As the US government's top law enforcement agency targets corporate fraud and individual accountability, what will be the impact on the healthcare industry?
The US Department of Justice’s (DOJ’s) recently announced enforcement focus on battling corporate fraud and ensuring that individuals are held accountable for wrongdoing has direct implications for the healthcare sector. Indeed, the shift is a signal that healthcare firms should review and bolster their compliance programs.
“Accountability starts with the individuals responsible for criminal conduct,” Deputy Attorney General Lisa Monaco told a legal conference on white collar crime last month. “It is unambiguously this department’s first priority in corporate criminal matters to prosecute the individuals who commit and profit from corporate malfeasance.”
DOJ enforcement policy changes
Monaco announced three elements to the Justice Department’s approach. The first was restoring prior guidance that, to be eligible for any cooperation credit, companies must provide the department with “all non-privileged information about individuals involved in or responsible for the misconduct at issue.” Monaco made it clear that the company must identify “all individuals involved in the misconduct, regardless of their position, status, or seniority.”
This action is a revitalization of the so-called Yates memo issued in 2015 by then-Deputy Attorney General Sally Yates. In 2018, then-Deputy Attorney General Rod Rosenstein walked back the Yates memo policy over DOJ concerns that the approach could result in less self-reporting from companies out of fear that an inadvertent omission of any relevant fact or the name of a low-level employee could negate cooperation credit while exposing the company to prosecution.
Monaco emphasized the importance of identifying all individuals — not only those deemed to have been “substantially involved” — in order to assist investigators. She downplayed the risk that the government would “unfairly prosecute minimal participants.”
The second change involved how a company’s prior misconduct will affect DOJ decisions about the “appropriate corporate resolution.” Monaco’s new guidance to prosecutors will require them to consider the “full criminal, civil, and regulatory record of any company” when deciding on the appropriate resolution and not just the “narrower subset of similar misconduct.” The move will “harmonize” how the department treats corporate and individual criminal histories.
The DOJ’s final change involved the use of corporate monitors. Monaco noted that any resolution with a company “involves a significant amount of trust on the part of the government” — trust that the company “will commit itself to improvement, change its corporate culture, and self-police its activities.” Monaco explained that where prior department guidance suggested that “monitorships are disfavored or are the exception,” she was rescinding that guidance. Instead, the department will be free to impose independent monitors whenever it is appropriate to ensure a “company is living up to its compliance and disclosure obligations” under a resolution agreement.
Implications for healthcare
Certain areas of the DOJ’s focus have direct implications for the healthcare sector. Data analytics, for example, plays a “larger and larger role” in corporate investigations, Monaco noted, specifically mentioning healthcare fraud. She also highlighted the how “cyber vulnerabilities” open companies to foreign attacks — a situation that has been dramatized by a number of ransomware attacks on healthcare systems in recent years.
Monaco said her advice was intended to reach the “C-Suite and boardroom” and that she appreciated the “difficult conversations that arise surrounding compliance and measures designed to proactively stop misconduct” as well as the “tradeoffs that may need to be considered when making investment decisions.” However, she also identified the importance of corporate culture. A “corporate culture that fails to hold individual accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results,” she said.
Healthcare entities should begin reviewing their compliance programs to “ensure they adequately monitor for and remediate misconduct,” Monaco advised, adding that companies that fail to do so will face negative consequences.
Boards and executives should understand that they may bear individual accountability in situations where they had involvement with decisions or failures to act that resulted in misconduct occurring. Additionally, in situations where providers are required to self-report misconduct, a full and complete disclosure of all individuals involved will be necessary to ensure any cooperation credit from the DOJ in subsequent actions. The company should not limit the disclosure to only the most significant actors or actions, she said.
Ultimately, Monaco’s announcement serves as a warning to all corporations, including healthcare providers and health insurers, that no quarter will be given in the prosecution of white collar crimes. Companies and their boards should be aware that the DOJ will pursue not only the corporations but also the individual decision makers at all levels.