In April 2015, the Department of Health and Human Services Office of the Inspector General (“OIG”) issued its “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (the “Guide”), which was collaboratively drafted by the Association of Healthcare Internal Auditors, the American Health Lawyers Association, and the Health Care Compliance Association.
In OIG’s “Guide,” they provide information and direction to health care boards on four main categories of compliance oversight: “(1) roles of, and relationships between, the organization’s audit, compliance, and legal departments; (2) mechanism and process for issue-reporting within an organization; (3) approach to identifying regulatory risk; and (4) methods of encouraging enterprise-wide accountability for achievement of compliance goals and objectives.” While the “Guide” is not necessarily a “set-in-stone” legal document, its tips and goals are certainly helpful to health care boards looking for a go-to-guide.
For the guide’s first topic, roles and relationships of organizational functions, the OIG recommends that:
Health care boards understand and assess the different functions within the organization including compliance, legal, human resources, internal audit, and quality improvement
Evaluations should confirm that the appropriate functions are satisfactory, autonomous, and proper
Organizational members should have access to suitable and relevant corporate materials and resources and participate in effective and significant communications
For issue reporting, the OIG endorses the advice that:
Boards agree to and enforce reasonable expectations for compliance and risk management reports from accountable staff in key functions such as audit, compliance, human resources, legal, quality, and information technology
Boards contemplate implementing measures to improve reporting, including
Developing scorecards measuring management of compliance programs and risk mitigation, and also implementation of corrective action plans;
Setting outlooks for management to address significant regulatory changes and enforcement actions;
Using dashboards to report potential risk information; or
Conducting regular executive meetings to discuss risk and compliance issues.
To identify risk, the OIG advises that:
Boards guarantee that their organization has robust processes for identifying risks particularly in areas of key interest and new industry trends, such as referral relationships and arrangements, billing, privacy breaches, industry consolidation, and changes in insurance coverage and reimbursement
Boards confirm consistent review by management of audit risk areas and use of corrective action plans where appropriate, in order to satisfy an organization’s requirement to monitor, audit, and effectively detect criminal fraud
In order to encourage organization-wide accountability for compliance goals and objectives, the OIG recommends:
Boards develop and inspire a compliance “way of life,” which may include evaluating employee performance in compliance, applying annual incentive programs dependent on meeting compliance goals, reassuring self-identification of compliance failures and voluntary disclosures, and evaluating compliance systems and processes for effective communication.