OIG General Compliance Program Guidance on Compliance Leadership
Recently, at the Health Care Compliance Association’s 28th Annual Compliance Institute, Robert K. DeConti, Chief Counsel to the HHS Inspector General provided one of the keynote addresses. He used the opportunity to tell a story of a hero’s journey. The hero in the story is a compliance officer facing the challenge of an organization’s non-compliance. The story’s hero represents all compliance officers in leadership positions trying to do the right thing.
Near the end of the address, he told compliance professionals that, “It is your leadership ability that will make the difference for your organizations.” Leadership is essential in compliance programs.
In fact, compliance program leadership is one of the seven elements of an effective compliance program. The HHS OIG’s General Compliance Program Guidance (GCPG) document1 highlights this topic as element #2, “Compliance Leadership and Oversight.”In addition to the compliance officer, compliance leadership includes the compliance committee and the governing board’s oversight. Let’s examine some of the important characteristics of these three areas of compliance leadership and oversight.
Compliance Officer
Every organization should designate a compliance officer. Of course, this might be a full-time position at many organizations while smaller organizations might assign the compliance officer duties as a portion of an employee’s workload. If the compliance officer is not 100% devoted to compliance activities, the organization needs to make sure the individual has the resources and time to be successful, rather than just ‘checking a box’ and claiming they have a compliance officer.
The compliance officer should have the requisite authority, stature, access, and resources to effectively lead a compliance program.
The OIG explains that the compliance officer should “report either to the CEO with direct and independent access to the board or to the board directly.” OIG also believes the compliance officer should not lead or report to the entity’s legal or financial functions and should not provide the entity with legal or financial advice or supervise anyone who does. Such relationships can create conscious or even unconscious conflicts. The compliance function should have independence from operational or other functions that could also potentially create conflicts.
It should also be obvious that the compliance officer should have unimpeachable integrity, good judgment, assertiveness, an approachable demeanor, and the ability to elicit the respect and trust of employees.
If an organization is truly committed to compliance, they will also provide the compliance officer with “sufficient funding, resources, and staff to operate a compliance program capable of identifying, preventing, mitigating, and remediating the entity’s compliance risks.”
The compliance officer is responsible for the day-to-day operations of the compliance program. Some of the principal duties of the compliance officer include:
- Overseeing and monitoring the implementation and operation of the compliance program
- Providing guidance and advice to executive leadership and the board about compliance risks the organization faces.
- Serving as the chair of the Compliance Committee
- Regularly reporting to the board on the implementation, operation, and needs of the compliance program
- Revising the compliance program as risks and operations change
- Ensuring appropriate exclusion checks and screening of individuals and entities occurs
- Working with others in the organization to develop work plans for reviewing, monitoring, and auditing compliance risks.
- Investigating, reporting, and helping correct occurrences of reported non-compliance
- Developing policies and procedures applicable to compliance efforts
The compliance officer is the face and leader of the compliance program. But that does not mean they are solely responsible for all compliance within the organization. That responsibility rests with everyone in the organization. To that end, two additional aspects of compliance leadership include the compliance committee and the governing board.
Compliance Committee
Life for a compliance officer would be extremely lonely and even difficult without a compliance committee to help shoulder some of the burdens of the compliance program.
A compliance committee typically consists of other leaders in the organization. Individuals might come from human resources, the legal department, operations, internal audit, patient quality, finance, revenue cycle, sales, marketing, and clinical service lines. The chief compliance officer should chair the committee.
The main purpose of the compliance committee is to help and support the compliance officer in implementing, operating, and monitoring the compliance program. The OIG believes the Compliance Committee should meet no less than quarterly and that having a regularly scheduled meeting may enhance routine attendance.
According to the OIG, some of the key responsibilities of the Compliance Committee include:
- Analyzing the legal and regulatory requirements applicable to the entity
- Assessing, developing, and regularly reviewing policies and procedures
- Monitoring and recommending internal systems and controls
- Assessing education and training needs and effectiveness, and regularly reviewing required training
- Developing a disclosure program and promoting compliance reporting
- Assessing effectiveness of the disclosure program and other reporting mechanisms
- Conducting annual risk assessments
- Developing the compliance workplan
- Evaluating the effectiveness of the compliance workplan and any action plans for risk remediation; and
- Evaluating the effectiveness of the compliance program.
Some members of the compliance committee may not know exactly what the purpose of the committee is, or they might not know the role they should play on the committee. Committee members should receive training on their duties as a committee member.
And like any effective committee, there should be a clear agenda for each meeting as well as keeping of appropriate meeting minutes.
Governing Board Oversight
Ultimately, the governing board is responsible for ensuring that the compliance program is effective. OIG clarifies that, the United States Sentencing Commission’s Guidelines2 require that an entity’s “governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”
In addition, the Caremark decision (698 A.2d 959, 970; Del. Ch. 1996) established that Corporate boards have a fiduciary duty of care, which requires that boards assure that “information and reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information to allow management and the board, each within its scope, to reach informed judgments concerning the corporation’s compliance with the law…”
In many organizations, the board will assign the detailed oversight of the compliance program to a board sub-committee such as a Compliance and Audit sub-committee. In some OIG Corporate Integrity Agreements, organizations are required to have an independent compliance expert on the board.
Like members of the compliance committee, board members should receive training in their compliance program oversight duties. An excellent resource for board members is the OIG’s document, “Practical Guidance for Health Care Boards on Compliance Oversight.”3 A helpful tip among the many guidelines in this document is the suggestion of scheduling regular executive sessions between the board and compliance officer. Regular executive sessions create “a continuous expectation of open dialogue, rather than calling such a session only when a problem arises, and is helpful to avoid suspicion among management about why a special executive session is being called.”
In addition to meeting regularly with the compliance officer, the board should also have oversight of the compliance committee. At a high level, the board should ensure that: (1) the Compliance Committee fully understands and exercises its role, (2) the Compliance Committee’s decisions and activities are appropriately implemented and performed, and (3) the board understands and evaluates how the Compliance Committee addresses risk.
Conclusion
Without effective compliance leadership, it is unlikely that any compliance program will be successful. As one of the seven elements of an effective compliance program, compliance leadership and oversight consist of a strong compliance officer, an effective compliance committee and appropriate oversight by the organization’s government board. The OIG’s GCPG is an excellent starting point for learning more about the expectations of compliance leadership and oversight.
1 - https://oig.hhs.gov/compliance/general-compliance-program-guidance/
To download this blog post as a pdf, click the button below.
Questions or Comments?