compliance effectiveness 101 · gao report on effectiveness (1999) • “ . . . the lack of an...
Post on 10-Jun-2020
2 Views
Preview:
TRANSCRIPT
Compliance Effectiveness 101
Shawn DeGroot, CHCVP of Corporate Compliance
Regional Health, Rapid City, SD
Steve Ortquist, JD, CHCVP, Ethics & Compliance
Banner Health, Phoenix, AZCI 2005
EFFECTIVE
“producing a decided, decisive, or desired effect . . . capable of producing a result.”
Webster’s Dictionary
What’s Been Said and Done About Effectiveness?
Federal Sentencing Guidelines (1991)“An effective program to prevent and detect
violations of law means a program that has been reasonably designed, implemented, and enforced so that it generally will be effective in preventing and detecting criminal conduct[DESIRED EFFECT]. . . The hallmark of an effective program . . . is that the organization exercised due diligence in seeking to prevent criminal conduct by its employees and other agents. Due diligence requires at a minimum that the organization must have taken the following types of steps: [seven elements are then enumerated]
Federal Sentencing Guidelines: Amendments Chapter Eight §85.21
• Specifies implementation of an effective Compliance & Ethics Program
• Requires an organization to establish and maintain an effective Compliance & Ethics Program to prevent and detect criminal conduct for purposes of mitigating its sentencing culpability for an offense.
• Adopted DOJ, DHHS, SEC, EPA
FOUNDATION FROM OIG
• Fulfillment of seven minimum requirements §8B2.1(b)
• Hallmarks of an effective program are those that encourages compliance with the law and ethical conduct
OIG’s Compliance Program Guidance for Hospitals (1998)
• Effective used 24 times (14 times effective compliance program)
• Desired Effect: “promote adherence to applicable Federal and State law, and the program requirements of Federal, State and private health plans.”
• No specific guidance on how to tell if a program is effective
OIG’s Compliance Program Guidance for Hospitals (1998)
“The existence of benchmarks that demonstrate implementation and achievements are essential to any effective compliance program.”. . . “An effective compliance program should also incorporate periodic (at least annual) reviews of whether the program’s compliance elements have been satisfied, e.g., whether there has been appropriate dissemination of the program’s standards, training, ongoing educational programs . . . This process will verify actual conformance by all departments with the compliance program.”
OIG’s Compliance Program Guidance for Hospitals (1998)
“The OIG believes that every effective compliance program must begin with a formal commitment by the hospital’s government body to include all of the applicable elements listed below . . . we believe that every hospital can implement most of our recommended elements that expand upon the seven steps of the Federal Sentencing Guidelines.”
United States Sentencing Guidelines – Chapter 8
An organization’s failure to incorporate and follow applicable industry practice or the standards called for by an applicable governmental regulation weighs against a finding of an effective compliance and ethics program.
United States Sentencing Guidelines ch. 8, §8B2.1. app. nt. 2.(B).
GAO Report to Congressional Requesters (April 1999)
Report Title:
Early Evidence of Compliance Program Effectiveness is Inconclusive
GAO Report on Effectiveness (1999)
Desired Effect: “The principal measure of a compliance program’s effectiveness is its ability to prevent improper Medicare payments.”
GAO Report on Effectiveness (1999)
• “ . . . the lack of an accepted definition of a compliance program would make any tabulation problematic.”
• “ . . . baseline data on the amount of improper payment made to providers is lacking; and the costs associated with gathering such baseline data—or comparison data for providers without compliance programs—have precluded the use of [prevention of improper Medicare payments as an] effectiveness measure.”
GAO Report on Effectiveness (1999)—OIG Response• “ . . . there appears to be widespread
agreement from both the Government and private sector that compliance programs are indeed effective, i.e., that these programs are worth their cost both to the provider and to the Government programs. Therefore, it may well be that the only inconclusiveness lies with respect to (1) Government and provider experiences in determining the particular elements of compliance programs that demonstrate effectiveness or (2) the difficulty in empirically demonstrating causality.” (emphasis added)
GAO Report on Effectiveness (1999)—OIG ResponseOIG’s List of Objectives and Benefits
[DESIRED EFFECTS]:• Increased employee awareness of laws/rules/risk areas• Creating central source for disbursement of new rules• Facilitating prompt/consistent investigation of
impropriety• Methodology that encourages reporting impropriety• Identifying and preventing misconduct• Demonstrating commitment to proper conduct• Mitigating against bad intent (& reduced sanctions)• Limiting corporate director liability
Eric Holder Memo, Bringing Criminal Charges Against Corporations (June 16, 1999)
“ . . . the critical factors in evaluating any program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives . . . The fundamental questions any prosecutor should ask are: ‘Is the corporation’s compliance program well designed?’ and, ‘Does the corporation’s compliance program work?’ ”
The Compliance Effectiveness Study
• First empirical study of compliance program effectiveness
• Performed as doctoral dissertation by Lori Richardson Pelliccioni at UCLA
• Identified 137 indicators of effective compliance
• Focus of findings: auditing and monitoring and training are critical to effectiveness
Evaluating and Improving a Compliance ProgramA Resource for Health Care Board Members, Executives and Compliance Officers (January 2003)
• Suggests evaluation of compliance programs in two dimensions:– EFFORTS – time, money, resources and
commitment– OUTCOMES – improved compliance with
applicable laws and rules
Evaluating and Improving a Compliance ProgramA Resource for Health Care Board Members, Executives and Compliance Officers (January 2003)
• Policies and Procedures• Ongoing Education and Training• Open Lines of Communication• Ongoing Monitoring and Auditing• Enforcement and Discipline• Investigation, Response and Prevention
ELEMENT #1• Standards & procedures to prevent
and detect criminal conduct §8B2.1(b)(1)
• Code of conduct • Internal controls:
– Communication Line– CAP (Corrective Action Plans)– Monitoring Plan– System-wide Risk Assessment
ELEMENT #2 Resources & Structure
• High level personnel must ensure organization’s program is effective §8B2.1(b)(2)(B)
• Adequate resources §8B@.1(b)(2)(c)
• Reporting relationship • Report to organization leadership
and governing authority §8B2.1
ELEMENT #3 “Substantial Authority Personnel”
• Personnel who knew/should have known • Supervisory authority
– Could be a plant manager– Could be materials management manager
• Individual in a position to negotiate– Drafts or writes contracts– Set Prices– Approves contracts
“High Level Personnel”
Agents who set policy for control in that department.
Small Org: High level personnel, add three points
Large Org: 1,000 employees, managing department head had 200, four points would be added
ELEMENT #3
• Exercise of due diligence, engaged in illegal activity inconsistent with Compliance & Ethics Program– (4A) Conduct inconsistent with federal
and state law– (4B) Commit to Compliance & Ethics
Program §8B2.1(b)(3)• Include substantial authorization
ELEMENT #4Training & Communication• Specifically extended to upper levels
of organization• Specifically to governing authority
of organization and high level personnel
• All employees and agents• Communication/training ongoing• Requires periodic updates
ELEMENT #5Reasonable Steps to Achieve
§8B2.1(b)(5)
• Mandates auditing and monitoring to deter criminal conduct
• Requires organization to evaluate effectiveness
• Expands focus of internal reporting
ELEMENT #5Reasonable Steps to Achieve
§8B2.1(b)(5)
• “Seeking guidance” regarding actual and potential acts
• Reporting system for employees and agents without fear of retribution
• Must have system allowing for anonymous/confidentiality– Compliance Communication Line
EXCEPT…
ELEMENT #5 (cont’d.)
• Legal obligation to self-disclose• Subpoenas• Civil discovery requests
ELEMENT #6Disciplinary Action & Incentives
§8B2.1(b)(6)
• Standards should be enforced via discipline– Corrective Action Plans
• Implement appropriate incentives– Email Alert
• Duty to promote ethical conduct• Duty to promote sanctions
ELEMENT #7Prevention §8B2.1(b)(7)
• Duty to address specific instances of misconduct
• Duty to identify systematic shortcomings
• Duty to remedy any deterrent of effective Compliance & Ethics Program
THAT’S Not ALL….Risk Assessments §8B2.1(c)
• Periodically• Evaluate nature of serious issues• Prioritize Compliance & Ethics
resources to target problem areas with greatest risk
• What and why
What Makes a Compliance Program Effective?
Medco Health Solutions, Inc.
• CP wasn’t reasonably capable of preventing misconduct
• Most employees were unaware of the CP• CP standards were not consistently enforced• No CO with immediate access to Board and CEO• No CO to independently investigate• Investigations conducted by line management in
the area where misconduct was alleged• No effective auditing/monitoring program• No regular reports to Board of Directors
Questions Used by SEC to Evaluate Compliance Programs• What are the compliance functions at the firm? Do
they cover all businesses?• Is compliance independent from business, both in
reporting and compensation? Do they have access to top management and the board?
• Does compliance have adequate resources, systems, and reports?
• Do compliance personnel have appropriate expertise and experience? How are they trained? Are they adequately compensated?
The Vital Role of Effective Comprehensive Compliance Controls at Broker-Dealers, Speech by Mary Ann Gadziala, Assoc. Dir., US Securities & Exchange Commission, February 4, 2004
Questions Used by SEC to Evaluate Compliance Programs
• Does compliance have the ability to respond to and coordinate with all relevant regulators?
• How are new compliance issues and requirements communicated to all personnel?
• How are the concerns of compliance and breaches addressed?
Examples of SEC Findings of Deficiency• Material compliance breaches were not reported
to top management;• The compliance function was limited to an
advisory role;• Compliance and supervisory procedures were
inadequate and not updated;• Surveillance reports did not cover major
business areas or were too broad to permit identification of problems;
Examples of SEC Findingsof Deficiency
• Follow-up on exceptions was inadequate and not tracked;
• No compliance review was undertaken for new products
SEC Examples of Best Practice Compliance Control Findings
• Compliance issues – breaches, new initiatives, new risks – were comprehensively tracked, updated and reported to senior levels;
• Each business unit was required to conduct regular self-assessments for compliance risks and compliance breaches;
SEC Examples of Best Practice Compliance Control Findings• Surveillance systems were highly automated,
with a unified database, and regular review of parameters;
• Compliance officers were members of the new products committee;
• Compliance staff sat in business areas for constant monitoring;
• Compliance staff dedicated to business units had expertise in the area.
Board’s Role - Oversight• Does the Board understand its oversight
role?• Has the Board assigned responsibility for
compliance program oversight?• Are there regular reports to the Board?• Is adequate information provided to the
Board?
Competence and Independence of Auditors• Competence & Independence of Auditors
(revolving door)– Waiting period
• Internal Control: IC/EC suggest improvements in controls, compelling evidence why they are not adopted.
Speech by SEC Staff Making Audit Committees More Effective, 3/7/02
SEC – Audit Committees (cont)
• Audit Scope & Fees• Other Items• Access must be Direct and Independent
“The Audit Committee must be given direct, unfettered, independent access to management, internal audit, and external auditors. The audit committee must be able to communicate in confidence with these three groups independently of each other."
SEC – Audit Committees (cont)
• Diligence: perseverance, attention and care
• Be Proactive• Ask Tough Questions• Obtain understandable answer• Time
Management’s Role
• Does organizational leadership communicate the importance of compliance?
• Does top management talk the talk? Walk the walk?
• Are high-level personnel and discretionary authority personnel knowledgeable about the content and operation of the program?
• Do managers understand their responsibility to conform operations to compliance standards?
High Level Leadership
• Does the compliance officer have access to the CEO and Board?
• What is the compliance officer’s training and qualification for the position?
• Does the compliance officer have adequate authority and resources necessary to operate the program?
• Is the compliance officer accessible to the work force?
Cultural Commitment
• Does the organization’s mission statement include a message on the importance of compliance?
• Are rewards and discipline used to promote and enforce compliance standards?
• Are employees held accountable for meeting compliance-related objectives during performance evaluations?
• Does a focus on ethics play a role?
Effective TrainingTable Created by Integrity Interactive (www.integrity-interactive.com)
• Relevant?• Accurate?• Consistent?• Enterprise-Wide?• Ongoing?
• Understood?• Retained?• Integrated?• Motivating?• Convincing?
Role of Ethics“Experience suggests that good ethics programs and good compliance programs are interdependent; each is incomplete without the other. A good compliance program must emphasize values and moral responsibility, because this increases the program’s effectiveness among employees. A good ethics program must help employees to know and obey the law if it is to have any relevance to the company in its actual environment.”
Dawn-Marie Driscoll et. al., Business Ethics and Compliance: What Management is Doing and Why, 1999 Bus. Soc’y Rev. 35, 39.
Role of Ethics
“It is questionable whether a compliance program can be truly effective if it does not have an ethics component.”
Diana E. Murphy, The Federal Sentencing Guidelines for Organizations: A Decade of Promoting Compliance and Ethics, 87 Iowa L. Rev. 697, 716 (2002)
Coverage of the Program• Does the compliance program address all
significant risks to the organization? How were risks identified? How are new risk areas identified and incorporated into the program?
• Does the program address all business units?• Are employees aware of the code of conduct?
Compliance program? Compliance Officer? Do they know where to report concerns and how/where to seek advice?
The “Five Questions”
(1) Does your organization have a compliance officer?
(2) Do you know who the compliance officer is?
(3) Do you know how to contact the compliance officer?
(4) Are you obligated by your organization to report improper or unethical conduct?
(5) Can you provide an example of improper conduct that you would be required to report?
Measures to PreventCompliance Failures
• Does the program have auditing and monitoring functions to detect improper conduct?
• How does the organization’s reporting system work? Is the system trusted by work force members?
• What is the scope of education and training? Has the effectiveness of training been assessed? Is training enforced as mandatory among work force members?
Risk Assessment
• Does the organization periodically assess the risk of improper conduct?
• What steps have been taken to address risks identified in these risk assessments?
Response and Prevention• Are investigations of alleged non-compliance conducted
by an independent compliance officer? By executives within the department where the alleged non-compliance occurred?
• How does the organization evaluate and respond to discovered violations? Are disciplinary measures enforced consistently?
• What processes are in place to ensure that appropriate remedial measures are taken in response to identified weaknesses? Have discovered improprieties re-occurred?
• Are corrective action measures monitored to ensure implementation and effectiveness?
Evaluation
• Does the organization periodically evaluate the effectiveness of the compliance program?
• Does the organization trend measurements of program effectiveness? Do the trends show a pattern of improvement?
What else?
Participation of High Level Personnel in the Offense
The program will not be deemed effective ”if any high level personnel in the large organization participated, condoned or was willfully ignorant of the offense§8B2.1(b)(2)(B)
OIG Settlement Production Letter• Description of organization and
management structures of the organization;
• Names and position descriptions of compliance personnel, including number of hours worked, location, and any non-compliance related job duties;
• Names and positions of compliance committee members, duties of compliance committees;
OIG Settlement Production Letter (cont.)• Identification of any person(s) to whom
compliance office reports;• Code of conduct and standards of conduct;• Budget of compliance department;• P&P related to Federal health care program
billing, coding, fraud & abuse;• P&P controlling discipline;• Description of process used to identify
excluded/convicted individuals;
OIG Settlement Production Letter (cont.)
• Description of training programs: (1) content & objectives, (2) target audience, (3) % of target audience who attended, (4) format (e.g., live, computer-based), (5) names and credentials of trainers, (6) sign in sheets, and (7) materials provided to attendees;
OIG Settlement Production Letter (cont.)
• Internal reporting mechanism– Methods for making workforce aware– Procedures used to track calls– Summaries of reports;
OIG Settlement Production Letter (cont.)
• Internal auditing/monitoring activities– Names & position descriptions of audit staff– Frequency of reviews– Methodology used to conduct reviews
(sampling, interviews, etc.)– Methodology used to select issues or
departments for review– Persons to whom audit results are reported– Samples of audit reports.
Establishing Effectiveness Measures for Your Compliance Program
“Measuring the Effectiveness of Compliance Programs within Health Care Organizations"results from Deloitte & Touche Survey
• A Clear Message:“The underlying message is clear—having an effective compliance program can be a mitigating factor when assessing culpability, potentially resulting in reduced penalties and/or more favorable settlement terms.”
D&T Survey – 500 Respondents
1. Complete set of measurement tools not yet available
2. Measures May be too broad for accurate reading
3. Some Evaluations remain too informal4. Under-use of formal testing surveying and
interviewing5. Outcome and process measures should be
balanced6. Tighter linkages needed between results and
content
D&T Survey (cont)
• Focus on the "real world"• Results should be considered within the
context of both the external environment and internal realities—most notably the maturity of the program in question.
D&T Survey (cont)
• Develop a Framework for Evaluation– Design (code of conduct, policies and
procedures, employee hotline)– Implementation (e.g. operations,
communications, training programs, monitoring systems)
– Results and outcomes (program performance return of overpayments)
D&T Survey (cont)
• Enhance Internal Audit's Role– Increased focus on outcomes that tie back to
process and design with auditing functions playing a key role in measurement of results
– The relatively small staff of most corporate compliance departments
Banner’s Facility Compliance Measurement Tool
• Measures Efforts and Outcomes in Each Banner Hospital
• Used to Benchmark Banner Hospitals Against Themselves (from year to year) and Against Each Other
3. Compliance Training
20025 points each for attendance of Facility Compliance Liaison at regional compliance committee meeting
(maximum, 200 points).
100
25 points for each facility compliance committee meeting (quorum of committee members required) at which Facility Compliance Liaison and facility president, CEO or administrator are in attendance and for which minutes are timely forwarded to Chief Compliance Officer (maximum 100 points awarded).
2. High Level Leadership
100
Code of Conduct acknowledgement cards are collected from each workforce member and are stored in an accessible place (in the members employee file if employed.) (Score equal to percentage of compliance as confirmed by audit).
100New compliance policies are communicated to all affected members of the facility's workforce within 60 days
of the policy's effective date. (Score is equal to the percentage of completion).
1. Written Standards of Conduct
Total Points
Possible Points
Banner HealthCompliance Program Objectives Measurement Tool (FY 2003)
Possible Efforts Measures
• Distribution of Code of Conduct to Workforce
• Completion of Training• Hotline Calls Follow-up and Log
Maintenance• Distribution of Organizational Policies• Employee Discipline for Misconduct• Workforce Screening Processes
SUMMER 2003 COMPLIANCE TRAINING FOCUSScorecard for 10/03/03
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
90.00%
100.00%
Banne
r Bay
wood H
eart H
ospit
al
Banne
r Bay
wood M
edica
l Cen
ter
Banne
r Beh
avior
al Hea
lth H
ospit
al
Banne
r Chu
rchill
Commun
ity H
ospit
al
Banne
r Des
ert M
edica
l Cen
ter
Banne
r Estr
ella M
edica
l Cen
ter
Banne
r Goo
d Sam
Med
ical C
enter
Banne
r Las
sen M
edica
l Cen
ter
Banne
r Mes
a Med
ical C
enter
Banne
r Occ
upati
onal
Health
Banne
r Phy
sician
Hos
pital
Organiz
ation
Banne
r Thu
nderb
ird M
edica
l Cen
ter
Banne
r Hom
e Care
Commun
ity H
ospit
al
East M
organ
Cou
nty H
ospit
al
Fairba
nks M
emori
al Hos
pital
McKee
Med
ical C
enter
North C
olorad
o Med
ical C
enter
Ogalla
la Com
munity
Hos
pital
Page H
ospit
al
Platte
County
Mem
orial
Hospit
al
St Luk
e Hos
pital
& Livin
g Cen
ter
Sterlin
g Reg
ional
MedCen
ter
Was
hakie
Med
ical C
enter
Colorad
o Reg
ional
Corpora
teCon
tact
AZ Sha
red Serv
ices
Banner’s Compliance Program Measurement Process
903
1046 10221081 1136
1005949
1108 11021021 969 1019 1051
746
1141
9651068
881
1027
0
100
200
300
400
500
600
700
800
900
1000
1100
1200
1300
Fairba
nks M
emori
al Hos
pital
Banner
Baywoo
d Med
ical C
enter
Banner
Baywoo
d Heart
Hosp
ital
Banner
Desert
Medic
al Cente
r
Banner G
ood S
amaritan
Med
ical C
enter
Banne
r Mes
a Med
ical C
enter
Banner
Thunde
rbird
Medica
l Cente
rPag
e Hos
pital
Banne
r Las
sen M
edical
Center
East Morg
an Coun
ty Hosp
ital
McKee M
edica
l Cen
ter
North C
olorad
o Med
ical C
enter
Sterl in
g Reg
ional M
edical
Center
St. Luk
e's H
ospit
al & Li
ving C
enter
Ogallala
Com
munity
Hosp
ital
Banne
r Churc
hill Com
munity H
ospit
al
Torringto
n Com
munity H
ospit
al
Platte
County
Memoria
l Hos
pital
Washak
ie Med
ical C
enter
Possible Outcomes Measures
• Accuracy of Billing• Workforce Understanding/Awareness of
Compliance Program• Workforce Investment in Organizations Mission
and Values• Workforce’s Belief in Reporting Mechanisms• Frequency/Seriousness of Compliance Failures• Workforce Recall, Comprehension of, and Ability
to Apply Compliance Training
Consider Audience When Developing Measurement Tools
• Organization Executives/Board of Directors• Office of Inspector General/DOJ• Providers and payers • Potential partners• Others
Measurement Techniques
• Employee Survey/Quiz• Audits• Document Reviews• Interviews• Existing Measures
Questions?
top related