4 objectives form bedrock of your CP

Take care in charting the waters

For all the attention compliance programs (CP) have begun to receive, their waters remain uncharted, and many health care providers are uncertain about how to design and implement an effective program.

Simply put, a CP is a formal set of policies and procedures that require lawful conduct by an institution, its employees, and its agents. To be truly effective, a CP must be individually tailored to meet the particular needs of each institution in light of its infinite variety. Regardless of the institution, however, a CP’s four main objectives always should be:

• credibility;

• prevention;

• detection;

• correction.

These four objectives are the bedrock of the 1991 U.S. Sentencing Commission’s Guidelines for Sentencing Organizations. The document is the resource most widely used by courts and commentators in judging the design and effectiveness of any CP.1 In addition, the guidelines have influenced the compliance-related standards for other regulated industries.2

According to the guidelines, "the hallmark of an effective program to prevent and detect violations of law is that the organization exercised due diligence in seeking to prevent and detect criminal conduct by its employees and other agents." Due diligence requires a CP "that has been reasonably designed, implemented, and enforced so that it will generally be effective in preventing and detecting criminal conduct."

Failure to prevent and detect an offense does not, by itself, mean the program was not effective. But a program that looks good on paper but is either ignored or dormant will not be credible. Lack of credibility could be damaging to an institution subject to a civil or criminal investigation if the government believes the institution has only a token CP on its books.

The existence of a failed CP may enable you to get a second bite at the apple by persuading HHS not to invoke its exclusion powers in the event wrongdoing is discovered. When wrongdoing is detected, the institution must correct the misconduct by disciplining the wrongdoers, remedying the harms, and making disclosure and restitution where appropriate. If corrective action is not taken after the wrongdoing is detected, the institution loses credibility.

Critics have complained that despite the emphasis the government has placed on the need for CPs, the Sentencing Commission’s guidelines offer only general and inadequate guidance for companies seeking to implement CPs. This is due in part to the need for the guideline to be flexible enough to meet compliance needs for a variety of industries. Despite this ambiguity, there is direction regarding the design of an effective CP.

To achieve the four objectives listed above for a CP, the program must be designed and implemented with the government's recommended seven steps in mind. (See accompanying article on the seven steps, p. 47.) They are a starting point and must be adapted to fit the needs of each institution.


1. In re Caremark International, Inc. Derivative Litigation; Note Growing the Carrot: Encouraging Effective Corporate Compliance, 109 Harv L Rev 1783 (1996).

2. EPA Incentives for self-policing: Discovery, disclosure, correction and prevention of Violations. 60 Fed Reg 66,706 (Dec. 22, 1995).