DOJ Provides Guidance for Corporate Compliance Programs in New Publication

On February 8, 2017, the Department of Justice’s (DOJ’s) fraud section released new guidance for healthcare entities titled “Evaluation of Corporate Compliance Programs.” The new guidelines do not change any of the existing regulations, but rather provide corporate healthcare entities with added insight into how the DOJ assesses compliance violations.

The guidance mainly focuses on updated “Filip Factors,” which are the criteria under which the DOJ evaluates fraud. When a corporate healthcare entity comes under investigation for fraud under laws such as the False Claims Act (FCA), the DOJ has used the Filip Factors to evaluate the next steps to take, including whether to bring charges. Traditionally, characteristics such as whether the corporation has a suitable compliance program in place have been looked at closely when determining the severity of sanctions, and the new guidance continues with that trend.

The new guidance separates its factors into eleven different categories, and provides many example inquiries for each:

1.  Analysis and Remediation of Underlying Conduct (e.g. what was the cause of the misconduct, was it detected earlier and not dealt with, and has the entity taken steps to avoid further misconduct of the same kind?)
2. Senior and Middle Management (e.g. has senior management taken steps to discourage and avoid such misconduct, how is the behavior of managers monitored, and is the board of directors educated in compliance issues?)
3. Autonomy of Resources (e.g. was relevant compliance taught as part of training, does the compliance department of the corporation have sufficient resources and authority, and do compliance personnel have the proper training and experience?)
4. Policies and Procedures (e.g. how have new procedures been designed and implemented, and what compliance controls were ineffective or absent which could have prevented the misconduct?)
5. Risk Assessment (e.g. what methodology has been used to assess risks, and what information did the methodology provide and how was it used?)
6. Training and Communications (e.g. how are employees trained in compliance matters, how was the effectiveness of the training assessed, and are there resources available to give employees guidance?)
7. Confidential Reporting and Investigation (e.g. what sort of reporting system is in place, and how did the corporation follow up and investigate reports of misconduct?)
8. Incentives and Disciplinary Measures (e.g. how has the entity incentivized compliance, and when misconduct has occurred what sort of discipline was given and what parties handled discipline?)
9. Continuous Improvement; Periodic Testing and Review (e.g. has the company audited the area where misconduct occurred, and what changes has the corporation made to avoid future misconduct?)
10. Third-Party Management (e.g. are third-party risk management resources used by the corporation, and if so, how did the third-party’s services relate to the detection of the misconduct?)
11. Mergers and Acquisitions (e.g. if a recent merger or acquisition has occurred, how has compliance been integrated into the transition?)

The DOJ’s new guidance is significant, if only for the fact that it shows the new administration is committed to continuing enforcement of healthcare compliance. It is important for healthcare entities to understand the new guidelines, and use them to develop a more effective compliance program, and avoid misconduct before it occurs.

Wachler & Associates has been a leader in the field of healthcare law since 1985, with a specialty in healthcare compliance matters. If you or your health care entity have questions or concerns about the DOJ’s new guidelines or other compliance issues, please contact an experienced healthcare attorney at (248) 544-0888, or via email at wapc@wachler.com. You may also subscribe to our health law blog by adding your email at the top right of this page.