Leadership in Health Care
“It’s All About Compliance”
by Sean Weiss, Partner & VP of Compliance
When I start a discussion regarding leadership, health care professionals think I am automatically going to talk about metrics and management style (I’ll leave that to the Ken Hertzes and David Zetters of the world). However, leadership in health care for me is centered on Compliance and whether we are mitigating risk as an organization.
One of the most favorite parts of my job is getting to speak at various conferences to some truly amazing audiences. When I am asked to speak on OIG Compliance, one of the first questions I ask the audience is whether they have a compliance plan. Typically, about half the room will raise their hands. I always ask them to keep their hands raised high and then I ask part II of the question; how many of you believe your compliance plan is effective – at that point 3/4th of those raising their hands put them down and begin to shake their heads no or they kind of squint an eye and move their head side to side like a bobble head. The fact is, less than 20% of medical practices and health care organization have an effective compliance plan in place. Keep in mind I am not speaking about a $99.95 compliance plan in a box that you go in and replace the word PRACTICE with your practice or organization’s name, then print it out stick it into a 3-ring binder and place it on a shelf where it gathers 2-3 inches of dust. This is not the definition of an effective compliance plan.
An effective compliance plan means it’s a living, breathing document that is created based on a culture from within the organization that starts at the top and trickles all the way down. An effective compliance plan means we have a compliance officer or a dedicated person or group of people handling all things compliance in the organization. It means we have standard operating procedures (SOPs) and policies in place to ensure all employees understand what they are to do in all situations. It means we have a mission statement, standards of conduct, open lines of communication, disciplinary actions, and an auditing and monitoring program in place. It also means that we have educated our senior leaders and, if there is a board of directors within the organization, them as well.
In 2015, the Acting Deputy Director Sally Yates created the Yates Memo, which sought to eliminate the Filip Memo and go back to the days of the wild west in government prosecution. The Yates Memo of 2015 sought to erode the de-facto attorney client privilege. Since the Yates Memo was adjusted in December 2018 from its original 2015 form, I am not going to spend a lot of time unpacking it but here are some main points: The Yates Memo identifies six “key steps” to enable DOJ attorneys “to most effectively pursue the individuals responsible for corporate wrongs.”
- First, corporations will be eligible for cooperation credit only if they provide DOJ with “all relevant facts” relating to all individuals responsible for misconduct, regardless of the level of seniority.
- Second, both criminal and civil DOJ investigations should focus on investigating individuals “from the inception of the investigation.”
- Third, criminal and civil DOJ attorneys should be in “routine communication” with each other, including by criminal attorneys notifying civil counterparts “as early as permissible” when conduct giving rise to potential individual civil liability is discovered (and vice versa).
- Fourth, “absent extraordinary circumstances,” DOJ should not agree to a corporate resolution that provides immunity to potentially culpable individuals.
- Fifth, DOJ should have a “clear plan” to resolve open investigations of individuals when the case against the corporation is resolved.
- Finally, civil attorneys should focus on individuals as well, taking into account issues such as accountability and deterrence in addition to the ability to pay.
As mentioned above, December 2018 saw some pull-back of Yates’ intentions. In the new policy, the DOJ will:
- continue to focus on individuals in its white collar investigations;
- end the Yates Memo’s “all or nothing” approach and permit corporations to receive credit for their cooperation if they identify individuals who were significantly involved in or caused the criminal conduct; and
- permit greater flexibility and discretion in awarding cooperation credit in civil cases.
In addition to the Yates Memo, others (Sessions, Granston, and Brand) were released in 2018 but the DOJ continues to follow the Filip Memo and, as a matter of fact, they just released new guidance on “Effectiveness of Compliance Programs” (The full DOJ Document can be found here: https://www.justice.gov/criminal-fraud/page/file/937501/download) There are 3 basic questions that have to be answered by DOJ Prosecutors:
- “Is the corporation’s compliance program well designed?“
- “Is the program being applied earnestly and in good faith?“ In other words, is the program being implemented effectively?
- “Does the corporation’s compliance program work“ in practice?
The new guidance provides greater detail about what prosecutors should look for in compliance programs, including the tone set by top corporate executives, training for staff and the existence of confidential tip lines for employees to report misconduct. “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process,” according to the guidance. “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant federal laws that is accessible and applicable to all company employees.” Prosecutors, according to the guidance, “should also assess whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations.”
Another critical area with regard to compliance effectiveness focuses on Risk Assessments (I refer to this as the 8th step in an effective compliance plan). “Prosecutors may credit the quality and effectiveness of a risk-based compliance program that devotes appropriate attention and resources to high-risk transactions, even if it fails to prevent an infraction in a low-risk area. Prosecutors should therefore consider, as an indicator of risk-tailoring, “revisions to corporate compliance programs in light of lessons learned.”
- Risk Management Process – What methodology has the company used to identify, analyze, and address the particular risks it faces? What information or metrics has the company collected and used to help detect the type of misconduct in question? How have the information or metrics informed the company’s compliance program?
- Risk-Tailored Resource Allocation – Does the company devote a disproportionate amount of time to policing low-risk areas instead of high-risk areas, such as questionable payments to third-party consultants, suspicious trading activity, or excessive discounts to resellers and distributors? Does the company give greater scrutiny, as warranted, to high-risk transactions (for instance, a large-dollar contract with a government agency in a high-risk country) than more modest and routine hospitality and entertainment?
- Updates and Revisions – Is the risk assessment current and subject to periodic review? Have there been any updates to policies and procedures in light of lessons learned? Do these updates account for risks discovered through misconduct or other problems with the compliance program?
Source: JM 9- 28.800.
The last section I will focus on with regard to the changes made is Policies and Procedures. “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process. As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees. As a corollary, prosecutors should also assess whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations.
- Design – What is the company’s process for designing and implementing new policies and procedures, and has that process changed over time? Who has been involved in the design of policies and procedures? Have business units been consulted prior to rolling them out?
- Comprehensiveness – What efforts has the company made to monitor and implement policies and procedures that reflect and deal with the spectrum of risks it faces, including changes to the legal and regulatory landscape?
- Accessibility – How has the company communicated its policies and procedures to all employees and relevant third parties? If the company has foreign subsidiaries, are there linguistic or other barriers to foreign employees’ access?
- Responsibility for Operational Integration – Who has been responsible for integrating policies and procedures? Have they been rolled out in a way that ensures employees’ understanding of the policies? In what specific ways are compliance policies and procedures reinforced through the company’s internal control systems?
- Gatekeepers – What, if any, guidance and training has been provided to key gatekeepers in the control processes (e.g., those with approval authority or certification responsibilities)? Do they know what misconduct to look for? Do they know when and how to escalate concerns?“
Source: JM 9- 28.800.
Without full compliance to regulations established by payors (Federal, State, and Commercial) and government entities such as DOJ, an organization cannot claim effective leadership within. While compliance programs are a lot of work and have costs associated with them, there is also a lot of leniency granted by investigators and prosecutors to those organization able to demonstrate an effective compliance program is in place. Stop tinkering with your compliance program and finally buckle down and do the necessary to ensure your Assets are covered.