Health Care Compliance and Responsibilities of Boards of Directors

Background

In recent years, health care providers have been under increasing scrutiny regarding the establishment and maintenance of an effective health care compliance program. In addition, pursuant to section 4414 of the New York State Public Health Law and New York State regulations at 10 NYCRR 98-1.21, managed care organizations (MCOs) with an enrolled population of 10,000 or more persons in the aggregate in any given year must develop and file a fraud detection and investigation plan with the Commissioner of the Department of Health. While not a traditional compliance plan requirement, these provisions of law require MCOs to develop a self-directed process to detect, investigate and respond to cases involving healthcare fraud and abuse.

For the Medicaid program, pursuant to Section 363-d of the New York State Social Services Law and state regulations at 18 NYCRR Part 521, enrolled providers holding certain licenses or who bill Medicaid in the amount of $500,000 or more in any consecutive twelve-month period are required to develop and maintain an effective compliance program. The requirements of a Medicaid compliance program are set forth in detail and include:

-written procedures

-a designated employee responsible for compliance (compliance officer)

-the provision of ongoing training

-a mechanism to report compliance issues

-disciplinary policies

-a system of identification and self-auditing to identify risk areas

-a system for responding to compliance issues and for self-reporting (including the self-reporting of overpayments to OMIG)

-a policy of non-retaliation for employees who in good faith report compliance issues.

While many providers make a good faith effort to establish a viable compliance program, two focusses of the OMIG relate to a provider's level of commitment to ongoing self-reporting of compliance issues (including overpayments) and ongoing activities necessary to maintain the compliance program such as self-audits and an annual review of the plan's effectiveness. Barclay Damon recently detailed in a Legal Alert the manner in which providers can measure the effectiveness of a compliance plan. Many of these concerns have been identified after reviews by OMIG of provider compliance activity, either standing alone or as part of an audit/investigation. It is essential that all providers perform these on-going compliance activities or risk administrative action.

Recent development - Liability of health care board members

An issue often overlooked by providers is the potential liability of individuals, including corporate board members, for regulatory non-compliance by their organization. This issue applies to both for-profit and not-for-profit entities. On September 9, 2015, Deputy Attorney General Sally Yates issued a memorandum entitled "Individual Accountability for Corporate Wrongdoing" to guide United States Department of Justice (DOJ) Attorneys when handling corporate matters. The memorandum listed requirements pertaining to individual conduct that must be considered by DOJ attorneys in cases involving potential civil or criminal liability by corporations. These requirements include:

-corporate responsibility to provide DOJ with all relevant facts about individuals involved in the corporate activity under investigation,

-a responsibility for DOJ attorneys to also focus on individual conduct during the investigation of the corporation

-a responsibility for DOJ attorneys to identify and include in any potential settlement the conduct and liability of any individual involved in the corporate activity which is under investigation.

Under this directive, all individuals involved in corporate activity including corporate board members need to demonstrate that they are performing meaningful due diligence and that they are actively engaged in the oversight of corporate activities.

An effective method for a board of directors to achieve these goals and minimize the risk of personal liability is to establish separate and meaningful board policies related to compliance. Since the interests of the board members is not necessarily always aligned with the interests and activities of the corporate organization, "piggybacking" on any existing compliance plan may not be viable, depending on the unique situations of each provider, or the Board should ensure that the plan appropriately encompasses Board activities related to compliance. The board policies should include a process for notification to the board of audits, investigations, settlements, self-reporting, breaches of required conduct and the manner in which the corporate entity is maintaining an effective compliance program.

New York has also emphasized the establishment of appropriate conduct for not-for–profit organizations in such bodies of law as the New York Not-for Profit Revitalization Act of 2013, as revised. The law included provisions regarding increased oversight responsibilities of the organization's audit committee and modernizing corporate governance. Barclay Damon previously issued Legal Alerts on these new legal requirements. The increased emphasis by federal and state agencies in regulating both for-profit and not-for-profit organizations has significantly added to the complexity of the overall governing body of law. This development further increases risks to board members and is an added factor in the need for appropriate board member involvement in compliance efforts.