Compliance officers at risk for civil, criminal liability
If you think your hospital's indemnification policy will protect you if and when federal investigators come knocking, you might be in for a rude surprise. Depending on your exposure to institutional fraud and abuse, the government could hold you personally liable — and no type of coverage will protect you completely.
Compliance officers are at risk of such personal liability because of their precarious position within an institution, says Donna Bergeson, JD, a partner at the law firm of Alston & Bird in Atlanta and the general counsel for the Emory Clinic. Bergeson also helps to develop compliance programs for several hospital systems.
"If a report was made to a compliance officer about something like receiving an overpayment from the government, and he or she failed to act on it, that in itself is a crime under the disclosure obligations of federal law," Bergeson says. "So even though the compliance officer wasn't the primary actor, he or she might have some liability."
The problem should be particularly worrisome for individuals who have had to assume responsibility for compliance on top of existing duties, Bergeson says. "There is a chance that they're going to have too much on their plate and something's going to fall through the cracks."
Compliance officers in smaller hospitals could also be at increased risk because of possible administrative pressure on the CO "not to report compliance concerns based on who the actor is," Bergeson says.
And because the HHS Office of the Inspector General has stated in its compliance guidance for hospitals that the CO should not be a general counsel, it's not possible for most COs to claim attorney-client privilege. While that leaves compliance officers with greater exposure, Bergeson concedes, it's probably for the best. "Their job is to ferret out non-compliance issues and bring them into compliance," she says. "Whereas an attorney's job is to protect the client — which could involve invoking the privilege and not ferreting out compliance issues."
That's all well and good, but without the shield of attorney-client privilege, the compliance officer remains at risk of being targeted for penalties that no insurance will cover, says Tony Mercurio, senior vice president at J&H Marsh and McLennan, an insurance brokerage and consulting firm in New York City.
The good news, according to Mercurio, is that it's usually possible to secure coverage for "vicariously assessed punative damages" — damages that the court holds you indirectly but not directly responsible for. That's especially true for civil litigation. The bad news, of course, is that there's "no possible protection for jail time," Mercurio says. "When there's a possibility that the compliance officer could be viewed as an accessory and there is the possibility of serving time, there is no protection."
Even so, there are steps you can take to make sure that you have the maximum amount of protection possible, Mercurio adds.
The first step is to assess your potential exposure and match that against what's currently available to you. That means investigating how much indemnification your institution extends to you. "Then, for the non-indemnifiable piece, explore the extent to which there's coverage provided to you through, for example, a directors and officers liability policy," Mercurio says. "And if there's nothing there, then you have to go beyond that into the realm of what's available in the open market."
Editor’s note: In upcoming issues, Compliance Hotline will discuss how compliance officers can assess their exposure and what new insurance options are available to them.