Corporate entities, like individuals, are subject to a wide variety of legal rules and requirements. At a very basic level, the term corporate compliance simply refers to the process that a corporation follows to ensure that it is following all of the laws that apply to its operations. Corporate compliance for healthcare means meeting the statutory and regulatory requirements set out for particular activities in the provision of healthcare. See Office of the Inspector General, Health and Human Services and American Health Lawyers Association, Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors, available at www.oig.hhs.gov/fraud/docs/complianceguidance/040203CorpRespRsceGuide.pdf.
Historically, the importance of complying with the law stemmed from the need to protect the company from direct civil or criminal liability that could result from the failure to follow specific legal rules. To that end, in 1991, the U.S. Sentencing Commission released Chapter 8 of the Federal Sentencing Guidelines (Sentencing Guidelines) establishing sentencing policies and practices for corporations. U.S. Sentencing Guidelines Manual §8 (2005). Chapter 8 of the Sentencing Guidelines contains provisions that lessen an entity’s culpability score if the entity can demonstrate that it had an “effective compliance and ethics program.” U.S. Sentencing Guidelines Manual §8C2.5(f) (2005). Corporate compliance for hospitals and other health care providers emerged as a key issue in the mid 1990’s as the government rolled out aggressive efforts to enforce healthcare fraud and abuse laws. More recently, compliance has evolved into a more integrated and necessary business strategy with a focus on maintaining the company’s status as a good corporate citizen. This emphasis and new standard has caused many companies to formalize a corporate compliance program and to create a corporate compliance officer position whose primary role is to maintain and monitor the company’s state of compliance.
The law for corporations comes in many forms: federal laws, state laws, agency law, industry standards, and court opinions. Health and Human Services, Office of the Inspector General and American Health Lawyers Association, Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors, available at www.oig.hhs.gov/fraud/docs/complianceguidance/040203CorpRespRsceGuide.pdf.
Specific sources of compliance authority include:
· Federal Sentencing Guidelines
· Sarbanes-Oxley Act of 2002
· State Law
· Federal Register
· See also wiki article on Research Compliance.
The OIG has been instrumental in providing guidance to the healthcare industry on corporate compliance. Much of this guidance has been directed at specific segments of the healthcare industry. David E. Matyas and Carrie Valiant, Legal Issues in Healthcare Fraud and Abuse: Navigating the Uncertainties 315 (3d ed. 2006). From 1998-2008, the OIG has issued 14 guidance statements related to corporate compliance. See Health and Human Services, Office of the Inspector General, Compliance Guidance¸ available at http://oig.hhs.gov/fraud/complianceguidance.asp. Specifically, the OIG has issued compliance program guidance for hospitals, home health agencies, clinical laboratories, third-party medical billing companies, durable medical equipment prosthetics, orthotics, and supply organizations, hospices, Medicare+Choice organizations, nursing facilities, individual and small group physician practices, ambulance suppliers, pharmaceutical manufacturers, and recipients of HHS research grants. Id.
See also wiki article "Office of the Inspector General (OIG) Advisory Opinions"
In addition to OIG guidance, there exists other government guidance that provides supplemental information regarding effective compliance programs. This additional guidance includes:
· GAO Report – Early Evidence of Compliance Program Effectiveness Is Inconclusive (1999), available at http://www.gao.gov/archive/1999/he99059.pdf
· OIG/HCCA Roundtables and Reports – Building a Partnership of Effective Compliance, available online at http://www.oig.hhs.gov/fraud/docs/complianceguidance/roundtable.htm
· OIG/AHLA Reports – (1) A Resource for Health Care Boards of Directors, available online at http://www.oig.hhs.gov/fraud/docs/complianceguidance/040203CorpRespRsceGuide.pdf and (2) An Integrated Approach to Corporate Compliance: A Resource for Health Care Organization Boards of Directors, available online at http://oig.hhs.gov/fraud/docs/complianceguidance/Tab%204E%20Appendx-Final.pdf
· CMS Guidance.
The Federal Sentencing Guidelines and various agency issuances provide guidelines as to the elements that make up effective corporate compliance program. These elements include:
· Standards and procedures;
· Descriptions regarding the roles and reporting relationships of personnel;
· Procedures for background checks of employees;
· Training programs and schedules;
· Procedures for monitoring, auditing, and evaluating the compliance program;
· Reporting structures and systems;
· Disciplinary and corrective action procedures; and
· Documentation requirements.
(See David E. Matyas and Carrie Valiant, Legal Issues in Healthcare Fraud and Abuse: Navigating the Uncertainties 324-36 (3d ed. 2006).
The government’s imposition of corporate compliance programs on healthcare facilities as part of settlements in fraud investigations, and its release of a number of Model Compliance Guidance for different types of providers prompted the voluntary implementation of formal compliance programs by the vast majority of health care organizations. As a result, compliance efforts in healthcare are closely linked with the subject of fraud and abuse, even though an effective compliance program is much broader in scope and covers many other types of legislative requirements and prohibitions. Accordingly, to be most effective, compliance efforts should be directed at establishing a culture within the organization that promotes prevention, detection and resolution of all instances of conduct that does not conform to federal and state law, private health plan requirements, and the organization’s ethical and business policies.