Governing boards of health care organizations can greatly benefit from reading a recently released educational document that presents practical tips for board members responsible for overseeing their organizations’ compliance with state and federal laws. 

The resource, “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (the “Guidance”) is the result of teamwork between the U.S. Department of Health and Human Services Office of Inspector General (OIG), the American Health Lawyers Association (AHLA), the Association of Healthcare Internal Auditors (AHIA) and the Health Care Compliance Association (HCCA). It supplements previous guidance documents issued by the OIG and AHLA in 2003, 2004, and 2007 related to oversight by healthcare company boards of directors. 

The Guidance is useful to governing boards of all companies that are subject to health care fraud and abuse laws such as the federal anti-kickback statute, Stark Law, and federal False Claims Act. While the OIG does not define a “health care organization” and much of the guidance appears targeted at health care providers (e.g., health systems, community hospitals, and nursing homes), drug and device manufacturers also may find the document helpful in understanding the active steps OIG expects boards to take in promoting compliance. 

The OIG addresses issues relating to a board’s oversight and review of compliance program functions, including: the roles of, and relationships between, the organization’s audit, compliance and legal functions; the mechanisms and processes for issue-reporting within an organization; the approach to identifying regulatory risks; and methods of encouraging organization-wide accountability for achievement of compliance goals and objectives. 

Identifying roles 

The board plays a key role in defining the responsibilities of and relationships between the internal audit, compliance, legal, human resources, and quality improvement functions within the organization, which should operate independently of healthcare providers and operations management. When developing an effective compliance program the board and senior leadership should describe each department’s role within the compliance program and how they are expected to cooperate and collaborate with one another, creating accountability and responsibility among the different compliance team members. Doing so will enable the board to be engaged in its oversight responsibility and informed on the stats of compliance efforts. 

Reporting 

The Guidance recommends that board members set out and enforce expectations for regular reporting of risk mitigation and compliance efforts, reporting separately and independently of one another. The organization should identify individuals who are in the best position to provide relevant information about operational risks. The board and management should work together to identify relevant content and a reporting format, such as a dashboard or scorecard, sufficient and workable for the board’s use. 

Identifying compliance risks 

The Guidance also stresses that a board needs to understand how management defines and identifies compliance risks, particularly in the areas of referral relationships and arrangements, billing and coding, privacy breaches, and quality of care events. The organization should look beyond internal data to external sources of information such as peer information, national benchmarks, and industry developments in reimbursement and quality reporting. 

Encouraging organization-wide accountability 

The board should ensure that compliance is a standard for the entire organization, by assuring that the organization has adopted methods of encouraging consistent, enterprise-wide accountability for measuring and achieving compliance goals and objectives. While recognizing that not all organizations will possess the resources to support the structure in its entirety, the Guidance recommends creating corporate charters to create responsibility among and between the different organizational departments. These charters should address the following functions: compliance, legal, internal audit, human resources, and quality improvement. 

A robust and effective compliance program is crucial to a governing board’s exercise of its fiduciary duty of care. The release of periodic guidance by the OIG and its industry collaborators provides a perfect opportunity for a board to review and improve its processes and ensure that the organization is aligned with the latest recommendations.