September 1, 2017

New compliance program guidance has been issued by the Fraud Section of the Department of Justice (DOJ), according to an article published in the AHLA Weekly. Although the “Evaluation of Corporate Compliance Programs” (Guidance) is not specific to the healthcare industry, it does provide a practical set of benchmarks against which the audit & compliance committee, in consultation with the general counsel and the chief compliance officer, can evaluate the effectiveness of the health system’s compliance program.

Compliance Guidance based Questions

The Guidance is presented in the form of a series of substantive compliance-focused questions that the Fraud Division frequently considers when evaluating a corporate compliance program, for example:

  • Analysis and Remediation of Underlying Misconduct
  • [Role and Involvement of] Senior and Middle Management
  • Autonomy and Resources
  • Policies and Procedures
  • Risk Assessment
  • Training and Communication
  • Confidential Reporting and Investigation
  • Incentives and Disciplinary Measures
  • Continuous Improvement, Periodic Testing and Review
  • Third Party Management
  • Mergers and Acquisitions

These questions are drawn from multiple sources (e.g., the Federal Sentencing Guidelines and the United States Attorneys Manual, the joint DOJ/SEC Foreign Corrupt Practices Act guide and compliance guidance from the Organization for Economic Cooperation and Development).

Questions particularly relevant to healthcare organizations include those that focus on the conduct of senior and middle management; the internal stature of the compliance function; the autonomy of the compliance function; program funding and resources; corporate response to expressed compliance concerns; the process for responding to investigative findings; consistency of disciplinary measures; and periodic updating of procedures and practices.

Important questions focus on the board’s exercise of its compliance oversight duties—including whether relevant expertise is available on the board and how compliance related information provided to the board.

Lack of Formalized Compliance Programs

As an aside, this guidance underscores the lack of need for formalized compliance programs in small practices consistent with the OIG guidance. Small practices do not have mid or senior level managers or a board in most cases. Small physician practices can, however, take note of some of the key points in their attempts at operating in a compliant fashion. Specifically, how you respond to expressed compliance concerns, investigative findings, and how often you review documentation, coding and billing policies.

One theme that appears to run through the questions is a focus on how the corporation deals with misconduct after it has been identified. This focus goes beyond the traditional emphasis on proper incentives and appropriate discipline to an awareness of the root cause of the misconduct and changes the company made to reduce the potential that similar problems will reappear.

The release of this Guidance is a significant development in terms of assuring the most effective possible corporate compliance plan. It is directly relevant to any organization attempting to demonstrate a commitment to compliance and implementation of an “effective” compliance program. Compliance officers should review and share relevant portions and resulting recommendations with management.