OIG Issues Corporate Compliance Guide for Boards

The HHS Office of Inspector General has released An Integrated Approach to Corporate Compliance: A Resource for Health Care Organization Boards of Directors (July 1, 2004). The key focus of the publication is the respective roles of the in-house corporate general counsel and an organization’s chief compliance officer in supporting the compliance oversight functions of health care organization governing boards. The new report evidences the critical compliance program operation and structure issues highlighted by recent scandals in the securities and corporate sectors of the economy, including health care organizations, including prosecutions of officials charged with compliance responsibilities. The report was published jointly with the American Health Lawyers Association.

The publication recognizes that the roles of the general counsel and chief compliance officer in support of board of directors’ compliance responsibilities may be more complex in the health care industry than in other industry sectors due to heavy regulation and active enforcement programs. The report takes into account prior OIG statements on risks that can be present when an entity’s chief compliance officer reports to, or through, a general counsel. It sets forth seven areas of inquiry for governing boards to pursue with management to ensure that the board understands the scope of the organization’s compliance program and the challenges inherent in achieving the program goals:

• To what extent is the general counsel utilized by the Board to provide relevant advice regarding compliance matters?
• Where and how is the general counsel involved in each of the fundamental elements of the compliance program?
• How does the general counsel receive notice of, and provide input on, the organization’s response to identified or suspected compliance failures?
• What are the roles of the organization’s chief compliance officer and general counsel in operating the corporate compliance program? Who has responsibility for reporting to the Board on compliance matters?
• How is the Board notified when there are disagreements among management, the chief compliance officer and/or general counsel relating to the organizational response to specific compliance matters?
• Does the Board understand how the organization utilizes the attorney/client and work product privileges when responding to third party requests for information?
• Are processes in place to enable the general counsel to bring issues of legal compliance to the appropriate authorities within the organization?

The publication suggests that boards consider implementing checks and balances between the general counsel and chief compliance officer to ensure an effective compliance program. For example, when an organization’s general counsel also serves as the chief compliance officer, the board could consider adopting a recusal process by which the general counsel can recuse him or herself from a compliance investigation if the matter may implicate the general counsel. Where an organization’s chief compliance officer is separate from the general counsel, but reports to the general counsel, the board could consider establishing alternative reporting mechanisms to provide the chief compliance officer direct reporting to another member of senior management if the officer deems such reporting to be necessary. Where an organization’s chief compliance officer is separate from and does not report to the general counsel, the board could consider involving the general counsel in periodic compliance risk assessments and reviews of proposed policies and reports on compliance processes.

Finally, the publication includes the results of a survey conducted by the American Health Lawyers Association of 1,964 in-house counsel and 2,490 healthcare personnel concerning the roles and responsibilities of the general counsel and chief compliance officer in the respondents’ respective organizations. The survey results indicate that health care organizations structure the roles of their general counsel and chief compliance officers in different ways, but most share a common emphasis on seeking to ensure that their governing boards receive regular information and analysis from these individuals on how the organization is managing its compliance activities.

Increasing enforcement activity, harsher penalties and enhanced obligations under the Sarbanes-Oxley law make it essential for health care organizations to give renewed and close attention to compliance program effectiveness. Health care organizations should be careful, moreover, to assure their compliance programs are comprehensive and effective, not only on fraud and abuse topics, but also antitrust, government contracts, civil rights and employment law and other oversight areas, employing training and compliance review techniques regularly.

Crowell & Moring has worked for more than 20 years helping health care organizations structure and implement effective corporate compliance programs. During that time, we have focused not only on developing and implementing compliance plans, but specifically on the organization and structure of compliance programs, especially the articulation of the duties and obligations of corporate Boards of Directors, compliance officers, and legal counsel. The OIG's issuance of this new guidance presents an important challenge and opportunity for all healthcare organizations to assess their existing compliance policies and procedures, operations, and reporting structures to assure consistency with OIG guidance.