On March 27, 2017, the Office of Inspector General for the U.S. Department of Health and Human Services (“OIG”) issued a resource guide to assist health care organizations in assessing the effectiveness of their compliance programs (“Resource Guide”). OIG developed the Resource Guide in collaboration with 30 health care compliance professionals through a collaborative effort with the Health Care Compliance Association (“HCCA”). While health care organizations have long been encouraged to measure the effectiveness of their compliance programs, the Resource Guide represents OIG’s first substantial statement on how to conduct these effectiveness reviews. The Resource Guide is available here.
For decades, OIG has encouraged health care organizations to establish a compliance program that meets seven specific criteria, which are commonly called the “seven elements” of an effective compliance program. The seven elements range from the designation of a compliance officer and establishment of a compliance committee to ensuring the organization applies its disciplinary procedures consistently across the organization. In the event that compliance issues do occur, the existence of an effective compliance program can help mitigate the effects of the conduct and prevent future similar conduct in numerous ways, including, but not limited to, ensuring appropriate internal investigations and corrective action are undertaken, encouraging improvements in applicable policies and procedures, providing additional employee education and training and making clear to employees that the organization is committed to compliance and it is the way the organization does business. In addition, under the U.S. Sentencing Guidelines, if an organization comes under investigation by OIG or the U.S. Department of Justice (“DOJ”), it can receive cooperation credit if it has implemented an effective compliance program. While regular effectiveness reviews are commonly considered an “eighth element” of an effective compliance program, OIG has, until now, provided little guidance on how to perform these reviews.
Content of Resource Guide
The Resource Guide contains a long list of questions that compliance professionals can use to help identify “what” and “how” to measure the effectiveness of their organizations’ compliance programs. The Resource Guide is not intended as a prescriptive set of instructions or as a checklist. Instead, OIG suggests that the utility of any one measure depends on the organization’s needs and recommends that organizations select a smaller number of measures that are practical and pertinent to their effectiveness reviews in any given year. Importantly, when the Resource Guide was released, Inspector General Daniel Levinson acknowledged that, while the totality of the Resource Guide may be overwhelming, each incremental improvement to an organization’s compliance program review process can greatly impact the effectiveness of the program as a whole.
The seven key areas identified in the Resource Guide and a high-level overview of the questions asked within each of these key areas follows.
- Standards, policies and procedures. The questions in this section will help organizations determine whether their compliance policies are accessible, and actually accessed, by affected individuals. They also ask whether policies are high quality documents developed with the input of key stakeholders and whether they are reviewed at appropriate intervals. Importantly, the questions will also help organizations determine whether they have adopted a Code of Conduct that is comprehensible and relevant to all affected individuals and whether a formal compliance plan has been adopted and appropriately updated.
- Compliance program administration. This section focuses on whether the compliance program is administered in a way that is appropriate for the size and scope of the organization. The questions will help organizations determine whether their governing bodies are actively aware of the compliance program and whether the governing body promotes a culture of compliance across the organization. Additionally, this section asks whether the compliance program is appropriately resourced, whether the compliance officer has other operational responsibilities and whether the compliance officer’s reporting structure is independent from other operations functions. Other questions focus on whether compliance is included in all employees’ performance evaluations, whether regular and appropriate risk assessments are conducted and whether the role of legal counsel is appropriately defined.
- Screening and evaluation of employees, physicians, vendors and other agents. The questions in this section focus on whether all employees and vendors are screened prior to their engagement, whether the organization has designated one person or office as being responsible for performing checks of the OIG Exclusion List and other government sanctions lists and whether the organization has a plan for responding to exclusions. They also ask whether the organization has processes in place to identify and disclose conflicts of interest and whether employees and vendors receive appropriate education on conflicts of interest. These questions emphasize that the organization should be cognizant of their obligations with respect to vendors as well as employees.
- Communication, education and training on compliance issues. This section focuses on whether the compliance program has established appropriate lines of communication throughout the organization. The questions will help organizations assess whether their training programs are accessible to all employees and whether they are written in a way that is comprehensible to all affected employees. Additionally, the questions ask whether the organization engages in targeted training for high-risk employees, whether participation in these training sessions is tracked and whether employees are held accountable for any lack of participation.
- Monitoring, auditing and internal reporting systems. The questions in this section focus on whether the compliance program has established means of gathering information regarding incidents of non-compliance. These methods include the establishment of confidential reporting mechanisms such as a hotline and audits conducted internally and by outside experts. Furthermore, the questions in this area prompt the organization to monitor how it responds to these reports. These questions also ask whether the organization has created its own work plan and whether the work plan has appropriately guided the compliance program’s auditing and monitoring activities. This section also asks how the organization responds to audits (i.e., whether management is kept appropriately informed of their results and if effective corrective action plans are developed and followed). This section emphasizes that auditors themselves must be independent and that if the auditors have other operational responsibilities, they should be independently audited.
- Discipline for non-compliance. This section focuses on whether the organization’s policies on corrective action are fair and are followed consistently throughout the organization. They prompt the organization to assess whether appropriate parties are engaged in the corrective action process and whether its corrective action procedures are appropriately thorough. The questions will help organizations assess whether their employees and associates are aware of the corrective action procedures and whether incentive and promotion criteria are appropriately aligned with compliance concerns. Finally, this section helps organizations assess whether appropriate documentation is being maintained throughout the corrective action process.
- Investigations and remedial measures. The questions in this section will help organizations assess whether they respond appropriately to compliance concerns that are reported. Organizations are prompted to evaluate their guidelines on conducting investigations and determine whether investigations are consistently conducted by appropriately trained, independent investigators, and whether those investigators document their actions. These questions also assist organizations in determining whether their investigations lead to appropriate responses, including corrective action plans based on a root cause analysis, and whether the organization follows through on its corrective action plans. Finally, these questions will help organizations determine whether their third-party agreements obligate vendors to cooperate in investigations.
The Resource Guide reemphasizes the federal government’s expectation that health care organizations have effective compliance programs through which they identify areas of risk, reduce the likelihood of infractions through training and policy development and appropriately respond to issues as they arise. It is important to note that the Resource Guide is not intended to be applicable to any individual health care organization in its totality. Instead, it is presented as a list of questions related to the elements of effectiveness that compliance professionals can use as needed in assessing their own compliance program.
By utilizing appropriate questions posed by the Resource Guide, organizations will be in a better position to demonstrate that their compliance programs are effective in meeting their goals. In the event of a government investigation, organizations with compliance programs are only eligible to receive cooperation credit under the U.S. Sentencing Guidelines if their compliance programs are effective. OIG’s investigators and attorneys may use the Resource Guide as a tool for assessing the effectiveness of an organization’s compliance program. Because of this, organizations are advised to utilize the questions outlined in the Resource Guide when developing their effectiveness review plans. In doing so, they will increase the likelihood of identifying infractions early and mitigating penalties in the event that problems that do arise.
In addition to using the Resource Guide, organizations can look to guidance recently released by the DOJ, which gives further substance to the operational inquiries that DOJ and OIG investigators are likely to make during an investigation. Hall Render summarized the DOJ’s guidance here. Taken together, these two documents provide a strong framework for evaluating the effectiveness of an organization’s compliance program.
If you would like assistance assessing the effectiveness of your organization’s compliance program, or if you have any questions regarding the Resource Guide, please contact:
- Scott W. Taebel at (414) 721-0445 or email@example.com;
- Katherine A. Kuchan at (414) 721-0479 or firstname.lastname@example.org;
- Leia C. Olsen at (414) 721-0466 or email@example.com;
- T. James Junger at (414) 721-0922 or firstname.lastname@example.org; or
- Your regular Hall Render attorney.