publications full of ideas

U.S. Department of Justice Issues New Guidance on Evaluation of Corporate Compliance Programs


On February 8, 2017, the Fraud Section of the U.S. Department of Justice (DOJ) published new guidance titled “Evaluation of Corporate Compliance Programs” (Compliance Guidance), which can be found at In determining whether to bring charges against or negotiate plea agreements with hospitals or other organizations, federal prosecutors are required to consider “the existence and effectiveness of the corporation’s preexisting compliance program” as well as the corporation’s remedial efforts “to implement an effective corporate compliance program or to improve an existing one.” The new Compliance Guidance provides “important topics and sample questions” that prosecutors may use in evaluating a hospital’s compliance program in the context of a criminal investigation. While not a departure from past advice, the guidance is a useful distillation of principles from a number of sources and underscores the fact that a hospital must go beyond remediation of the particular issue and evaluate its implications for the compliance program on an organization-wide basis.

Although the DOJ’s fraud investigations are not limited to health care fraud, the health care industry continues to be a major target. Of the more than $4.7 billion obtained by the DOJ for the federal government in settlements and judgments from civil cases involving fraud and false claims in the fiscal year ending September 30, 2016, $2.5 billion came from the health care industry, including drug companies, medical device companies, hospitals, nursing homes, laboratories, and physicians.

The Compliance Guidance acknowledges that the DOJ’s evaluation of the effectiveness of a compliance program is an individualized determination based on the facts of each case. However, the guidance provides topics and sample questions that the Fraud Section has “frequently found relevant” in evaluating compliance programs. The sample questions are organized under eleven broad topics that make it clear the evaluation of compliance programs will examine the effectiveness of the program throughout all aspects of the organization. The topics and highlights of the questions identified are as follows:

  1. Hospital’s Analysis and Remediation of Underlying Misconduct. What is the hospital’s analysis of the root cause of the misconduct? Did the hospital miss prior opportunities to detect the misconduct? What specific remediation has been taken to address the root cause and missed opportunities identified?
  2. Leadership by Senior and Middle Management. Have senior leaders demonstrated leadership in the hospital’s compliance and remediation efforts? What actions have they taken to discourage the type of misconduct committed and demonstrate their commitment to compliance and remediation efforts? Has the board of directors held executive sessions on compliance functions and examined relevant information in exercising its oversight of the area in which the misconduct occurred?
  3. Autonomy and Resources of Compliance Team. Was the hospital’s compliance team involved in the decisions relevant to the misconduct? Is the compliance team sufficiently independent, qualified, well compensated, and given access to key decision-makers (including the board of directors) to be effective?
  4. Compliance Policies and Procedures. What has been the company’s process for designing and implementing new compliance policies and procedures? Has the hospital provided clear guidance and training to key gatekeepers in the areas relevant to the misconduct? Who has been responsible for integrating compliance policies and procedures into the hospital’s operational framework? What controls failed or were absent that would have detected or prevented the misconduct?
  5. Risk Assessment. What are the hospital’s procedures to regularly identify, analyze, and effectively address particular risks through its compliance program, including the specific risks involved in this misconduct?
  6. Employee Training and Communications. What training does the hospital provide to its employees who serve in relevant control functions, and is it sufficiently customized for high-risk and control employees to effectively address the area in which the misconduct occurred? How has senior management informed employees about the hospital’s position on the misconduct? Are sufficient resources available to employees to provide guidance relating to compliance policies?
  7. Confidential Reporting and Investigation. Has the hospital properly collected, analyzed, and used information from its reporting mechanisms, and has it assessed the seriousness of the allegations? How has the hospital ensured that the investigations into the misconduct are properly scoped, independent and objective, and appropriately conducted and documented? Has the hospital used the investigation to identify root causes, system vulnerabilities, and accountability lapses among managers, and to properly respond to the findings?
  8. Employee Incentives and Disciplinary Measures. How has the hospital incentivized compliance and ethical behavior, and have disciplinary actions and employee incentives been fairly and consistently applied? Did the hospital take appropriate disciplinary action in response to the misconduct, holding managers accountable for misconduct under their supervision where appropriate?
  9. Continuous Improvement, Periodic Testing, and Review. Does the hospital conduct routine internal audits, testing, and monitoring relevant to the misconduct, and what were the findings? How did management and the board follow up on these findings? How often has the hospital updated its risk assessments and reviewed its compliance policies, procedures, and practices?
  10. Management of Third-Party Contractors. What mechanisms are used to ensure that specific contract terms are performed by third-party contractors, payment terms are appropriate, and compensation is commensurate with the services rendered? Has the hospital monitored third-party contractors and analyzed the third party’s incentive model against compliance risks? Has the hospital trained the appropriate relationship managers about the compliance risks and how to manage them?
  11. Mergers and Acquisitions. Has the compliance function been integrated into the hospital’s merger, acquisition, and integration process? What is the hospital’s procedure for tracking and remediating misconduct risks identified during the due diligence process?

In today’s climate of heightened federal scrutiny, every hospital is required to establish and maintain an effective compliance program. Among the many other governmental resources available on this subject, the recent Compliance Guidance is probably the clearest statement to date of the DOJ’s primary focus areas in evaluating the effectiveness of a corporate compliance program. In this document, the DOJ provides details about the type of misconduct remediation it is looking for, and the need for the hospital to identify, if possible the systemic issues that allowed the misconduct to occur. The Compliance Guidance also reflects the increased attention given by the DOJ to actions of senior management and the board of directors and their demonstrated commitment to compliance efforts. Hospitals would be well advised to review this document carefully in evaluating their present compliance programs.

Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601 | © Poyner Spruill LLP. All rights reserved.

related information

what's new at the firm

Mayo named Client Choice Award winner in North Carolina


RALEIGH, N.C. — Poyner Spruill partner Kelsey Mayo has been named the 2019 Client Choice Award winner in the Employment & Benefits category for North Carolina.

Terminating Employment: Best Practices to Navigate the Termination Minefield


How an employer manages an employment termination is often the determinative factor in whether an employee sues for wrongful termination. This webinar discussion focuses upon best practices that should be used to minimize frequency of post-termination lawsuits, severance and release considerations, and essential planning and documentation for termination of an employee.

WEBINAR: The Regulators’ Update


Leadership of the N.C. Adult Care Licensure Section, along with members of the p.s. Health Law Team, will present an update on adult care home survey and regulatory issues, including new developments in regulatory interpretation and application during surveys by the Adult Care Licensure Section.

Poyner Spruill's Hobbs leading client relations presentation at UNC School of Law's Festival of Legal Learning


RALEIGH, N.C. — Poyner Spruill’s Brandi Hobbs will again be a featured speaker in the UNC School of Law’s Festival of Legal Learning. The two-day event offers attendees the chance to earn up to 12 CLE credits and will take place Friday and Saturday, Feb. 8-9, at The William & Ida Friday Continuing Education Center in Chapel Hill.

Twenty attorneys at Poyner Spruill honored in 2019 Super Lawyers list


RALEIGH, N.C. — Poyner Spruill LLP is pleased to announce 16 attorneys at the firm have been selected to the 2019 North Carolina Super Lawyers list. No more than 5 percent of the lawyers in North Carolina are selected.