The Health Care Compliance Association (HCCA) and the Society for Corporate Compliance and Ethics (SCCE) released a survey last month that focused on the relationship between compliance officers and their Boards of Directors. This is a fascinating relationship; as those of you in the industry know, it’s been evolving over time and thanks amendments to the Federal Sentencing Guidelines in 2010, which stated that individuals with operational responsibility for the compliance program must have direct reporting obligations to the Board, Boards are now more involved. The survey found that more than 60% of CCOs in health care report directly to the board. Among those who don’t 62% report to the CEO, 12% to legal and about 3% to the CFO. And very importantly, 64% of health care compliance officers say their reports are not “pre-screened or edited” by the general counsel or others before being presented to the board. That is crucial for independence.
This is all as it should be, as an organization’s Board is (or should be) a key driver and supporter of its ethics and compliance program, as that is a primary protection mechanism against risk.
The survey found some interesting statistics, which I’ll outline below, but what I’m curious about are the questions that weren’t asked. How many Directors actually take the Code of Ethics training? How many Directors understand or influence the method by which compliance policy certification is handled in the organization? Do the Directors understand the internal investigations process or how often compliance policies are reviewed? How many Directors know the number to the hotline or the process by which they should report any misconduct they themselves learn of? Those may seem like low-level details, but I’d argue they are at the very core of mitigating serious risk within the organization.
It is encouraging that 59% of health care compliance officers “felt that the board values the compliance and ethics program a great deal.” For all survey respondents, inside and outside health care, the numbers were highest (63%) among publicly traded companies, perhaps reflecting greater pressure for boards to support compliance. Of course there is room for improvement there. However, again, in a highly regulated industry like healthcare, policy management is crucial – employees must understand what’s expected of them in terms of their behavior, and your organization should have a robust compliance policy certification process in place, so you know which employees certified to which versions of which policies on which dates. Unfortunately, it seems like Directors don’t often think about these kinds of details until it’s too late.
Understand The Real Value of Compliance Policy Certification
As the head of marketing at The Network, I understand that no compliance officer wakes up and thinks: “Wow, I need an integrated suite of software applications that lets me manage my code of conduct, organize my compliance policy certification, train my employees, conduct compliance investigations and report and analyze across all of that data!” That is one of my challenges… I have to figure out how to speak to people like these health care compliance officers and Directors in a way that makes them understand how we can provide value.
It’s important that health care compliance officers and Directors understand that they have to drive the need for the essential functions that Blue Hill Research refers to as “the front end of compliance,” which is ethics and compliance training and compliance policy certification. That’s a good place for highly regulated industries, like health care, to start, because it’s about protection; setting the boundaries for expected behavior and then training the employees on those boundaries.
Back to the survey, 77% of compliance officers across all industries said they are “responsible for escalating very serious allegations and/or investigations of noncompliance to the board.” The survey also asked compliance officers were also asked what “attributes” are most important to their jobs. The three that received the top rating were independence, confidence and assertiveness/decisiveness. I’m not surprised independence was first – based on several conversations I’ve had with compliance officers, their ability to be independent and to be perceived as independent by employees is absolutely vital to their success.
I think the survey data is encouraging and it looks like, at least in health care, things are moving in the right direction and compliance officers and Boards of Directors are making significant progress, which is great news. Health care is highly regulated so having a well-designed, well-implemented ethics and compliance program is critical for a company’s risk mitigation efforts. I’ll be on the lookout for next year’s survey from HCCA and SCCE and I’ll be looking for the trends… and maybe they will ask a few of my suggested questions.