Healthcare governance and compliance in the era of 'fraud, waste and abuse': cutting through best practices to find effective practices.

• Author: Martin, Summer H.

Following the recent financial meltdown, outside influence on internal board operations has increased dramatically. Shareholders, upset with the market, have lashed out at corporate boards demanding, as with "say on pay," a greater voice in the company. Legislators have responded with the introduction of new bills, most notably the Shareholder Bill of Rights Act of 2009. Policymakers have used the meltdown as a catalyst to introduce new opinions and best practices on many governance topics, such as executive compensation and succession planning. Meanwhile, in the midst of increased budgetary and political pressures, healthcare regulators have strengthened their healthcare enforcement efforts and reiterated their intentions to hold officers and board members responsible for healthcare companies' regulatory compliance. With all of the activity from shareholders to regulators to thought-leaders, boards are left to sift through the plethora of standards, regulations and opinions to synthesize a working governance plan for their company.

[ILLUSTRATION OMITTED]

[ILLUSTRATION OMITTED]

Healthcare companies historically have operated within the complex menagerie of healthcare laws, including regulations and guidance on both a federal and state level. Now they also are faced with increased government focus, backed by enhanced regulatory and enforcement resources provided through recent legislation such as the Patient Protection and Affordable Care Act and the Fraud Enforcement and Recovery Act of 2009.

While constructing a governance and compliance model is often a complex and onerous task, it is important that boards get governance and compliance right, particularly in this new environment. Corporate governance during the pre-financial (and certainly pre-Enron) era consisted primarily of board deference to management; management prerogative ruled, with little, if any, board oversight. At the board level, risk management for many companies meant a report on insurance coverage; nothing like today's focus on risks to the business and the corporation's compliance with laws. The dynamics of the compliance "system" were simple: employees did what they were told to do by supervisors, who received their orders from senior management. Systematic oversight was minimal as more robust governance/compliance systems were perceived as costly and unnecessary.

In light of emerging stakeholder dynamics, particularly in healthcare, governance compliance is a value...