The trusted source for
healthcare information and
Healthcare professionals involved in compliance programs have new guidance from the Criminal Division of the Department of Justice (DOJ), which recently issued a document that tells white-collar prosecutors how to evaluate compliance programs.
DOJ’s Fraud Section issued similar guidance in February 2017, but this new guidance “seeks to better harmonize the guidance with other department guidance and standards while providing additional context to the multifactor analysis of a company’s compliance program,” the department said in a written statement. (The full DOJ statement is available at: . The updated guidance is available at: .)
The 2019 guidance, like the 2017 guidance before it (and guidance from the Office of Inspector General of the Department of Health and Human Services [HHS-OIG] issued that same year), reflects a practical method for assessment of organizations’ compliance programs, says Michael B. Lampert, JD, partner with Ropes & Gray in Boston. The guidance offers specific illustrations of what compliance professionals should focus on.
“For example, the guidance does not ask whether an organization has conducted a risk assessment process, but instead asks what methodology a company’s risk assessment process has followed,” he notes. “Likewise, the guidance asks how companies measure their training effectiveness, not whether there is training, and how a company assesses its employees’ capacity to seek advice [as well as] how and how often a company assesses its culture of compliance.” In brief, the guidance takes a compliance program’s existence as a given and looks more deeply into how a company’s compliance program really works and how it has evolved over time, Lampert explains. Organizations may assess the specific “how” questions that DOJ has asked.
For healthcare organizations that have operated with a view toward the old HHS-OIG compliance program guidance documents, Lampert says a striking part of the guidance may be where it begins: with risk assessments. “While risk-based construction of a compliance program is not a new concept, and has been part of corporate integrity agreements for a few years now, it is not the starting point of old HHS-OIG guidance, the way that it is for the guidance here,” he says. “Articulation of risk assessment as the first stage for a compliance program, at least at the point of measurement, is of significance. For healthcare organizations still basing their programs primarily off the HHS-OIG historic guidance, [the new guidance is] potentially a newly articulated area.”
Compliance officers can use the guidance to assess their own programs, Lampert says. The guidance provides very specific tools for measuring program effectiveness. “Like the 2017 DOJ and HHS-OIG guidance, these may be seen as tools with numerous parts, some of which can be used immediately, and some of which will not be for a particular organization,” Lampert explains.
“But, whatever the point of evolution of a company — and nature of its risks — the guidance provides a menu from which companies’ compliance officers may select. For that matter, it provides a menu from which board members assessing a compliance program’s operations or operators assessing a potential acquisition target may select.”
Lampert notes that while the 2017 DOJ guidance bound only the Fraud Section, the 2019 version binds the full Criminal Division. The 2019 guidance also reflects a reorganization at DOJ.
“But neither of those observations reflects a wholesale change, and that may be the takeaway. The guidance in some ways broadens, and through some new questions sharpens, but it does not radically change the world from the situation that organizations encountered in 2017,” Lampert offers.
DOJ also recently announced a policy change regarding antitrust compliance, saying the agency will now consider a corporation’s compliance efforts when making charging decisions in a criminal antitrust investigation. (See the sidebar at bottom of page for more on that policy change.)
An overriding theme of the guidance can be summed up in three words: “Substance over form,” says Geoffrey R. Kaiser, JD, partner in the Compliance, Investigations & White Collar group with Rivkin Radler in Uniondale, NY. “Prosecutors are instructed to ask the hard questions that delve beneath the surface of a company’s compliance program to determine whether the program is truly effective and deserving of consideration in making charging decisions and formulating more lenient dispute resolutions,” Kaiser explains.
The guidance is clear that differences in risk profiles among companies require that DOJ make a “particularized evaluation” and “individualized determination” in assessing such compliance programs, Kaiser notes. However, receiving the benefit of prosecutorial discretion depends on an evaluation of three foundational compliance program areas: program design, program implementation, and program efficacy, he adds.
The updated DOJ guidance includes detailed questions relating to three broad program areas that healthcare organizations may use to evaluate the status of their own compliance programs and whether improvements are required to meet DOJ’s expectations. Kaiser provides this summary of the recurring themes reflected in these questions:
Financial Disclosure: Author Greg Freeman, Editor Jonathan Springston, Editor Jill Drachenberg, Nurse Planner Jill A. Winkler, BSN, RN, MA-ODL, Consulting Editor Patrice Spath, MA, RHIT, Editorial Group Manager Leslie Coplin, and Accreditations Manager Amy M. Johnson, MSN, RN, CPN, report no consultant, stockholder, speaker’s bureau, research, or other financial relationships with companies having ties to this field of study.