New Department of Justice Policy on Corporate Criminal Enforcement – What it Means for Health Care Providers
Reprinted with permission from Birmingham Medical News (December 2022).
On September 15, 2022, Deputy Attorney General Lisa Monaco announced significant updates to the Department of Justice (the Department) corporate criminal enforcement policies, with an emphasis on individual accountability, stricter requirements for corporate cooperation credit based on past conduct, and a call for organizations to self-report misconduct (Deputy Attorney General Lisa O. Monaco Delivers Remarks on Corporate Criminal Enforcement | OPA | Department of Justice, September 15, 2022). The new policies mean the Department will take a more aggressive approach to corporate criminal enforcement, including enforcement against individuals, and health care providers should be mindful of this heightened scrutiny.
Individual Accountability and Self-Reporting
Individual accountability was described by the Department as a “number one priority” and the policy changes are designed to expedite investigation and prosecution of not only culpable health care providers, but also individuals involved in the misconduct. Under this new enforcement policy, providers are expected to fully disclose to the Department culpable individuals and all related information connected with corporate misconduct. Health care providers that fail to timely report and fully cooperate with the Department are more likely to forfeit the ability to secure a non-prosecution agreement (NPA) or deferred prosecution agreement (DPA). NPAs and DPAs provide the government with tools to reach a settlement agreement with providers. An NPA typically does not result in any charges being filed against the provider and it does not require the provider to admit liability. A DPA is an agreement which requires the provider to admit to the underlying conduct and if the provider fulfills certain conditions, which can include a term of probation, restitution, community service or other relevant conditions, the government agrees to dismiss the charges. The obvious benefits to both a non-prosecution and deferred prosecution is that you avoid a criminal conviction.
While voluntary disclosure of corporate and personal misconduct is stated by the Department to be “the clearest path for a company to avoid a guilty plea or an indictment”, such action must be carefully considered since it alerts the Department to conduct that it might not otherwise identify. In the absence of aggravating factors, the Department will not seek guilty pleas if the provider voluntarily and timely self-reports, cooperates fully, and remediates the conduct. It should be noted that some health care laws require mandatory reporting and return of overpayments to federal and state health care programs, where failure to do so could result in sanctions under the federal False Claims Act. The Department has made clear that it favors and rewards providers that disclose misconduct rather than attempting to cover up or downplay the fault. To earn credit for cooperation, providers must be proactive and genuine in efforts to cooperate and remediate the situation. This includes a willingness to name individuals suspected of wrongdoing, linking compensation to compliance, and implementing policies to claw back compensation for those who participated in the misconduct.
The Department’s emphasis on “moving faster” will likely accelerate the pace of health care fraud investigations and in some instances could force a provider to address decisions about connections to criminal conduct before having the benefit of a complete internal investigation. It is important to engage experienced counsel early in the process to navigate the decision to cooperate, to negotiate cooperation credit up front and/or to secure additional protections while at the same time conducting a robust internal investigation into the misconduct.
History of Misconduct
The Department’s corporate enforcement policy also includes details on how prior misconduct will be evaluated by prosecutors. The Department will consider misconduct occurring within the past 10 years, particularly misconduct involving the same personnel or management. In evaluating whether to prosecute a provider or individual, prosecutors will consider facts and circumstances surrounding the prior misconduct and whether the conduct reflects a broader cultural or compliance weakness. As a practical matter, the Department will treat health care organizations and individual providers similar to how individuals are treated in the justice system – when prosecutors are required to consider the individual’s criminal history. Habitual corporate offenders will face more serious consequences, particularly for their failures to reform. Hence, a robust and effective corporate compliance program is critical in avoiding systemic compliance issues.
Elements of a Strong Corporate Health Care Compliance Program
- Written policies, procedures, and standards of conduct — A compliance program must have clearly defined policies and expectations that are published and available to all employees. The policy should include an affirmative commitment to compliance with all applicable state, federal, and regulatory laws.
- Designation of a compliance officer or compliance committee — A compliance program should have a dedicated compliance officer or compliance committee to oversee the implementation and enforcement of the policy. The compliance officer and/or committee should report directly to senior management.
- Effective Training — Providers must ensure all employees are appropriately trained on compliance. This should include new employees as well as routine refresher training with all employees.
- Open lines of communication — Employees at every level of an organization need to have an opportunity to ask questions, seek clarification, express concerns and/or report potential noncompliance without fear of retaliation.
- Risk Assessment — Implementation of a system for conducting an internal audit of the compliance program in order to measure the effectiveness of the program. The audit may include an annual audit and/or periodic monitoring to ensure adherence to regulations and identifying compliance risks.
- Enforcement — Clear, written policies must apply appropriate discipline to those who fail to comply with the program’s expectations and policies.
- Corrective action — If a significant compliance risk or vulnerability is discovered through a reported incident, compliance breach, or internal review, the compliance committee should take timely, decisive action that will reduce the risk of non-compliance.
In the wake of the recent Department policy on corporate enforcement, health care providers should evaluate the effectiveness of their corporate compliance programs. Also, the Department’s renewed focus on compliance provides providers, and particularly their general counsel and/or chief compliance officer, with justification for greater investment in corporate compliance programs. Investigators will evaluate a provider’s compliance program, and the failure to have an “effective” program may inhibit a successful resolution.