One Beacon Street
Suite 1320
Boston, MA 02108

T 617.720.5090
F 617.720.5092


One Cedar Street
Suite 300
Providence, RI 02903
T 401.454.0400
F 401.454.0404

April 21, 2015

OIG Releases Compliance And Oversight Guide for Healthcare Boards


The Office of Inspector General (“OIG”) released a first-of-its-kind joint educational resource to help governing boards carry out their compliance plans and oversight obligations. The document is titled “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (the “Guidance”), and is a collaboration between the OIG, the American Health Lawyers Association (“AHLA”), the Association of Healthcare Internal Auditors (“AHIA”), and the Health Care Compliance Association (“HCCA”).

The Guidance is not supposed to be taken as a particular set of standards or as legal or professional advice; instead, it builds upon prior documents released by the OIG and AHLA and provides suggestions on identifying compliance risks. In addition to including processes to identify risk, the Guidance includes tools to improve adherence to program objectives and for effective reporting of board meetings. Specifically, the Guidance addresses issues such as (1) the roles and relationships of an organization’s audit, compliance and legal departments; (2) mechanisms and processes for issue-reporting within the organization; (3) approaches to identifying regulatory risk; and (4) methods of encouraging organization/enterprise-wide accountability for achievement of compliance goals and objectives.

The Guidance suggests that organizations define the relationships, responsibilities, and roles of the organization’s compliance, legal, and audit departments. These relationships, roles, and responsibilities should be defined in the organization’s charter or organizational documents. Boards should evaluate the independence, performance, and adequacy of each function and ensure that while each group is independent, the legal, audit, and compliance groups also collaborate to further the interests of the organization. To aid in achieving these objectives, the Guidance suggests that boards set and enforce expectations with management to ensure that the board members receive particular compliance, legal, and audit information. Regular reporting to the board will increase the board’s ability to properly complete its oversight and compliance obligations and plans.

The Guidance highlighted a number of key areas of concern, including upcoding, billing for medically unnecessary or nonexistent care, and unauthorized disclosure of protected health information. In addition to these key areas of concern, the Guidance notes that there is a push for increased transparency. Moreover, the creation of new delivery and reimbursement models has led to an increase in employment and contractual relationships between hospitals and physicians. Boards of health care entities and systems that have a financial relationship with a referral source must scrutinize those referral and compensation arrangements to ensure they comply with the Stark Law and the Anti-Kickback Statute.

To comply with these laws, board members should ensure that the organization’s management is consistently reviewing audit, compliance, and legal risk areas. The Guidance recommends monitoring industry trends and ensuring systems and processes are in place for the organization to timely monitor and comply with any regulatory changes in relevant laws. The board should also assess its own processes and functions when a competitor or similar organization has been found to be non-compliant.

The Guidance reminds boards that compliance is system-wide and not only a function of the organization’s legal, audit, or compliance departments. To instill this system-wide approach, boards may assess employee performance in adhering to compliance. This can be done at the individual, department, or facility levels. The results of these assessments can be linked to the provision or withholding of employee incentives, such as time off, merit increases, and bonuses.

Finally, the Guidance recommends that board members make every effort to increase their knowledge of applicable and emerging regulatory trends and risks – as well as the role of the organization’s compliance, legal, and audit programs to mitigate those risks. Boards are encouraged to use the many publicly-available compliance resources as benchmarks, including the Federal Sentencing Guidelines, the OIG’s voluntary compliance program guidance documents, and OIG Corporate Integrity Agreements. These documents can be used to develop internal organization systems, processes, and controls. The Guidance notes that although smaller organizations may have fewer resources, they are required to maintain and demonstrate the same level of commitment to compliance. However, for smaller, less complex organizations, this may be done with less formality and resources than would be expected for larger, more complex organizations.

Those interested in reading the Guidance can find it here.

About the Authors

Paul Barrett

Paul Barrett is managing partner and Chair of the firm’s Health Law group. He provides corporate legal counsel to healthcare clients. You can find him on LinkedIn.

Jeffrey Chase-Lubitz

Jeffrey Chase-Lubitz is a partner and head of the firm’s Providence office. He provides strategic guidance and corporate legal counsel to healthcare clients. You can find him on LinkedIn.


Health Law