New OIG Guidance Emphasizes Health Care Compliance Oversight for Boards

by Ellen Bonner, Holland & Hart LLP

In late April, the Office of Inspector General, U.S. Department of Health and Human Services (“OIG HHS”) issued Practical Guidance for Health Care Governing Boards on Compliance Oversight (“Compliance Guidance”)1. The Compliance Guidance assists health care organization boards (“Boards”) with compliance plan oversight obligations. Highlighted below are a few of the Compliance Guidance’s numerous practical tips for proactive compliance oversight and review of health care organizations.

As a starting point for compliance assessment, the Compliance Guidance recommends the following publically available compliance resources:

  • The Federal Sentencing Guidelines2
  • OIG voluntary compliance program guidance documents3; and
  • OIG Corporate Integrity Agreements (“CIAs”)4

With a nod towards the “ever-changing regulatory landscape and operating environment,” the Compliance Guidance promotes the development of formal plans, including periodic updates from informed staff, to stay current with the changes in regulations and operating environments that impact the organization and its Compliance Program. The following four areas are emphasized in the Compliance Guidance:

Roles and Relationships. First, the Compliance Guidance recommends that an organization “define the interrelationship of the audit, compliance, and legal functions in charters or other organizational documents.” It notes the Office of Inspector General (“OIG”) recommends the separation of the compliance officer’s function from that of counsel to the organization or subordinate to the legal department. Although these functions should be independent and separated, the Compliance Guidance encourages collaboration between an organization’s counsel and compliance officer. In addition, the Compliance Guidance indicates both large and small organizations must demonstrate the same degree of commitment to ethical conduct and compliance, however, a compliance program design is not “one-size fits all.” Meaningful effort by Boards to review the scope and adequacy of existing compliance systems and functions considering the size and complexity of their organizations is required.

Reporting to the Board. The Compliance Guidance points out the Board’s need for compliance-related information including risk mitigation. Recommendations include the Board’s establishment of clear compliance expectations, performance, regular reporting and accountability for the management team. Executive Board sessions, excluding senior management, with the compliance, legal, internal audit, and quality functions departments may result in more open compliance issue communication.

Identifying and Auditing Potential Risk Areas. Certain areas of health care susceptible to fraud and other violations are identified as common to all health care providers. The Compliance Guidance encourages Boards to identify additional regulatory risks from internal sources, such as compliance hotlines and external sources, including OIG-issued guidance, professional organization publications, or reports of compliance failures in similar organizations. The Compliance Guidance also suggests that recent industry trends such as payment policies that align payment with quality care should be considered in designing risk assessment plans. Not only should risks be identified and audited, but corrective action plans should also be implemented.

Encouraging Accountability and Compliance. The OIG is “increasingly requiring certifications of compliance from managers outside the compliance department”—a development that signals the importance the government places on enterprise-wide responsibility for compliance. The Compliance Guidance encourages inquiries by the Board regarding compliance issues such as Medicare or Medicaid overpayments. Importantly, the Compliance Guidance recommends the Board “should request and receive sufficient information to evaluate the appropriateness of management’s responses to identified violations of the organization’s policies or Federal or State laws.”

At its core, the Compliance Guidance’s message is that Boards must be active participants in the organization’s health care compliance program. A health care organization would be well-served by incorporating the practical Compliance Guidance into its compliance programs.

Practical Guidance for Health Care Governing Boards on Compliance Oversight
http://oig.hhs.gov/compliance/compliance-guidance/docs/Practical-Guidance-for-Health-Care-Boards-on-Compliance-Oversight.pdf<
/p>

For more information contact:

Ellen Bonner
Holland & Hart LLP
Email: ecbonner@hollandhart.com
Phone: 719-475-6426


This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.


1The Compliance Guidance was a collaborative effort between the OIG, HHS and the Association of Healthcare Internal Auditors, the American Health Lawyers Association and the Health Care Compliance Association.
2U.S. Sentencing Commission, Guidelines Manual (Nov. 2014) (USSG),
http://www.ussc.gov/sites/default/files/pdf/guidelines-manual/2014/GLMFull.pdf

3http://oig.hhs.gov/compliance/compliance-guidance/
4https://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp#cia_list