» News & Information

Sentencing Guidelines: What the health care industry needs to know
by Frank Sheeder, Esq.

CCH Healthcare Compliance Letter

CCH Healthcare Compliance Letter

Bi-weekly newsletter features news coverage and discussions on all the latest developments.

Learn More »
The Federal Sentencing Guidelines are usually (and fortunately) the furthest thing from a compliance professional's mind. But (unfortunately) the federal Sentencing Guidelines form the underpinnings of many of the compliance doctrines and practices with which members of the health care industry work every day. In today's enforcement environment and in light of recent statutory changes and proposed amendments to the Organizational Sentencing Guidelines, the health care industry must now pay even more attention to them.

Background. Congress created the United States Sentencing Commission (USSC) in 1984. The USSC is responsible for promulgating federal Sentencing Guidelines. Congress' goal in forming the USSC was to create a federal sentencing structure that would diminish disparate treatment of criminal offenders. In 1987, the USSC issued federal Sentencing Guidelines for individuals. In 1991, the USSC issued federal Sentencing Guidelines for Organizational Defendants (the "Organizational Sentencing Guidelines"), which apply to organizations that are convicted of federal crimes. They allow for imposing fines and restitution and placing the organization on probation.

The Organizational Sentencing Guidelines allow organizations to mitigate sentences if they can demonstrate adherence to 7 elements that demonstrate an effective compliance program. The 7 elements are also the underpinning of the OIG's various Compliance Guidances and the compliance programs that the majority of health care providers have enacted. The 7 elements, which are the minimum standards for an effective compliance program, may be summarized as follows:

  • Compliance standards and procedures that are reasonably capable of reducing the prospect of wrongdoing must be enacted.
  • Specific high-level individuals in the organization must oversee compliance.
  • Discretionary authority must be delegated carefully.
  • Compliance standards and procedures must be communicated throughout the organization.
  • Steps must be taken to achieve compliance through monitoring and auditing, and by having and publicizing a reporting system that prevents fear of retribution.
  • Compliance standards must be consistently enforced through appropriate disciplinary mechanisms.
  • The organization must respond appropriately to wrongdoing and endeavor to prevent similar conduct, which may include modifications to the compliance program.

An organization may also mitigate a sentence significantly by self-reporting, cooperation, and acceptance of responsibility. The OIG has clearly adopted that approach in its Provider Self-Disclosure Protocol and in public statements. An organization's sentence can be harsher, however, in cases where:

  • High-level personnel participated in or condoned the wrongdoing.
  • The organization had a recent prior history of similar misconduct.
  • The organization willfully obstructed or attempted to obstruct justice during the investigation, prosecution, or sentencing stages.

It is therefore important to conduct internal compliance processes, including investigations, in a manner that will withstand scrutiny if government regulators or prosecutors get involved.

Recent changes. The Sarbanes-Oxley Act of 2002 mandated increased penalties for several fraud offenses and criminal conspiracy. Through Emergency Amendments in January 2003 and Amendments effective in April and November 2003, the USSC increased Sentencing Guideline levels for such offenses. There have also been enhancements to the Organizational Sentencing Guideline levels in connection with multi-victim crimes, securities offenses, and obstruction-related crimes.

The PROTECT Act, which was passed in April 2003 and relates primarily to the protection of children, mandated that the USSC limit the availability of downward departures, which allow Federal Judges to diminish sentences determined under the Organizational Sentencing Guidelines. In response, in October 2003, the USSC created amendments that prohibited and otherwise limited such departures in a wide variety of cases. These departures were some of the only means by which white-collar defendants could mitigate sentences. The PROTECT Act also changed appellate review of downward departure issues such that federal judges will likely become more stringent in granting diminished sentences.

Advisory Group proposed changes. The Ad Hoc Advisory Group on the Organizational Sentencing Guidelines (the "Advisory Group") was commissioned by the USSC in September 2001, with the mandate that it analyze the Organizational Sentencing Guidelines. Note that this was before the enactment of the Sarbanes-Oxley Act in July 2002. Section 805(a)(2)(5) of the Act directed the USSC to review and amend the Sentencing Guidelines to ensure that they were "sufficient to deter and punish organizational criminal misconduct. " The USSC asked the Advisory Group, which was comprised of 15 professionals from many disciplines, to "place particular emphasis on examining the criteria for an effective program to ensure an organization's compliance with the law."

The Advisory Group issued a Report on October 7, 2003, in which it recommended substantial changes to the Organizational Sentencing Guidelines. The USSC adopted the Advisory Group's report and formally proposed to amend the Organizational Sentencing Guidelines on December 30, 2003. On November 1, 2004, the USSC issued the amended Sentencing Guidelines.

First, the Advisory Group noted that in spite of compliance programs, it has recently become obvious that substantial corporate wrongdoing by high-level actors at large publicly held organizations went undetected. This caused the Advisory Group to evaluate whether the Organizational Sentencing Guidelines could be made more effective in preventing and detecting legal violations. It concluded that the Organizational Sentencing Guidelines should better address the role of organizational leadership in ensuring that compliance programs are valued, supported, periodically re-evaluated, and operated for their intended purposes. The Advisory Group also acknowledged that it was influenced by recent Congressional emphasis on organizational culture, improved internal reporting, adequate training, auditing and monitoring, and periodic risk assessments.

Second, the Advisory Group observed that much has changed in the field of organizational compliance since the Organizational Sentencing Guidelines were enacted in November 1991. Over those twelve years, legal standards have recognized organizational compliance programs as important features of responsible conduct. The Advisory Group believed that the Organizational Sentencing Guidelines should be updated to reflect those developments.

The Advisory Group's main recommendation was to turn the 7 elements into a separate sentencing guideline. This proposed guideline expands the importance and meaning of the 7 elements. Again, since the 7 elements are the underpinning of the OIG's Compliance Guidances and, therefore, of most health care providers' compliance programs, wise providers should review this proposed guideline to understand current viewpoints about them. They should then adjust their compliance programs and workplans appropriately to assimilate this current thinking.

The Advisory Group recommended that the USSC make the following kinds of modifications to the Organizational Sentencing Guidelines:

  • Emphasize the importance of an organizational culture that encourages a commitment to compliance with the law.
  • Provide a definition of compliance standards and procedures referenced in the Organizational Sentencing Guidelines.
  • Emphasize the importance of adequate resources and authority for individuals who are responsible for the effectiveness of the compliance program.
  • Define the nature of an organization's efforts to determine when an individual in an organization has a reason to know, or history of engaging in, violations of law.
  • Include training and the dissemination of training materials and information within the definition of an "effective program."
  • Add "periodic evaluation of the effectiveness of a program" to the requirement for monitoring and auditing systems.
  • Require a mechanism for anonymous reporting.
  • Include an incentive for organizations to seek guidance about potential or actual violations of law.
  • Provide for ongoing risk assessments as part of the implementation of an effective compliance program.

Another significant aspect of the Advisory Group's report is that it acknowledged, but did not definitively resolve, the reality that the government may ask for the waiver of attorney-client privilege or attorney work product protections as part of an organization's cooperation with the government. This same concept is raised in the OIG's Provider Self-Disclosure Protocol and the Department of Justice's policies for prosecution of organizations. Providers that are engaging in internal investigations or responding to government inquiries should be more vigilant than ever in addressing, planning for, establishing, and considering the prospect of waiving privileges before beginning the compliance process.

The Advisory Group also discussed the litigation dilemma, which may be loosely translated as no good deed goes unpunished. The dilemma is that organizations can be prejudiced because of their good compliance efforts. For example, they can be pressured to waive privileges or protections from discovery, or to turn over internal, self-critical reports aimed at improving compliance. Any voluntary disclosures to the government could then be freely available to hostile third-party litigants. They may also feel pressure to curtail otherwise normal, healthy compliance functions in the following kinds of ways:

  • Hedging against promises of confidentiality that are critical to receiving good information in an internal investigation.
  • Not fully documenting compliance committee activities.
  • Not maintaining initial scores of employees tested on compliance issues.
  • Not sharing the results of audits, investigations, and compliance activities within the organization for fear that they could be disseminated to adversaries or turn employees into whistleblowers.

In short, the reality is that self-imposed and self-critical compliance activities such as auditing, monitoring, and self-reporting can create substantial risks for health care providers which have the counter-productive effect (from a compliance standpoint) of diminishing the use of such processes. This dilemma often creates tension among management, counsel, and compliance professionals.

What should providers do? The amended Organizational Sentencing Guidelines, which have been enacted, represent current viewpoints on compliance from a broad array of perspectives. The Amended Guidelines became effective on November 1, 2004. Moreover, the Organizational Sentencing Guidelines are the foundation for most providers' compliance efforts. Health care providers and their counsel should, therefore:

  • Read the Advisory Group's report.
    • Review organizational policies and procedures to ensure compliance with the current 7 elements and the proposed modifications and clarifications to them.
  • Note the areas of emphasis in the Advisory Group's report, and develop or refine organizational policies and procedures to address them.
  • Before initiating any internal investigation or responding to any government inquiry, address issues relating to establishing, maintaining, and the potential for waiving applicable privileges.
  • Inform senior management and the members of your organization's governing body about the developments and concepts discussed herein. Seek their initial, continued, or increased support and involvement for your compliance efforts.

For more information

CCH’s Healthcare Compliance Professional's Manual gives you the tools you need to plan and execute a customized program that meets federal and state standards. Endorsed by the Health Care Compliance Association. Learn more.

Expert Guide for the Compliance Maze

Hands on Calculator

Health Care Compliance Professional’s Manual

Offers guidance on applying the laws and regulations, and spells out practical, "how-to" compliance solutions. Endorsed by HCCA.

Learn More »

Journal of Health Care Compliance

Protect your organization with the Journal of Health Care Compliance, your first practical source of information on how to avoid government inquiries.

Learn More »
Courtroom with empty chairs