity of a compliance program can be scaled to match its organization, but regardless of size the Board should be involved.

How can a Board help oversee and manage a compliance plan?  For one, the Board may consider including at least one member with healthcare compliance experience of expertise.  This could be a healthcare lawyer, a compliance person or anyone else that understands what compliance means in the healthcare realm.

The OIG is quite clear about its expectations for separation.  In the guide, the OIG states: “Boards should be aware of, an evaluate, the adequacy, independence, and performance of different functions within an organization on a periodic basis.  OIG believe an organization’s Compliance Officer should neither be counsel for the provider, nor be subordinate in function or position to counsel or the legal department, in any manner.  While independent, an organization’s counsel and compliance officer should collaborate to further the interests of the organization.  OIG’s position on separate compliance and legal functions reflects the independent roles and professional obligations of each function.”

As suggested by the above statement, the Board would be well advised to ensure that compliance and legal are separate and independent bodies within an organization.  Compliance is intended to “promote the prevention, detection, and resolution of actions that do not conform to legal, policy, or business standards”  The legal function is similar, but is providing advice about the “legal and regulatory risks of [an organization’s] business strategies,” which means advising an organization about the relevant laws and regulations.  As indicated, the roles are similar but fundamentally different too.  While both functions should collaborate with each, the advice and views of both can differ.  Further, maintaining clear legal counsel can help preserve the attorney-client privilege when an organization could want to cloak discussions in privacy.

Another important role for the Board is to identify areas of risk and ensure that appropriate audits occur to assess the organization’s relative strengths and weaknesses.  The Board itself will not conduct these reviews, but can hold management accountable to perform them  No organization can expect that everything it does is completely compliant because healthcare laws and regulations are so complex.

The new guidance is not groundbreaking and does not seek to impose new duties or obligations.  It is a very good reminder of what organization’s should be looking at and reviewing though.  In the government’s eyes, individuals in every level of an organization can and should play a role in promoting a culture of compliance.  With this warning from the OIG, organizations would be well advised to take a look in the mirror and ask if what they are doing is enough.

Advertisements

About Matt Fisher

Matt is the chair of Mirick O'Connell's Health Law Group and a partner in the firm's Business Group. Matt focuses his practice on health law and all areas of corporate transactions. Matt's health law practice includes advising clients with regulatory, fraud, abuse, and compliance issues. With regard to regulatory matters, Matt advises clients to ensure that contracts, agreements and other business arrangements meet both federal and state statutory and regulatory requirements. Matt's regulatory advice focuses on complying with requirements of the Stark Law, Anti-Kickback Statute, fraud and abuse regulations, licensing requirements and HIPAA. Matt also advises clients on compliance policies to develop appropriate monitoring and oversight of operations.
This entry was posted in Business, Compliance, Regulations and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s