During the past month, I’ve been in London at the SCCE European initiative conference and last week at the Florida convention of the Health Care Compliance Association. The month has been an opportunity to gain some new perspective on the community of global compliance officers.
As discussed in the prior post, compliance officers outside America struggle with conditions inside their companies. At the same time, they understand the need for proactive compliance to change their companies and wider communities.
In contrast, compliance officers in healthcare enjoy remarkable support from their chief regulator. The Inspector General of the U.S. Department of Health and Human Services, Daniel R. Levinson, spoke at their annual conference in Florida. He paid tribute to compliance officers and used the occasion to announce the release of important guidance for boards of healthcare organizations.
In this extraordinary document (available here in pdf) there are no surprises for compliance officers working in healthcare, but for all other compliance officers whether in the United States and around the world it reads like a message sent from another planet called Compliance 2.0.
The Inspector General oversees $1 trillion dollars that flows through hospitals and all kinds of medical organizations. In the guidance the IG is effectively telling the boards of these organizations what he expects them to do to make sure that the money is spent according to laws and regulations.
The guidance leaves zero room for doubt that compliance is an equal partner with legal, audit and any other part of an organization. The responsibilities of each are clearly delineated based on the assumption that they are independent with distinct functions to perform.
To make the point, the guidance flatly states compliance cannot report to legal:
[The Office of Inspector General] believes an organization’s Compliance Officer should neither be counsel for the provider, nor be subordinate in function or position to counsel or the legal department, in any manner….OIG’s position on separate compliance and legal functions reflects the independent roles and professional obligations of each function….
The guidance also sets out a clear definition of what a compliance officer does, and how it’s different from legal, audit, and other areas. There’s a separate paragraph for each areas, with this for compliance:
The compliance function promotes the prevention, detection, and resolution of actions that do not conform to legal, policy, or business standards. This responsibility includes the obligation to develop policies and procedures that provide employees guidance, the creation of incentives to promote employee compliance, the development of plans to improve or sustain compliance, the development of metrics to measure execution (particularly by management) of the program and implementation of corrective actions, and the development of reports and dashboards that help management and the Board evaluate the effectiveness of the program.
The guidance was drafted as a cross disciplinary exercise by associations of lawyers and auditors working with the HCCA and the HHS Office of Inspector General. Thus the guidance itself is a model for independent divisions recognizing their interdependence and their combined contributions to achieve true compliance excellence.
Roy Snell, the CEO of the SCCE-HCCA, welcomed the support for compliance officer independence in a statement here.
Nothing will be more important in the new structure of Compliance 2.0 than board supervision. It won’t do compliance officers much good if they report directly to the board but the board is not interested, lacks expertise and remains subservient to the C-suite. The guidance says boards must take charge. They must have expertise, coordinate the roles of all areas, and actively supervise each area.
The guidance talks about the Caremark standards but goes on to set a new high bar for what boards must do to discharge their oversight responsibilities. When Delaware’s top court resumes its consideration of the Walmart matter, it should consider the Inspector General’s guidance and rethink the outdated Caremark standards.
The world has changed. Compliance 2.0 is already here.
* * *
Disclosure: For the FCPA Blog, I reported from the HCCA Annual Compliance Institute in Florida. The HCCA waived the attendance charge for me and provided a press pass. I paid other expenses that won’t be reimbursed, like travel and lodging and I did not accrue any continuing education credits.
Michael Scher is a senior editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney for international transactions. He can be contacted here.