Categories
31 Days to More Effective Compliance Programs

Day 31 – Using a Root Cause Analysis for Remediation

The 2020 Update re-emphasized the need to perform a root cause analysis and, equally importantly, use it to remediate your compliance program. It stated, “a hallmark of a compliance program that works effectively in practice is the extent to which a company can conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address the root causes.”
It went on to state what additional steps the company has taken “that demonstrate recognition of the seriousness of the misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risk”).”

The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach using data already in the organization. Identify current and future needs for organizational improvement. Your solution should be a repeatable, step-by-step process in which one method can confirm the results of another. Focusing on the corrective measures of root causes is more effective than simply treating the symptoms of a problem or event, and you will have a much more robust solution in place. This is because the solution(s) are more effective when accomplished through a systematic process with conclusions backed up by evidence.

When you step back and consider what the DOJ was trying to accomplish with its 2020 Update, it becomes clear what the DOJ expects from the compliance professional. Consider the structure of your compliance program and how it inter-relates to your company’s risk profile. When you have a compliance failure, use the root cause analysis to think about how each of the structural elements of your compliance program could impact how you manage and deal with that risk.

Three key takeaways:

  1. The key is objectivity and independence.
  2. The critical element is how you used the information you developed in the root cause analysis.
  3. The key is that after you have identified the causes of problems, consider the solutions that can be implemented by developing a logical approach using data already in the organization.
Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 2

This week, we are exploring a shift in the duties of care owed by corporate officers to the corporation. It is coming through the Chancery Court of Delaware in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst and his part in the creation of an absolute toxic atmosphere of sexual harassment at the very highest levels of the organization. It is styled In re McDonald’s Corporation Stockholder Derivative Litigation, and the court formally recognizes the oversight duties of officers of Delaware corporations. Today we consider the legal reasoning in the opinion.

Yesterday we began a discussion on the legal reasoning. Most compliance practitioners point to the 1996 Caremark decision as the one which set a Board’s duty around compliance. However, there has long been a duty of oversight in Delaware law, for Boards of Directors since at least the 1960s but for officers as well. In 1963, the Delaware Supreme Court established a Board duty when red flags are brought to its attention in the case of Graham v. Allis-Chalmers Manufacturing Co., which held that directors have an obligation to respond if information reached them, but created no affirmative duty to set up an information system to learn about issues within the company. A limited duty of oversight arose only if the directors had already learned enough to suspect that there were issues that needed overseeing. This was termed a “Red-Flags Claim” or a “Red-Flags Theory” of liability. This is also known as “Prong-One” Board liability.

Caremark created that affirmative duty for Board’s to engage in oversight. The Caremark court formulated a “more functional terminology, that species of claim can be called an “Information-Systems Claim” or an “Information- Systems Theory” of Board liability, also known as “Prong-Two” Board liability. In this type of case, a plaintiff typically pleads a prong-two Caremark claim by alleging that the board’s information systems generated red flags indicating wrongdoing and that the directors failed to respond. In McDonald’s Corp we now see both Prong-One and Prong-Two liability expanded to officers.

The Court of Chancery listed three key sources for expanding this duty from Boards to officers.

  1. Management runs a company. While Board’s oversee management, “most corporations are managed ‘under the direction of’ the board.” Moreover, “In the typical corporation, it is the officers who are charged with, and responsible for, running the business of the corporation.” Finally, “Because of this reality, “[m]onitoring and strategy are not exclusively the dominion of the board. Actually, nondirector officers may have a greater capacity to make oversight and strategic decisions on a day-to-day basis.”
  2. Boards depend on information from management. Here the court noted that “For relevant and timely information to reach the board, the officers who serve as the day-to-day managers of the entity must make a good faith effort to ensure that information systems are in place so that the officers receive relevant and timely information that they can provide to the directors.” From this, “it follows that officers must have a duty to make a good faith effort to establish an information system as a predicate to fulfilling their obligation to provide information to the board.”
  3. Compliance systems required under the USSG. The US Sentencing Guidelines (USSG) mandate that “[h]igh- level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline.” This requirement includes that “Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.” The USSG goes on to define an organization’s “high-level personnel” as “individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization,” which includes “a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest.” This has the added benefit of putting compliance professionals directly in the path of liability created in this decision.

Interestingly since the Delaware courts had not explicitly expanded the duty of oversight to offices, the court looked at some bankruptcy court decisions for guidance. Here the Delaware court found, there were both Prong-One Red Flag claims and Prong-Two Information Systems claims available against officers under certain circumstances. The Delaware court concluded this section with the following “All of the foregoing authorities start from the premise that officers owe the same duties as directors. Because directors owe a duty of oversight, these authorities reason that officers owe a duty of oversight. That logic is sound.”

In a section I found very interesting, the Delaware court noted that officers have fiduciary duties to the corporation akin to those duties agents owe their principals. Here the court pointed to a prior Delaware decision, which “recognized a standard of conduct at the officer level that included a duty to act carefully, loyally, and in good faith to gather and provide information, with the standard of liability for the care dimension of the duty measured by gross negligence. By recognizing the duty to provide information, Hampshire lays the foundation for an officer-level duty consistent with an Information-Systems Theory.” The Court also found there is officer accountability to the Board which supports this extension of the duty of oversight to officer.

With this legal underpinning in place, please join me tomorrow to explore how this decision will impact Chief Compliance Officers.

Categories
Innovation in Compliance

Innovation Through Comprehensive UX with Ben Seals

Tom Fox hosts Ben Seals, CEO of Thomas Eye Group, on this episode of Innovation In Compliance. They delve into the company’s innovative approach to employee, customer, and business process experience. They also talk about how technology is changing how businesses operate and how it will impact healthcare in the future. 

As the CEO of Thomas Eye Group, a full-service eye care provider, Ben Seals brings a wealth of experience to the table. With a background in operations, customer service, payor/provider contract relations, and acquisition integration, he has a diverse set of skills that he leverages to oversee the execution of the company’s strategic vision. At Thomas Eye Group, the mission is to provide a lifetime of outstanding eye care, with a focus on sustainable growth that prioritizes patient care. 

 

Here are some key points Tom and Ben discuss:

  • Ben talks about his professional background and his current role at Thomas Eye Group.
  • Thomas Eye Group was recently awarded with the ModMed Innovation Award, for their innovation in healthcare and patient-centric approach.
  • Ben tells Tom that they have improved customer communication by enabling patients to easily schedule and reschedule appointments online, streamlining the process and reducing time spent in the office.
  • With ModMed, doctors can access patient data through a single platform, which addresses the issue of disparate information across several systems, allowing them to make better, more informed decisions and engage with patients during face-to-face conversations.
  • Ben explains that ASC has improved customer experience by using the Modmed ASC platform. The need to transfer paperwork between different sites has been eliminated as it is fully integrated with the practice management system, allowing for seamless coordination of care and electronic consent forms to be shared with patients.
  • Ben explains ModMed Pay and Text to Pay and what methods were used to be able to improve efficiency in the payment process, both in pre-visit and in post visit payments.
  • By using a text message feature, patients are informed about their balance with insurance companies and asked for payments, resulting in a significant increase in the number of payments made.
  • Ben describes what new innovations he sees down the road for Thomas Eye Group and ModMed. 

 

KEY QUOTATION:

“The ability to text patients real time, have a cadence of communication and ask for receipt of those payments delivered significant results for our revenue cycle team.” – Ben Seals

 

Resources 

Ben Seals | LinkedIn 

Thomas Eye Group

ModMed

Categories
Daily Compliance News

January 31, 2023 – The Company That Bribed the World Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Stormy Daniels hush money case goes to NY grand jury. (NYT)
  • Too embarrassed to drive a Tesla. (BBC)
  • J&J’s attempt to escape talc powder liability fails. (Reuters)
  • Saman Ashani was sentenced in the US. (FT)