OIG and DOJ Provide Tips for Determining Effectiveness of Compliance Programs
Labs have two new compliance tools—from the Department of Justice (DOJ) and the Office of Inspector General (OIG)—focused on evaluating the effectiveness of compliance programs. The DOJ’s resource addresses evaluation of a compliance program in the context of fraud prosecution while the OIG’s tool has a more proactive objective, to measure programs periodically, even when no misconduct or investigation is at issue. Both the OIG and DOJ caution that these resources are not "one-size-fitsall," nor are they meant to be a checklist or standard formula rigidly applied, but instead the elements discussed should be applied on a case-by-case basis. Both resources share similar themes and concerns and demonstrate a faithfulness to the core principles of effective compliance programs first discussed nearly 20 years ago in the OIG’s Compliance Program Guidance for Clinical Laboratories. Here’s a summary of some key takeaways from each of these compliance resources. OIG/HCCA Resource Guide The OIG collaborated with the Health Care Compliance Association to produce a Resource Guide to help organizations evaluate the effectiveness of their compliance programs. This is the latest collaboration with the HCCA aimed at providing compliance assistance to the health care industry. Two years ago, they collaborated on guidance for boards […]
Labs have two new compliance tools—from the Department of Justice (DOJ) and the Office of Inspector General (OIG)—focused on evaluating the effectiveness of compliance programs. The DOJ's resource addresses evaluation of a compliance program in the context of fraud prosecution while the OIG's tool has a more proactive objective, to measure programs periodically, even when no misconduct or investigation is at issue.
Both the OIG and DOJ caution that these resources are not "one-size-fitsall," nor are they meant to be a checklist or standard formula rigidly applied, but instead the elements discussed should be applied on a case-by-case basis. Both resources share similar themes and concerns and demonstrate a faithfulness to the core principles of effective compliance programs first discussed nearly 20 years ago in the OIG's Compliance Program Guidance for Clinical Laboratories.
Here's a summary of some key takeaways from each of these compliance resources.
OIG/HCCA Resource Guide
The OIG collaborated with the Health Care Compliance Association to produce a Resource Guide to help organizations evaluate the effectiveness of their compliance programs. This is the latest collaboration with the HCCA aimed at providing compliance assistance to the health care industry. Two years ago, they collaborated on guidance for boards of directors to assist in ensuring proper oversight of compliance programs. See "OIG & Industry Leaders Collaborate on Guidance Regarding Compliance Oversight" May 1, 2015.
The current Resource Guide is the fruits of a HCCA- OIG Compliance Effectiveness Roundtable held in January 2017 in Washington DC. The roundtable involved compliance professionals, Department of Health and Human Services and Office of Inspector General staff. The "intent of this exercise was to provide a large number of ideas for measuring the various elements of a compliance program," the OIG said in the Guide's introduction. The result was a list that offers "measurement options to a wide range of organizations with diverse size, operational complexity, industry sectors, resources, and compliance programs."
The Guide is organized around seven categories taken from the HCCA's CHC Candidate Handbook: Detailed Content Outline. Within these categories the Guide discusses what and how to measure a compliance program's effectiveness, suggesting steps to take in evaluating the program. Those seven categories are:
- Standards, Policies and Procedures—The Guide suggests periodically reviewing these compliance resources, ensuring they are updated, accessible to and understood by employees and enforced by the administration.
- Compliance Program Administration—Organizations should assure there's adequate staffing and budget for compliance; review oversight committee's goals and functions; verify role and authority of compliance officer, counsel, compliance committee and the governing board and review organizational structure; ensure development of risk assessment plans, internal controls, periodic compliance program reviews and annual compliance work plan.
- Screening and Evaluation of Employees, Physicians, Vendors and other Agents—Ensure job descriptions and performance evaluations include compliance element, verify processes to identify conflicts of interest and background checks of staff and appropriate due diligence for third parties.
- Communication, Education, and Training on Compliance Issues—Make sure compliance updates are communicated throughout the organization and regular training and continuing education is provided and participation tracked.
- Monitoring, Auditing, and Internal Reporting Systems—Develop audit plans and internal reporting mechanisms and measure accessibility and effectiveness, assure that regular monitoring and auditing is performed, verify risks identified in such activities or through internal reporting are responded to/addressed in timely manner and retaliation is not occurring, and review corrective action activities.
- Discipline for Non-Compliance—Ensure consistent and proportionate disciplinary action taken and properly documented.
- Investigations and Remedial Measures—Review corrective action to ensure noncompliance appropriately handled, investigations properly conducted and documented, remedial action taken to prevent future risk, organization appropriately cooperates with government entities, and overpayments are timely refunded.
DOJ Evaluation of Compliance Programs
The DOJ also released a document titled Evaluation of Corporate Compliance Programs discussing the effectiveness of compliance programs— which is one of the so-called "Filip Factors" that federal prosecutors use when considering prosecution of a business. The document instructs that prosecutors consider those factors "in conducting an investigation of a corporate entity, determining whether to bring charges, and negotiating plea or other agreements."
The DOJ said it doesn't "use any rigid formula to assess the effectiveness of corporate compliance programs" and instead makes "individualized determination[ s]." However, there are "common questions" to be asked about compliance programs and this new document "provides some important topics and sample questions that the Fraud Section has frequently found relevant in evaluating a corporate compliance program." The document's topics and questions are also described as related to topics in the US Sentencing Guidelines and other criminal prosecution/fraud section guidance documents.
The document addresses 11 topics with specific questions to ask under each topic. The DOJ notes that not every question will be applicable in every case and this isn't a checklist or a formula. However, these topics and questions provide valuable insight for organizations to use in proactively evaluating the effectiveness of their compliance programs. Here are some takeaways gleaned from a review of the document's 11 topics and related questions:
- Analysis and remediation of misconduct: The government is concerned with whether organizations seek to find the root cause of misconduct and whether systemic issues were involved. Additionally, it's important to consider whether the misconduct could have been prevented, whether the company shouldn't have known about the misconduct due to audits, internal reporting or investigations and if so, why it wasn't caught earlier. Most importantly, what does the company plan to do after the misconduct is discovered—how will it make sure it doesn't happen again?
- Management: Following the often-discussed "tone-at-the-top" theme, the document focuses on whether senior leaders "encouraged or discouraged" misconduct and "modelled proper behavior." How does leadership communicate a commitment to compliance? The board of directors' resources and access to compliance expertise, use of eternal auditors, communication with compliance team and their oversight activities are all key concerns.
- Compliance resources and autonomy of compliance personnel: How does the company value its compliance functions? Does a company pay as much attention and devote the resources to compliance activities and the compliance team as it does to other functions? The government is also concerned about whether resources are commensurate with risk of the organization and whether compliance team requests for resources have been met. The importance of compliance to "strategic and operational decisions" is also analyzed. The questions asked reinforce guidance included in other compliance resources that recommend the compliance team have direct reporting capability to the board of directors, meet directly with the board and have independence so they can adequately perform their function without influence from management. The questions probe whether compliance functions have reported concerns, and whether deals or transactions have been stopped or changed due to compliance team's expressed concerns.
- Policies and procedures: The document's questions emphasize the need for policies and procedures that can prevent misconduct and proper communication of these to employees, as well training and oversight of implementation.
- Risk assessment: The questions focus on methods the company uses for detecting risks and misconduct.
- Training and communication: The document expresses government concern about how well-tailored training is to employees based on their roles and risk level and how well the training is designed to be understood and effective.
- Reporting and investigation measures: Relating back to initial topics on risk analysis and investigation, the government is concerned about how well entities collect and use information from compliance reporting resources and whether reports are taken seriously, how an entity responds to compliance reports and investigates reports or actual misconduct, including "[h]ow high up in the company … investigative findings go."
- Discipline and incentives: Compliance programs should incentivize compliance and appropriately discipline non-compliance, including holding managers and supervisors accountable for allowing misconduct to occur.
- Continuous improvement: This section focuses on internal audits, control testing and updated risk assessments, policies and procedures.
- Use of third party management entities: The questions on this topic focus on why companies outsource functions, how they control the relationship with and conduct of the third party and whether due diligence is performed and third party conduct is monitored and disciplined when necessary.
- Compliance in merger and acquisition scenarios: Due diligence is also a key concern in the last item regarding arrangements with other entities and whether such due diligence identifies risk of misconduct. Additionally, companies need to be concerned about how well they integrate compliance into the resulting entities.
Takeaway: Laboratories can benefit from two new compliance tools to evaluate their compliance programs and ensure their effectiveness.
Subscribe to view Essential
Start a Free Trial for immediate access to this article