One Beacon Street
Suite 1320
Boston, MA 02108

T 617.598.6700
F 617.720.5092


One Richmond Sq.
Suite 165W
Providence, RI 02906
T 401.454.0400
F 401.454.0404

April 21, 2015

OIG Releases Compliance And Oversight Guide for Healthcare Boards

By Paul Barrett

The Office of Inspector General (“OIG”) released a first-of-its-kind joint educational resource to help governing boards carry out their compliance plans and oversight obligations. The document is titled “Practical Guidance for Health Care Governing Boards on Compliance Oversight” (the “Guidance”), and is a collaboration between the OIG, the American Health Lawyers Association (“AHLA”), the Association of Healthcare Internal Auditors (“AHIA”), and the Health Care Compliance Association (“HCCA”).

The Guidance is not supposed to be taken as a particular set of standards or as legal or professional advice; instead, it builds upon prior documents released by the OIG and AHLA and provides suggestions on identifying compliance risks. In addition to including processes to identify risk, the Guidance includes tools to improve adherence to program objectives and for effective reporting of board meetings. Specifically, the Guidance addresses issues such as (1) the roles and relationships of an organization’s audit, compliance and legal departments; (2) mechanisms and processes for issue-reporting within the organization; (3) approaches to identifying regulatory risk; and (4) methods of encouraging organization/enterprise-wide accountability for achievement of compliance goals and objectives.

The Guidance suggests that organizations define the relationships, responsibilities, and roles of the organization’s compliance, legal, and audit departments. These relationships, roles, and responsibilities should be defined in the organization’s charter or organizational documents. Boards should evaluate the independence, performance, and adequacy of each function and ensure that while each group is independent, the legal, audit, and compliance groups also collaborate to further the interests of the organization. To aid in achieving these objectives, the Guidance suggests that boards set and enforce expectations with management to ensure that the board members receive particular compliance, legal, and audit information. Regular reporting to the board will increase the board’s ability to properly complete its oversight and compliance obligations and plans.

The Guidance highlighted a number of key areas of concern, including upcoding, billing for medically unnecessary or nonexistent care, and unauthorized disclosure of protected health information. In addition to these key areas of concern, the Guidance notes that there is a push for increased transparency. Moreover, the creation of new delivery and reimbursement models has led to an increase in employment and contractual relationships between hospitals and physicians. Boards of health care entities and systems that have a financial relationship with a referral source must scrutinize those referral and compensation arrangements to ensure they comply with the Stark Law and the Anti-Kickback Statute.

To comply with these laws, board members should ensure that the organization’s management is consistently reviewing audit, compliance, and legal risk areas. The Guidance recommends monitoring industry trends and ensuring systems and processes are in place for the organization to timely monitor and comply with any regulatory changes in relevant laws. The board should also assess its own processes and functions when a competitor or similar organization has been found to be non-compliant.

The Guidance reminds boards that compliance is system-wide and not only a function of the organization’s legal, audit, or compliance departments. To instill this system-wide approach, boards may assess employee performance in adhering to compliance. This can be done at the individual, department, or facility levels. The results of these assessments can be linked to the provision or withholding of employee incentives, such as time off, merit increases, and bonuses.

Finally, the Guidance recommends that board members make every effort to increase their knowledge of applicable and emerging regulatory trends and risks – as well as the role of the organization’s compliance, legal, and audit programs to mitigate those risks. Boards are encouraged to use the many publicly-available compliance resources as benchmarks, including the Federal Sentencing Guidelines, the OIG’s voluntary compliance program guidance documents, and OIG Corporate Integrity Agreements. These documents can be used to develop internal organization systems, processes, and controls. The Guidance notes that although smaller organizations may have fewer resources, they are required to maintain and demonstrate the same level of commitment to compliance. However, for smaller, less complex organizations, this may be done with less formality and resources than would be expected for larger, more complex organizations.

Those interested in reading the Guidance can find it here.

About the Authors

Paul Barrett

Paul Barrett is a partner of the firm’s Health Law group. He provides corporate legal counsel to healthcare clients. You can find him on LinkedIn.

Jeffrey Chase-Lubitz

Jeffrey Chase-Lubitz is a partner and head of the firm’s Providence office. He provides strategic guidance and corporate legal counsel to healthcare clients. You can find him on LinkedIn.


Health Law



Research Misconduct


This website presents general information about Summit Health Law Partners and is not intended as legal advice nor should you consider it as such. You should not act upon this information without seeking professional counsel.

Please note that contacting Summit Health Law Partners by email, telephone or facsimile will not establish an attorney-client relationship, obligate us to act as your attorney or impose an obligation on either the law firm or the receiving lawyer to keep the transmitted information confidential. Completion of Summit Health Law Partners' new client intake protocol, including without limitation the firm’s conflicts checking process and an engagement letter, is necessary to establish an attorney-client relationship. Absent a current attorney-client relationship with Summit Health Law Partners, any information or documents communicated or transmitted by you to Summit Health Law Partners will not be treated as confidential, secret or protected in any way. If you are not a current client of Summit Health Law Partners, please do not send any confidential information to us through this website or otherwise concerning any potential or actual legal matter you have. Before providing any confidential information to us, you must obtain permission to do so from one of the firm’s lawyers. By clicking "Accept," you acknowledge that we have no obligation to maintain the confidentiality of any information you submit to us unless we already represent you or unless we have agreed to receive limited confidential material/information from you as a prospective client.

If you would like to discuss becoming a client, please contact one of our attorneys to arrange for a meeting or telephone conference. If you wish to disclose confidential information to a lawyer in the firm before an attorney-client relationship is established, the protections that the law firm will provide to such information from a prospective client should be discussed with the firm attorney before such information is submitted. Thank you for your interest in Summit Health Law Partners.