Constant changes within the healthcare industry have created risks and placed governing boards under increasing scrutiny. This makes having compliance officers involved in training governing boards key to reducing risk while improving corporate social responsibility. The Board of Directors is the driving force of the healthcare delivery system. The fiduciary duties of oversight help drive the vision and mission of the organization. It’s those oversight activities that promote an environment of corporate responsibility that protects the healthcare consumers an organization serves. The compliance officer plays a vital role in ensuring the Board and its members have the information necessary to perform their fiduciary duties, including on industry news and standards. Further education and training can be identified by the compliance officer and board following due diligence of the compliance program. Proactive compliance and corrective action measures that support open communication and nonpunitive measures with education and training should lay the foundation for an effective, fiduciary-responsible board.
The Office of Inspector General (OIG) of the U.S. Department of Health & Human Services (HHS) and the American Health Law Association (AHLA) have developed a resource to assist Board directors in carrying out their oversight responsibilities. Typically, corporate stakeholders lay expectations for the board members on what their fiduciary duties are regarding oversight of the organization. The Attorney General is the enforcer who can take action against a board on fiduciary shortcomings. All boards have three fiduciary duties: duty of care, duty of loyalty, and duty of obedience.
Duty of Care
The directors must take care in allocating the right amount of time in the board’s decision-making process. That process includes acting in “good faith with the level of care that an ordinarily prudent person would exercise in like circumstances, and in a manner that they reasonably believe is in the best interest of the corporation.” For example, the board can exercise the duty of care by making inquiries to management in key roles about the topic under review. The board is not expected to know everything; however, directors are expected to seek the advice of key players such as legal counsel, the compliance officer, auditors, and outside advisory councils to make the best decision for the organization. The board also has the responsibility to be educated on high-risk areas and to keep abreast on industry news.
Duty of Loyalty
Board members must put the interests of the organization before their own interests. Board members, along with the appropriate executive team, should establish a written conflicts-of-interest policy. The board must disclose all conflicts of interest and maintain the confidentiality and proprietary information of the organization. In addition, organizations should have a policy related to vendor relationships and acceptance of gifts by directors, officers, and employees. Such policies are to protect the organization from claims of inducement.
Duty of Obedience
The board has a duty of obedience, which means that it needs to understand and follow the organization’s articles of incorporation, bylaws, the exempt status filed with the Internal Revenue Service, and company policies. The board must ensure that the organization is abiding by all applicable laws and regulations and doesn’t engage in illegal or unethical activities. The compliance officer should be aware of the governance requirements and keep a checklist to help the board remain knowledgeable and in compliance.
The compliance officer has a vital role in helping the board understand the state of compliance within the organization. An effective compliance program cannot exist without a strong culture, and that tone starts from the top with the board. Board members rely on key roles within business units to provide relevant information to carry out their fiduciary duty; however, it doesn’t always prevent compliance failures.
A prime example of a compliance failure is the well-known Caremark case in 1996, which makes the board responsible for implementation of a system to gather information on the company’s efforts to prevent and detect fraud and abuse. The case established that the board owes a duty of care and loyalty that requires oversight of the organization’s ethics and compliance program. In the case, the board was sued by a shareholder for breach of the fiduciary duty of care relating to the payment of kickbacks to physicians and improper billing to federal healthcare programs. Did the board ask enough relevant questions, receive and review reporting/analysis from the compliance officer, and did it understand the scope of industry regulations and policies? If the right questions had been asked, foresight had been present, and staff and physicians had compliance education and training, could the lawsuit have been prevented?
According to The Health Care Director’s Compliance Duties: A Continued Focus of Attention and Enforcement, “a Director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the Board concludes is adequate, exists, and that failure to do so under some circumstances, may, in theory at least, render a director liable for losses caused by noncompliance with applicable legal standards.”
The Board is a key contributor to the overall culture of an organization and the status of its compliance program. The board has to set the tone for transparency and open communication where candor is rewarded, not punished. This type of culture needs to trickle down through management to the rank and file. Do directors behave in a way that supports the organization’s mission and vision? To foster a culture with an open-growth mindset, the board must provide the training and certifications that support its responsibilities. Boards should be aware and mindful of how employees act to hit performance goals. Do the goals contribute to behaviors contrary to our ethics and compliance standards? The best way to improve compliance and ethical behavior is to instill a growth mindset where continuous improvement is a driving force of organizational success.
Practical Guidance on Compliance Oversight
In 2015, the OIG, HHS, AHLA, the Association of Healthcare Internal Auditors (AHIA), and HCCA collaborated on the report Practical Guidance for Health Care Governing Boards on Compliance Oversight. It revised a set of guidelines to help healthcare boards successfully execute oversight of their compliance programs. The guidance consists of five key areas that should be reviewed and addressed by all healthcare compliance officers and their boards of directors. They include expectations for board oversight, roles and relationships, reporting to the board, identifying and auditing potential risk areas, and encouraging accountability and compliance. The purpose of these guidelines is to make compliance a responsibility for all levels of management with an enhanced oversight by the board. These key areas identify opportunities for education and training as part of a proactive compliance and recovery process for the boards’ fiduciary duties. It is a common practice for compliance officers to distribute these educational materials to its governing body and to review the guidance with them. The compliance officer should be prepared to address all of the key points addressed in this guidance.