Even the seminal 1998 Publication of the OIG Compliance Program Guidance for Hospitals emphasized that “proper education and training of corporate officers, managers … and the continual retraining of current personnel at all levels are significant elements of an effective compliance program.”[7] Arguably at least, the failure to provide effective targeted education and training to supervisors, managers, directors, and executives is likely to have a negative impact on all other programmatic elements. Having well-crafted and well-designed policies and procedures will have no positive impact on the establishment and maintenance of an ethical corporate culture if leaders are not aware of the policies and how they apply from an operational perspective and if they do not ensure that downline employees understand their application.
Employees will also be unlikely to report observed misconduct if they aren’t regularly informed about the types of issues that should be reported and options for reporting. If reporting through the chain of command is the preferred reporting option and an employee perceives that his or her upline leader is disinterested or fails to act upon a reported concern, the employee’s willingness to report known or suspected issues suffers. Word travels quickly if investigation of a reported concern is not handled in a respectful manner that protects the involved parties. Worse yet, if employees observe a known reporter experiencing retaliation as a result of making a report, knowledge of that outcome will quickly become an embedded obstacle to building a transparent culture where issues are brought forward and acted upon appropriately.
The Yates Memo and Individual Accountability
In September 2015, then-Deputy Attorney General Sally Quillian Yates authored a highly anticipated memorandum, Individual Accountability for Corporate Wrongdoing (commonly referred to as the Yates Memo), to all United States Attorneys. The Yates Memo articulated the position of the DOJ in holding individual actors who are implicated in corporate misconduct liable for those actions taken or directed on behalf of the corporation.[8] The memo established bright-line rules for attorneys within both DOJ’s criminal and civil divisions and outlined steps to pursue culpable individuals with the aims of both (a) recovering improperly and fraudulently obtained governmental monies and (b) serving to deter prospective individual and corporate misconduct and illegal activity.
The policy positions set forth in the Yates Memo, briefly, (a) stated that cooperation credit would only be afforded to a corporation willing and able to offer up “all relevant facts” associated with all individual actors to whom the misconduct is attributable; (b) emphasized close and ongoing collaboration between and among the criminal and civil attorneys performing investigations; (c) established that, absent “extraordinary circumstances,” liability would always be imposed on the individuals responsible for the corporate misconduct; and (d) stated that corporate settlements would not be approved absent a clear path toward contemporaneous resolution of cases against the responsible individuals, regardless of the financial means of the individuals to fulfill any financial fine or penalty.[9]
A speech given by Deputy Attorney General Rod Rosenstein in November 2018 reiterated the DOJ position that holding responsible the individual actors substantially involved in and responsible for corporate misconduct was to remain a central theme within every corporate investigation. Rosenstein’s remarks did, however, set forth a postural softening on certain themes of the Yates Memo which, in practice, appeared to be detrimental to the adequate collection of evidence and timely closure of investigative matters. Chief among the announced Yates Memo modifications in these remarks are that DOJ attorneys were afforded latitude to grant partial cooperation credit, particularly in the civil context and permitting attorneys discretion to consider an individual’s ability to fulfill a judgment when making civil charging decisions.
The Yates Memo and much commentary about it acknowledge the challenges inherent in proving criminal intent on the part of an individual actor and meeting the threshold burden of proof to establish guilt beyond a reasonable doubt. Despite the difficulties of meeting that standard, there is seemingly still no shortage of criminal restitution orders and sentences to federal prison for the unscrupulous actors in our industry.
This paradigm shift in thinking about prosecution of both criminal and civil matters can be both an opportunity and a threat to compliance program effectiveness. It is more important than ever now for compliance professionals to provide initial and ongoing education to new and senior leaders that makes clear the assumption of the risk of liability for personally performed or directed wrongdoing. The concepts are abstract and make training challenging, so using “real world” examples as tools for discussion is often constructive. One such example is the Forest Park Medical Center case in Dallas, Texas. In that matter, as of the date of this writing, 18 individual defendants have been convicted or entered guilty pleas in a kickback scheme wherein the principals of the physician-owned boutique hospital paid surgeons to refer high reimbursement, out of network cases to the facility.[10] Another training tool that some creative compliance professionals use is the hypothetical scenario (or facts redacted from actual cases and settlements). Presenting hypothetical scenarios in a more opened-ended workshop-style session enables the trainees to dig into the facts, opine on likely outcomes, and say which of the participants would be most likely to be charged and sentenced.
At the time of the initial publication of the Yates Memo, there was wide speculation about resultant liability for compliance professionals within organizations where malfeasance is proven. The topic is certainly worthy of consideration for any CCO as, in theory, a CCO can be found individually liable for misconduct where the CCO could potentially have been able to prevent or detect it. Despite some precedent in the financial services and other heavily regulated industry sectors, little precedent currently exists in healthcare for criminal or civil action against a CCO for corporate wrongdoing.
Any CCO having the benefit of an employment contract would be well served by engaging an attorney well-versed on these issues to include appropriate indemnification language to mitigate the risk of personal liability for any misconduct arising which the CCO might, arguably, have been in a position to prevent or at least detect. Additionally, much can be gleaned by a CCO about expectations of federal regulators through the proactive review of any corporate integrity agreement (CIA) imposed on any entity with a similar operational focus. A CCO employed by any healthcare organization entering into a CIA should carefully consider his or her willingness and ability to participate in the certification/attestations that a CIA typically entails on the part of a CCO. These considerations make having a direct reporting line to the Board or board committee responsible for oversight of the compliance program critically important for any CCO. Without the ability to bring corporate misconduct to the direct attention of the board or its designee, CCOs may find themselves in the challenging position of having knowledge of senior leaders participating in, directing, or turning a blind eye to illegal or unethical activity with no viable internal avenue to meaningful obtain a resolution.