Executive Summary
The Office of the Inspector General (OIG) at the Department of Health and Human Services recently issued guidance aimed at the governing boards of healthcare entities. A key message was that the boards should pay attention to risk managers regarding compliance issues.
- OIG emphasized that boards have a duty to establish a reporting system.
- A company's legal, compliance, and internal audit functions should be separate and independent, according to the guidance.
- OIG recommends boards consider employee incentive programs that are focused on compliance and tied to bonuses or other incentives.
Risk managers and compliance officers just received a nice boost from the Office of the Inspector General (OIG) at the Department of Health and Human Services, which recently issued guidance aimed at the governing boards of healthcare entities. Among other bits of wisdom, OIG reminds board members that they should pay attention to risk managers regarding compliance issues.
The guidance was issued with associations of healthcare auditors, attorneys, and compliance professionals, with the goal of reminding healthcare boards regarding their oversight duties.
The OIG instructed the boards to interact very closely with the people in charge of risk management and compliance at their organizations, explains Benjamin J. Christenson, JD, an attorney with the law firm of McGuireWoods in Chicago. "This guidance specifically says the board needs to ensure there is a compliance program, that there is someone in charge of that program, and you need to be talking to that person," he says. "OIG is saying to the board that they cannot rely solely on management."
In fact, OIG suggests that the boards meet with risk managers and compliance officers in executive session so they can exclude senior management from the conversation. "They're telling the boards not to do that just in special situations, but regularly so they can get the unvarnished opinions of the people responsible for legal matters and compliance in the organization," Christenson says. "The strong suggestion is that you need someone doing this job full time and you need to listen to them. The OIG is telling the board, 'This person is important. Please talk to them.'"
Christenson summarizes these other recommendations in the guidance:
- Boards have a duty to act reasonably in ensuring that a corporate information and reporting system exists and that the reporting system is adequate to provide the board with appropriate information relating to compliance.
- Boards should consult OIG's own compliance guidance at http://tinyurl.com/ogl9m7b and also the Federal Sentencing Guidelines at http://tinyurl.com/pomskup as benchmarks for the board's compliance efforts.
- Even small healthcare organizations should "show the same degree of commitment to ethical conduct and compliance as larger organizations." OIG acknowledges that smaller organizations might be able to do so "with less formality and fewer resources" than a larger organization.
- While recommending that risk management and compliance be handled by designated professionals, the guidance says smaller organizations might be able to use existing employees instead of hiring staff. In those cases, OIG suggests that boards be more personally involved in compliance.
- Boards should have a formal plan to stay up to date regarding changing regulations including through updates from employees and management as well as formal education.
- It might be desirable for a board to include one or more members who are professionals with healthcare compliance expertise.
- Boards should consider employee incentive programs that are focused on compliance and tied to bonuses or other incentives.
- To take full advantage of the possible mitigation of fines under the Sentencing Guidelines in the event of a criminal conviction, boards cannot rely on upper management for compliance. They must be prepared to create structures in which the individuals responsible for compliance and related areas have direct and open contact with their respective boards.
The full OIG guidance is available online at http://tinyurl.com/nx2v7zt.