Each and every healthcare organization, whether or not it accepts reimbursement from government payors, must have in place regulatory compliance measures designed to protect the population it serves, and the persons paying for and providing those services. All levels of a healthcare organization must be cognizant of their roles in the organization’s continuing commitment to compliance. Even Board members, who often do not experience the inner-workings of the entities they represent, have an obligation and duty to the organization to act in a manner that stressed compliance. Applicable federal and state laws, how they apply to an organization, and how the organization reacts to its obligations imposed by those laws, must be of paramount importance to a governing board.
The OIG compliance guidance for healthcare boards tracks 4 areas over which boards should have specific oversight:
1. Relationship between the audit, compliance and legal departments. Your auditors should evaluate external risk and internal controls within your organization. Your compliance team should develop policies and procedures that provide employees with compliance guidance, methods to improve compliance, and ways to determine whether your compliance efforts are working. Your legal advisors advise your organization regarding relevant laws and regulations that govern the organization’s services. Each of these arms should operate independently to carry out their tasks and cooperatively with each other where appropriate. Your Board (or a designated committee of the Board) should be regularly provided with an understanding on how these different units function with themselves, each other, and management, with an eye toward improve and increase the organization’s compliance.
2. Issue reporting within an organization. The Board, or a designated Board committee, should be regularly informed about compliance related activities and information. The Board should be introduced to key personnel responsible for compliance and risk mitigation to create an open dialogue and to encourage reporting. Board members should work with such personnel in order to learn what information is useful in identifying areas of risk, and to identify trends.
3. Identifying areas of risk. The Board should be knowledgeable about areas of risk to which the organization might be vulnerable. For example, billing and collections is a common area of risk to all healthcare providers, but certain types of organizations may have areas of risk that are specific to its purpose. The Board should be informed about each area of risk that the organization is addressing, and should be ever-mindful about enforcement activities or other guidance that might cause the organization to update its compliance plan.
4. Methods to achieve compliance goals and objectives. It is the responsibility of the entire healthcare organization to execute its compliance standards. The Board should consistently assess the compliance-related activities and internal communications of the organizations employees and recommend rewards or disciplinary actions for those employees as appropriate. Organizations are well-served to educate Board members and employees alike regarding legally-required reporting deadlines and similar external measures.
Compliance plans are not just for large hospital systems or nursing communities. Any provider of healthcare services must provide those services within the bounds proscribed by law. The OIG’s guidance does note that an organization’s compliance goals should vary based on the size and complexity of an organization. Larger organizations should have more comprehensive compliance programs. However, small organizations are not absolved of a commitment to compliant and ethical conduct. Your Board members should be educated and involved in your organization’s continuing commitment to compliance.