“If you don't know where you’ve come from, you don't know where you’re going.” —Maya Angelou
Understanding the expectations and operation of current healthcare compliance programs is very difficult without a fundamental grounding in how these programs have evolved over the past three decades. Like many things in life, the history of healthcare compliance is both complex and convoluted, involving multiple stakeholders with differing interests. Although healthcare compliance began as a response to the corporate and healthcare environment and rampant, unchecked fraud, healthcare compliance programs have emerged to become a societal expectation that also gave rise to an entirely new profession.
The Murky Origins of Healthcare Compliance
Pinpointing an exact date compliance programs and the profession came into existence is difficult. Some scholars and practitioners believe the true origin of the compliance program is traceable to the enactment of the Foreign Corrupt Practices Act (FCPA) in 1977. However, the consensus is that the origins of compliance programs date to a series of procurement scandals in the mid-1980s involving the Department of Defense, the Pentagon, and various defense contractors.
Of the various procurement defense department scandals in 1980s, the so-called “spare parts scandal” in 1985 became the major driving force for reform. It was a scandal that captured the attention of both Congress and the public with the revelation of the incredible prices the Pentagon often paid for basic equipment, such as a $435 hammer and the infamous $600 toilet seat. In response to growing public outrage over the abuse of taxpayer funds, President Ronald Reagan appointed the President’s Blue Ribbon Commission on Defense Management to review the situation and recommend reforms.
The Packard Commission, as the group was more informally known, issued an interim report in February 1986. For compliance history, the crucial recommendation by the Blue Ribbon Commission was that:
To assure that their houses are in order, defense contractors must promulgate and vigilantly enforce codes of ethics that address the unique problems and procedures incident to defense procurement. They must also develop and implement internal controls to monitor these codes of ethics and sensitive aspects of contract compliance. [emphasis added]
The Blue Ribbon Commission also stressed that “[g]overnment actions should foster contractor self-governance,” urging the Defense Department not to routinely subpoena internal audit materials to avoid discouraging “aggressive self-review.”
In response to the interim report, 18 of the country’s top defense contractors formed the Defense Industry Initiative on Business Ethics and Conduct (DII). Under the leadership of Jack Welch, then-CEO of General Electric, the DII developed five core principles, which 32 defense contractors signed onto by July 1986.
The central tenet of the principles, which still exist, is a commitment to “act honestly in all business dealings with the U.S. government.” To achieve this objective, DII members agreed to:
Establish written codes of business conduct.
Reinforce an ethical culture through communications and training.
Encourage employee reporting of suspected misconduct and prohibit retaliation against reporters.
Share business ethics and compliance best practices.
Transparently and publicly report on individual company progress to establish an ethical culture.
It was the formation of the DII and its principles that set the stage for the next major leap in the evolution of compliance programs.
In the Beginning—The U.S. Federal Sentencing Commission
Prior to the Sentencing Reform Act of 1984, federal district court judges possessed almost unlimited authority to fashion a sentence for criminal defendants within a broad statutorily prescribed minimum and maximum range. Thus, individual judges exercised broad discretion to determine “the various goals of sentencing, the relevant aggravating and mitigating circumstances, and the way in which these factors would be combined in determining a specific sentence.” As a result of this unregulated discretion, the sentences for similar criminal conduct varied dramatically, creating the justifiable perception that the federal sentencing system resulted in “an unjustifiably wide range of sentences [for] offenders convicted of similar crimes.”
With the enactment of the Sentencing Reform Act of 1984, Congress sought to address the apparent inequities caused by discretionary judicial sentencing. Rather than remove all judicial discretion, Congress chose instead to create the independent U.S. Sentencing Commission (the Commission) tasked with establishing “sentencing policies and practices for the Federal criminal justice system.” However, Congress also tasked the Commission with maintaining “sufficient flexibility to permit individualized sentences when warranted by [evaluating individual] mitigating or aggravating factors.” Thus, Congress expressly charged the Commission to pay “particular attention” to “providing certainty and fairness in sentencing and reducing unwarranted sentence disparities.”
To accomplish this purpose, Congress directed the Commission to establish a set of guidelines that federal judges must use for selecting sentences within the prescribed statutory ranges.
As laid out by the Sentencing Reform Act, the Commission’s guidelines needed to consider:
The seriousness of the offense while promoting respect for the law and providing a just punishment.
Whether the punishment would create an adequate deterrence of criminal conduct and protect the public from further crimes of the criminal defendant.
Whether the punishment provides the defendant with educational or vocational training, medical care, or other correctional treatment in the most effective manner.
The primary focus of the Sentencing Reform Act involved sentencing disparities for individual criminal defendants. For example, Congress noted that:
Major white collar criminals often are sentenced to small fines and little or no imprisonment. Unfortunately, this creates the impression that certain offenses are punishable only by a small fine that can be written off as a cost of doing business. 
However, Congress also granted the Commission broad latitude to “include in the guidelines any matters it considers pertinent to satisfy the purposes of sentencing.” Thus, the Sentencing Reform Act also addressed the sentencing of organizations, which are defined as “a person other than an individual.” As the Senate Report outlining the legislative history of the Sentencing Reform Act stated:
Current law...rarely distinguishes between individuals and organizations for sentencing purposes. Thus, present law fails to recognize the usual differences in the financial resources of these two categories of defendants and fails to take into account the greater financial harm to victims and the greater financial gain to the criminal that characterizes offenses typically perpetrated by organizations.
Therefore, it is not surprising that the Commission ultimately addressed the sentencing of organizations, as well as individuals, in its set of guidelines.
Compliance Programs and the Federal Sentencing Guidelines
Although the Commission was organized in late 1985 and published its initial set of guidelines in November 1987, it took until 1991 for the Commission to publish chapter eight of its guidelines—the Federal Sentencing Guidelines for Organizations (FSGO). With the publication of the organizational guidelines and its seven elements of an effective compliance program, healthcare compliance programs were born.
As conceived by the Commission, the new chapter eight was intended as a “mechanical structure [that] determines an appropriate monetary fine through means of a mathematical formula: assigning a dollar figure to the seriousness of the offense and multiplying that number by a figure representing the culpability level of the organization.”
Thus, the Commission employed a carrot-and-stick approach allowing judges to consider a series of aggravating and mitigating factors that they could use to determine the final sentence for an organization (i.e., the culpability score).
Under the FSGO, an organization’s final penalty is calculated using this formula:
Statutory Base Fine x (Aggravating Factors - Mitigating Factors) = Final Fine
Consequently, the intent of the FSGO was not only to “encourage corporations to exemplify ‘good corporate citizenship’ but also provide a means to ‘rehabilitate’ corporations that have engaged in criminal conduct.” The Commission hoped that:
[O]rganizations would come to view this guideline scheme as a powerful financial reason for instituting effective internal compliance programs that, in turn, would minimize the likelihood that the organization would run afoul of the law in the first instance.”
In other words, organizations would implement compliance programs proactively before any illegal activities occurred.
Where an organization could prove it had an effective compliance program in place, the FSGO allowed a three-point reduction in the culpability score if “the offense occurred despite an effective program to prevent and detect violations of law.” Therefore, according to the Commission, “[t]he hallmark of an effective [compliance] program...is that the organization exercises due diligence in seeking to prevent and detect criminal conduct by its employees and other agents.” This statement by the Commission, however, makes clear that compliance programs were never intended as an absolute guarantee that criminal conduct would not occur.
To guide organizations wishing to implement a compliance program, the Commission defined within an application section comment the seven criteria for a compliance program to qualify as “effective” and receive mitigation credits. This comment launched the now famous seven elements of an effective compliance program.
Summarizing the application comment, an effective compliance program requires that an organization:
Appoint someone with sufficient authority in the organization to oversee the compliance program (e.g., a compliance officer).
Develop compliance standards that employees and others working on behalf of the organization can follow to reduce the likelihood of breaking the law (e.g., policies and procedures).
Communicate those compliance standards to employees and others working on behalf of the organization (e.g., training or publications).
Create steps to ensure compliance standards are working as intended (e.g., monitoring and auditing).
Create a mechanism for anyone to report suspected misconduct without retribution (e.g., the hotline) and enforce compliance standards with appropriate sanctions (e.g., discipline).
Avoid granting substantial discretionary authority to anyone the organization knew or should have known would commit illegal activities (e.g., bad actors).
Take the necessary steps to correct any misconduct detected to prevent it from reoccurring (e.g., corrective actions).
These elements, however, were not industry specific, but were intended to apply to all organizations across industries. As the Commission explicitly recognized, any determination of whether an organization’s compliance program was effective required considering several factors, including “the size of the organization,” “the likelihood that certain offenses may occur because of the nature of its business,” and the organization’s prior history.
The mere existence of a program that on paper contains the seven elements does not automatically guarantee that an organization will receive the mitigation credits. Various actions, or inactions, by the organization can invalidate any potential benefits of having a compliance program. For example, the Commission also recognized the importance of industry practices or standards and determined that the failure to apply those practices and standards would weigh against “a finding of an effective program to prevent and detect violations of law.” Other factors that could invalidate the possibility of receiving credit for the compliance program included the participation of high-level company personnel in the misconduct or their willful blindless to its existence.
Defining High-Level Personnel
According to the 1991 version of the FSGO, “high-level personnel” meant “individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization.” Therefore, the term specifically included “a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest.” It also included agents within a business unit who set the policy for or control that business unit.