The OIG has made it clear that the Chief Compliance Officer should have independence from and with a direct line of authority to the Board of Directors or Compliance/Audit Committee.
This means that the CCO should not report directly to the General Counsel. This can create tension and power shifts in an organization that is not ready to or able to cope with the new structure.
When one thinks of managing risk and limiting legal liability of a healthcare company, the first position that comes to mind is the General Counsel.
After all, he/she is traditionally the person for whom Management or the Board will hold responsible for identifying and solving without litigation or fines and penalties.
For the structure to work, the CCO should be treated with equal clout within the organization with the legal counsel and be given the independent autonomy, authority and resources to do their job effectively.
This does not mean that other C-Suite officers or the General Counsel has lost a seat at the table or as an integral part of the ultimate compliance action to be taken by the CCO.
Positions such as the Chief Financial Officer, Chief Operations Officer, Chief Human Resources Officer and Chief Nursing Officer should be included in overall compliance decisions since each has an integral role in the billing, audits, potential fraud a prevention and education of compliance at the company.
Returning back to the tension between the CCO and General Counsel, both of these important positions play a key role in the ultimate compliance of the company and its procedures. Thus, creating tension as to who is the best position to hold ultimate responsibility of this function.
Further, in many instances, the problem exists because the CCO is given too narrow of a mission. The mission usually goes something like this – “Make sure that the organization complies with all laws and regulations and is able to discern and deal with any possible infractions or non-compliance.” Sounds kind of legalese doesn’t it? Like the company lawyer should be involved, right?
The General Counsel’s role is to guide, counsel and defend the company. So, naturally, the legal department would need to know of audit results and possible legal policies and contractual language that should be taken into account in order to avoid non-compliance.
Lawyers tend to sometimes inhibit compliance because people fear messing up and getting caught.
If the General Counsel performs his/her job effectively, he/she will be seen as a “deal maker not a deal killer”, thus opening up the opportunity for open dialogue and a culture of seeking advise on how to comply with a law or regulation and minimize company risks. (Also keep in mind the conflict that can arise if the General Counsel discovers wrongdoing by an employee. At this point, the General Counsel’s job is to defend the company, not the individual).
The only way to solve this is to create clear definitions, scope and structure to the process. The Board should be the ultimate enforcer of this structure and ensure that the organization is compliant at all times.
In an ecosystem of compliance in harmony with the law, the CCO will coordinate their efforts to keep the company in full compliance and let the General Counsel define the rules and the CCO to make sure policies are set and tested to ensure compliance of them.
The CCO deserves a seat at the table if the company is to operate in full transparency and in a well-oiled ecosystem of trust, compliance and adherence to the law and what is right.
Sources: https://oig.hhs.gov/fraud/docs/complianceguidance/040203CorpRespRsceGuide.pdf
https://oig.hhs.gov/fraud/docs/complianceguidance/CorporateResponsibilityFinal%209-4-07.pdf
