Health Care / Health Care Litigation Advisory: HHS-OIG Publishes Resource on Compliance Program Effectiveness

On March 27, 2017, the U.S. Department of Health and Human Services, Office of Inspector General (HHS-OIG) announced a 52-page resource guide, Measuring Compliance Program Effectiveness: A Resource Guide, aimed at helping organizations develop effective compliance programs. Inspector General Dan Levinson continued his tradition of announcing important new resources and initiatives at the Health Care Compliance Association’s (HCCA) annual Compliance Institute and collaborating with the HCCA. HHS-OIG and the HCCA developed the resource guide following a January 2017 roundtable that included HHS-OIG staff and compliance professionals from the HCCA.

Developing and implementing an effective compliance program is critical for health care organizations. Ideally, a compliance program will deter inappropriate conduct. But even when noncompliance occurs, a robust and effective compliance program can be highly beneficial by reducing: (1) the likelihood that the government will intervene in a whistleblower action or bring criminal charges; (2) the damage multiplier, monetary penalties or fines if the conduct is identified before the government investigates; and (3) the government’s demand for a comprehensive (and costly) corporate integrity agreement or monitor. But, as underscored by the new HHS-OIG Resource Guide, developing an appropriate and cost-effective compliance program can be challenging—what works for one organization may be either impractical or unnecessary for another.

The Resource Guide lists more than 400 metrics that organizations can use to evaluate their compliance programs. But HHS-OIG advises that when it comes to compliance, “one size truly does not fit all.” HHS-OIG cautions that using all or even most of the metrics is “impractical and not recommended” and that depending on the organization, even using a “small number” of the metrics could be sufficient. Similarly, some metrics could be used “frequently and others only occasionally,” depending on the organization’s risk areas, size, resources, [and] industry segment.” As a result, HHS-OIG discourages any “attempt to use [the guide] as a standard or a certification.”

The Resource Guide is organized by the well-established seven elements of an effective compliance program. Those categories are further subdivided into more than 70 subcategories. Highlights from each category include:

1. Standards, policies and procedures. The Resource Guide includes 62 metrics that organizations may use to test whether their standards, policies and procedures are adequate, understandable, actually enforced and appropriately assessed and updated.
2. Compliance program administration. There are 68 metrics that organizations may use to assess whether they adequately administer their compliance programs. They include evaluating the involvement of the board of directors, the sufficiency of the compliance plan and the resources allocated to it, use of risk assessments, the effectiveness of the compliance team (including committees, officers and the role of legal counsel) and the organization’s commitment to compliance (including employee incentives and nonretaliation).
3. Screening and evaluation of employees, physicians, vendors and other agents. The Resource Guide includes 40 metrics that organizations may use to test how they evaluate individuals and affiliated entities for possible exclusion, conflicts of interest, their understanding of compliance obligations, licensure and other issues. The metrics also test how organizations respond to issues flagged during evaluations.
4. Communication, education and training on compliance issues. The Resource Guide includes 49 metrics that organizations may use to test whether individuals receive job-appropriate training and to confirm whether training is updated after regulatory changes or compliance failures are identified, the board of directors is adequately trained and the organization fosters a culture of compliance.
5. Monitoring, auditing and internal reporting systems. The Resource Guide includes 77 metrics that organizations may use to evaluate if they have an adequate reporting system to facilitate compliance (including compliance with the 60-day “report and repay” rule), conduct routine risk assessments and audits, and implement corrective action plans after problems are identified.
6. Discipline for noncompliance. The Resource Guide includes 34 metrics that organizations may use to test whether employees understand the consequences for noncompliance, that discipline is fair and consistent, and that past noncompliance is considered when employees (particularly senior executives) are promoted.
7. Investigations and remedial measures. The Resource Guide includes 34 metrics that organizations may use to evaluate how investigations are conducted (e.g., what criteria does the organization use to determine if witnesses need to be interviewed), the independence and competency of investigators, how issues are escalated or results communicated within the organization and how the organization works with the government after receiving a subpoena.

The new Resource Guide builds on recent efforts by HHS-OIG and the Department of Justice (DOJ) to emphasize that it is critical for organizations to have effective compliance programs. That includes HHS-OIG’s April 2015 resource for health care governing boards (issued in collaboration with several industry groups) and the DOJ’s February 2017 guidance for federal prosecutors on how to evaluate compliance programs when considering whether to bring criminal charges against an organization. The DOJ guidance follows its retention in November 2015 of a full-time compliance expert to assist in criminal-charging decisions. These efforts underscore the government’s growing interest in ensuring not only that organizations have a compliance program in place, but that those programs are effectively preventing, detecting and mitigating the impact of noncompliance.

Alston & Bird attorneys have helped many different types of health care organizations assess the effectiveness of their compliance programs. Our collaborative and positive approach to compliance program assessments sets us apart. Whether your organization is a hospital, health system, academic medical center, physician practice, home health or hospice agency, long-term care provider, laboratory, pharmaceutical company or another member of the health care industry, we can assist.

Prudent members of the health care industry will evaluate their compliance programs based on selected elements of this new Resource Guide. Please contact Alston & Bird if you need help evaluating your compliance program or taking it to the next level.