Non Profit Board Responsibilities Effective Compliance Program Oversight John H. Fisher, II, JD, CHC Presented To The Board of Directors of Your Favorite Hospital

Duty As A Director 2  Oversight of Corporate Compliance Program  Common Law Duty of Care  Includes Duty To Assure Compliance With Laws  Reasonable Care To Assure Systems In Place  Not Responsible For Every Problem That Arises

United States Sentencing Guidelines 3 United States Sentencing Guidelines (“Guidelines”). Effective Compliance Program is a mitigating factor in sentencing Amendments to the Guidelines set forth specific goals for Programs Amendment places more responsibility on the Board. The Department of Justice and the SEC measure Programs against Guidelines’ standards when considering actions. Other government agencies use the Guidelines as the principle benchmark for assessing Programs.

Not Only Based On Sentencing 4  Regulatory Focus On Individuals (Park Doctrine)  OIG Compliance Guidance – Board Responsibility Clear  OIG Public Comments and Articles  Increased Fraud Enforcement  Return On Investment Mentality

Regulatory Oversight Duties 5

Duty To Assure Effective Systems 6  In re Caremark International, Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996)  Established Board obligation to assure information and reporting systems are in place.  Adequate to assure that appropriate compliance information will come to the attention of the Board.  Judicial proclamation that the board has an affirmative obligation to assure that systems are in place to proactively monitor compliance.

Mandatory Compliance Programs 7  Affordable Care Act Mandates Compliance Programs  Condition of Participation Under Medicare  Nursing Homes Are First In 2013  Waiting For Regulations On Other Providers  New York State Model  Medicaid Revenues $5 Million or More  Already Require Certain Aspects

Impact of 60 Day Repayment Rules 8  Overpayment Becomes A False Claim  60 Days After Identification  10 Year Look Back  False Claim Penalties  Triple Damage/Up To $11,000 Per Claim  Comment In Proposed Regulations  Expect Proactive Audit  Create System To Identify Risk  Board Responsibility Over Finances

9 This organization will eventually be required to defend the effectiveness of it’s compliance program and compliance efforts.

Key Duties of the Board 10  Assure Program In Place  Everyone Doing Their Job  Process Being Actively Operated  Program Proactive  Board/Compliance Committee Proactive  Adequately Funded  Program Is “Effective”

Current Board Recommendations 11  Obtain Outside Independent Effectiveness Assessment of Compliance Program  Recommend Law Firm – Control Over Privilege  Authorize Retaining Firm That Is Not Our Regular Counsel – Independence  Integrate Recommendations Into Next Budget Cycle  Consider Current “Dual Role” Compliance Officer Structure  Consider Creating Separate Compliance Budget

Overview of Effective Compliance Program Elements 12

7/8 Elements of Compliance 13  Policies and Procedures  Oversight and Leadership  Education and Training  Auditing and Monitoring  Reporting and Investigating  Enforcement and Discipline  Response and Prevention  Risk Assessment

Key Requirements for Program 14  Board needs to be knowledgeable of and oversee compliance.  Create a “tone at the top.”  Requires effective organizational structure.  Senior personnel responsible for the Program  Individual responsible for day-to-day operations  Authority and access to the Board.  Adequate resources.  Standards and procedures to achieve compliance.

Key Requirements for Program (continued) 15  Effective compliance training throughout organization.  Confidential and anonymous disclosure mechanism (“hotline”).  Incentives to comply with Program.  Consistent disciplinary measures for misconduct.  Risk Assessment drives the Program.  Regularly assess program for effectiveness.

Board Duty To Oversee Program 16 Sentencing Guidelines Require “The [Board] shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.” (§8B2.1(b) (2) (A)). Implementation  Board Training  Regular compliance reports to the Board  Other

Tone at the Top 17 Guidelines Require  Establishment and maintenance of an organizational culture that “encourages ethical conduct and a commitment to compliance with the law.” (§8B2.1 (a) (2)). Implementation  Code of Conduct  Board Statement On Compliance  Organizational Culture

Organizational Structure 18 Sentencing Guidelines Require  High level personnel who have substantial control over the organization or who have a substantial role in making policy are responsible for the compliance program. (§ 8B2.1(b) (2) (B).  Day-to-day operational responsibility for the program delegated to individuals who report to high level personnel. Individuals responsible for day-to-day operations must have... appropriate authority and direct access to the governing authority or an appropriate subgroup of the governing authority (§8B2.1(b) (2) (C)).

Dual Role Compliance Officers 19  CFO  General Counsel  Problems  Conflicting ethical responsibilities  Conflicting roles  Divided attention  Resources/Budget  This is an issue to be addressed by the Board.

Various Guidance On Dual Role 20  OIG Industry Guidance  Corporate Integrity Agreements  Public Statements  Investigations (Tenet, Pfizer)  Federal Sentencing Guidelines  AHLA Reports  Consultant Reports

Current Organizational Structure 21 BoardCEOLegal Counsel Compliance Officer No Sr. Management Compliance Officer No Compliance Committee

Top Level of Management – CCO BoardCEO Legal Counsel CFOCCO Compliance Staff Compliance Committee 22

Program Must Have Adequate Resources 23 Guidelines Require Individuals responsible for day-to-day operations must have adequate resources....(§8B2.1(b) (2) (C)). Implementation  Budget From Last Year (included in legal budget)  Recommend Separate Compliance Budget  Based On Annual Work Plan  Recommendations Following Effectiveness Audit

Compliance Standards and Procedures 24 Sentencing Guidelines Require “The organization shall establish standards and procedures designed to prevent and detect [misconduct].” (§8B2.1 (b) (1)). Implementation  Risk Identification Process  Reporting System  Training  All Elements of Effective Compliance

Compliance Training 25 Guidelines Requirements “The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to [the Board, high level personnel, substantial authority personnel, the company’s employees, and as appropriate, the company’s agents] by conducting effective training programs and otherwise disseminating information appropriate to such individual’s respective roles and responsibilities.” (§8B2.1(b) (4) (A)).

Compliance Training (continued) 26 Implementation New Hire Compliance Training Minimum Annual Compliance Training Additional Optional Training Risk Area Related Training Remedial Training Divisional/Departmental Training

Hotline 27 Sentencing Guidelines Require “The organization shall take reasonable steps---(C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual [misconduct] without fear of retaliation.” (8B2.1(b)(5)(C)). Implementation Our Compliance Hotline Leave a Message Option Detailed Complaint Handling Process

Reward and Enforcement - Carrots & Sticks 28 Sentencing Guidelines Require “The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in [misconduct] and for failing to take reasonable steps to prevent or detect [misconduct].” (§8B2.1(b)(6)). Particularly important with regard to senior management who must set the “tone at the top” and whose performance and compensation may be considered by the Board.

Carrots & Sticks (continued) 29 Implementation  Compliance is an evaluation factor  Management  Service Line Leaders  Discipline for failing to attend training  Promotion of Program Within Organization  Enterprise-Wide Approach

Risk Assessment 30 Sentencing Guidelines Require “The organization shall periodically assess the risk of [misconduct] and shall take appropriate steps to design, implement, or modify [the Program] to reduce the risk of [misconduct] identified through this process.” (§8B2.1(c)). Implementation Risk identification process Internal Enterprise-Wide Risk Identification External Sources for Risk Identification Risk Scoring and Prioritization Integrate Into Yearly Work Plan and Budget Process

Program Needs to be Kept Effective and Regularly Evaluated 31 Guidelines Require  “The organization shall take reasonable steps—(A) to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect [misconduct]; and B) to evaluate periodically the effectiveness of the organization’s compliance and ethics program.” (§8B2.1 (b) (5) (A&B)).  “After [misconduct] has been detected, the organization shall take reasonable steps to respond appropriately to the [misconduct] and to prevent further similar [misconduct] including making any necessary modifications to the organization’s compliance and ethics program.” (§8B2.1 (b) (7)).

Program Needs to be Kept Effective and Regularly Evaluated (continued) 32 Implementation Independent Process Evaluation Gap Analysis Integrate Into Compliance Work Plan Integrate Into Budget

33 “A compliance program is never finished; it should always be a work in progress.”

Risk Identification Process 34 Risk Identification Risk Prioritization Audit Plan Audit Results Corrective Action

Effectiveness Revue Cycle 35 Program Structure Effectiveness Revue Identified Gaps Prioritize Actions Create/Approve Corrections

36 ©2012 Ruder Ware, L.L.S.C. Accurate reproduction with acknowledgment granted. All rights reserved. This document provides information of a general nature regarding legislative or other legal developments. None of the information contained herein is intended as legal advice or opinion relative to specific matters, facts, situations, or issues, and additional facts and information or future developments may affect the subjects addressed.

37 John H. Fisher, II, JD, CHC Health Care Counsel Ruder Ware Wausau and Eau Claire, Wisconsin