A Department of Justice (DOJ) evaluation of a corporate compliance program involves an examination of its effectiveness in preventing and detecting instances of noncompliance. This assessment typically occurs in the context of an investigation, particularly whether the organization should face legal repercussions for an offense or incident of noncompliance.
Questions Driving Evaluations of Corporate Compliance Programs
The DOJ must be systematic in its corporate compliance guidance. When evaluating a corporate compliance program after an incident, investigators should frame their assessment around three general questions.
Is the Compliance Program Well-Designed?
Does the compliance program have procedures and structures that optimize the ability to prevent and detect wrongdoing? The program must effectively empower employees and leaders to follow the rules and apply them when identifying and reporting instances of noncompliance.
Accordingly, DOJ personnel examine the compliance program for its comprehensiveness. They need to determine the extent to which a clear message exists that the organization does not tolerate misconduct. Policies, procedures, and consequences that aren’t clear leave room for a tacit understanding that some instances of noncompliance are tolerated or overlooked.
Is the Organization Applying the Program in Good Faith?
In other words, are leaders running the program honestly and providing adequate resources? A program can’t help leaders ensure compliance if it’s not empowered to run effectively. To do otherwise would be to set it up for failure. For example, solid policies that outline what constitutes noncompliance may be in place. However, if leadership does not allocate sufficient resources for implementing those policies or enforcing the consequences, the program cannot be said to operate in good faith.
Tangible indicators of sufficient resources and effort include adequate staff assigned to conduct audits and document and analyze the results of the program’s efforts. The DOJ will also determine if there is sufficient communication to employees informing them about the compliance program and garnering commitment to its mission.
Does the Program Work in Practice?
Was the program working effectively at the time of the reported misconduct or incidence of noncompliance? One incident alone does not necessarily mean the program is not working as it should. Therefore, the DOJ assesses other elements of the program:
- Regular audits and reviews that fuel continuous improvements in the compliance program
- Proper mechanisms for investigating noncompliance, such as qualified and independent individuals doing the investigating
- Identification of underlying causes or factors contributing to noncompliance
Potential Outcomes of a DOJ Evaluation of a Corporate Compliance Program
The outcome of a DOJ investigation can vary depending on the findings. For instance, the DOJ can favorably determine that the corporate compliance program was effective despite the reported offense or incident. The corporation might still face penalties, which could be reduced if they show good faith in identifying and remedying the offense. Other outcomes include deferred prosecution under certain conditions, penalties, and continued oversight.
In the case of healthcare fraud or other forms of noncompliance, the organization at fault could enter a corporate integrity agreement (CIA) with the Office of the Inspector General (OIG). A CIA allows a healthcare organization to meet certain obligations while maintaining participation in Medicare, Medicaid, and other federal funding programs. CIAs typically last five years and require organizations to
- Appoint a compliance officer or committee
- Allow for independent annual reviews of the program
- Establish a confidential disclosure program
- Formulate compliance policies and standards
- Ensure that only eligible individuals remain employed
- Provide comprehensive compliance training for all personnel
- Report instances of overpayment, other incidents of noncompliance, and ongoing investigations
- Make annual reports to the OIG on all compliance-related activities
At Compliancy Group, we understand the importance of safeguarding sensitive information and ensuring regulatory adherence in healthcare. Contact us today to learn how we can support you in developing a strong and legally sound corporate compliance program tailored to your organization’s specific needs.