New Compliance Guidance for Health Care Boards [Ober|Kaler]

The Guidance is designed as an educational resource to help provide practical advice on how boards of health care organizations should oversee compliance efforts within their organizations. In addition to Board members themselves, the Guidance is designed to help auditors, lawyers, and compliance officers that report to those boards. The Guidance document is divided into five main sections:

1. Expectations for Board Oversight of Compliance Program Functions
2. Roles and Relationships
3. Reporting to the Board
4. Identifying and Auditing Potential Risk Areas
5. Encouraging Accountability and Compliance

The OIG and AHLA previously issued guidance to Boards on corporate responsibility and compliance in 2003 [PDF], 2004 [PDF], and 2007 [PDF]. There has been little additional guidance for health care Boards since the 2007 issuance. Over that same time period, however, both the OIG and Department of Justice have become increasingly vocal and aggressive about imposing responsibility on individuals, including Board members, for so-called corporate wrongdoing. In response, many Board members have sought guidance about their duties and responsibilities relative to compliance.

Overall, the Guidance is clear and concise. The footnotes provide helpful references and support for the various recommendations in the guidance.

We encourage all Board members as well as anyone else associated with compliance activities in health care organizations to carefully review the Guidance.

As one reviews the Guidance, a few aspects deserve particular attention:

• The Guidance, in its own words, “is intended as guidance and should not be interpreted as setting any particular standards of conduct.”
• While recognizing that Boards have a critical role to play in establishing a culture of compliance within their organizations, the Guidance also stresses that “there is no uniform approach to compliance.” Every health care organization must take steps to make compliance within the organization a priority, but the extent and scope of those actions will depend on a host of factors including the size and resources of the organization.
• The Guidance carefully treats the separate, yet integrated, roles of compliance, legal, internal audit, human resources, and quality improvement. While the OIG stresses the importance of independence, the need for collaboration is also clear.
• The Guidance discusses the need for regular reporting to the Board by various members of management, including educating Board members about legal and regulatory developments and various risks facing the organization. For their part, Board members need to be in a position to ask the “right” questions and to know what to do with the answers.
• The Guidance also encourages Board members to ensure that efforts to address risks areas are implemented and that identified incidents of noncompliance are corrected.
• The Guidance concludes by noting that its goal is “to assist Boards with the performance of those activities that are key to their compliance program oversight responsibilities” while recognizing that “the form and manner of such efforts will always be dependent on the organization’s individual situation.”

While this new Guidance is not necessarily groundbreaking, it should prove to be an extremely helpful resource for Board members, particularly new Board members and those who are new to compliance in health care organizations. Health care organizations that do not have a formal compliance program are encouraged to take steps to put something in place, recognizing that there is no “one-size-fits-all” solution. For those health care organizations that have had a compliance program in place for several years, it may be time to “kick the tires” through a compliance effectiveness review.