Trust but verify

On March 13, 2007 at an early morning Board of Directors committee meeting, the Directors (that is, my bosses) excused me from the room to meet in confidence with Deb Kurtz, Director of Corporate Compliance.

Deb had just completed her semi-annual report to the Board Corporate Compliance Committee where she documented and discussed activities used to monitor and investigate CGH business practices. “Corporate compliance” means that CGH follows ethical and legal business practices. In other words, we do not issue fraudulent bills, and we do not engage in illegal practices with vendors or doctors.

In her report Deb briefed the Board about calls she gets on the “corporate compliance hotline.”[1] Such calls may come from many sources, but they are typically from employees asking if it is appropriate to accept a gift from a patient or wondering if a vendor might be using unfair influence with CGH. Each call has to be taken seriously because any one of them could be a warning that something is not as it should be. Corporate compliance is something the Board wants to know about, up to and including any potential unethical behavior involving senior management.

I should note at this point that CGH has a well-developed policy about such things (called the corporate compliance policy) that sets forth the do’s and don’ts of business practices for everyone who works here, whether our job is to negotiate contracts with doctors, order materials from suppliers, or work directly with patients. [2]

So why do I leave the room when Deb speaks to the Board? To assure she and they are able to speak freely about anything, including any potential matters affecting the management of the hospital. This is another safeguard against bad business practices.

Sometimes I hear from people that it must be great to be president because “you get to do whatever you want.” Well, that’s not true. I have responsibilities to the organization, the same as anyone does, and the Board, with its oversight function, has a responsibility to assure that I do my job – and in this case, to assure that I do not misuse the job in illegal or unethical ways.

Ronald Reagan had a catch phase, used repeatedly during the final days of the Cold War – “trust, but verify.” The US was willing to subject itself to verification that it had, in fact, dismantled the proper number of nuclear warheads as specified by treaty – and the Soviet Union must be willing to subject itself to the same verification. It is not enough to trust that people do what they are supposed to do – you have to verify it.

A recent article in the Wall Street Journal featured, of all things, an interview with two convicted felons.[3] The two individuals served time in prison because they defrauded the investors of their companies. Both have since been released, and both talked to the newspaper columnist about fraud. Interestingly, their message was similar to Mr. Reagan’s. They said, “Do not trust – verify." Verify what? asked the Journal’s columnist. "Everything,” the ex-convicts said. “Criminals are scared of skeptics and cynics….We are petrified when you verify our representations.”

“Criminals” is a strong word, and none of us expects a criminal to be working among us – but how do we prevent fraud except by being prudent and having in place systems that document and check? If 99% of us are trustworthy, we still need controls in place to assure that the other 1% do not harm patients or misuse hospital resources. Each of us reduces the risk of unethical or illegal behavior when we understand, cooperate with, and help enforce the corporate compliance policies.

So the Board may trust Tom Quinn when he represents that CGH is operating according to ethical principles, is complying with laws, and has in place systems to identify errors or wrongdoing and to fix them. But they also want to hear directly from Deb Kurtz – so they verify it too.




[1] CGH’s corporate compliance hotline number is 492-5965. It may be used anonymously by anyone to report a potential violation of the law.

[2] The corporate compliance policy is available in two locations on CGH computers. In Outlook, find “Public Folders” and click on “All Public Folders,” then open “Corporate Compliance.” In CGHNet, find “Manuals” in the dropdown menu, click on “Other Manuals,” and open “Corporate Compliance.” The Healthcare Fraud and Abuse Prevention, Corporate Compliance Program Handbook is available in both locations. The handbook is 32 pages long, plus two Appendices. There is also a copy of the Handbook in each department.

[3] H. Greenberg, “My Lunch With 2 Fraudsters: Food for Thought for Investors,” Wall Street Journal, March 3, 2007