Separating compliance and legal: Part 1, Best practices for defining expectations and responsibilities

By Jack A. Rovner

Jack Rovner (jrovner@hlconsultancy.com) is an attorney and the co-founder of Health Law Consultancy, a Chicago-based boutique health law firm.

Part 1 of this article presents cautionary tales that expose how conflicting expectations and responsibilities can reap adverse consequences for the CLO, the CCEO, and the organizations employing them.

Part 2 of this article will review practical considerations why a compliance function separate and independent from legal can and does serve corporate interests and is the “best practice” for an effective corporate compliance program. Part 2 will appear in the February 2020 issue of Compliance Today.

The good reasons are many for keeping the compliance department separate from the legal department and employing a chief compliance and ethics officer (CCEO) as a member of senior management to lead the compliance function independent of the organization’s chief legal officer (CLO) and the legal function. Among the most important reasons are the distinct expectations and responsibilities associated with these functions. The CCEO is expected to be the corporate conscience—vigilant against company officers and employees straying from the ethical; prompt to correct compliance transgressions; and champion of self-disclosure to government regulators, if not to the public. The CLO is the organization’s confidential adviser, expected within the bounds of professional ethics to defend the corporate interest and mitigate corporate exposure to government regulators and the public. Indeed, lawyers’ ethical obligation is to zealously represent their clients’ interests within the bounds of the law.

These distinct expectations and responsibilities, if combined, are fraught with potential conflict. The CLO’s role and responsibilities include furnishing legal advice and guidance to the organization—processes protectable by the attorney-client privilege and focused on minimizing, if not avoiding, organizational risk to legal liability. The CCEO’s role and responsibilities encompass implementing, managing, and overseeing an effective compliance program throughout the organization, and identifying and remediating compliance deficiencies—processes outside the attorney-client privilege that may not be subject to any privilege from disclosure. To avoid conflicting expectations and responsibilities, compliance program “best practice” separates compliance from legal.

The Sulzbach parable—hats clashing

Christi Sulzbach was among the first compliance officers in the healthcare industry. She was also the associate general counsel—and ultimately the general counsel—of the organization that she was supposed to monitor for compliance. That organization was Tenet Healthcare Corporation, a publicly traded hospital company.

In September 2007, the U.S. attorney in Miami, Florida, sued Sulzbach personally for violating the civil False Claims Act (FCA).[1] The complaint charged that Sulzbach gave false attestations in 1997 and 1998 that Tenet was in substantial compliance with a corporate integrity agreement.

Sulzbach, as Tenet’s associate general counsel, had negotiated that corporate integrity agreement for Tenet in 1994 to settle government criminal and civil fraud and abuse charges. That 1994 corporate integrity agreement required Tenet to create the compliance officer position that Sulzbach filled.

According to the government’s complaint, Sulzbach received an internal memorandum in February 1997 from a Tenet executive questioning the legality of contracts between a Tenet hospital in Florida and a dozen physicians. The internal memorandum expressed the concern that the hospital’s payments to these physicians appeared to be based on their volume of laboratory referrals to the hospital, in violation of the Stark Law. The Stark Law prohibits a hospital, as a provider of “designated health services,” from billing Medicare or any other payer for services furnished to a Medicare beneficiary referred by a physician with a financial relationship with the hospital, unless an exception applies.[2] Sulzbach engaged an outside law firm to analyze the hospital’s contracts with these physicians.

The law firm delivered its draft analysis to Sulzbach on June 23, 1997. The law firm opined that the hospital’s payments did not reflect fair market value for the physicians’ services without regard for their laboratory referrals and thus appeared to violate the Stark Law. Four days later—on June 27, 1997—Sulzbach submitted her attestation to the government of Tenet’s substantial compliance with all applicable federal laws, including the Stark Law. This annual attestation from Sulzbach, as Tenet’s compliance officer, was required by the corporate integrity agreement. On June 30, 1997—three days after submitting her attestation to the government—Sulzbach directed Tenet executives to fix the illegal physician contracts. The government’s complaint charged that, though Tenet did not terminate the illegal physician contracts until November 1999, Sulzbach submitted an additional attestation of Tenet’s substantial compliance with all applicable federal laws to the government in June 1998.

Unclear and unspecified in the government’s complaint is whether Sulzbach, in addressing the legally questionable physician contracts in 1997, wore the hat of Tenet’s associate general counsel—within the attorney-client privilege and responsible for developing solutions to mitigate Tenet’s legal exposure, or the hat of Tenet’s compliance officer—outside the attorney-client privilege and responsible for expeditiously correcting and potentially self-reporting Tenet’s compliance problem.

In February 1999, Sulzbach was promoted to Tenet’s general counsel. She remained Tenet’s compliance officer. The corporate integrity agreement expired in mid-1999.

New compliance problems emerged to vex Tenet and Sulzbach. In 2002, the FBI raided Tenet’s hospital in Redding, California, which was under investigation for allegedly performing unnecessary cardiac procedures and surgeries on healthy patients. As general counsel, Sulzbach negotiated resolution of that investigation, with Tenet paying a $54 million fine. As compliance officer, Sulzbach was supposed to enforce a compliance program to prevent unnecessary procedures and surgeries for profit.

Also in 2002, a stock analyst exposed Tenet management’s scheme to inflate earnings by manipulating hospital billings to maximize Medicare “outlier” payments, which are additional payments to Medicare-participating hospitals to cover “extraordinary high cost” care for Medicare beneficiaries.[3] As general counsel, Sulzbach was responsible for ensuring that Tenet satisfied all Securities and Exchange Commission (SEC) reporting rules and, accordingly, participated in the preparation of Tenet’s financial reports and SEC filings. As compliance officer, Sulzbach was responsible for ensuring the accuracy and integrity of Tenet’s internal financial data collection and maintenance processes and procedures so that Tenet’s financial data and management’s description of those data, as reported in Tenet’s financial statements and SEC filings, were reliable, complete, and truthful. As holder of substantial Tenet stock options, Sulzbach had financial self-interest in ensuring that Tenet’s financial reports and SEC filings enhanced the company’s stock market value.

The notoriety of Tenet’s multiplying compliance problems resulted in a Senate Finance Committee investigation of Tenet’s corporate governance practices with respect to federal healthcare programs. Senator Charles Grassley of Iowa, as Committee Chair, made a document demand on Tenet by letter, dated September 5, 2003. Senator Grassley’s letter pointedly questioned the propriety of Sulzbach “wearing two hats as Tenet’s general counsel and chief compliance officer.” According to Senator Grassley, “It doesn’t take a pig farmer from Iowa to smell the stench of conflict in that arrangement.”[4]

Sulzbach resigned from Tenet shortly after Tenet received Senator Grassley’s letter. Meanwhile, a qui tam FCA action filed in 2000, before Sulzbach’s resignation, asserted that the physician contracts of Tenet’s hospital in Florida violated the Stark Law. The government intervened and took extensive discovery. Claiming attorney-client privilege, Tenet—under the direction of Sulzbach as its general counsel and compliance officer—withheld from discovery the analysis of its outside law firm that questioned the legality of those physician contracts.

By 2006, new management was running Tenet. The new management included a compliance officer who had been chief counsel for the U.S. Department of Health and Human Services Office of Inspector General. Tenet settled the qui tam action with the government, waiving the attorney-client privilege in the process. The analysis of Tenet’s outside law firm about the Florida hospital contracts was turned over to the government. The government’s FCA case against Sulzbach followed, though too late to avoid dismissal as barred because of the applicable statute of limitations.

The Sulzbach parable is based on the allegations in the government’s complaint, filed on September 18, 2007, in the United States District Court for the Southern District of Florida, and on the Order and Opinion of that District Court, entered on April 16, 2010, in United States v. Sulzbach, No. 0:07-cv-61329-KAM. The Order and Opinion granted summary judgment dismissing the government’s complaint as time barred by the applicable statute of limitations. Hence, the validity of the government’s allegations was never tested by trial.

The Sulzbach parable presents a sharp picture of the tensions between the differing roles, responsibilities, and ethical obligations of the CLO versus the CCEO. When Sulzbach engaged the outside law firm to investigate the Florida hospital contracts, what hat was she wearing—CCEO or CLO? Sulzbach (wearing a compliance officer hat in receiving the internal memorandum about her company’s potential Stark Law violations) was obligated to investigate, implement corrective action, and press senior management, up to the board, to disclose the legally questionable arrangements pursuant at least to the corporate integrity agreement then in place at Tenet. Sulzbach (wearing a corporate counsel hat in receiving that internal memorandum) was obligated to maintain the confidentiality of this client communication and of her advice on ways within the bounds of the law for Tenet to mitigate its exposure. That advice would include the legal risks inherent in Tenet making a privilege waiver and corporate disclosure. Trying simultaneously to wear both a legal and a compliance hat did not fit Sulzbach nor suit Tenet.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings