Health care providers, suppliers and manufacturers continue to face significant government enforcement activity as a result of increased government funding and greater coordination among government agencies for fighting fraud, waste and abuse. The Department of Justice recently announced that it recovered $5.6 billion in civil and criminal fraud investigations in fiscal year 2011 and that nearly $6.5 billion has been recovered since January 2009 from fraud involving the federal health care programs.
There is a renewed demand by government enforcers that health care companies implement compliance programs.[1] Government enforcers also have taken steps to increase enforcement activity against individuals who participate in the misconduct of the company.
Health care companies must respond to this growing governmental pressure with the development, implementation and execution of an effective corporate compliance program. This article provides an overview of some better industry practices designed to enhance the effectiveness of a corporate compliance program.
Increased Compliance Role for Boards of Directors
Recent corporate integrity agreements (CIA) between health care companies and the Department of Health and Human Services Office of Inspector General (OIG) to settle government investigations mandate oversight of the corporate compliance program by a company’s Board of Directors (BoD).
Health care providers, suppliers and manufacturers increasingly understand the importance of educating members of the BoD on fraud, waste and abuse; enforcement activity, including individual liability; and industry compliance trends. It also is critical that the BoD establish a compliance committee to oversee the operations of the corporate compliance program. With these education and oversight tools, the BoD can assist with fostering a corporate culture of compliance.
Management Responsibilities Related to Compliance
Health care companies also are building a compliance infrastructure that includes company management. Specifically, health care companies are incorporating specific compliance oversight responsibilities into management job descriptions and assessing these responsibilities as part of the employee’s overall evaluation.
Some companies have taken the additional step of adopting from recent CIAs the requirement that management regularly certify that their department is in compliance with the company’s policies, procedures and other compliance mandates. If successfully implemented, these tools ensure that compliance is part of the daily responsibilities of company employees.
Encourage Internal Reporting
The government continues to encourage individuals to report fraud, waste and abuse by implementing stronger protections from retaliation and rewarding whistleblowers for such reports.[2] Health care companies should consider similar methods to increase internal reporting of potential issues and innovative methods to reward internal whistleblowers. This should include, by way of example, a stringent nonretaliation policy.
Focused Monitoring & Auditing
Monitoring and auditing have long been staples of a corporate compliance program. Compliance and audit departments of health care companies are shifting their resources to ensure that monitoring and auditing activities are robust and effective at detecting and correcting potential noncompliance. This includes identifying and focusing on specific, high risk activities identified from public sources, such as settlement agreements, CIAs, securities filings, government work plans and public announcements regarding government enforcement activity.
Internal Data Mining and Transactions Reviews
Effective corporate compliance programs increasingly include robust internal data mining and transactions reviews to proactively identify and address potential compliance issues. Similar to monitoring and auditing, internal data mining and transactions reviews should focus on specific high-risk activity that could expose the health care company to government enforcement activity.
Health care companies must be prepared to address identified issues and voluntarily disclose them to appropriate government agencies when warranted. Relevant policies and procedures should be implemented in advance so that health care companies can act quickly when the need arises.
Vendor Management and Exercising Audit Rights
Health care companies engage a wide variety of vendors for services, including certain high-risk activities. These vendor activities should be subject to the same monitoring, auditing, data mining and transaction reviews as other high-risk activities conducted by the company. It is imperative that there is routine oversight of the vendor relationship to ensure that the vendor is conducting its business in a compliant manner. This oversight should include training by the health care company to ensure that the vendor and its employees are aware of the company’s expectations related to compliance.
Further, health care companies should consider exercising audit rights to evaluate the vendor’s business operations and infrastructure, including policies, procedures and employee training related to compliance. Any identified issues should be addressed promptly and further evaluated by the health care company to ensure an appropriate resolution.
Conclusion
Federal and state enforcement authorities have powerful and wide-ranging enforcement tools available to fight fraud, waste and abuse. It is imperative that compliance departments of health care companies respond with compliance tools designed to foster corporate compliance, detect potential issues and respond accordingly.
**********
About the Authors
George B. Breen is a partner in the Health Care and Life Sciences and Litigation Practices of Epstein Becker Green. He serves on the Steering Committee of the firm’s National Health Care and Life Sciences Practice and co-chairs its Litigation and Government Investigations practice group.
Sarah K. Giesting is an associate in the Health Care and Life Sciences Practice of Epstein Becker Green. Her practice focuses on government investigations and compliance and regulatory counseling for the pharmaceutical, medical device and biotechnology industries.
PDF 
