View Our Article in PDF×
The Department of Health and Human Services (HHS) Office of Inspector General (OIG) believes that a key factor in determining a compliance program’s effectiveness is how well an organization’s Board has been meeting their fiduciary duties and responsibilities for overseeing compliance. If, during settlement determinations, the OIG finds that the organization has an effective program with proper Board oversight, they may decide that a Corporate Integrity Agreement (CIA) is unnecessary or mitigate CIA terms and conditions. However, if the OIG finds that the program is inadequate, it must require a CIA that includes additional compliance monitoring by the Board. The following four experts offer advice and suggestions on this subject.
Tom Herrmann, JD, is a nationally recognized expert healthcare consultant who has assisted with more than a dozen IRO engagements. He previously served for many years as an OIG executive who oversaw their CIA development and assignment of monitors. Mr. Herrmann explains that the OIG Department of Justice has made clear that it intends to hold executives and the Board responsible for compliance. CIAs now require management certifications and Board resolutions that all CIA requirements have been met and procedures have been implemented to ensure compliance with all applicable laws. These certifications are a “game changer” in that they place a heavier personal burden on Board members, executives, and compliance officers. These mandated certifications in CIAs are serious business and carry heavy penalties. CIAs often include a provision for a stipulated penalty for each day they are out of compliance with deadlines and a $50,000 penalty for each false certification. A false certification could also violate 18 U.S.C. §1001, providing a materially false statement to a federal government agency. Mr. Herrmann advises compliance officers to clearly communicate the risks and consequences for Board members in not meeting their fiduciary compliance obligations.
Carrie Kusserow, MA, CHC, CHPC, CCEP, is another expert who has served as a Compliance Officer, Interim Compliance Officer, and Board Compliance Expert for major health care systems. Ms. Kusserow explains that many new CIAs mandate that Boards engage a Compliance Expert to assist them in meeting their oversight obligations and enable them to sign their resolutions. They should review each annual report of their IRO and Compliance Expert and evidence having made reasonable inquiry regarding its content and acting upon any deficiencies noted. The OIG has made it clear that their decision on whether to include Board mandates or not depends upon whether they find enough compliance oversight by the Board when they begin negotiations with the OIG. The mandate reflects the fact that the OIG generally finds some Boards in need of additional expertise. Ms. Kusserow stresses the importance for Board members to be able to evidence meeting their compliance oversight obligations.
Cornelia Dorfschmid, PhD, MSIS, PMP, CHC, has over 25 years of compliance experience, including serving as a Compliance Officer, Board Compliance Expert, and in leading many IRO engagements. Dr. Dorfschmid suggests that it is advisable to engage Compliance Experts even if not mandated under a CIA, and even more so, if the DOJ or OIG is expressing investigatory interest in the organization. The expert’s compliance review results can be used to brief and empower the Board to evidence their proactive oversight of the compliance program. This can be used as credit in evidencing an active program and identifying opportunities for improvement. Such evidence may assist in preventing the OIG from imposing some of the Board and executive mandates and possibly avoid having a CIA.
Steve Forman, CPA, is another Compliance Expert with over 35 years of experience as a Compliance Officer, Interim Compliance Officer, and Board Compliance Expert. Mr. Forman strongly encourages educating Boards on their fiduciary obligations and the potential consequences of failing to meet this obligation. Sometimes this message can be more effectively delivered by an outside Compliance Expert, but it needs to be delivered and driven home. He further advises that the Board should include a member who is “Compliance Literate” to ask the right questions and assess program effectiveness. A compliance literate person is someone with experience and expertise in corporate compliance. Having this expertise on the Board will enable them to ask the compliance officers the right questions, evaluate the answers, as well as evaluate needs and performance. The inclusion of a compliance literate Board member can go a long way to ensure that the Board is meeting their fiduciary duties and responsibilities.
Connect with Our Compliance ExpertsContact Us Now
Strategic Management compliance consultants have over 40 years of experience providing research, analysis, and program support for privacy and security rule compliance. Call us at (703) 683-9600 or contact us online for a tailored assessment of your organization’s particular needs.