HHS’ Office of Inspector General recently released a guide, thought to be the first-of-its-kind, for hospital governing boards on how to detect and avoid overbilling, kickbacks, and privacy breaches that can lead to civil and criminal punishment.
The guide is also unique in that it represents collaboration among the OIG, the American Health Lawyers Association, the Association of Healthcare Internal Auditors, and the Health Care Compliance Association. The guide states it is “intended to assist governing boards of health care organizations (boards) to responsibly carry out their compliance plan oversight obligations under applicable laws.”
The guide is important not only to physicians serving on hospital boards, but also could indicate greater OIG scrutiny of hospital board oversight of physician relationships and physician-owners of hospitals.
The OIG outlines several areas of guidance, including:
• Expectations for Board Oversight of Compliance Program Functions
• Roles and Relationships
• Reporting to the Board
• Identifying and Auditing Potential Risk Areas
• Encouraging Accountability and Compliance
The guide addresses several specific areas of concern, including upcoding, billing for medically unnecessary or nonexistent care, and disclosure of protected health information. The guide also notes the potential for newer healthcare delivery schemes which can create fraud liability, and advises boards to scrutinize referral and compensation arrangements with physicians for possible violations of the Stark Law and the Anti-Kickback Statute.
The guide ominously warns that ignorance of the law or facts is no excuse:
“A board must act in good faith in the exercise of its oversight responsibility for its organization, including making inquiries to ensure: (1) a corporate information and reporting system exists and (2) the reporting system is adequate to assure the Board that appropriate information relating to compliance with applicable laws will come to its attention timely and as a matter of course.”
Couched as “Practical Guidance,” the OIG states:
“‘The Guidelines’ offer incentives to organizations to reduce and ultimately eliminate criminal conduct by providing a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program.”
In reality, the publication could be more of a “warning,” as legal liability usually follows “duty.”
And this guide appears to me to look to be a clear statement of expected duty. The OIG cautions, for example, “[a]lthough compliance program design is not a ‘one size fits all’ issue, boards are expected to put forth a meaningful effort.”
The OIG may very well be signaling its intention to hold boards, or even individual board members, responsible for failure put forth “meaningful effort” to act in good faith to exercise oversight responsibility for hospital operations, contracts, relationships, and privacy. In other words, according to the OIG, the duty is not merely to avoid participating in illegal activity, but to investigate and discover violations of healthcare statutes and regulations.
On the other hand, many board members serve as a matter of public service, and do not expect remuneration or financial gain. If the OIG were to hold individual board members liable, the result would likely be a mass exodus of qualified, civic-minded members, on a scale similar to the savings and loan crisis of the 1980s. Hopefully, it will not come to that; time will tell.