Skip to content
Regulatory intelligence

Compliance obligations for healthcare boards

Melissa D. Berry  Principal Attorney-Editor, Enterprise Risk Management

Melissa D. Berry  Principal Attorney-Editor, Enterprise Risk Management

At the American Bar Association’s recent 25th Annual National Institute on Health Care Fraud, Assistant Attorney General Leslie R. Caldwell made it clear that the U.S. Department of Justice will look to hold board members and executives responsible for healthcare fraud:

[T]he Strike Force will follow evidence of health care fraud wherever it leads, including into corporate boardrooms and executive suites. The Criminal Division has a long record of holding executives responsible for their criminal wrongdoing in cases involving financial fraud. You should expect to see us building on that record in the field of health care fraud.

AAG Caldwell noted that “[c]ases involving fraud by health care executives are also a high priority for us[.]”

AAG Caldwell’s remarks come less than a month after the U.S. Department of Health and Human Services, Office of Inspector General (OIG) released its Practical Guidance for Health Care Governing Boards on Compliance Oversight (Board Guidance). The Board Guidance, which was developed in collaboration between the Association of Healthcare Internal Auditors (AHIA), the American Health Lawyers Association (AHLA), the Health Care Compliance Association (HCCA) and the OIG, focuses on board “oversight and review of compliance program functions.” Specifically, it addresses the:

  1. roles of, and relationships between, the organization’s audit, compliance, and legal departments
  2. mechanism and process for issue-reporting within an organization
  3. approach to identifying regulatory risk
  4. methods of encouraging enterprise-wide accountability for achievement of compliance goals and objectives

The Board Guidance makes it clear that a board must “act in good faith in the exercise of its oversight responsibility” for a healthcare organization. This includes making sure there is a “corporate information and reporting system” and that this system is adequate to ensure that the board receives “appropriate information relating to compliance with applicable laws” in a timely manner and as a matter of course.

Also, the Board Guidance identifies compliance resources that healthcare boards should be using as benchmarks for their organizations. These resources include the:

  • Federal Sentencing Guidelines, which “offer incentives to organizations to reduce and ultimately eliminate criminal conduct by providing a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program”
  • OIG’s voluntary compliance program guidance, which includes specific compliance guidance for many healthcare providers but can also provide a template for different healthcare organizations
  • OIG Corporate Integrity Agreements (CIAs), which demonstrate the obligations the OIG imposes in civil settlements with healthcare entities so that those entities can avoid exclusion from participation in Medicare, Medicaid or other federal healthcare programs

Additionally, the Board Guidance notes that some CIAs with health systems and hospitals have imposed board-level requirements, such as annual resolutions that detail the activities the board has undertaken to ensure the organization’s compliance with federal healthcare program and CIA requirements. Each member of the board or the designated board committee is required to sign the resolution.

For example, in a CIA the OIG entered into with Extendicare Health Services, Inc. that involved False Claims Act and quality of care allegations, the CIA required Extendicare to create a board committee to “review and provide oversight of matters related to Extendicare’s compliance with the requirements set forth in [the] CIA, Federal health care program requirements, and professionally recognized standards of care.” The board committee was also required to adopt and sign a resolution detailing its compliance-related efforts.

The Board Guidance also discusses how boards for healthcare organizations should evaluate “the scope and adequacy of [their] compliance program in light of the size and complexity of their organizations.” This is consistent with the Sentencing Guidelines and other compliance guidance, which recognize that smaller healthcare organizations may have fewer personnel and resources available to devote to compliance. As a result, the Board Guidance notes that boards of smaller healthcare organizations “may need to become more involved in the organizations’ compliance and ethics efforts than their larger counterparts.”

What this Board Guidance makes clear is that the boards of healthcare organizations must take an active role to ensure their organizations have effective compliance and ethics plans. This includes knowing with certainty that any compliance issues that do arise will be reported to the board in a timely manner.

In an environment where healthcare fraud and abuse enforcement is more intense than ever, boards of directors for healthcare organizations must take an active role in their organizations’ compliance efforts. If not, as evidenced by the remarks of AAG Caldwell, it is quite possible that the DOJ will soon be knocking on the boardroom door.


Learn more

Learn more about Thomson Reuters Risk Management Solutions

Discover more insight by professionals, for professionals in the Know 360 app

  • Facebook
  • Twitter
  • Linkedin
  • Google+
  • Email

More answers