(April 14, 2017) Recently, the Office of Inspector General of the United States Department of Health and Human Services (OIG) and the Criminal Division of the Fraud Section at the United States Department of Justice (DOJ) have issued guidance on measuring the effectiveness of corporate compliance programs. In February, DOJ placed on its website a document entitled “Evaluation of Corporate Compliance Programs.” That document lists 119 sample questions that DOJ’s Fraud Section has in the past found relevant in its evaluation of the effectiveness of corporate compliance programs for the purpose of deciding whether to prosecute cases, and in recommending sentences for criminal violations. These questions are separated into eleven (11) topic areas: analysis and remediation of underlying conduct, senior and middle management, autonomy and resources, policies and procedures, risk assessment, training and communication, confidential reporting and investigation, incentives and disciplinary measures, continuous improvement, periodic testing and review, third-party management, and mergers and acquisitions. While not specifically addressing health care organizations, per se, the guidance is highly relevant to organizations and practices since they are questions that Federal prosecutors will be asking when evaluating compliance programs in any criminal investigation. The guidance can be reviewed in its entirety at https://www.justice.gov/criminal-fraud/page/file/937501/download.
Even more recently, on March 27 of this year, OIG published a parallel and more inclusive document focused specifically on the health care industry, “Measuring Compliance Program Utilization – A Resource Guide.” The Guide, which is 52 pages in length, sets out a checklist of questions broken down into seven standards based on the standard seven elements of an effective compliance programs, and further broken down into various subcategories under each element. The guidance is the product of a round table on January 2017 that brought together a group of compliance professionals and staff from OIG “to discuss ways to measure the effectiveness of compliance programs.” While the guidance is clear that it is not a “one size fits all,” it provides a number of ideas of “what to measure” and “how to measure” these programs, and should be mandatory reading for all compliance officers in organizations, whether a small physician’s office or a large hospital system or health care organization. The guidance can be accessed at https://oig.hhs.gov/compliance/101/files/HCCA-OIG-Resource-Guide.pdf.
Liles Parker attorneys, and frankly any knowledgeable attorney who specializes in health care, have for many years advised clients that is essential to establish a compliance program that is implemented effectively. Among other things, an effective compliance program establishes the culture of compliance for an organization in following the law, that should demonstrate an ethos from the top down through every employee and professional. It also provides management with the opportunity to detect and correct problems and potential issues before they either emerge or become widespread. Many, if not most, whistleblower lawsuits are the result of employees feeling that their concerns, when reported internally, were not investigated.
Moreover, Congress has mandated compliance plans for skilled nursing facilities and the revised requirements of participation require them for both nursing and skilled nursing facilities so that the effectiveness of these programs will become part of the survey process. And, if an investigation arises, the conversation with enforcement agencies is dramatically different when an organization can demonstrate that it has an effective program as opposed to no program, or one that sits on a shelf.
One of the criteria that OIG has had for determining whether a compliance program is effective is whether the organization measures the effectiveness of its program, itself. At a minimum, every organization should do this once per year.
Finally, in September 2015, DOJ issued a memorandum entitled “The Individual Accountability for Corporate Wrongdoing.” Among other things, the memorandum, referred to as the Yates Memo,” instructs prosecutors and investigators to hold highly placed individuals within an organization accountable for the organization’s misconduct. Prior to the issuance of the Yates memo, those of us involved as defense counsel in investigations were frequently able to obtain releases for individual members of an organization in settlements of civil and administrative investigations. Since the issuance of the Memo, releases of individuals now occur on only the rarest of occasions.
For all of these reasons, it is imperative that every health care provider establish an effective compliance program and that it periodically measure the effectiveness of that program. These guidances provide important and helpful information in how to accomplish that result.