Health Law Alert: OIG Issues New Practical Guidance for Board Oversight of Compliance Programs
OIG Issues New Practical Guidance for Board Oversight of Compliance Programs
by Jesse Berg, Tim Johnson, and Jeremy Johnson
On April 20, 2015, the U.S. Department of Health and Human Services Office of Inspector General (OIG), in conjunction with several health care associations, published a useful new compliance document titled “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (2015 Guidance). The 2015 Guidance expands on previous guidance documents issued by the OIG in 2003, 2004, and 2007 relating to board oversight of health care organizations. As part of the 2015 Guidance, the OIG recognizes that “compliance program design is not a ‘one size fits all’ issue.” However, smaller or less complex organizations must still demonstrate the same degree of commitment to ethical conduct and compliance as larger organizations, but they may do so with less formality and fewer resources than would be expected of larger and more complex organizations. Bottom line, the OIG expects health care boards to “put forth a meaningful effort” to implement effective compliance systems and functions and to review the adequacy of existing compliance systems and functions. The 2015 Guidance offers practical guidance to health care boards in several areas:
- Define Functional Roles and Relationships: Organizations should define the interrelationship of the audit, compliance, and legal functions by drawing functional boundaries while encouraging collaboration. The 2015 Guidance suggests a structure comprised of: (1) the compliance function; (2) the legal function; (3) the internal audit function; (4) the human resources function; and (5) the quality improvement function; but again recognizes that not all entities possess sufficient resources to support this structure.
- Set and Enforce Expectations for Reporting: Boards should receive regular reports regarding the organizations' compliance efforts from the key players (compliance, legal, internal audit, HR, and quality improvement). The 2015 Guidance offers practical advice on setting reporting expectations, the format of written reports, and expectations for board review of the information.
- Implement a Process for Identifying and Auditing Potential Risk Areas: Boards should draw on internal and external resources in an effort to ensure that the organization is monitoring legal and regulatory developments. The 2015 Guidance notes areas of particular interest: (1) referral relationships and arrangements; (2) billing problems (e.g., updcoding, submitting claims for services not rendered, and/or medically unnecessary services); (3) privacy breaches; and (4) quality-related events.
- Encourage Accountability and Compliance: The OIG notes that compliance is “an enterprise-wide responsibility” and that boards should encourage the concept that “compliance is a ‘way of life.'” The 2015 Guidance suggests assessing individual, department, and facility-level performance in executing the organization’s compliance program.
In assessing penalties on health care organizations that were found noncompliant by the OIG, the OIG has been more lenient on those organizations that have been able to demonstrate they have made real, meaningful commitments to try to operate in a compliant manner, including adopting and following recommended guidance provided by the OIG. Therefore, we recommend that the 2015 Guidance should be carefully reviewed by health care organization directors and officers and appropriate actions taken by such leadership consistent with such guidance.
OIG enforcement activities will be a featured event at Gray Plant Mooty’s 19th Annual Health Law Conference, to be held on July 14, 2015 at The Depot in downtown Minneapolis. Look for a save the date card in the coming weeks!
If you have any questions about the OIG’s Guidance or board oversight of corporate compliance programs, please contact Jesse Berg at jesse.berg@lathropgpm.com / 612.632.3374, Jeremy Johnson at jeremy.johnson@lathropgpm.com / 612.632.3035, or Tim Johnson at timothy.johnson@lathropgpm.com / 612.632.3208.