OIG Issues Compliance Guidelines for Governing Boards

On April 20, 2015, the Office of Inspector General (OIG) of the Department of Health & Human Services issued new compliance guidance for governing boards of hospitals and other health care organizations. The 26-page document, “Practical Guidance for Health Care Boards on Compliance Oversight,” provides the OIG’s perspective on how a board should discharge its duty to assure that the organization has an adequate and effective compliance program.

The document undertakes to provide “practical tips” on how a board can oversee (1) the roles and relationships among audit, compliance and legal departments; (2) the process for issue-reporting within the organization; (3) the approach to identifying regulatory risk; and (4) encouragement of enterprise-wide accountability for compliance.

The practical tips include development of a formal plan to stay abreast of the regulatory landscape through regular regulatory updates by the compliance staff. The OIG also suggests that boards consider adding a board member with compliance expertise. That step, the OIG argues, “sends a strong message about the organization’s commitment to compliance” and also provides a valuable resource to other board members.

Boards should receive compliance and risk-related information on a regular basis, and the information should be presented in a format that is understandable to board members. A dashboard format is often the most effective. Boards should also consider regular executive sessions — i.e., sessions that exclude senior management — with the leaders of the organization’s compliance, legal and audit functions.

Certain regulatory risks are always present for a health care organization. These include patient-referral arrangements, billing issues, privacy breaches and quality-related issues. Other risks arise with changes in laws, regulatory guidance and trends in the industry. The board should assure that a process is in place for making the organization aware of new and developing risks and for monitoring and mitigating them.

The board is responsible for assuring compliance accountability. Rather pointedly, the OIG notes that accountability includes promptly returning Medicare and Medicaid overpayments. Citing the 60-day rule requiring the return of overpayments within 60 days of “identifying” them, the OIG recommends that the board specifically ask management for its policy on identifying and returning overpayments.