Health Law Blog

ATTENTION HEALTHCARE PROVIDERS: USDOJ Evaluation of Corporate Compliance Programs

On September 23, 2024, the Criminal Division of the United States Department of Justice (DOJ) released an evaluation of corporate compliance programs. The purpose of this evaluation is to provide guidance on how the DOJ factors in corporate compliance programs when making determinations concerning criminal charges involving corporate misconduct, as well as how effective compliance programs impact possible plea deals and settlement agreements.

The DOJ highlights that they do not use any rigid formula when making determinations about the effectiveness of corporate compliance programs. The guidance states that the DOJ will make a “reasonable, individualized determination in each case that considers various factors including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, which might impact its compliance program.” However, they pose three questions that they refer to in their determinations, and they are discussed below.

1.  Is the Corporation’s Compliance Program Well Designed?

The evaluation outlines specific considerations when answering whether the program is “well designed.” Some of those considerations are as follows:

Risk Assessment– Prosecutors are instructed to evaluate how the company has “identified, assessed, and defined its risk profile, including specific factors that mitigate the company’s risk, and the degree to which the program devotes appropriate scrutiny and resources to the remaining spectrum of risks.” Specifically, the guidance mentions a company’s ability to assess the risks related to the use of artificial intelligence (AI), including conducting risk assessment and mitigation strategies.

Policies and Procedures– The DOJ will evaluate what the company’s processes and efforts have been when designing and implementing policies concerning corporate oversight. Mainly, this means if the program demonstrates a full commitment to full compliance with federal laws.

Training and Communications– Whether the training programs being offered to employees are in the appropriate language for the audience. When determining the proper course of action, the DOJ will look at what senior management has done to properly train its staff in the company’s position on misconduct and what resources are available to provide guidance relating to compliance policies.

Confidential Reporting Structure-The evaluation will include whether the company has implemented an anonymous or confidential system for reporting allegations of misconduct. It is imperative that the reporting structure creates an atmosphere that encourages reporting without fear of retaliation.

2.  Is the Program Being Applied Earnestly and in Good Faith? In other words, is the program adequately resourced and empowered to function effectively?

The DOJ highlights that many compliance programs are merely “paper programs,” meaning that they are not effective as designed to be implemented. Some of the considerations to make this determination are as follows:

Commitment by Senior and Middle Management– An evaluation of a company’s corporate compliance programs will evaluate its senior and middle management actions regarding their commitment to compliance.

Autonomy and Resources– Prosecutors will look to ensure that the personnel and resources within the compliance function are sufficiently qualified, resourced and autonomous from management to make independent judgements of compliance.

Consequence Management– Incentives and disincentives for non-compliance are another factor to determine the sufficiency of a compliance program. Additionally, the company maintaining clear consequence management procedures, including investigation and discipline, for non-compliance will lend itself to a strong compliance program.

3.  Does the Corporation’s Compliance Program Work in Practice?

The guidance also notes that the “existence of misconduct does not, by itself, mean that a compliance program did not work” but the DOJ will evaluate how the misconduct was detected and the thoroughness of the company’s remedial measures. The following are guideposts used to determine the effectiveness of the compliance program:

Continuous Improvement– To be considered effective, the compliance program must have the capacity to improve and evolve. DOJ prosecutors may “reward efforts to promote improvement and sustainability.”

Investigation of Misconduct– Investigations of any allegations or suspicions of misconduct must be timely and thorough.

Analysis and Remediation of Any Underlying Misconduct– Appropriate analysis and disciplinary actions taken against the employee responsible for the misconduct serves to a strong compliance program.

Conclusion

Health care facility administrators are encouraged to familiarize themselves with these new guidelines as they serve as a lighthouse to direct participants in governmental programs, including the Medicare, Medicaid and TRICARE programs. An understanding of these guiding principles can help mitigate potential enforcement actions from the DOJ.

For more information or legal guidance on compliance programs, please contact David R. Ross, Esq. at dross@oalaw.com  or (518) 312-0167.

Michael E. Reid, Law Clerk, contributed to this article.

Related Practice Areas

Back to Top