Compliance Program Training for Your Board of Directors: What You Need to Know

By: Anne Novick Branan

Members of the Board of Directors[1] for health care organizations have important responsibilities related to corporate compliance. Government regulators expect health care Boards to assume greater responsibility to provide oversight for the corporate compliance programs and to promote an ethical culture in their organizations.  Failures in compliance programs that lead to criminal activities or improper billing expose an organization to substantial monetary and criminal penalties and further could expose individual Board members to personal liability.  Health care companies that provide effective education to Board members about their obligations related to the companies’ compliance programs can greatly minimize these potential liabilities.

The federal government’s message to health care providers is quite clear — if an organization deals with federal health care programs, the government expects the organization’s Board to be well educated and involved in the compliance program.  The Office of Inspector General for the Department of Health and Human Services (“OIG”) also made clear in recent corporate integrity agreements (“CIAs”)[2]  and published guidance that the federal government expects organizations to educate the Board members’ about compliance program duties and oversight responsibilities.  A typical CIA provision requiring such training may state:

The training shall address the corporate governance responsibilities of the board members and the responsibilities of board members with respect to review and oversight of the compliance program. Specifically, training shall address the unique responsibilities of the health care board members, including the risks, oversight areas, and strategic approaches to conducting oversight of a health care entity.  This training may be conducted by an outside compliance expert hired by the board and shall include a discussion of the OIG’s guidance on board member responsibilities.

CIAs usually require organizations to provide at least two hours of compliance program training for Board members.

The “OIG’s guidance on board member responsibilities” referred to in the CIA provision above can be found in an OIG publication, “Practical Guidance for Health Care Governing Boards on Compliance Oversight” issued April 20, 2015 (“OIG Guidance”).[3]  The OIG Guidance emphasizes the need for Boards to be fully engaged in the oversight responsibilities and offers practical tips for Boards as they work to effectuate their oversight role of the organizations’ compliance with State and Federal laws.  The critical element of the Board’s responsibility to stay informed on compliance matters is the Board’s obligation to ask the right questions of management to determine the adequacy and effectiveness of the organization’s compliance program.  Without sufficient training on its compliance-related obligations, a Board will be ill equipped to a make the meaningful inquiries of management and effectively exercise its oversight of organizational compliance.

However, how should health care companies provide such training and what should be included in the education? The OIG has stated that compliance program design and operation is not a “one size fits all” issue and that companies should tailor their compliance efforts to the size, complexity and culture of their organizations.[4]  Likewise, for compliance training, the organization should design and execute the training according to the organization’s and its governing body’s needs.

One approach is to provide an initial formal orientation and educational program for all governing body members that covers the key areas for compliance program oversight.   This program can be a part of a Board retreat, executive sessions or provided in regular board meetings.  At least two hours of initial training is advisable, but ongoing follow-up training and education is needed if the Board’s oversight of the compliance function will be effective.  Health care companies may provide the training with internal resources, typically through the organization’s chief compliance officer (“CCO”) or hire a compliance consultant or expert to conduct or assist with the training.

Many health care companies decide to hire a compliance expert to perform the Board education and training and this approach has certain advantages.  First, the OIG favors the use of outside compliance experts in its CIAs and the OIG Guidance, stating

Board members are entitled to rely on the advice of experts in fulfilling their duties.  OIG sometimes requires entities under a CIA to retain an expert in compliance and governance issues to assist the board in fulfilling its responsibilities under the CIA.  Experts can assist Boards and management in a variety of ways, including the identification of risk areas, provision of insight into best practices in governance, or consultation on other substantive or investigative matters.[5]

Using an outside expert can lend additional credibility to the training, especially for discussion involving legal standards for Board decision-making and the complex web of state and federal laws that apply to health care companies.   Health care consultants save the organization and CCO time and money by planning, preparing and performing the training, as well as providing educational materials and answering specific questions from Board members.  Moreover, Board members may feel more comfortable addressing questions with someone outside their organization about their concerns about potential personal liability and their responsibility for compliance.

The content of the initial training and orientation to the Board’s compliance program obligations should include at a minimum the following:

  1. The Board’s fiduciary duties. The training should effectively educate directors as to their various fiduciary duties in connection with the compliance function.  At a minimum, directors should be advised as to the duties of care and good faith dealings, including a duty of reasonable inquiry.[6]
  2. The organization’s compliance program. The Board must be trained on the structure and operation of the company’s compliance program.  According to the OIG Guidance, the Board should ensure that the structure includes, as a key compliance program element, a corporate information and reporting system.[7] Such a system not only keeps Board members informed of the activities of the organization, but also enables an organization to evaluate and respond to issues of potentially illegal or otherwise inappropriate activity.[8]
  3. Laws and regulations relevant to the organization. Companies should develop a formal plan to ensure that their Boards stay abreast of the ever-changing regulatory landscape.  The plan may involve periodic updates from the CCO, or consultants or attendance at industry educational programs. Board education should address legal authorities that generally apply to health care industry, as well as those specific to the organization’s industry segment, such as home health or physician group practices. Board members need to know about the False Claims Act,[9] Stark Law[10] the Federal Anti-Kickback Statute,[11]  the Health Insurance Portability and Accountability Act of 1996 and regulations[12] and other privacy laws, and federal program exclusion screening requirements, as well as applicable state laws that affect compliance.
  4. The Board’s responsibility for promoting a compliant culture within the organization. Training should emphasize the role of the governing body in setting the tone for an organizational culture that fosters integrity and ethical conduct based on overreaching company values.  Board members should understand that they are expected to adhere to the code of conduct and serve as examples of compliant and ethical behavior.    The organization should educate the Board on its obligation to encourage a level of compliance accountability across the organization.

As proof of its effective Board training, organizations are well advised to develop and implement a formal plan for annual training, regular compliance program updates and ongoing education, as well as a system of documenting such training.  Board meeting notices, agendas and minutes are key places to document the training. Recordkeeping should include qualifications for compliance educators and training materials used and distributed in annual training and ongoing education efforts.

In today’s aggressive enforcement climate, the Board members at the helm of health care organizations must be well informed and trained to execute their compliance program oversight responsibilities.  Whether the company chooses to use internal resources for such training or engage a compliance expert, the investment will certainly pay off in a more effective compliance effort and mitigated potential for liability arising from non-compliant conduct.

[1] While we discuss the obligations of “Boards of Directors” of corporations in this article, the obligations apply to the members of governing bodies of any entity operating a health care provider.

[2]   A CIA is an agreement between the OIG and a health care provider that typically settles a fraud investigation and imposes obligations on the provider to develop and implement compliance measures to address the conduct under investigation. See Corporate Integrity Agreements between OIG and Ortho-McNeil-Janssen Pharmaceuticals, Inc. (2010); Synthes, Inc. (2010).

[3] OIG et al., Practical Guidance for Health Care Governing Boards on Compliance Oversight (2015).

[4] OIG, et al., supra note 3 at 3.

[5] OIG, et al., supra note 3 at 5.

[6] In re Caremark Intern, Inc. Derivative Litig., 698 A.2d 959 (De. Ch. 1996); Stone ex rel. AmSouth Bancorporation v. Ritter, 911 A.2d 362 (De. 2006); American Health Lawyers Association, The Health Care Director’s Compliance Duties: A Continued Focus of Attention and Enforcement, 5 (2011).

[7] Such a reporting system may include an anonymous hotline to allow individuals to report suspected non-compliance.

[8] OIG, et al., supra note 3 at 2.

[9] 31 U.S.C. §§ 3729-3733.

[10] 42 U.S.C. § 1395nn.

[11] 42 U.S.C. § 1320a-7b(b).

[12] 45 CFR Parts 160 and 164.

This entry was posted in Anne Novick Branan, Compliance and tagged , , , , , , , . Bookmark the permalink.