New DOJ Policy on Corporate Criminal Enforcement: What It Means for Health Care Providers | Burrs and Form

Reprinted with permission from Birmingham Medical News (December 2022).

On September 15, 2022, Assistant Attorney General Lisa Monaco announced significant updates to the Department of Justice’s (Department’s) corporate criminal enforcement policies, with an emphasis on individual responsibility, stricter requirements for corporate cooperation credit based on past conduct and a call for organizations to self-report misconduct (Assistant Attorney General Lisa O. Monaco Offers Comments on Corporate Criminal Enforcement | takeover bid | Department of Justice, September 15, 2022). The new policies mean the Department will take a more aggressive approach to corporate criminal enforcement, including enforcement against individuals, and health care providers must take this heightened scrutiny into account.

Individual responsibility and self-report

The Department described individual liability as a “number one priority” and the policy changes are designed to expedite the investigation and prosecution of not only guilty health care providers, but also individuals involved in the misconduct. Under this new enforcement policy, vendors are expected to fully disclose to the Department guilty individuals and all related information related to corporate misconduct. Health care providers who fail to report promptly and fully cooperate with the Department are more likely to lose the ability to obtain a Non-Prosecution Agreement (NPA) or Deferred Prosecution Agreement (DPA). NPAs and DPAs provide the government with tools to reach a conciliation agreement with providers. An NPA generally does not result in charges being filed against the provider and does not require the provider to admit liability. A DPA is an agreement that requires the provider to admit to the underlying conduct and if the provider meets certain conditions, which may include probation, reinstatement, community service, or other relevant conditions, the government agrees to dismiss the charges. The obvious benefits of both non-prosecution and deferred prosecution is that it avoids a criminal conviction.

While the Department states that voluntary disclosure of corporate and personal misconduct is “the clearest path for a company to avoid a guilty plea or indictment,” such action should be carefully considered, as it alerts the Department to misconduct. that otherwise could not be avoided. to identify. In the absence of aggravating factors, the Department will not seek guilty pleas if the provider voluntarily and timely self-reports, fully cooperates, and remedies the conduct. It should be noted that some health care laws require mandatory reporting and return of overpayments to federal and state health care programs, where failure to comply could result in penalties under the federal False Claims Act. The Department has made it clear that it favors and rewards providers who disclose misconduct rather than attempt to cover up or minimize misconduct. To earn credit for cooperation, providers must be proactive and genuine in their efforts to cooperate and remedy the situation. This includes a willingness to name individuals suspected of wrongdoing, link compensation to compliance, and implement policies to recover compensation from those who engaged in misconduct.

The Department’s emphasis on “moving faster” will likely speed up the pace of health care fraud investigations and, in some cases, could force a provider to address decisions about connections to criminal conduct before having the benefit of an internal investigation. complete. It is important to retain an experienced attorney early in the process to make the decision to cooperate, negotiate cooperative credit in advance, and/or secure additional protections while a robust internal investigation into the misconduct is conducted.

history of misconduct

The Department’s corporate compliance policy also includes details about how prosecutors will assess past misconduct. The Department will consider misconduct that has occurred in the past 10 years, particularly misconduct involving staff or management. In assessing whether to prosecute a vendor or individual, prosecutors will consider the facts and circumstances surrounding the prior misconduct and whether the conduct reflects a broader compliance or cultural weakness. In practice, the Department will treat health care organizations and individual providers in a manner similar to how individuals are treated in the justice system, when prosecutors must consider a person’s criminal history. Habitual corporate violators will face more serious consequences, particularly for their failure to reform. Therefore, a strong and effective corporate compliance program is essential to avoid systemic compliance problems.

Elements of a Strong Corporate Healthcare Compliance Program

1. Written policies, procedures and standards of conduct — A compliance program should have clearly defined policies and expectations that are posted and available to all employees. The policy must include an affirmative commitment to comply with all applicable state, federal, and regulatory laws.
2. Appointment of a compliance officer or compliance committee — A compliance program should have a dedicated compliance officer or compliance committee to oversee implementation and compliance with the policy. The compliance officer and/or the committee should report directly to senior management.
3. effective training — Suppliers must ensure that all employees are properly trained on compliance. This should include new hires as well as routine refresher training with all employees.
4. Open lines of communication — Employees at all levels of an organization should have the opportunity to ask questions, seek clarification, express concerns, and/or report potential violations without fear of retaliation.
5. Risks evaluation — Implementation of a system to perform an internal audit of the compliance program to measure the effectiveness of the program. The audit may include an annual audit and/or periodic monitoring to ensure compliance with regulations and identify compliance risks.
6. App — Clear, written policies should apply appropriate discipline to those who fail to comply with program expectations and policies.
7. Corrective action — If a significant compliance risk or vulnerability is discovered through a reported incident, compliance breach, or internal review, the compliance committee must take timely and decisive action that reduces the risk of noncompliance.

Following the Department’s recent policy on corporate compliance, health care providers must evaluate the effectiveness of their corporate compliance programs. In addition, the Department’s renewed focus on compliance provides suppliers, and in particular their general counsel and/or chief compliance officer, a rationale for increased investment in corporate compliance programs. Investigators will evaluate a vendor’s compliance program, and the lack of an “effective” program may inhibit a successful resolution.

[View source.]