Why Your Board Needs to be Involved in Your Compliance Program

Every compliance officer knows that effective compliance requires the participation of “an entire village.” While some organizations might think that hiring a compliance officer is all an organization needs to maintain compliance, that assumption could not be further from the truth. Having a culture of compliance is every bit as important as having a rockstar compliance officer. A culture of compliance requires everyone, especially the board, to be heavily involved in the compliance program.

For my complete tips on how to get your execs' support of your compliance program, download our free whitepaper, "How to Get Your Execs on Board With Your Compliance," to learn the five areas that can serve as a starting point for your board to begin their effective oversight.

Legal Precedent: The Caremark Decision

The Caremark decision, a landmark legal decision that elaborates upon the many roles and responsibilities of directors of a governing board. The Caremark decision explained a board’s compliance oversight responsibilities.

In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), a shareholder sued the Board of Directors for breach of the fiduciary “duty of care.” This shareholder lawsuit came after a multi-million-dollar settlement regarding kickback payments to physicians and improper billing under federal healthcare programs. Of the principal fiduciary duties of board members, the one duty specifically implicated by corporate compliance programs is the “duty of care.” Essentially, Caremark clarified that a director of a board “has a duty to attempt in good faith to assure that (1) a corporate information and reporting system exists, and (2) this reporting system is adequate to assure the board that appropriate information as to compliance with applicable laws will come to its attention in a timely manner as a matter of ordinary operations.”

Reference: https://oig.hhs.gov/fraud/docs/complianceguidance/040203CorpRespRsceGuide.pdf

Basically, if a board fails to reasonably oversee a compliance program, it could put the organization at risk and potentially expose individual directors on the board to personal liability.

Where Can Your Board Start?

How should a board go about overseeing a compliance program? Here are a few foundational documents to get you started.

1. The Federal Sentencing Guidelines
2. OIG compliance program guidance documents
3. OIG corporate integrity agreements (CIAs).

The OIG Compliance Program Guidance Documents

The OIG compliance program guidance documents provide detailed direction based on the provider type of the organization. Separate documents have been published for the following provider types outlining unique risks as well as compliance principles to help mitigate those risks:

• Hospitals
• Home Health Agencies
• Clinical Laboratories
• Third-Party Billing Companies
• Durable Medical Equipment
• Hospice
• Medicare+ Choice Organizations
• Nursing Facilities
• Physicians
• Ambulance Suppliers
• Pharmaceutical and Device Manufacturers
• Recipients of PHS Research Awards

Corporate Integrity Agreements (CIAs)

CIAs are excellent resources for learning about the OIG’s expectations of a board’s compliance program oversight responsibilities. In some cases, the OIG has required boards to annually certify they are meeting certain compliance oversight expectations. In some CIAs, for example, the OIG required the following annual resolution be submitted by the organization’s governing board:

“The Board of Directors has made a reasonable inquiry into the operations of (organization’s name) Compliance Program including the performance of the Compliance Officer and the Compliance Committee. Based on its inquiry and review, the Board has concluded that, to the best of its knowledge, (organization’s name) has implemented an effective Compliance Program to meet Federal health care program requirements and the obligations of the CIA.”

“If the Board is unable to provide such a conclusion in the resolution, the Board shall include in the resolution a written explanation of the reasons why it is unable to provide the conclusion and the steps it is taking to implement an effective Compliance Program at (organization’s name).”

Even if your organization’s board is not required to submit such a resolution, it’s a great exercise for a board to complete each year. It demonstrates the board’s commitment to the organization’s compliance program. To this point the OIG has stated, “OIG has not required this level of Board involvement in every case, but these provisions demonstrate the importance placed on Board oversight in cases OIG believes reflect serious compliance failures.”

A board cannot avoid its compliance oversight responsibilities by claiming ignorance or bemoaning that it lacks appropriate compliance expertise. Most boards, for example, specifically make sure the board has an independent expert who has financial expertise. Why not do the same by securing a board member who possesses compliance expertise? In some cases, this is exactly what the OIG requires.

For example, the Toumey Hospital CIA required that the “Board shall retain an expert in corporate governance and compliance (Compliance Expert) to assist the Board in fulfilling the responsibilities described in Section III.A.3 of this CIA.

Compliance Expert Obligations:

At a minimum, the Compliance Expert shall:

• “Attend each Board meeting at which the Compliance Officer is scheduled to present;
• be kept apprised of any direct reports that the Compliance Officer otherwise makes to the Board;
• assist the Board in reviewing and assessing Tuomey’s Compliance Program;
• offer recommendations periodically, as appropriate, to improve the effectiveness of Tuomey’s Compliance Program; and
• for the first, third, and fifth Reporting Periods, conduct a comprehensive review of the effectiveness of Tuomey’s Compliance Program and prepare a report describing the results of such review (Compliance Program Review Report). A copy of the Compliance Program Review Report shall be provided to OIG along with the Annual Report for the applicable Reporting Period.”

Though the requirement for a Board level compliance expert is not found in all CIAs, the OIG has stated that, “a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board, or periodically consulting with, an experienced regulatory, compliance, or legal professional. The presence of a professional with health care compliance expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations.”

In short, in order to have an effective compliance program, your organization needs to have a compliance officer, a culture of compliance, and oversight of the compliance program by the governing board.