Skip to Main Content

The Audit & Compliance Committee’s Call to Action: The Final Stark and Anti-Kickback Rules

  • December 04, 2020
  • Michael W. Peregrine , McDermott Will & Emery LLP
  • Tony Maida , McDermott Will & Emery

The board-level audit & compliance committee (Committee) of hospitals, health systems, and other providers is presented an important fiduciary challenge with the November 20 release of final rules under the physician self-referral law (Stark Law) and the Anti-Kickback Statute (collectively, Final Rules).[1]

The Final Rules represent arguably the most important changes to the Stark and Anti-Kickback regulations in over ten years. They will undoubtedly have a significant impact on the internal policies and external business arrangements of health care provider organizations. The Committee will be expected to exercise oversight of management’s efforts to orient the organization to the Final Rules. In doing so, the Committee may rely on the advice of the organization’s general counsel (teaming with the chief compliance officer), regarding satisfaction of its related fiduciary responsibilities.

Background of Committee Responsibilities

The Committee’s responsibilities with respect to important legal developments, such as the Final Rules, are grounded in a combination of (a) established Delaware case law; (b) guidance from the Department of Justice and the Department of Health and Human Services (HHS) Office of Inspector General (OIG); and (c) specific provisions of the Federal Sentencing Guidelines.

Caremark. As is well known, the board’s basic fiduciary obligation to develop and maintain a corporate compliance plan is articulated in the seminal 1996 “Caremark” decision of the Delaware Chancery Court.[2] That decision provides that a director’s oversight obligations include a duty to attempt in good faith to assure that (1) a corporate information and reporting system exists, and (2) this reporting system is adequate to assure the board that appropriate information as to compliance with applicable laws will come to its attention in a timely manner as a matter of ordinary operations. Over the last two years, Delaware courts have been stricter in interpreting this particular duty, especially in egregious fact patterns.[3]

Department of Justice. In June 2020 the Criminal Division of the Department of Justice issued updated guidelines on how it evaluates the effectiveness of an organization’s compliance program in the context of conducting an investigation of a corporation.[4] The guidelines set forth a series of questions intended to assist prosecutors in determining whether the corporation’s compliance program was effective at the time of the alleged offense. Several of these questions relate to the role, function, and operation of the compliance committee.

HHS OIG. In a series of monographs and other publications dating back to 2003, OIG has provided guidance on how provider boards can best achieve and determine compliance program effectiveness.[5] Notable in this regard is the publication, “Corporate Responsibility and Corporate Compliance,” which provides guidance to corporate boards on compliance program effectiveness.[6]

Federal Sentencing Guidelines. As most health lawyers know, these Guidelines set forth seven specific elements of determining the effectiveness of a corporate compliance plan.[7] [While intended for use by courts in calculating the “culpability score” for corporate sentencing, they have achieved broad acceptance in terms of defining an effective compliance plan]. In particular, the Guidelines provide that an organization’s governing board must be knowledgeable about the content and operation of the compliance program and shall exercise reasonable oversight with respect to its implementation and effectiveness.

Effectiveness and Material Legal Developments

Each of the above resources provides specific guidance on how compliance program effectiveness (and the Committee’s related oversight obligations) are impacted by major changes in applicable law.

Such guidance relates specifically to the need for compliance programs to (a) change over time, consistent with changes in the legal environment; (b) periodically monitor and update policies to reflect changes to the legal and regulatory landscape; (c) continually make investments in its internal systems; (d) conduct periodic training and certification for directors, officers, relevant employees, and, where appropriate, agents and business partners; and (e) make available to employees appropriate resources to provide guidance relating to new compliance policies and legal requirements.

The Materiality of the Final Rules

In order for the Committee to properly evaluate the context of its responsibilities, the general counsel should provide a substantive briefing on how the Final Rules are likely to impact the organization. That briefing may emphasize the following, among other factors[8]

-The Final Rules are the byproduct of HHS’ “Regulatory Sprint to Coordinated Care,” which was initiated in 2018 with the intention of reducing regulatory burden and incentivizing coordinated care.

-Stark Law changes include new exceptions designed to enable value-based care arrangements as well as changes that address some of the most challenging aspects of Stark Law compliance and issues often termed “technical non-compliance” by the industry.

-Anti-Kickback Statute changes modify existing Anti-Kickback safe harbors, create new Anti-Kickback safe harbors, and create a new Civil Monetary Penalties Law exception.

-The vast majority of the provisions finalized by CMS and OIG are helpful updates that may provide the basis for new arrangements relating to value-based care. 

-That notwithstanding, the Final Rules contain certain modifications that are worth noting from operational and financial perspectives (e.g., those changes to the Stark Law, such as the modification to “overall profits” in the Stark Law’s group practice definition, that may require physician practices to change their current compensation methodologies). And some of the changes in the Final Rules raise brand new compliance questions and ambiguities, emphasizing the need for close coordination between Legal and Compliance on arrangements that implicate the Stark Law and Anti-Kickback Statute.  

Proper Areas for Committee Focus

It is not the obligation of the Committee to master the details of the Final Rules. Neither is it the Committee’s obligation to prepare a formal plan by which the compliance program will address the scope and implications of the Final Rules. These are responsibilities of the general counsel, working in consultation with the compliance officer, the internal auditor, and perhaps outside advisors.

Rather, the Committee will be expected to (1) assure that such a plan is developed; (2) have meaningful input into the plan, from development through execution; (3) ensure the plan is well-integrated into the organization’s operations and workforce; and (4) regularly evaluate implementation of the plan, with the assistance of the general counsel and chief compliance officer.

In connection with those duties, the Committee will be expected to make inquiry of management’s evaluation of, and responsiveness to the Final Rules. That can be achieved by asking basic questions of management, e.g.:

-What is the overall impact of the Final Rules on the organization’s business operations? 

-Will it require wholesale changes to contracting strategies and, if so, how much time and disruption will be involved in making those changes?

-What will be the financial impact on the organization from coming into compliance? 

-What related changes need to be made to the compliance plan and what are the expected costs of compliance? Will additional legal and compliance staff be needed?

-What is the plan to educate management and staff to the changes required by the Final Rules?

-What are the risks that some employees may misinterpret the Final Rules as essentially abolishing the self-referral and anti-kickback prohibitions?

Final Observations

Assuring proper organizational response to major legal changes with a direct, material impact on organizational operations is one of the critical responsibilities of any audit & compliance committee. This is particularly the case with respect to health care providers, and the complex Stark and Anti-Kickback laws which implicate such a broad cross section of its business relationships and codes of conduct.

The Committee will be expected to adopt a serious, vigorous and comprehensive approach to assuring the adoption of compliance program changes intended to respond to the Final Rules. It will periodically report to the Board on its efforts. It will be supported in these efforts by its general counsel, teaming with the chief compliance officer. Its good faith efforts in this regard will provide substantive evidence of its commitment to upholding its Caremark duties.

About the Authors

Mr. Peregrine and Mr. Maida are partners in the law firm of McDermott Will & Emery. Their practices focus on corporate governance and regulatory compliance, respectively.


*Authors’ note: certain portions of this article are based on the McDermott report, HHS Finalizes Sweeping Changes to the Stark Law and the Anti-Kickback Statute Regulations, prepared, Nicholas F. Alarif, James A. Cannatti III, Tony Maida, Daniel H. Melvin, Joan Polacheck, Monica Wallace and Chelsea M. Rutherford.


[1] 85 Fed. Reg. 77492 (Dec. 2, 2020) (Stark Final Rule); 85 Fed. Reg. 77684 (AKS Final Rule). See generally

[2] In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996). 

[3] See, e.g., Michael Peregrine, The Board’s Marchand/Clovis Reaction Plan (Dec. 13, 2019),