A strong, up-to-date compliance program should be part of a healthcare company's risk management strategy.
On June 1, 2020, DOJ issued additional important updates to its Corporate Compliance Guidance, which was previously updated by DOJ about a year ago, in May 2019. In these updates, DOJ underscored its “individualized determination” for each compliance program “that considers various factors,” including “the company’s size, industry, geographic footprint, and regulatory landscape.”
Health care industry historically faced heightened scrutiny from regulators. Such scrutiny is likely to increase in the era of COVID-19. As a result, a well-designed and well-functioning compliance program is one of the key factors for a risk management strategy of a health care company of any size.
The 2019 Guidance included three fundamental questions that DOJ uses to evaluate corporate compliance programs.
In the 2020 amendments, the first question — is the corporation’s compliance program well designed — remains the same but DOJ provided more detailed and additional information used by prosecutors to evaluate a compliance program.
The 2020 amendments primarily focus on thoroughness and accessibility of the continuing risk assessment, which has to be periodically reviewed and based not on a “snapshot” but upon continuous access to operational data and information across functions. A company should incorporate into its risk assessment “lessons learned” not only from the company’s own issues but also issues of other companies in the same industry and/or geographic location.
The amended Guidance also suggests that a company should periodically test the effectiveness of its program by, for example, tracking a report from start to finish.Likewise, a company should engage in risk management of third parties throughout the relationship and not just during the onboarding process. Likewise, for an M&A transaction, there has to be a process in place ensuring timely and orderly integration of the acquired entity into existing compliance program structures and internal controls.
Question 2 has been amended and now reads: “Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?”DOJ made clear that the investment an organization makes in its compliance program is important. DOJ evaluates an organization’s “investment” in the training and development of compliance personnel. A “paper” compliance program, devoid of the staff and resources needed to implement it, is not sufficient.
The revisions made clear that a company must foster a culture of compliance at all levels of the organization and that culture must be implemented by middle management as well as upper management.
Additionally, DOJ made it clear that an organization should provide its compliance personnel sufficient access to data, allowing them to evaluate and monitor the organization’s policies and controls.An organization’s compliance department should also strive for consistency in its investigations and in any resulting disciplinary actions.
In the 2020 amendments, the third question — does the corporation's compliance program work in practice — remains the same, but, again, DOJ provided more detailed and additional information used by prosecutors to determine if the compliance program works in practice.
In assessing whether a company’s compliance program was effective at the time of the misconduct, prosecutors consider whether and how the misconduct was detected, what investigation resources were in place to investigate suspected misconduct, and the nature and thoroughness of the company’s remedial efforts.
To determine whether a company’s compliance program is working effectively at the time of a charging decision or resolution, prosecutors consider whether the program evolved over time to address existing and changing compliance risks. The 2020 amendments specifically require prosecutors to focus on evolving updates of the program.
The amendments are designed to encourage companies to continue implementing and improving their compliance programs, which might include incorporation of new technology, tracking systems, targeted training, analysis of “lessons learned” and other components of a successful compliance program.
Oksana G. Wright is a partner in the International and Litigation Practice Groups at Fox Rothschild LLP.
Charles A. DeMonaco is a partner in the International and Environmental Law Practice Groups at Fox Rothschild LLP. .
Jana Volante Walshak is partner in the Litigation and Directors’ & Officers’ Liability & Corporate Governance Practice Groups at Fox Rothschild LLP.