Compliance is near the top of nearly every health care provider’s list of priorities. But what does a robust compliance program really look like? Ty Howard, Partner at Bradley Arant Boult Cummings, offers insight from the DOJ’s recently updated guidance.
On April 30, 2019, the Department of Justice (DOJ) Criminal Division released a new guidance document intended to assist prosecutors in evaluating corporate compliance programs and guide corporations in creating them. Updating a similar prior version from 2017, the new guidance provides an important roadmap for businesses drafting new or reviewing and updating existing compliance plans.
Background for DOJ Action
Several DOJ documents already inform how prosecutors and courts assess a corporation’s compliance program, including the DOJ’s Justice Manual section on “Principles of Federal Prosecution of Business Organizations,” the October 2018 memorandum from Assistant Attorney General Benczkowski entitled, “Selection of Monitors in Criminal Division Matters,” and several other sources. Beyond the DOJ, of course, myriad sources of compliance guidance and best practices exist, particularly in the health care industry. As the DOJ is often the ultimate judge of a compliance program in a civil or criminal enforcement action, the new guidance is an important addition to this body of compliance evaluation tools.
In brief, this newest guidance further elaborates on the aspects of an effective compliance program, organizing itself around three “fundamental questions” a prosecutor should ask in evaluating a corporate compliance program:
- “Is the corporation’s compliance program well designed?”
- “Is the program being applied earnestly and in good faith?” and
- “Does the corporation’s compliance program work?”
The guidance provides detailed analysis and checklists prosecutors might consider with respect to each question and in each case.
The guidance is neither binding law on corporations, nor a “rigid formula” that prosecutors must follow. But it does reveal design and implementation elements that create a strong corporate compliance program in the eyes of the DOJ — critical information for highly regulated industries like health care.
Health care companies should use the guidance to evaluate their own compliance programs and efforts to date. Among the highlights from the new guidance:
- Companies should tailor their compliance programs to their business and unique risk areas. In this respect, the guidance notes that the “starting point for a prosecutor’s evaluation” of a compliance program is to “understand the company’s business from a commercial perspective; how the company has identified, assessed and defined its risk profile; and the degree to which the program devotes appropriate scrutiny and resources to the spectrum of risks.”
- Companies should develop and maintain a culture of compliance. In this respect, the DOJ considers whether the compliance program is “accessible and applicable to all company employees” and incorporated into day-to-day operations. Tone at the top remains a key consideration, as the guidance recognizes that a “company’s top leaders – the board of directors and executives – set the tone for the rest of the company.”
- Companies should have effective implementation and evaluation measures. “Paper programs” or programs that are never updated will not pass muster.
- Other keys include confidential reporting to foster a workplace free of retaliation; due diligence on third parties like vendors and acquisition targets; and regular tracking monitoring, and measurement of compliance issues.
Overall, this new guidance provides helpful insight to the DOJ’s view of compliance issues and sets a high bar for corporations and officers. Health care companies should review it closely and consider such compliance efforts as preventative medicine in their efforts to avoid costly administrative, civil and even criminal enforcement actions.