Health care is a complex, heavily regulated business, and confronting financial concerns and responding to competition and regulatory change have added to boards’ already significant responsibilities. Do these factors make governance a risky business? It can be, but trustees who pay attention to the fundamentals of fiduciary duties and shoulder the responsibilities entrusted in them can minimize risk and, instead, focus on the valuable service they provide to their organizations and communities.

Where’s Your Exposure?

Nonprofit hospitals and systems exempt from taxation are held to the standard of fulfilling their charitable mission. Yet, allegations of insufficient charity care or community benefit, excessive executive compensation, overzealous billing and debt collection practices, and the absence of price and quality transparency have led to scrutiny by the media, the public, policymakers and regulatory authorities.

Ensuring compliance is not a simple task. Regulators are many and trustees must understand their accountabilities. They need to know how to maintain oversight and monitor performance not only to ensure organizational success and viability, but to minimize risk and serve patients in the best way possible.

Board Responsibilities

At the core of the board’s oversight responsibilities are the fiduciary duties of care, loyalty and obedience. According to the Office of Inspector General, the duty of care requires trustees “to act in good faith, with the care an ordinarily prudent person would exercise under similar circumstances.” Further, trustees must act “in a manner that they believe is in the best interest of the corporation.” Understanding and carrying out the duty of care is essential to the management of governance risk.

Compliance program. The OIG has identified several key elements for inclusion in compliance programs: a compliance plan, a designated compliance officer, employee training and education, anonymous reporting or hotline, response systems, corrective actions and audits. To oversee the organization’s compliance at all levels, trustees need to be knowledgeable about both the structure and the operations of the compliance program, and ensure that the necessary components are in place. The board also must ensure that reporting is enabled, and individuals making complaints don’t suffer retaliation; that audits are conducted and effective corrective action plans are implemented; and that it receives regular reports on progress and outcomes to ensure compliance, minimizing exposure to risk for both the organization and the board.

“Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors,” published by the OIG and the American Health Lawyers Association, offers several questions designed to help boards fulfill their responsibility for reasonable inquiry and to better understand the scope of their organization’s compliance program. Examples of these structural questions include:

• What are the goals of the organization’s compliance program?

• What are the inherent limitations in the compliance program? How does the organization address these limitations?

• Does the compliance program address the significant risks of the organization? How were those risks determined and how are new compliance risks identified and incorporated into the program?

The resource also provides questions designed to help evaluate the program’s effectiveness and its reporting system. These operational questions delve into the organization’s code of conduct, policies and procedures, compliance infrastructure, preventive measures and violation responsiveness. Examples of these questions include:

• How do we know that the code of conduct is understood and accepted across the organization?

• Has the organization implemented policies and procedures that address compliance risk areas and established internal controls to counter those vulnerabilities?

• How is the board kept apprised of significant regulatory and industry developments affecting the organization’s risk? How is the compliance program structured to address such risks?

• What processes are in place to ensure that appropriate remedial measures are taken in response to identified weaknesses?

Engagement. Trustees can’t afford to be passive recipients of information. The OIG and AHLA advise that courts have interpreted the duty of care to include a level of due diligence that includes “reasonable inquiry” by the board into the organization’s operations and performance. In other words, trustees must be prepared to exercise their independence by staying well-informed on issues and actively discussing the potential implications for the organization.

Reasonable inquiry also means asking probing questions and challenging the status quo rather than rubber-stamping decisions. To carry out their oversight responsibilities, trustees must ask the questions needed to assure themselves that the board has the information it needs to make prudent decisions, confirm that the administration carries out its management responsibilities, and ensure that the organization complies with applicable laws and regulations.

Quality oversight. In “Corporate Responsibility and Health Care Quality,” a 2007 publication, the OIG underscores its expectation that boards exercise general supervision and oversight of quality and patient safety, including:

• awareness of quality issues, challenges and opportunities,

• close attention to the development of quality measures and reporting requirements (including periodic education from executive staff), and

• receipt of executive updates regarding quality initiatives and associated legal issues.

Trustees should understand that quality of care is increasingly linked to reimbursement, and both the OIG and the Department of Justice have increased their scrutiny of quality and patient safety. Payment for poor quality is viewed as a false claim, and failure to accurately report quality data may be considered potential fraud.

Additionally, both the OIG and DOJ place responsibility for quality of care squarely on the shoulders of the board. Once again, the OIG and the AHLA emphasize the critical importance of the board’s use of reasonable inquiry in the oversight of the organization’s quality performance and present a number of comprehensive questions for board use.

Rebuttable presumption. Among the board’s most important responsibilities is evaluating the chief executive officer’s performance and setting appropriate compensation. The “intermediate sanctions” law, which provides for a “rebuttable presumption,” or the assumption that something is true unless it can be proven otherwise, allows the Internal Revenue Service to penalize individuals who approve or receive “excess benefits.” Excess benefit applies if the CEO’s compensation and benefits are found to be inconsistent with fair market value. By following IRS provisions, the board can reduce its risk exposure when setting executive compensation:

• The hospital’s board of trustees reviews and approves executive compensation, and all of the trustees participating in the review are free from any conflict of interest.

• The board determines the reasonableness of the compensation as part of its review process, using reliable comparability information such as independent compensation consultants, review of Form 990 responses filed by other organizations, or compensation surveys or studies.

• The board maintains contemporaneous, detailed documentation regarding the review and approval of the executive’s compensation.

Get Educated

Trustees who are armed with a clear understanding of their fiduciary duties — including reasonable inquiry — and who are engaged and accountable board participants should be ready and able to manage governance risk, and focus on their service to the hospital and the community. 

Cindy Fineran ( and Nicole Matson ( are senior consultants at the Walker Co. Health Care Consulting LLC, Wilsonville, Ore.