New Practical Guidance for Health Care Governing Boards on Compliance Oversight
In an unprecedented collaboration, the Office of Inspector General (OIG). The U.S. Department of Health and Human Services, the Association of Health Care Internal Auditors, the American Health Lawyers Association and the Health Care Compliance Association worked together to develop a new guidance document for governing boards regarding compliance oversight functions. Released on April 20, 2015, the document emphasizes a practical approach to compliance oversight that is intended not only for governing boards but also for auditors, attorneys and compliance officers. (Full document at www.healthlawyers.org)
The OIG has issued prior guidance on this topic beginning in 2003. This latest document is intended to update and supplement the previously published guidance. The document might be described as not only practical, but also much more pointed in urging active oversight of compliance by governing boards. The Introduction states, “[a] critical element of effective oversight is the process of asking the right questions . . . ” The Guidance recommends that governing boards ask questions of management pertaining to the effectiveness and sufficiency of the compliance program as well as the performance of compliance officers and others who implement the program.
Specific areas addressed in the Guidance are: (1) the roles of and relationships among the organization’s audit, compliance and legal functions/departments; (2) mechanisms and processes for issue reporting; (3) the process for assessing regulatory risk; and (4) methods for creating and supporting enterprise-wide accountability for achievement of compliance goals and objectives.
Although the Guidance includes a disclaimer that it is intended as guidance only and is not to be interpreted as setting standards of conduct, the themes are more strongly stated than ever before. These themes include:
- due diligence by governing boards in fulfilling their oversight duties, including but not limited to receiving regular reports about the organization’s risk mitigation and compliance efforts;
- emphasis on reporting mechanisms (the compliance reporting line) as a key compliance element in learning about and addressing compliance issues, and
- creation of an enterprise-wide corporation culture that is rolled out to all parts and levels of the organization.
Another important feature of the Guidance is that it addresses matters not previously discussed, e.g., the roles of and relationships among compliance,. audit and legal functions as well as the human resources functions and the quality improvement function. The importance of each function having access to organizational data is reinforced.
Another theme emphasizes the importance of making sure the compliance program fits the size and complexity of the organization. Previous guidance has discussed board education—here more specific suggestions are made. In addition to training, it is suggested that Boards can raise their expertise level by adding a member who has professional knowledge and experience in regulatory compliance.
Behind-the-scenes reports suggest that the OIG wanted an even more prescriptive and hard-hitting document, perhaps one that did set standards of conduct, but industry groups advised moderation. Regardless, this Guidance should be read carefully and used as a benchmark for organizations to evaluate their current compliance programs because it is more specific and directive than any prior guidance. Organizations that have not recently evaluated and planned for increased sophistication of their compliance programs are likely to find a widening gap between their programs and evolving governmental expectations.