Practical Guidance for Health Care Governing Boards on Compliance Oversight

A health care governing board has a variety of responsibilities and roles that are key to the compliance program. These responsibilities ensure that the organization can evaluate and, if needed, respond to any issues of inappropriate activity. The Association of Healthcare Internal Auditors (AHIA), the American Health Lawyers Association (AHLA), the Health Care Compliance Association (HCCA), and the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) developed guidance to assist health care governing boards responsibly carry out their compliance plan oversight obligations.

Roles and Responsibilities of the Health Care Governing Boards

A health care governing board should make an effort to increase its knowledge of risks, how the organization handles the identified risks and the flow of reporting to senior management. The board should encourage a level of accountability from everyone as well as assure that the organization complies with relevant laws.

The board should discuss, with the organization’s compliance officer, the format and frequency for reporting. This discussion, among other things, should include what dashboards to use, the balance between too much and too little information, a snapshot of where the organization is in regard to compliance and the timely reporting of suspected violations. There should be open dialogue during regular executive sessions, which will avoid suspicion.

The board’s responsibility in identifying and auditing potential risk areas is to ensure that management and the board have strong processes for identifying risk, both internal and external. This includes   ensuring that management consistently reviews and audits risk areas, as well as develops, implements, and monitors corrective action plans against recent regulatory trends and new regulations to compare data against its peers.

The board should set the tone to encourage accountability and compliance, since compliance is an enterprise-wide responsibility. Employees should have and are responsible for defining and developing incentive goals and objectives that performance can be measured and incentivized against. The board should ask management about its efforts to develop policies and identify returning overpayment with the goal of being proactive in self-disclosing to the government as well as assure there is good communication channels across the organization.

Board Expectations in Relation to the Compliance Program: What are the Right Questions?

Does a Reporting System Exist? Is it Adequate and is it Working?

The OIG stresses that having an effective reporting system is a key compliance element. The board should have a clear understanding of this effective reporting system which should include both internal and external reporting systems. This reporting system includes having the compliance officer discussing these reporting formats with the board and communicating with the board to know what the board wants and needs. The compliance officers should be sure the information is provided to the board in a timely manner.

What Benchmarks are Being Used as Assessment Tools to Measure Compliance Program Effectiveness?

The following tools and resources should be used as guides in developing and measuring compliance program effectiveness. These tools will help organizations to identify potential risk areas.

• Federal Sentencing Guidelines
• Incentives for effectiveness
• OIG’s Voluntary Compliance Program Documents
• Corporate Integrity Agreements (CIA)

Review other similar organization’s compliance programs to compare what may or may not be working. What are they doing differently and what are their results?

Are Annual Resolutions Required by our Board?

Many CIAs require annual board resolutions. Resolutions are signed by board members and/or board committees. The resolution should refer to the oversight of the compliance program. Best practice is to have board members attest to compliance training.

Is the Scope and Adequacy of our Compliance Program Relative to the Size and Complexity of our Organization?

Compliance Programs are not a one size fits all. Guidelines allow for variation, depending on the size and complexity of the organization. The complexity of the organization will dictate the necessary structure of the compliance program. The compliance program of a small organization is usually less complex, includes less formality, fewer resources and the responsibilities are carried out by the available staff. These staff members are usually involved to a greater degree.

What Plan is in Place to Keep the Board Updated on the Regulatory Landscape?

A formal plan should be developed. This plan should include who is going to be responsible for the updates. The compliance officers should attend board meetings. Board members may need to take outside education to develop a better understanding of compliance, industry risk, regulatory requirements and the components of an effective compliance program. Boards should consider appointing a compliance expert.