A 2015 report from The Office of Inspector General (OIG), Department of Health and Human Services, entitled “Practical Guidance for Health Care Governing Boards on Compliance Oversight” provides an excellent roadmap for today’s compliance function when thinking about how to structure a compliance committee for your board and a board’s obligations.
It is a great guide for CCOs to follow and lays out some best practices that the Man From FCPA highly recommends. As an introduction, the OIG guidance states that a board must act in good faith around its obligations regarding compliance and sets out four areas of board oversight and review of a compliance function; “(1) roles of, and relationships between, the organization’s audit, compliance, and legal departments; (2) mechanism and process for issue-reporting within an organization; (3) approach to identifying regulatory risk; and (4) methods of encouraging enterprise-wide accountability for achievement of compliance goals and objectives.”
A board must ensure the CCO and compliance function have resources to fulfill their assigned role within an organization and access to the board. The board should evaluate and discuss how management works together to address risk, including the role of each in:
identifying compliance risks,
investigating compliance risks and avoiding duplication of effort,
identifying and implementing appropriate corrective actions and decision making, and
communicating between the various functions throughout the process.
A key component of board oversight is through the flow of information. Reports can come to the board via a variety of reporting mechanisms; regular board meetings, special executive sessions where the board meets with the CCO or compliance leadership outside of the presence of senior management and ad hoc communications from the CCO.
A board also needs to have regular reports on the risks that any organization may face and mandate that the company’s compliance function have the proper tools in place to facilitate compliance reporting internally.
The 2015 OIG guidance is not only an excellent review for compliance professionals and others in the healthcare industry, but also a good primer for boards in regard to their own duties under a best practices compliance program. The compliance program guidance documents were developed by OIG to encourage the development and use of internal controls to monitor adherence to applicable statutes, regulations, and program requirements.