As a board member, you are responsible for ensuring that your organization complies with all relevant laws and regulations. To help you fulfill this responsibility, we offer compliance training courses specifically designed for boards of directors.
In these courses, you will learn about your legal obligations as a board member, how to identify and prevent compliance risks, and what to do if your organization faces a compliance issue. We offer both online and in-person courses, so you can choose the option that best fits your needs.
Whether you are new to the board or have years of experience, our compliance training courses will give you the tools you need to effectively manage compliance risks and ensure that your organization operates within the law.
The Board of Directors (the "Board") is responsible for ensuring that the organization complies with all relevant laws and regulations. In order to fulfill this responsibility, the Board must:
1. Understand the compliance requirements that apply to the organization;
2. Identify potential compliance risks;
3. Prevent or mitigate compliance
I. Board responsibilities pursuant to corporate law:
A. Fiduciary duties:
• Duty of Care: good faith; be informed; reasonably prudent person
• Duty of Loyalty: best interest of facility; avoid conflicts of interest
• Duty of Obedience: consistent with facility’s purposes
B. A director must act reasonably, prudently and in the best interests of the organization, avoid negligence or fraud, and act to avoid conflicts of interest.
The Board has a responsibility to ensure that an adequate organizational compliance program is in place, which will give management and the Board with timely and correct information on the organization's legal compliance.
The Board must be kept apprised of the organization's procedures.
• The Board must be well-informed about the organization's practices, as it includes receiving input from legal counsel and other experts on whether these are in accordance with the law.
What must a Board member do to avoid liability?
• Act in good faith.
• Inquire about needed information.
• Do not require knowledge of every detail, but it is necessary that you are somewhat informed.
• Have all of this information available for you.
• Be aware that we will be conducting numerous training sessions to help us optimize our processes and procedures in order to meet FDA requirements, as well as other federal, state and international laws/regulations.
Any concerns with the law should be reported to the Compliance Department and/or Legal Counsel and followed through on.
Make sure you're following the appropriate conflict-of-interest regulations. You run the danger of being found to be acting in "bad faith" if you don't disclose a conflict, since this can expose the Board member to personal liability.
Expectations for Compliance Oversight:The following is a guide to help you ensure that your board of directors provides adequate compliance oversight.
These are expectations that should be discussed and confirmed by the full board on at least an annual basis.
1. The board should designate one or more members to serve as the compliance oversight committee.
2. The compliance oversight committee should meet at least quarterly.
3. The compliance oversight committee should have a charter that is approved by the full board.
4. The compliance oversight committee should have access to all information necessary to perform its functions, including access to management, employees, and independent advisors as needed.
5. The compliance oversight committee should report directly to the full board on a regular basis.
6. The compliance oversight committee should have the authority to take whatever actions are necessary to perform its functions, including hiring independent advisors as needed.
7. The full board should review and approve all major policies and procedures related to compliance.
8. The full board should ensure that there is adequate funding for the compliance function.
9. The full board should ensure that management has establish adequate internal controls to prevent and detect compliance violations.
10. The full board should review the results of all compliance audits and investigations.
11. The full board should take appropriate action in response to any findings of non-compliance.
12. The full board should hold management accountable for implementing effective compliance programs.
13. The full board should hold itself accountable for providing adequate compliance oversight.
The role of the board of directors in compliance oversight is critical to the effective operation of any organization. By following the expectations outlined above, boards can ensure that they are fulfilling their responsibilities in this important area.
The goal of this guideline is to assist prosecutors in determining whether the corporation's compliance program was effective at the time of the crime, and if it is effective now.
Organizations (and compliance professionals) must “show it.” “Why has the firm chosen to establish its compliance program in the way that it has, and how and why has it grown over time?”
The DOJ will evaluate the corporation’s compliance program using the following framework:
1. Purpose of the Evaluation: To assess whether, and to what extent, a company's compliance program was effective at the time of an offense and is effective at the time of a charging decision or resolution.
2. Factors Considered in the Evaluation: To make this determination, prosecutors will consider the following factors:
(a) The corporation’s compliance program’s design;
(b) The compliance program’s implementation and effectiveness; and
(c) Any relevant aggravating or mitigating factors.
3. How the DOJ Evaluates a Corporation’s Compliance Program: The DOJ will use the following questions to evaluate a corporation's compliance program:
(a) Was the design of the compliance program appropriate to the risk profile of the company at the time of the offense and is it now?
(b) Did the company’s senior management commit to and support the compliance program?
(c) Was the compliance program adequately resourced and empowered to function effectively?
(d) Did the compliance program have enough authority to test and challenge business practices?
(e) Did employees receive sufficient training on the compliance program and understand their roles in promoting compliance with applicable laws?
The FCA imposes liability on any person or entity who knowingly submits, or causes the submission of, false or fraudulent claims to the government for payment. The FCA also imposes liability on any person or entity who knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim.
The FCA provides that any person who violates the Act shall be liable to the United States for a civil penalty of not less than $5,000 and not more than $10,000, plus 3 times the amount of damages which the Government sustains because of the act of that person.
The FCA also contains a qui tam provision that allows a private person, called a relator, to bring an action on behalf of the Government. If the relator prevails in the action, he or she is entitled to receive a portion of the proceeds from the action or settlement of the claim, as well as reasonable attorneys’ fees and costs.
The AKS prohibits the knowing and willful offering, paying, soliciting, or receiving of any kickback, bribe, or rebate in connection with the referral of business payable by a federal health care program.
The term “kickback” includes any payment made, directly or indirectly, to a referral source for referring a patient to a particular provider. The AKS also prohibits practices that have the effect of inducing referrals, such as offering free or discounted services, as well as providing gifts or other rewards to referral sources.
The AKS applies to any individual or entity that participates in a federal health care program, including providers, suppliers, pharmaceutical companies, and managed care organizations.
Penalties for violating the AKS include exclusion from participation in federal health care programs, civil monetary penalties of up to $50,000 per occurrence, and imprisonment of up to five years.
In order to promote participation in federal health care programs and protect against fraud and abuse, Congress has provided a number of safe harbors from prosecution under the AKS. The safe harbors are designed to protect certain commercial arrangements that, although they may potentially generate prohibited kickbacks or bribes, do not pose the same risks of fraud and abuse as other arrangements.
The safe harbor regulations provide that certain types of arrangements will not be treated as violating the AKS if they meet all the specified conditions. The conditions vary depending on the type of arrangement, but generally relate to the business purpose of the arrangement, the financial relationship between the parties, and the nature of the services to be provided.
The safe harbors include arrangements such as personal services and management contracts, referrals for certain ancillary services, and sale of practice assets.
Physician Self-Referral Law (Stark Law):
The Stark Law prohibits physicians from referring patients to receive “designated health services” from entities with which the physician or an immediate family member has a financial relationship, unless an exception applies.
Designated health services include clinical laboratory services, physical therapy services, occupational therapy services, radiology and certain other imaging services, radiation therapy services, durable medical equipment and supplies, parenteral and enteral nutrients, equipment and supplies, prosthetics, orthotics, and prosthetic devices and supplies, home health services, and inpatient and outpatient hospital services.
The Stark Law applies to all physicians, including those who are employed by the federal government or a state government.
Penalties for violating the Stark Law include exclusion from participation in federal health care programs, civil monetary penalties of up to $100,000 per occurrence, and imprisonment of up to five years.
Stark Law: Exceptions
There are a number of exceptions to the Stark Law that allow physicians to refer patients for designated health services if certain conditions are met. The exceptions include referrals for in-office ancillary services, rural referrals, and referrals for services under a federal or state health care program.
In-office ancillary services are those that are furnished in the same office as the physician’s primary practice, such as clinical laboratory services, x-ray services, and certain other imaging services.
Rural referrals are those made by physicians who practice in a rural area, as defined by the Stark Law.
Services under a federal or state health care program are those that are covered by Medicare, Medicaid, or another federal or state health care program.
The exceptions to the Stark Law are complex and require careful analysis to determine if they apply in a particular situation.
The Fraud and Abuse Control Program is a joint effort by the Department of Justice (DOJ) and the Department of Health and Human Services (HHS) to investigate and prosecute health care fraud. The program was established by the Fraud Enforcement and Recovery Act of 2009.
The program coordinates the activities of federal, state, and local law enforcement agencies to investigate and prosecute health care fraud. The program also funds two national centers that provide training and technical assistance to law enforcement and prosecutors.
The Fraud and Abuse Control Program has recovered billions of dollars that were stolen from federal health care programs, such as Medicare and Medicaid. The program has also prosecuted a number of high-profile cases, such as the case of a doctor who was sentenced to life in prison for his role in a $1.2 billion Medicare fraud scheme.
Health care fraud is any scheme to defraud a health care program or to obtain payment for services that were not provided. Health care fraud includes billing for services that were not rendered, billing for more expensive services than were actually provided, and using false or misleading information to obtain payment.
Health care fraud is a serious crime that imposes significant costs on the health care system. Health care fraud wastes limited health care resources and increases the cost of health care for everyone.
The penalties for health care fraud depend on the nature and extent of the fraud. Penalties can include fines, imprisonment, and exclusion from federal health care programs.
Fines for health care fraud range from $5,000 to $50,000 per false claim. The maximum fine is increased to $100,000 if the fraud results in death or serious bodily injury.
Imprisonment for health care fraud ranges from one year to 10 years. The maximum sentence is increased to 20 years if the fraud results in death or serious bodily injury.
Exclusion from federal health care programs is a civil penalty that is imposed by HHS. Exclusion from federal health care programs bars a person from participating in Medicare, Medicaid, and other federal health care programs.
High-Level Oversight:
The board of directors is responsible for ensuring that the company has adequate compliance systems and controls in place. The board should appoint a compliance officer to oversee the compliance program and report directly to the board on compliance matters. The board should also establish a compliance committee to provide additional oversight of the compliance program.
Policies and Procedures:
The company should develop policies and procedures to address potential compliance risks. These policies and procedures should be designed to prevent and detect violations of laws and regulations. The policies and procedures should be periodically reviewed and updated as needed.
Open Lines of Communication:
There should be open lines of communication between the compliance officer and the board of directors. The compliance officer should report regularly to the board on compliance matters. The board should also provide the compliance officer with the resources necessary to effectively implement the compliance program.
Training and Education:
All employees should receive training on the company’s compliance policies and procedures. The training should be designed to ensure that employees understand their responsibilities under the compliance program. The company should also provide ongoing education and training on new compliance issues as they arise.
Auditing and Monitoring:
The compliance program should be periodically audited and monitored to ensure that it is effective. The audits should be conducted by an independent third party. The results of the audits should be reported to the board of directors.
Response to Detected Errors:
The company should have procedures in place to promptly investigate and correct any compliance problems that are detected. These procedures should be designed to prevent recurrences of the problem. Employees who violate the compliance policy should be subject to disciplinary action, up to and including termination.
Consistent Enforcement:
The compliance program should be consistently enforced. Employees who violate the policy should be subject to disciplinary action. The company should also take steps to prevent retaliation against employees who report compliance problems.
The board of directors is responsible for ensuring that the company has an effective compliance program in place. The board should appoint a compliance officer to oversee the compliance program and report directly to the board on compliance matters. The board should also establish a compliance committee to provide additional oversight of the compliance program.
What Should Board Members Be Asking?
Ensure that adequate and appropriate funding has been set aside for the compliance program, taking into account the organization's high risks.
Confirm that any changes to essential policies and procedures defining the compliance program framework have been approved.
Inquire about compliance program activities on a regular basis from the Compliance Officer.
Recognize that the compliance program is an important part of the organization's ethical culture.
Encourage employees to "do the right thing" by reporting any compliance concerns and provide protections from retaliation.
Ensure that employees understand their roles and responsibilities under the compliance program, including mandatory reporting requirements.
Monitor adherence to the Compliance Code of Conduct and take appropriate disciplinary action for any violations.
Report on the effectiveness of the compliance program to the full Board on at least an annual basis.
Key Questions for Board Members:
What is our organization's strategic vision for compliance?
What are our top compliance risks and how are we addressing them?
Who is responsible for compliance oversight and how do they report to the Board?
What processes do we have in place to ensure that compliance risks are identified and addressed in a timely manner?
What are the consequences for employees who violate our compliance policies?
What role does the Board play in monitoring compliance risks and ensuring that the organization has an effective compliance program?
What information do we need from management in order to discharge our compliance oversight responsibilities?
Are we satisfied that our compliance program is effective and compliant with all applicable laws and regulations?
Board Certification of Compliance:
The board of directors should certify on an annual basis that the organization has an effective compliance program in place. This certification should be made available to the public. In addition, the board should require that all employees acknowledge that they have read and understand the organization's compliance policies and procedures.
Employees should also be required to certify on an annual basis that they have complied with these policies and procedures.
Finally, the board should regularly review compliance risks and take steps to ensure that the organization's compliance program is adequate to address these risks.
Corporate compliance: A program or set of policies and procedures implemented by a company to prevent, detect, correct and report illegal and unethical behavior.
Compliance Officer: An individual responsible for administering the compliance program and ensuring that it is effective.
Board of directors: A group of individuals elected by the shareholders of a corporation to oversee the management of the company.
False Claims Act: A federal law that imposes liability on individuals and companies who defraud government programs.
Anti-Kickback Statute: A federal law that prohibits the exchange of anything of value in order to induce referrals of patients covered by federal healthcare programs.
Physician Self-Referral Law: A federal law that prohibits physicians from referring patients to health care services in which the physician has a financial interest.
Mandatory reporting: A requirement that certain individuals report suspected fraud, waste or abuse to the government.
Disciplinary action: Any adverse action taken against an individual for violating company policy, including termination of employment.
Health care compliance association: A professional organization that provides education and resources to health care compliance professionals.
Risk management: A process for identifying, assessing and responding to risks.
Audit: A review of an organization's financial statements or other information to ensure that it is accurate and compliant with applicable laws and regulations.
Monitoring: A process for regularly reviewing compliance-related activities to ensure that they are effective and meet legal and regulatory requirements.
Chief compliance officer: The individual responsible for overseeing the compliance program and ensuring its effectiveness.
Compliance program: A set of policies and procedures designed to, detect and correct illegal and unethical behavior.
Organizational culture: The values, beliefs and norms that guide the behavior of individuals within an organization.
Policy: A statement of principles that guide decision making and action.
Procedure: A set of specific steps to be taken in order to carry out a policy.
Standards: Guidelines that describe the minimum acceptable level of performance.
Training: The process of providing individuals with the knowledge and skills necessary to perform their jobs.
Communication: The exchange of information between two or more individuals.
Ethics: A set of principles governing right and wrong conduct.
Fraud: Intentional deception or misrepresentation that is made for personal gain or to damage another individual.
Abuse: Improper or excessive use of something.
Waste: The use of resources in an inefficient or unnecessary manner.
Intellectual property laws: Laws that protect the rights of creators of intellectual property, such as patents, copyrights and trademarks.
HIPAA: The Health Insurance Portability and Accountability Act, a federal law that sets standards for the privacy and security of protected health information.
IT systems: The hardware and software used to store, process and communicate information.
The Office of Inspector General (OIG) is responsible for investigating potential fraud, waste and abuse in the federal healthcare system. The OIG also provides resources to assist health care organizations in developing effective compliance programs.
The Physician Self-Referral Law (also known as the Stark Law) prohibits physicians from referring patients to health care services in which the physician has a financial interest. This law is designed to prevent physicians from making referrals that are motivated by financial gain, rather than the best interests of the patient.
The Anti-Kickback Statute is a federal law that prohibits the exchange of anything of value in order to induce referrals of patients covered by federal healthcare programs. This law is designed to prevent fraud and abuse in the healthcare system by ensuring that referrals are made based on the needs of the patient, rather than on the financial interests of the physician.