Serving as a trustee of a healthcare institution is a way to give back to the community and promote better services. It shouldn't have to result in personal liability for management mistakes. Unfortunately, that sometimes happens in cases involving abuses of antifraud and antikickback laws. That's why board members need all the help they can get to navigate this increasingly difficult terrain.
In October 2002, HHS' inspector general's office approached the American Health Lawyers Association about co-authoring an educational resource for healthcare boards of directors. It would be a primer on the unique compliance obligations of the healthcare sector and include questions that boards could ask managers regarding compliance issues. In the wake of recent corporate governance scandals, the inspector general's office felt that board members in the healthcare arena would benefit from a straightforward explanation of important compliance issues.
The association's board decided to collaborate on the project and appointed members Douglas Hastings and Michael Peregrine-both experts on healthcare corporate governance-to work with the inspector general. The board also brought in a provider representative in Michael Hemsley, general counsel and vice president of corporate compliance at Catholic Health East.
Entitled Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors, the document-available for download at healthlawyers.org and oig.hhs.gov-begins by discussing the need for such a publication:
"As corporate responsibility issues fill the headlines, corporate directors are coming under greater scrutiny. The Sarbanes-Oxley Act, state legislation, agency pronouncements, court cases and scholarly writings offer a myriad of rules, regulations, prohibitions and interpretations in this area."
The expressed purpose of Corporate Responsibility is "to help healthcare organization directors ask knowledgeable and appropriate questions related to healthcare corporate compliance." The resource then provides a brief summary of the fiduciary obligations of healthcare directors, focusing principally on a director's duty of care.
In light of recent events, directors are rightfully asking themselves, "How do I exercise my fiduciary duties to the organization? How will I know if something is going wrong with day-to day operations? How will I know if laws are being violated?" While Corporate Responsibility reassures board members that they do not have an independent duty to "ferret out" wrongdoing, directors are advised to insist on organizational reporting systems that provide them with regular information on compliance. This information should illuminate lapses or breakdowns in the corporation's day-to-day business operations. The document also explains how a director's legal duty of care requires him or her to make reasonable inquiry when suspicions of wrongdoing are or should be aroused.
Directors of healthcare organizations have unique challenges that may be unfamiliar to those who spend their time in other industrial or service sectors. Providers are subject to complex regulations governing the coverage and reimbursement of medical services. These rules are specific to the healthcare industry, and some of them can make actions illegal that in another industry may not violate the law.
Moreover, the government dedicates substantial resources to investigate and prosecute healthcare fraud. Providers may be subject to criminal, civil and administrative sanctions for a range of misconduct including improper billing, participating in schemes to defraud the government, receiving improper payments for referrals and failing to provide services of a quality that meets professionally recognized standards. Corporate Responsibility suggests that directors have some familiarity with these laws and also take steps to make sure that they receive regular reports from management on the organization's compliance with federal rules and laws.
The guidebook then provides boards with 18 questions they may need to ask their managers. These questions are split into five structural and 13 operational inquiries.
The structural questions are designed to explore the board's understanding of the scope of the organization's compliance program. They are easy to understand. For example, the first question is: How is the compliance program structured and who are the key employees responsible for its implementation and operation?
The operational questions help the board periodically evaluate the effectiveness of the organization's compliance program. They focus on the organization's code of conduct and internal controls, the role of the compliance officer, the organization's response to identified risk areas and its strategy for responding to potential violations.
Some of these operational questions include: Has the organization implemented policies and procedures that address compliance risk areas and established internal controls to counter those vulnerabilities? What is the process by which the organization evaluates and responds to suspected compliance violations? What guidelines have been established for reporting compliance violations to the board?
The inspector general's office and the American Health Lawyers Association established a unique partnership in drafting what we hope will be a useful resource for those serving on the boards of healthcare organizations. The document is not formal governmental guidance and is not intended to have the force of law. It is simply a resource that will help those serving on boards carry out a responsibility that has become more complex. By assisting directors in the exercise of their fiduciary duty, we hope that Corporate Responsibility will encourage those who want to give back to their communities by serving on the boards of healthcare organizations.
Lewis Morris is chief counsel of HHS' inspector general's office. James Roosevelt Jr. is president of the American Health Lawyers Association, Washington, and senior vice president and general counsel of Tufts Health Plan, Waltham, Mass.