Hospital Accreditation
Joint Commission on Accreditation of Healthcare Organizations' Relationship with Its Affiliate Gao ID: GAO-07-79 December 15, 2006Hospitals must meet certain conditions of participation established by the Centers for Medicare & Medicaid Services (CMS) in order to receive Medicare payments. In 2003, most hospitals--over 80 percent--demonstrated compliance with most of these conditions through accreditation from the Joint Commission on Accreditation of Healthcare Organizations (Joint Commission). Established in 1986, Joint Commission Resources, Inc. (JCR), a nonprofit affiliate of the Joint Commission, provides consultative technical assistance services to hospitals. Both organizations acknowledge the need to ensure that JCR's services do not--and are not perceived to--affect the independence of the Joint Commission's accreditation process. GAO was asked to provide information on the relationship between the Joint Commission and JCR. This report describes (1) their organizational relationship, and (2) the significant steps they have taken to prevent the improper sharing of information, obtained through their accreditation and consulting activities, respectively, since JCR was established. GAO reviewed pertinent documents, including conflict-of-interest policies and information about the organizations' financial relationship, and interviewed staff and board members from both organizations, JCR clients, and CMS officials.
The Joint Commission and JCR have a close relationship as demonstrated through their governance structure and operations. The Joint Commission has substantial control over JCR and the two organizations provide operational services to one another. For example, JCR manages all Joint Commission publications, while the Joint Commission provides support services to JCR. Despite the Joint Commission's control over JCR, the two organizations have taken steps designed to protect facility-specific information. In 1987, the organizations created a firewall--policies designed to establish a barrier between the organizations to prevent improper sharing of this information. For example, the firewall is intended to prevent JCR from sharing the names of hospital clients with the Joint Commission. Beginning in 2003, both organizations began taking steps intended to strengthen this firewall, such as enhancing monitoring of compliance. Ensuring the independence of the Joint Commission's accreditation process is vitally important. To prevent the improper sharing of facility-specific information, it would be prudent for the Joint Commission and JCR to continue to assess the firewall and other related mechanisms. The Joint Commission agreed with GAO's concluding observations. CMS did not comment on GAO's findings or concluding observations. Both provided technical comments, which we incorporated as appropriate.
GAO-07-79, Hospital Accreditation: Joint Commission on Accreditation of Healthcare Organizations' Relationship with Its Affiliate
This is the accessible text file for GAO report number GAO-07-79
entitled 'Hospital Accreditation: Joint Commission on Accreditation of
Healthcare Organizations' Relationship with Its Affiliate' which was
released on January 16, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Requesters:
United States Government Accountability Office:
GAO:
December 2006:
Hospital Accreditation:
Joint Commission on Accreditation of Healthcare Organizations'
Relationship with Its Affiliate:
GAO-07-79:
GAO Highlights:
Highlights of GAO-07-79, a report to congressional requesters
Why GAO Did This Study:
Hospitals must meet certain conditions of participation established by
the Centers for Medicare & Medicaid Services (CMS) in order to receive
Medicare payments. In 2003, most hospitals”over 80 percent”demonstrated
compliance with most of these conditions through accreditation from the
Joint Commission on Accreditation of Healthcare Organizations (Joint
Commission). Established in 1986, Joint Commission Resources, Inc.
(JCR), a nonprofit affiliate of the Joint Commission, provides
consultative technical assistance services to hospitals. Both
organizations acknowledge the need to ensure that JCR‘s services do
not”and are not perceived to”affect the independence of the Joint
Commission‘s accreditation process.
GAO was asked to provide information on the relationship between the
Joint Commission and JCR. This report describes (1) their
organizational relationship, and (2) the significant steps they have
taken to prevent the improper sharing of information, obtained through
their accreditation and consulting activities, respectively, since JCR
was established. GAO reviewed pertinent documents, including conflict-
of-interest policies and information about the organizations‘ financial
relationship, and interviewed staff and board members from both
organizations, JCR clients, and CMS officials.
What GAO Found:
The Joint Commission and JCR have a close relationship as demonstrated
through their governance structure and operations. The Joint Commission
has substantial control over JCR and the two organizations provide
operational services to one another. For example, JCR manages all Joint
Commission publications, while the Joint Commission provides support
services to JCR. Despite the Joint Commission‘s control over JCR, the
two organizations have taken steps designed to protect facility-
specific information. In 1987, the organizations created a
firewall”policies designed to establish a barrier between the
organizations to prevent improper sharing of this information. For
example, the firewall is intended to prevent JCR from sharing the names
of hospital clients with the Joint Commission. Beginning in 2003, both
organizations began taking steps intended to strengthen this firewall,
such as enhancing monitoring of compliance.
Ensuring the independence of the Joint Commission‘s accreditation
process is vitally important. To prevent the improper sharing of
facility-specific information, it would be prudent for the Joint
Commission and JCR to continue to assess the firewall and other related
mechanisms.
Figure" Relationship between the Joint Commission, JCR, and Hospitals:
[See PDF for Image]
Source: GAO analysis of the Joint Commission and JCR documents and
interviews.
[End of Figure]
The Joint Commission agreed with GAO‘s concluding observations. CMS did
not comment on GAO‘s findings or concluding observations. Both provided
technical comments, which we incorporated as appropriate.
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-79].
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Leslie G. Aronovitz at
(312) 220-7600 or aronovitzl@gao.gov.
[End of Section]
Contents:
Letter:
Results in Brief:
Background:
The Joint Commission Has a Close Relationship with JCR through Their
Governance Structure and Operations:
The Joint Commission and JCR Have Taken Steps to Prevent the Improper
Exchange of Facility-Specific Information:
Concluding Observations:
Agency Comments:
Appendix I: Scope and Methodology:
Appendix II: Timeline of Key Developments in the Organizations'
Relationship:
Appendix III: Policies, Protocols, and Guidelines Related to the
Firewall, as of 2006:
Appendix IV: Elements of the Firewall Policies, as of 2006:
Appendix V: Comments from the Joint Commission on Accreditation of
Healthcare Organizations:
Appendix VI: GAO Contact and Staff Acknowledgments:
Table:
Table 1: Joint Commission's Powers Over JCR Enumerated in JCR Bylaws:
Figures:
Figure 1: Relationship between the Joint Commission, JCR, and
Hospitals:
Figure 2: Board Structure of JCR in Relation to the Joint Commission:
Abbreviations:
CEO: Chief Executive Officer:
CFO: Chief Financial Officer:
CMS: Centers for Medicare & Medicaid Services:
CSR: Continuous Service Readiness:
HHS: Department of Health and Human Services:
JCR: Joint Commission Resources, Inc.
United States Government Accountability Office:
Washington, DC 20548:
December 15, 2006:
The Honorable Charles E. Grassley:
Chairman:
Committee on Finance:
United States Senate:
The Honorable Pete Stark:
Ranking Minority Member:
Subcommittee on Health:
Committee on Ways and Means:
House of Representatives:
In order to be eligible to receive payments from Medicare--the federal
program that provides health care benefits to over 42 million elderly
and disabled beneficiaries--hospitals must meet certain criteria
established by federal law. The Centers for Medicare & Medicaid
Services (CMS), the federal agency within the Department of Health and
Human Services (HHS) that administers Medicare, has established
conditions of participation that hospitals must meet to be eligible to
participate in the Medicare program. The Joint Commission on
Accreditation of Healthcare Organizations (Joint Commission), a
nonprofit corporation, has developed its own accreditation standards
that are intended to meet or exceed Medicare's conditions of
participation.[Footnote 1] Hospitals accredited by the Joint Commission
are, in general, deemed to meet most of the conditions to be eligible
for Medicare payment.[Footnote 2] In 2003, most hospitals--over 80
percent--demonstrated that they met the applicable conditions of
participation through accreditation from the Joint Commission.[Footnote
3]
The Joint Commission's status as a hospital accrediting body was
established by statute in 1965, and consequently, can only be changed
by Congress.[Footnote 4] Although CMS has approved other organizations'
hospital accreditation programs, the Joint Commission is the only
organization whose approval is expressly provided for in statute. As
such, the Joint Commission is not required to periodically reapply to
CMS for this approval.
In 1986, the Joint Commission created Joint Commission Resources, Inc.
(JCR),[Footnote 5] a nonprofit, controlled affiliate.[Footnote 6] JCR's
stated purpose is to assist health care organizations in improving the
quality of their care through educational and research activities. Of
particular interest, JCR provides consultative technical assistance
services--referred to as "consulting services" throughout the remainder
of this report--to health care facilities, including individual
hospitals and members of state hospital associations, to help
facilities comply with the Joint Commission's accreditation standards.
While JCR is a separate entity legally from the Joint Commission, the
organizations are related corporate entities. As a result, the two
organizations have acknowledged the need to ensure that JCR's
consultative services do not affect, and are perceived not to affect,
the independence of the Joint Commission's accreditation process,
either through the improper sharing of information about facilities
using JCR's services with Joint Commission accreditation staff or
through any implication that using JCR's services will provide an undue
advantage in the Joint Commission accreditation process. Both of the
organizations attempted to address these concerns through the
development of a "firewall"--policies designed to establish a barrier
between the organizations to prevent conflicts of interest and sharing
of facility-specific information.[Footnote 7] For example, the firewall
is intended to prevent JCR from sharing the names of its hospital
clients with the Joint Commission.
You asked us to provide information on the relationship between the
Joint Commission and JCR as it relates to the hospital accreditation
process. In this report, we describe (1) how the Joint Commission and
JCR are related to one another through their governance structure and
operations, and (2) the significant steps both organizations have taken
to prevent the improper sharing of facility-specific information,
obtained through their hospital accreditation and consulting
activities, since the creation of JCR.
To describe the relationship between the Joint Commission and JCR,
specifically as it pertains to their governance structure and
operations, we interviewed senior staff at both organizations,
including the President of the Joint Commission and the individual who
serves as both President and Chief Executive Officer (CEO) of JCR. We
also interviewed board members from the Joint Commission and JCR and
reviewed documents from both organizations, including documents related
to the organizations' financial relationship.[Footnote 8] Further, we
interviewed staff at CMS to obtain information on their oversight of
the Joint Commission and other accreditation organizations, and
reviewed reports CMS provides to Congress related to its validation
surveys of Joint Commission accredited hospitals. To further our
understanding of issues related to organizational governance, conflicts
of interest, and independence standards, we interviewed officials from
both the private and public sector[Footnote 9] and reviewed pertinent
documents.
To provide information on the significant steps taken by the Joint
Commission and JCR since JCR's creation to prevent the improper sharing
of facility-specific information, we reviewed relevant policies
developed by the two organizations. We reviewed versions of the
firewall and related policies issued between 1987 and 2006 and
interviewed senior staff with responsibility for this area, including
the person who serves as the Corporate Compliance and Privacy Officer
(Compliance Officer) for both organizations. We also conducted
interviews with staff members at each organization to obtain
information on their understanding of the firewall and related policies
and guidelines, their training on these policies and guidelines, and
their awareness of possible firewall violations. In addition, to learn
about JCR's clients' understanding of the relationship between JCR and
the Joint Commission, we conducted interviews with state hospital
associations that, as of May 2006, used JCR's consulting services, and
hospitals that used these services during calendar year 2005. We also
conducted interviews with state hospital associations that had not used
JCR's consulting services as of May 2006 to learn more about their
reasons for not doing so. The information provided from our interviews
with staff, state hospital associations, and hospitals reflects the
comments of those we interviewed and cannot be generalized to all Joint
Commission and JCR staff or all state hospital associations and
hospitals using JCR consulting services. (For additional information on
our methodology, see app. I.)
We conducted our work from October 2005 to December 2006, in accordance
with generally accepted government auditing standards.
Results in Brief:
Although the Joint Commission and JCR provide different types of
services to health care organizations, they remain closely related to
one another in their efforts to achieve their similarly stated
missions. Their close relationship is demonstrated through both their
governance structure and operations. The Joint Commission has
substantial control over JCR through powers provided in JCR's bylaws as
well as through Joint Commission commissioners that also serve on JCR's
board. In addition, the two organizations provide various operational
services to one another.
The Joint Commission and JCR have taken steps designed to prevent the
improper sharing of facility-specific information obtained from their
accreditation or consulting activities. In 1987, shortly after the
creation of JCR, the organizations developed initial firewall guidance.
Beginning in 2003, both organizations began taking additional steps
designed to enhance the firewall guidance. They have also implemented
additional policies and guidance designed to further strengthen the
firewall between the two organizations. Both the Joint Commission and
JCR report providing training to staff on these policies, and have
developed mechanisms to allow staff to report possible firewall
violations. They both have also taken steps, primarily since 2003, to
strengthen the oversight of the implementation of, and compliance with,
the firewall and related policies.
Ensuring the independence of the Joint Commission's accreditation
process is vitally important. To ensure that the firewall and other
mechanisms instituted are sufficient to prevent the improper sharing of
facility-specific information, it would be prudent for the Joint
Commission and JCR to continue to assess these mechanisms and monitor
their implementation.
The Joint Commission agreed with our concluding observations and
emphasized that its highest priority is to preserve the integrity of
its accreditation process. CMS did not comment on our findings or
concluding observations.
Background:
The Joint Commission, a nonprofit organization founded in 1951, was
created to provide voluntary health care accreditation for hospitals.
All but one of the Joint Commission's founding members continued to
serve on its Board of Commissioners as of October 2006, including the
American Hospital Association and the American College of
Surgeons.[Footnote 10] The standards established by the Joint
Commission address a facility's level of performance in areas such as
patient rights, patient treatment, and infection control. To determine
whether a facility is in compliance with those standards, the Joint
Commission conducts on-site evaluations of facilities, called
accreditation surveys. The Joint Commission recognizes a facility's
compliance with its standards by issuing a certificate of
accreditation, which is valid for a 3-year period. In 2004, the Joint
Commission implemented a new accreditation process in an effort to
encourage hospitals to focus on continuous quality improvement, rather
than survey preparation. Previously, facilities were told in advance
when Joint Commission surveyors would conduct their evaluations. As a
part of the new process, the Joint Commission began conducting
unannounced surveys.[Footnote 11] The Joint Commission employs over 900
staff members, including approximately 200 hospital surveyors from a
range of disciplines--such as physicians, nurses, and hospital
administrators--who conduct the accreditation surveys. In 2005, the
Joint Commission accredited approximately 4,300 hospitals.
The Joint Commission established JCR to provide consultative technical
assistance to health care organizations seeking Joint Commission
accreditation. (See fig. 1.) JCR is governed by a Board of Directors
and employs approximately 180 staff members, including consultants
located throughout the country. In 2000, the Joint Commission expanded
JCR's role beyond consulting to include all educational services, such
as seminars and audio conferences, which the Joint Commission
previously provided. (See app. II for a timeline of key developments in
the Joint Commission and JCR relationship.) JCR also became the
official publisher of the Joint Commission's accreditation manuals and
support materials. JCR offers consulting services either independently
to health care facilities or through a subscription-based service
called the Continuous Service Readiness (CSR) program, which is
typically offered in partnership with state hospital
associations.[Footnote 12] The CSR program provides ongoing technical
assistance and education to subscribers through a variety of means,
including meetings, e-mails, telephone calls, and conferences.
Figure 1: Relationship between the Joint Commission, JCR, and
Hospitals:
[See PDF for image]
Source: GAO analysis of Joint Commission and JCR documents and
interviews.
[End of figure]
In 2004, we reported that CMS's oversight of the Joint Commission
hospital accreditation process is limited. Although it conducts on-site
validation surveys of a sample of Joint Commission-accredited
hospitals, the agency cannot restrict or remove the Joint Commission's
accreditation authority if it detects problems.[Footnote 13] CMS
reported that the agency and the Joint Commission engage in ongoing
dialogue to identify potential hospital accreditation performance
issues. In addition, CMS provides an annual report of its findings to
Congress. Unlike the Joint Commission, JCR is not subject to any
oversight by CMS.
When developing policies regarding its relationship with JCR, the Joint
Commission has been affected by the increased focus in both the public
and private sectors on governance issues. The Sarbanes-Oxley Act of
2002,[Footnote 14] passed in response to corporate and accounting
scandals, required publicly traded companies to follow new governance
standards, including those designed to ensure auditors' independence
from their clients. Even though most provisions of the Sarbanes-Oxley
Act are not applicable to nonprofit organizations, activities that have
occurred in the wake of the act have affected nonprofits. For example,
several state legislatures are considering legislation that applies
standards similar to the Sarbanes-Oxley requirements to nonprofit
organizations. In addition, some nonprofit organizations, such as the
Joint Commission, have voluntarily adopted policies and altered
governance practices based upon the act.
Organizations in the public and private sectors have also begun to
institute compliance programs[Footnote 15] and those that provide
accreditation or certification services have developed standards to
ensure the independence of these services. Compliance programs for
health care organizations--such as hospitals, home health agencies, and
medical supply companies--have used provisions of the federal
Sentencing Guidelines,[Footnote 16] developed in 1991, as a program
model. These guidelines lay out two common principles of adequate
compliance programs--to prevent and detect criminal conduct, and to
promote an organizational culture of ethics and compliance with the
law. In 1998, the HHS Office of Inspector General developed a model
compliance program for hospitals.[Footnote 17] Regarding independence
standards, organizations that provide accreditation or certification,
or recognize accreditation bodies, have begun to impose certain
criteria to demonstrate independence. For example, the Department of
Education developed criteria for educational accrediting bodies that
are designed to ensure that those organizations granting accreditation
are not improperly influenced by related trade or membership
associations.
The Joint Commission Has a Close Relationship with JCR through Their
Governance Structure and Operations:
The mission statements of the Joint Commission and JCR both share the
same phrase of seeking "to continuously improve the safety and quality
of care." While each organization differs in the activities it engages
in to achieve that mission, they maintain a close relationship through
both their governance structure and operations. The Joint Commission
has substantial control over the governance of JCR through the powers
retained by the Joint Commission in JCR's bylaws as well as through the
Joint Commission's representation on JCR's Board of Directors. In
addition, JCR manages all Joint Commission publications and educational
activities, while the Joint Commission provides various support
services and some management oversight to JCR.
The Joint Commission Has Substantial Control over JCR through Its
Governance Authority:
The Joint Commission has substantial control over the governance of its
affiliate, JCR. In 2003, the Joint Commission undertook a major review
of the structural, operational, and legal aspects of its relationship
with JCR in an effort to address any real or perceived conflict-of-
interest issues. This review led to the restructuring of JCR through
revisions to JCR's bylaws, which govern the internal affairs of the
organization, and resulted in changes to the composition of JCR's board
and the appointment of board officers. In particular, after the
restructuring the Joint Commission no longer retained a majority on the
JCR board through board members who served on the boards of both
organizations. However, through changes to JCR's bylaws, the Joint
Commission maintained control over JCR by reserving powers that would
otherwise have been exercised by JCR.
The 2003 restructuring of JCR allowed the Joint Commission to
effectively maintain control over JCR by implementing a change in the
"corporate membership" of JCR. Similar to for-profit entities that may
have stockholders, nonprofit corporations may have corporate members
who, in general, are responsible for major organizational decisions,
such as electing the corporation's board.[Footnote 18] If a nonprofit
corporation does not have any members, the corporation's board of
directors holds decision-making authority.[Footnote 19] With the
restructuring of JCR, the Joint Commission became the "sole member" of
JCR.
The sole member has the ability to exercise substantial control over
the affiliate through its "reserved powers"--powers that would
otherwise be exercised by the affiliate board, if the sole member did
not reserve them for itself. When the Joint Commission became the sole
member of JCR, its reserved powers included those previously held and a
number of additional powers, as shown in table 1.[Footnote 20] A
practicing attorney with expertise in transactions involving nonprofit
health care organizations and who has served as external counsel for
the Joint Commission considers this structure necessary to enable the
parent to protect itself from the possibility of the affiliate acting
against the parent's interests. However, an article published in a law
journal cautions that this structure allows the parent to make
decisions solely in its own interest without considering the impact on
the affiliate.[Footnote 21]
Table 1: Joint Commission's Powers Over JCR Enumerated in JCR Bylaws:
Joint Commission's powers in JCR bylaws before 2003 restructuring:
* Appoint JCR directors;
* Remove JCR directors, with or without cause, by a two-thirds vote;
* Appoint the JCR board chairman;
* Approve amendments to JCR articles of incorporation and bylaws;
* Approve JCR's mission statement and strategic plans;
* Approve all JCR debt in excess of $250,000;
* Approve JCR's budget;
* Approve JCR's dissolution.
Joint Commission's powers added to JCR bylaws as a result of 2003
restructuring:
* Appoint JCR board vice chairman and President/CEO;
* Remove JCR board chairman, vice chairman, and President/CEO, with or
without cause;
* Amend JCR articles of incorporation and bylaws;
* Approve all creations of subsidiaries or controlled affiliates,
mergers, consolidations, certain affiliations, and all joint ventures
of JCR involving capital investments in excess of $250,000;
* Approve sale or encumbrance of all or substantially all assets of
JCR;
* Approve all liquidations from JCR.
Source: GAO summary of the Joint Commission and JCR Bylaws.
[End of table]
As part of the 2003 restructuring, the Joint Commission took steps to
reduce the proportion of persons serving on the JCR board who also
served as board members on the Joint Commission board. Prior to the
2003 restructuring, JCR's board had 13 directors with a majority--7
directors--from the Joint Commission, including the President of the
Joint Commission as an ex officio director with voting rights.[Footnote
22] The other 6 directors were from outside the Joint Commission, and
included the CEO of JCR as an ex officio director with voting rights.
After the 2003 restructuring, directors from the Joint Commission no
longer comprised the majority of members on JCR's board. There are 17
directors on JCR's board, consisting of 7 Joint Commission directors--
including the President of the Joint Commission as an ex officio
director with voting rights--and 9 external directors who cannot be,
either concurrently or within the prior 3 years, Joint Commission
commissioners or employees. The President/CEO of JCR also serves on the
JCR board, serving as a voting ex officio director.[Footnote 23] (See
fig. 2.)
Figure 2: Board Structure of JCR in Relation to the Joint Commission:
[See PDF for image]
Source: GAO analysis of Joint Commission and JCR documents.
[End of figure]
Directors we interviewed who serve on both the Joint Commission and JCR
boards said that serving on the two boards has not been problematic
because both organizations share the same mission. However, they also
recognized the potential for overlapping board members to be faced with
competing organizational interests if differences between the Joint
Commission and JCR arise. These directors noted that, if competing
organizational interests were to occur, the Joint Commission's reserve
powers would dictate the final decision.
The restructuring also affected the appointment of JCR officers. Prior
to the restructuring, the President and the Chief Financial Officer
(CFO) of the Joint Commission also served in those same positions for
JCR. The CEO of JCR was appointed by, and reported to, the President of
the Joint Commission, and could only appoint other JCR officers after
consulting with the Joint Commission's President. Changes to JCR's
bylaws through the 2003 restructuring removed the requirement that the
Joint Commission's President and CFO serve in those positions for JCR.
Rather, the Joint Commission appoints and has the power to remove the
President/CEO of JCR. The President/CEO of JCR also now has the
authority to appoint officers, such as the CFO, without consulting with
the Joint Commission's President. In addition, the Joint Commission,
rather than JCR's board, now appoints the vice chairman of JCR's board.
One other noteworthy change as a result of the 2003 restructuring dealt
with the role of two Joint Commission board committees in relation to
JCR and the creation of a new JCR board committee. The Joint Commission
created a Governance Committee, which has a number of responsibilities
involving JCR, such as nominating JCR board directors and certain
officers. This committee also has oversight responsibility for JCR
governance issues and JCR conflict-of-interest policies, and reviews
the bylaws and other documents of JCR. Further, the Joint Commission
expanded the responsibilities of an existing committee--the Finance and
Audit Committee--to include reviews of annual financial audits and
other matters related to oversight of the firewall between the Joint
Commission and JCR. Within the JCR board, a Firewall Oversight
Committee was created as a result of the restructuring. This committee
is charged with monitoring compliance with the firewall and related
policies.
The Joint Commission and JCR Provide Operational Assistance to One
Another:
The structure of the Joint Commission and JCR allows the two
organizations to provide certain operational assistance to one another.
The Joint Commission provides support and management services to JCR.
Through a January 2001 service agreement, the Joint Commission provides
JCR with financial, legal, marketing and public relations, human
resources, accounting (bookkeeping and payroll), information
technology, and other support services such as office management and
mail.[Footnote 24] JCR pays for these services through a management
fee.[Footnote 25] The methodology used to determine the appropriate
allocation of expenses varies by department. For some departments, the
allocation is based upon JCR's percentage of total revenues, whereas in
other departments, the estimate is made using the amount of time spent
doing work on behalf of JCR. Departments also vary in whether they
include overhead costs in the allocation.
Along with support services, the Joint Commission also provides
management services to JCR through its General Counsel and Compliance
Officer.[Footnote 26] For example, all JCR materials, including the
publications it produces on behalf of the Joint Commission and
materials produced for its own purposes, must be reviewed and approved
by the Joint Commission's General Counsel prior to issuance. The
Compliance Officer, a position created by the Joint Commission in 2005,
oversees compliance duties for both the Joint Commission and JCR. Among
other duties, the Compliance Officer is responsible for implementing,
providing training on, and monitoring compliance with the firewall
policies.[Footnote 27] The Compliance Officer reports directly to the
President of the Joint Commission and President/CEO of JCR, the Joint
Commission's Governance Committee, JCR's Firewall Oversight Committee,
and may also report to the full boards of both organizations. The
Compliance Officer is aided by a Compliance Council, which was created
in late 2005 and consists of members who represent multiple departments
from both the Joint Commission and JCR. The Council works with the
Compliance Officer to develop an annual work plan that focuses on areas
of greatest risk, recommended training, auditing, and measures of the
compliance program's effectiveness.
JCR also provides assistance to the Joint Commission, including
publication and educational services. The Joint Commission transferred
its publications and educational product lines to JCR in 2000 in order
to combine support services within JCR and to allow for organizational
separation between the Joint Commission's evaluation and accreditation
function and the consultation and educational services provided by JCR.
JCR currently offers a variety of educational programs regarding Joint
Commission accreditation, including seminars, e-learning opportunities,
and audio, satellite, and video conferences. These programs cover a
range of topics and include information on the Joint Commission
standards and changes to those standards. JCR also publishes its own
books on health care issues and periodicals on patient safety and
quality improvement.
The operational services the Joint Commission and JCR provide to one
another result in a flow of funds between the two organizations. In
exchange for the license to publish Joint Commission materials, JCR
pays the Joint Commission a royalty fee that ranges from 4.75 to 9.5
percent on gross sales. JCR also annually transmits assets to the Joint
Commission in excess of the amount needed to operate JCR's business.
The amount of the transfer is based on a formula that considers JCR's
cash, investments, and average operating expense.[Footnote 28]
The Joint Commission and JCR Have Taken Steps to Prevent the Improper
Exchange of Facility-Specific Information:
The Joint Commission and JCR have taken steps, primarily since 2003,
designed to strengthen the firewall guidance initially developed in
1987, shortly after the creation of JCR. They have also further
developed guidance addressing the relationship between the two
organizations. In addition, they have made an effort to educate staff
at both organizations on these matters and have enhanced monitoring of
compliance with the firewall and related policies.
The Joint Commission and JCR Have Policies Designed to Prevent the
Sharing of Facility-specific Information:
The Joint Commission and JCR firewall polices were initially developed
as guidelines in 1987. Relatively few changes were made to these
guidelines until 2003, when they were extensively modified. In
addition, since 2003, the Joint Commission and JCR have developed other
policies and guidance designed to further strengthen the firewall
between the two organizations.
Firewall Policies:
Since 1987, shortly after the creation of JCR, both the Joint
Commission and JCR have operated under a set of firewall guidelines
designed to prevent conflicts of interest between the Joint
Commission's accreditation activities and JCR's consultative services.
Between 1987 and 2003, the firewall guidelines were modified twice--
once in 1992 and again in 1999--to reflect JCR's name change and other
issues related to JCR services. In 2003, the Joint Commission and JCR
made extensive modifications to the guidelines, which were released to
staff in the form of policies in 2004.[Footnote 29] (See app. III for a
list of key policies, guidelines, and protocols.) These modifications
stemmed from the Joint Commission's review of its relationship with JCR
following the passage of the Sarbanes-Oxley Act in 2002. According to
senior staff from the Joint Commission and JCR, the revised firewall
policies are not based on any specific model. However, they are a
component of the two organizations' joint compliance program,[Footnote
30] which was developed in part using the hospital compliance program
guidelines issued by HHS's Office of Inspector General.
The stated purpose of both organizations' firewall policies is "to
eliminate any real or perceived conflict of interest" between the Joint
Commission's accreditation activities and JCR's consulting services.
Certain requirements in the firewall policies of the two organizations
are very similar, such as a prohibition on accessing confidential
facility-specific information from, or sharing any facility-specific
information with, staff from the other organization. (See app. IV for
more information on the contents of each organization's firewall
policies.) Joint Commission and JCR staff are also prohibited from
suggesting that the use of JCR consulting services is necessary for, or
will influence, Joint Commission accreditation decisions. In addition,
staff and board members of both organizations are required to sign an
annual statement signifying that they have read, and agree to comply
with, the firewall policies. Of the 25 staff members we spoke with from
the Joint Commission and JCR, all but 1 reported signing the required
annual compliance statement and all but 4--2 from the Joint Commission
and 2 from JCR--were aware that the firewall policy required them to
sign this statement on an annual basis.
While both organizations' firewall policies share similar requirements,
each has certain provisions that focus specifically on the services
offered by its own organization. For example, the Joint Commission's
firewall policy stipulates that Joint Commission staff will not seek or
solicit information on whether or not a facility has used JCR
consulting services. The Joint Commission policy also provides guidance
on how Joint Commission staff should respond to requests for consulting
services. For example, if a facility asks Joint Commission surveyors
for advice on these services, they are required to direct the facility
to an appropriate senior staff member in the Joint Commission's central
office. That senior staff member can provide limited information on
JCR, including its services and the reason for its creation. JCR's
firewall policy limits, among other things, the language JCR can use to
promote its services. It also requires that JCR's consulting services
staff be housed in separate facilities from Joint Commission staff and
use separate telephone and computer systems.[Footnote 31]
Most of the state hospital associations and hospitals we interviewed
that use JCR's consulting services were familiar with the firewall
between the Joint Commission and JCR. Of the five state hospital
associations we interviewed that participate in JCR's CSR program, four
said they were provided with information on the relationship between
the Joint Commission and JCR or had been told by JCR staff about the
firewall between the two organizations. Further, all five associations
stated that JCR staff have never indicated that participation in the
CSR program would affect the accreditation process, other than through
the general improvements that are expected when using consulting
services. Similarly, staff we interviewed at six hospitals that use
JCR's consulting services stated that there had been no indication from
JCR consultants that the use of these services would influence their
facility's Joint Commission accreditation process.
Additional Firewall-Related Policies and Guidance:
In addition to the recent changes to the firewall policies, the Joint
Commission and JCR developed other policies and guidance beginning in
2003 that further address possible areas of risk to the firewall. JCR
formalized protocols for its consultants in the field, which provide
specific guidance related to their interaction with the Joint
Commission staff. For example, if Joint Commission staff members arrive
at a facility to conduct a survey when a JCR consultant is on site, the
JCR consultant must leave the facility immediately. In 2003, JCR also
developed a policy--referred to as the "scope limitations policy"--
which is designed to clarify what services can be provided to Joint
Commission-accredited facilities.[Footnote 32] The policy specifically
prohibits JCR from providing certain consulting services to facilities
after they have undergone a Joint Commission survey, including helping
facilities challenge the Joint Commission's accreditation decisions or
findings, resolving Joint Commission deficiency findings, or preparing
facilities that have been denied Joint Commission accreditation for
future surveys.[Footnote 33]
In 2004, the Joint Commission developed an additional policy
reiterating the importance of the firewall for those Joint Commission
employees--information technology and planning and financial affairs
staff--who, through the service agreement between the two
organizations, need, and are able, to access JCR financial or
operational information.[Footnote 34] In addition to the firewall
compliance statement all Joint Commission staff are required to sign,
these particular staff members are required to sign a separate
compliance statement associated with this specific policy. Also in
2004, JCR approved a formal firewall policy related to JCR marketing
materials in an effort to ensure that JCR marketing materials contain
no implication that purchasing its products or services will impact the
Joint Commission accreditation process.[Footnote 35] Because JCR
markets some products that it develops on the Joint Commission's
behalf--publications and educational services--as well as its
consulting services, the marketing policy clarifies the language and
logos that can be used on marketing materials for these different
products. For example, while marketing materials for the Joint
Commission accreditation manuals published by JCR can only carry the
Joint Commission logo, JCR's marketing materials promoting its
consulting services carry only the JCR logo.
In 2006, the Joint Commission and JCR published posters, which are
displayed in Joint Commission and JCR meeting rooms, to govern meetings
that involve staff from both organizations. These posters reiterate the
organizations' firewall policy requirements, in place since 1987, that
facility-specific information should not be discussed at meetings that
include staff from both organizations and such information cannot be
included in materials prepared for those joint meetings. The posters
also state that, if facility-specific information must be discussed for
business purposes by staff from one organization, the staff from the
other organization must leave the meeting. There are a number of
occasions when Joint Commission and JCR staff interact during which
these guidelines may be applicable. For example, both Joint Commission
and JCR staff participate on internal interdepartmental teams designed
to review Joint Commission programs and ensure they are valuable to
health care organizations. Because these meetings include reviews of
the programs' publication and education services--services provided by
JCR--JCR staff participate on these teams. Another area of interaction
is through educational programs offered by JCR. These programs may
include training by Joint Commission surveyors and central office staff
and may take place at the Joint Commission's headquarters.
The Joint Commission and JCR have also developed a joint code of
conduct[Footnote 36] and organization-specific conflict-of-interest
policies that, while not focused exclusively on firewall issues,
address aspects of the relationship between the two organizations and
the independence of the accreditation process. In particular, the Joint
Commission's conflict-of-interest policy prohibits staff from providing
accreditation-related consulting and prohibits survey staff from
surveying facilities to which they provided consulting services during
the previous 3 years.[Footnote 37] Similarly, JCR's conflict-of-
interest policy prohibits staff from providing external accreditation-
related consulting services and prohibits JCR consultants from
providing consulting services to any facility they may have surveyed in
the past 3 years.
The Joint Commission and JCR Have Taken Steps to Train Staff on, and
Monitor, the Firewall:
The Joint Commission and JCR report providing ongoing training to
ensure that staff understand the firewall and related policies. The
organizations have also developed mechanisms, primarily since 2003,
that allow staff to report possible firewall violations. Both
organizations report monitoring compliance with these policies on an
ongoing basis and, in 2005, underwent a joint external review of their
implementation.
Staff Training on Firewall and Firewall-Related Policies:
The Joint Commission and JCR reported that both board and staff members
receive training on the firewall and related policies--board members
are trained when they join the board and staff are trained during new
employee orientation. In addition, Joint Commission and JCR staff
receive annual training on the firewall and related policies and
procedures and are further reminded of these policies through periodic
presentations at departmental staff meetings.
As of June 2006, the organizations' staff training did not include a
testing component to measure how well staff understand the
policies.[Footnote 38] However, most staff members and senior staff we
spoke with at both organizations were aware of the firewall policies
and were able to accurately describe their purpose. All but 1 of the 25
staff members we spoke with--13 with the Joint Commission and 12 with
JCR--reported being familiar with these policies. In addition, all but
1 of the 24 staff members who were familiar with the firewall policies
stated that the training and information they received made them
sufficiently aware of the firewall and its appropriate implementation.
None of the 25 staff members we spoke with were aware of cases in which
staff from either organization had suggested that the use of JCR
consulting services would influence Joint Commission accreditation.
In addition to training sessions, staff members at the Joint Commission
and JCR have access to information on the compliance program through an
intranet Web site.[Footnote 39] This site includes copies of the
organizations' respective firewall policies and other compliance-
related materials, as well as information on the role of the
organizations' joint Compliance Officer and Compliance Council.
Mechanisms for Reporting Violations:
The firewall policies for both organizations require employees to
report violations to their management, the Compliance Officer, or the
Joint Commission General Counsel. In keeping with this requirement,
senior Joint Commission and JCR management stated that they encourage
employees to contact their supervisors or these other management
officers if they are aware of possible violations or have questions on
the firewall. Of the 24 staff members we interviewed at both
organizations who were familiar with the firewall policies, 20
indicated that if they became aware of a violation, they would contact
another staff member, such as their direct supervisor, division head,
or the Compliance Officer.
The Joint Commission and JCR have also developed a compliance hotline
that allows staff to anonymously report any concerns related to
compliance issues. While the firewall policies require employees to
report violations to certain staff, this hotline offers another means
of reporting possible firewall violations.[Footnote 40] From its
inception in March 2005 through December 2005, the hotline received
three calls, none of which involved a firewall violation.[Footnote 41]
All 24 of the Joint Commission and JCR staff members we spoke with who
were familiar with the firewall policies reported being aware of the
compliance hotline. Of those staff members, 6 stated that they would
contact the hotline if they became aware of a firewall violation.
Monitoring of Firewall and Related Policies:
The Joint Commission and JCR staff report taking multiple steps to
monitor implementation of, and compliance with, the firewall and
related policies. The organizations have created the Compliance Officer
position, the Compliance Council, and the JCR Firewall Oversight
Committee, all of which have a role in monitoring compliance with the
firewall and related policies.
According to Joint Commission and JCR staff, the firewall policies have
been monitored internally on an ongoing basis and are now subject to
external reviews. The Joint Commission conducted an internal review in
2002, which was presented to the Joint Commission and JCR boards in
2003. The 2004 and 2005 firewall policies for both organizations called
for an annual audit of the policy by the Joint Commission's Office of
Legal Affairs, but these audits were not conducted. According to senior
Joint Commission staff, the Joint Commission determined that its legal
department could not conduct a sufficient audit and that instead, the
audits should be conducted by an external body with experience in this
area. In 2005, the Joint Commission and JCR hired a consulting firm to
conduct the first external review of the organizations' firewall
policies and related guidance. Following this review, in 2006, the
requirement for an annual audit by the Office of Legal affairs was
deleted and was replaced with a requirement for an annual review, the
results of which are presented to the appropriate committees of each
board. According to Joint Commission staff, the Joint Commission and
JCR anticipate continuing to contract for an external review of the
firewall on an annual basis.
The external review conducted in 2005 did not identify any major
violations of either organization's firewall policy--violations that
could potentially breach the integrity of the accreditation process. In
its report, the consulting firm stated that the implementation of the
firewall policies "represented a reasonable effort to prevent any
behavior that could result in a breach of the integrity of the
accreditation process." However, because no guidelines or standards
exist for this kind of review, the consulting firm did not certify that
the firewall and related policies protected the integrity of the
accreditation process.
The external review did identify some minor violations of the firewall-
-defined as violations that resulted from the staff's failure to
completely follow operational procedures required by the policies, but
which are not considered to potentially breach the integrity of the
accreditation process. For example, at the time of the 2005 review, JCR
publications and education staff housed in the Joint Commission offices
had access to a Joint Commission shared network folder on a computer
drive. While this shared folder could not be accessed by JCR consulting
staff and Joint Commission surveyors used a separate network, the
consulting firm recommended eliminating JCR staff access. The Joint
Commission and JCR agreed with this and other recommendations made, and
report taking steps to address the issues, including eliminating JCR's
access to Joint Commission computer systems.[Footnote 42]
In addition to this external review, the Joint Commission reported
that, throughout the year, the Compliance Officer monitors concerns and
questions related to the firewall and related policies. Based on this
analysis, the organizations review the policies to determine what, if
any, changes need to be made to improve their clarity. In 2006, the
Compliance Officer developed a list of commonly asked questions and
answers, which was approved by the senior management of both
organizations and released to staff.
According to the Compliance Officer, when minor firewall violations are
identified, each instance is reviewed to determine if it had any impact
on the accreditation decision process and if it was due to a lack of
understanding of the policies or was an intentional violation. She will
then either provide clarification, counseling, or, if necessary,
initiate disciplinary action, including possible dismissal, through the
human resources department. As of July, 2006, no Joint Commission or
JCR staff had been terminated as a result of violating the firewall
policies. However, a senior staff member at the Joint Commission
reported that staff have been terminated for violating the Joint
Commission's conflict-of-interest policies. This staff member noted
that two of the organization's surveyors had been fired for providing
consulting services, although these services were not provided to
facilities they had previously surveyed.
Concluding Observations:
Accreditation is a key mechanism to ensure the safety and quality of
hospital services provided to Medicare beneficiaries and other members
of the public. The Joint Commission's role in accrediting the majority
of hospitals participating in Medicare makes the issue of ensuring the
independence of the Joint Commission's accreditation process vitally
important. Any threat to the independence of the accreditation process
could undermine its ability to ensure the safety and quality of
services provided to Medicare beneficiaries and the general public.
The Joint Commission and JCR have taken steps to protect the Joint
Commission's accreditation process from influence by JCR's consulting
services by developing mechanisms to protect against the improper
sharing of facility-specific information. However, the majority of
these mechanisms, including the firewall and firewall-related policies,
the compliance hotline, and the annual external review of the firewall,
have either been developed or significantly revised within the past few
years--primarily since 2003. The next step is for management of both
organizations to assure that these mechanisms are sufficient to protect
the integrity of the accreditation process. In addition, even with
appropriate policies and procedures in place, it will take ongoing
monitoring and a concerted effort on the part of the leadership of both
organizations to ensure that these policies and procedures are
appropriately implemented by both their board and staff members.
Agency Comments:
We provided a draft of this report to the Joint Commission and CMS for
comment. In its response, the Joint Commission agreed with our
concluding observations, specifically that ensuring the independence of
the accreditation process is vitally important. It indicated that the
report accurately reflects its relationship with JCR, and emphasized
that its highest priority is to preserve the integrity of the Joint
Commission's accreditation process. (The Joint Commission's written
comments are reprinted in app. V.) CMS did not comment on our findings
or concluding observations. Both the Joint Commission and CMS provided
us with technical comments, which we incorporated as appropriate.
As we agreed with your offices, unless you publicly announce the
contents of this report earlier, we plan no further distribution of
this letter until 30 days after the date of this letter. At that time,
we will send copies to the Administrator of CMS, appropriate
congressional committees, and other interested parties. In addition,
the report will be available at no charge on the GAO Web site at
[Hyperlink, http://www.gao.gov].
If you or your staff have any questions about this report, please
contact me at (312) 220-7600 or aronovitzl@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. GAO staff who made major contributions
to this report are listed in appendix VI.
Signed by:
Leslie G. Aronovitz:
Director, Health Care:
[End of section]
Appendix I: Scope and Methodology:
We examined the relationship between the Joint Commission on
Accreditation of Healthcare Organizations (Joint Commission) and Joint
Commission Resources, Inc. (JCR) as it relates to the independence of
the Joint Commissions' hospital accreditation process from JCR's
hospital consulting services. To provide information on the governance
structure and operations of the two organizations, we reviewed multiple
documents, including organizational charts reflecting the
organizations' structure as of 2006, a service agreement signed in 2001
and still in effect as of 2006, Internal Revenue Service tax documents
from calendar years 2001 through 2004, and agendas and minutes from
board meetings of both organizations from 2003 through September
2006.[Footnote 43] We also interviewed the President of the Joint
Commission and the President/Chief Executive Officer of JCR, as well as
officers from the Joint Commission Board of Commissioners and the JCR
Board of Directors. In addition, we interviewed senior staff at both
organizations, including the organizations' General Counsel, each
organization's Chief Financial Officer, and the Joint Commission's Vice
President for Human Resources.
To describe the policies the Joint Commission and JCR have developed to
prevent the improper sharing of facility-specific information, we
reviewed Joint Commission and JCR documents, including current and past
policies and guidance related, either directly or indirectly, to the
firewall. We also examined training materials and reports from the
compliance hotline contractor. We conducted interviews with senior
staff from the Joint Commission and JCR. These senior staff included
the shared Corporate Compliance and Privacy Officer, the Joint
Commission's Vice President of Accreditation Services, and the
Executive Directors of JCR's consulting services.
In addition to interviews with senior staff, we selected a sample of 15
staff members at each organization to interview. These semistructured
interviews were designed to collect information on Joint Commission and
JCR staff members' understanding of the firewall and related guidance,
their training on this guidance, and their awareness of possible
firewall violations. Our selection of staff members concentrated on
those who were JCR consultants and Joint Commission staff conducting
surveys or working in the areas of information technology, planning and
financial affairs, and marketing. We considered these particular staff
members more likely to be in a position to breach the firewall than
other employees. We selected staff using random lists of JCR
consultants, Joint Commission hospital surveyors, and employees from
the information technology, planning and financial affairs, and
marketing departments, as well as a random list of employees from all
other areas at each organization. Selected staff were contacted by
phone and e-mail. If, after three attempted phone calls and one e-mail,
staff did not respond to our request for an interview we moved to the
next staff member identified in our random selection.[Footnote 44] We
were able to conduct a total of 25 interviews with Joint Commission and
JCR staff. We were unable to arrange interviews with 2 Joint Commission
surveyors and 3 JCR consultants. We excluded any Joint Commission
survey staff who were not hospital surveyors, JCR staff who provided
only international services, senior staff at both organizations who we
had already interviewed, and Joint Commission staff acting as liaisons
to our work. The information gathered from these interviews reflects
the experience of these staff members and cannot be generalized to all
Joint Commission or JCR staff. While the interviews provide information
on staff awareness of the firewall policies and related guidance, as
well as their awareness of possible firewall violations, they are not
sufficient to determine if there have or have not been any firewall
violations.
We also conducted interviews with officials from a random sample of 5
of the 14 state hospital associations that participated in JCR's
Continuous Service Readiness (CSR) program as of May 2006, and with
officials from 5 state hospital associations that do not participate in
the CSR program. These interviews were designed to obtain information
on the associations' understanding of the relationship between the
Joint Commission and JCR and how they perceived that their
participation in the CSR program might impact their members' Joint
Commission accreditation. To select the sample for these interviews, we
sorted the associations by census regions. We then selected a random
sample of associations that participate in the CSR program and a random
sample of those that do not from within each census region. We
conducted semistructured interviews with each of the selected
associations. One state hospital association did not respond to our
request for an interview. In this case, we replaced that association
with the next association in the same census region identified in our
random selection.
We also conducted interviews with officials from 6 hospitals that use
JCR's consulting services to learn more about their understanding of
the relationship between JCR and the Joint Commission. To conduct these
interviews, we determined the number of hospitals that had contracted
with JCR for these services in calendar year 2005. JCR compiled a
spreadsheet that contained e-mail addresses for JCR's 2005 domestic
hospital clients. We identified a random sample of JCR's hospital
clients and JCR sent these hospitals an e-mail asking them to contact
us if they were willing to be interviewed. We selected our sample of
approximately 10 percent of that population--80 facilities--using a
randomly generated number list. This selection was done at the JCR
offices and the e-mails were sent to hospital facilities under our
supervision. Facilities were given 2 weeks to contact us to schedule
interviews if they were interested. The information gathered from these
interviews with JCR hospital clients and the interviews with state
hospital associations reflects the experience of these particular
facilities and state hospital associations and cannot be generalized to
all JCR consulting clients.
As part of our work, we also interviewed staff at the Department of
Health and Human Services' Centers for Medicare & Medicaid Services to
obtain information on their oversight of the Joint Commission and other
accreditation organizations. In addition, we interviewed officials from
multiple organizations and reviewed documents to obtain background
information on possible criteria or best practices related to the
governance of nonprofit organizations, conflicts of interest,
compliance programs, and independence standards. Those we interviewed
included officials at Independent Sector--a coalition of charities,
foundations, and corporate giving programs which focuses on
strengthening these particular types of organizations--and the Hauser
Center for Nonprofit Organizations--a research center at Harvard
University focusing on the nonprofit sector. We also interviewed
officials from federal agencies and organizations to obtain information
on how they separate accreditation or certification programs from
consulting services. Those we interviewed included representatives from
the Department of Education, the Council on Higher Education
Accreditation, and the National Organization for Competency
Assurance.[Footnote 45]
Because the Joint Commission's status related to Medicare applies only
to hospitals, our review was limited to information related to its
accreditation of hospitals and services provided by JCR to hospitals.
We did not conduct a review of the Joint Commission's accreditation
decision process. We also did not review information on other
activities conducted by the Joint Commission or JCR that were not
related to the relationship between the Joint Commission's hospital
accreditation process and JCR's hospital consulting services. Further,
we excluded Joint Commission International, a division of JCR that
provides consulting and accreditation services to foreign health care
facilities, from the scope of our work because these facilities are not
eligible to participate in the Medicare program.
We conducted our work from October 2005 to December 2006 in accordance
with generally accepted government auditing standards.
[End of section]
Appendix II: Timeline of Key Developments in the Organizations'
Relationship:
[See PDF for Image]
Source: GAO analysis of Joint Commission and JCR resources.
[End of Figure]
[End of section]
Appendix III: Policies, Protocols, and Guidelines Related to the
Firewall, as of 2006:
Joint Commission Policies.
Firewall specific;
* Firewall policy; Designed to eliminate any real or perceived conflict
of interest between the Joint Commission accreditation activities and
JCR's consulting services. Provides specific direction to Joint
Commission staff on their interaction with JCR staff and services. This
policy applies to all Joint Commission staff;
* Firewall policy for planning and financial affairs and information
technology staff; Reinforces the Joint Commission Firewall Policies and
applies specifically to Planning and Financial Affairs and Information
Technology Staff who provide support services to JCR.
Non-firewall specific;
* Conflict-of- interest policy; Prohibits involvement in activities
that might constitute or be perceived to constitute a conflict of
interest with the overall mission of the Joint Commission. Requires
staff to abide by the Joint Commission's firewall policy and prohibits
the disclosure of confidential or proprietary information. Prohibits
Joint Commission staff from providing accreditation-related consulting
services. Prohibits Joint Commission staff from surveying facilities to
which they provided consulting or related services during the previous
3 years.
JCR Policies and Protocols.
Firewall specific;
* Firewall policy; Designed to eliminate any real or perceived conflict
of interest between the Joint Commission accreditation activities and
JCR's consulting services. Provides specific direction to JCR staff on
their interaction with Joint Commission staff and services. This policy
applies to all JCR staff;
* JCR marketing firewall policy; Provides requirements for marketing
strategies to protect the integrity of the Joint Commission
accreditation process and ensure that materials contain no implication
that purchasing products or services from JCR will impact accreditation
decisions;
* Protocols for JCR field staff; Provides specific direction to JCR
consultants in the field, including their interaction with the Joint
Commission staff;
* JCR scope limitations policy; Delineates certain consulting services
that cannot be provided to Joint Commission-accredited organizations,
including assistance in preparing challenges to accreditation
decisions, resolving Joint Commission deficiency findings, preparing
root-cause analysis for sentinel events, and preparing organizations
that have been denied Joint Commission accreditation for future
surveys.
Non-firewall specific;
* Conflict-of-interest policy; Prohibits involvement in activities that
might constitute or be perceived to constitute a conflict of interest
with the mission of JCR and the Joint Commission. Requires staff to
abide by JCR's firewall policy and prohibits the disclosure of
confidential or proprietary information. Prohibits JCR staff, in most
cases, from providing outside consulting services. Prohibits JCR
consultants from providing consulting services to facilities they have
surveyed in the past 3 years.
Combined Joint Commission and JCR Policies and Guidelines.
Firewall specific;
* Combined meeting guidelines poster; Guides conduct in meetings that
include both Joint Commission and JCR staff, reiterating that
organization-specific or nonpublic accreditation or survey process
information should not be discussed and, if business needs dictate that
organization-specific information be shared, stating that appropriate
staff must excuse themselves.
Non-firewall specific;
* Code of conduct; Provides guidance on standards for staff conduct and
the confidentiality of information, including mechanisms in place to
help staff report violations of the code of conduct.
Source: GAO analysis of Joint Commission on Accreditation of Healthcare
Organizations and Joint Commission Resources, Inc. documents.
[End of table]
[End of section]
Appendix IV: Elements of the Firewall Policies, as of 2006:
Elements unique to Joint Commission firewall policy:
* Staff may not seek or solicit information on whether or not a
facility has used JCR and is not provided this information by the Joint
Commission or JCR representatives;
* Survey teams are instructed that participation in JCR's Continuous
Service Readiness program (CSR) is not considered in the accreditation
process;
* Joint Commission surveyors may not discuss any survey assignments, or
possible assignments, with any JCR consulting staff;
* Joint Commission surveyors are instructed that survey report forms
may not include information on whether or not the surveyed organization
has used JCR's services;
* A list of current JCR staff is provided to the Joint Commission
Historical File Room staff to allow them to monitor access.[A];
* Certain staff who have access to JCR financial and operational
information as part of their role in providing services to JCR may not
disclose JCR organization-specific information to other Joint
Commission staff;
* JCR publishes the Joint Commission's accreditation materials and
supplies their educational services. These services are promoted in
Joint Commission and JCR materials. Any reference in Joint Commission
materials to JCR's consulting services is generally limited to
acknowledging JCR's existence, its services, and the reason for its
creation;
* Facilities asking for information on consulting services are referred
to the Joint Commission's central office. Staff at the central office
will refer to the availability of JCR's services, and will also
emphasize the separateness of the Joint Commission's accreditation
process from JCR's consulting services;
* The firewall policy is posted on the surveyor Web site.
Elements common to both Joint Commission and JCR firewall policies:
* Staff may not suggest that the use of JCR consulting services is
necessary to obtain or influence Joint Commission accreditation;
* Staff may not access confidential facility-specific information from,
or share facility-specific information with, the other organization;
* JCR staff may not access the Joint Commission's Historical File
Room.[A];
* Staff at JCR may not access information about the application of the
Joint Commission standards or accreditation procedures that is not
already available, or will be made available promptly, to outside
parties;
* JCR staff may not attend Joint Commission surveyor training and may
not have access to surveyor educational tools not generally available
to outside parties;
* All staff must sign a compliance statement on an annual basis.[B];
* The firewall policy is sent annually to all staff, and is referenced
in each organization's conflict-of-interest policies, which staff are
also required to sign on an annual basis.[B];
* The firewall policy is covered during new employee orientation and
training;
* Staff must report any violation of their organization's firewall
policy to the Compliance Officer, the Joint Commission General Counsel,
or their organization's management;
* An annual review is conducted to ensure appropriate separation
between the Joint Commission accreditation activities and JCR
consulting services and the results are presented to the relevant board
committees.
Elements unique to JCR firewall policy:
* Facilities using JCR's consulting services are informed that the
Joint Commission is not told that the facility used JCR's services and
a disclaimer to this effect is included in JCR contracts;
* Participants in JCR's CSR program are informed that Joint Commission
survey teams are told that CSR participation is not considered in the
accreditation process;
* JCR consultants may not communicate with surveyors about specific
facility accreditation decisions, may not in any way participate in the
accreditation process as a representative of the facility, and may not
discuss the choice of surveyors for particular facilities with the
Joint Commission;
* All JCR promotional materials related to consulting services are
reviewed by the Joint Commission Office of Legal Affairs;
* JCR consulting services maintain separate offices, telephone numbers,
and computer systems from the Joint Commission;
* JCR promotional materials are limited to identifying JCR as a
nonprofit affiliate of the Joint Commission and the separateness
between accreditation decisions and JCR's services should be
identified.
Source: GAO analysis of Joint Commission on Accreditation of Healthcare
Organizations and Joint Commission Resources, Inc. documents.
[A] The Historical File Room is a secured space at the Joint Commission
offices in Oakbrook Terrace, Illinois.
[B] Staff are required to sign compliance statements signifying that
they have read, and agree to comply with, both the firewall policy and
conflict-of-interest policy that apply to their specific organization.
[End of table]
[End of section]
Appendix V: Comments from the Joint Commission on Accreditation of
Healthcare Organizations:
Joint Commission:
Setting the Standard for Quality in Health Care:
November 27, 2006:
Mr. David Walker:
Comptroller General:
Government Accountability Office:
441 G Street, N.W.
Washington, DC:
Dear Mr. Walker:
The Joint Commission appreciates the opportunity to comment on the
Government Accountability Office (GAO) draft report Hospital
Accreditation: Joint Commission on Accreditation of Healthcare
Organizations' Relationship with its Affiliate (GAO-07-79). Soliciting
the views of entities that are the subject of your reviews helps to
ensure accuracy and provide context for these assessments. In the
present examination, the Joint Commission believes that the GAO has
conducted a comprehensive and thorough study of the relationship
between the Joint Commission on Accreditation of Healthcare
Organizations (Joint Commission) and its affiliate, Joint Commission
Resources (JCR) and the steps both organizations have taken to prevent
the improper sharing of accreditation and consulting information with
each other. Our highest priority has been, and continues to be, the
preservation of the integrity of the Joint Commission's accreditation
process.
As noted in the report, the Joint Commission and JCR share a common
goal to continuously improve the safety and quality of health care.
Although each organization operationalizes its specific mission
differently, this common purpose informs the activities and initiatives
of both organizations. The careful coordination of these complementary
efforts-both at the governance and operations levels-permits us each to
optimize our respective capabilities, while also preserving the
integrity of the Joint Commission's accreditation process.
The Joint Commission agrees with GAO's conclusion that ensuring the
independence of the Joint Commission's accreditation process is vitally
important to safeguarding the safety and quality of hospital services
provided to Medicare beneficiaries and other members of the public. The
Joint Commission and JCR are both staunchly committed to this priority,
as reflected by the elaborate firewall and related mechanisms that have
been created and, as detailed in the report, are effectively
functioning to prevent the improper sharing of facility-specific
information between the two entities. These mechanisms will continue to
be closely monitored and assessed on an ongoing basis to ensure they
are operating as intended and refined as needed.
Again, the Joint Commission would like to express its thanks for the
opportunity to review and comment on this draft report and to provide
technical comments. The later are provided as an attachment to this
letter. If you have any questions concerning these comments, please
contact Trisha Kurtz, Director of Federal Relations, at 202.783.6655.
Sincerely,
Signed by:
Dennis S. O'Leary, M.D.
President:
Joint Commission:
Signed by:
Karen H. Timmons:
President and CEO:
Joint Commission Resources:
[End of section]
Appendix VI: GAO Contact and Staff Acknowledgments:
GAO Contact:
Leslie G. Aronovitz, (312) 220-7600 or aronovitzl@gao.gov:
Acknowledgments:
In addition to the person named above, Geraldine Redican-Bigott,
Assistant Director; Emily Gamble Gardiner, Thomas Han, Kevin Milne,
Daniel Ries, Janet Rosenblad, and Jessica Cobert Smith made key
contributions to this report.
FOOTNOTES
[1] Accreditation is an assessment process by which an organization's
performance is measured against certain standards defined by industry
experts.
[2] Hospitals accredited by the Joint Commission are deemed to be in
compliance with all of the Medicare conditions except three. These
three conditions are related to hospital utilization reviews, certain
psychiatric hospital staffing and records standards, and any standards
that CMS, after consulting with the Joint Commission, identifies as
being higher or more precise than the Joint Commission's accreditation
standards. See 42 C.F.R. § 488.5 (2005).
[3] Hospitals may also demonstrate compliance through accreditation
from the American Osteopathic Association or by applying to CMS for a
review to determine whether they satisfy the conditions of
participation. A review by CMS is typically conducted by a state agency
under contract with CMS.
[4] See 42 U.S.C. § 1395bb(a) (2000); see also 42 C.F.R. § 488.5
(2005).
[5] JCR was known as Quality Healthcare Resources until 1998, when its
name was changed.
[6] The Joint Commission and JCR have used the terms "affiliate" and
"subsidiary" interchangeably to describe JCR. For purposes of this
report, we refer to JCR as an "affiliate." In a "controlled" affiliate,
the affiliate is a separate legal entity, but the parent organization
has authority over the affiliate's activities.
[7] For the purposes of this report, when we refer to facility-specific
information, we are referring to information on hospital facilities
only. The Joint Commission's status in statute as an approved
accreditation organization for Medicare purposes extends only to
hospitals. Therefore we excluded other types of facilities accredited
by the Joint Commission from our work.
[8] We excluded Joint Commission International, a division of JCR that
provides consulting and accreditation services to foreign health care
facilities, from the scope of our work because these facilities are not
eligible to participate in the Medicare program.
[9] Among others, we spoke with officials at the United States
Department of Education, the Council on Higher Education Accreditation,
Independent Sector, and the National Center for Nonprofit Enterprise.
[10] The other founding members of the Joint Commission were the
American College of Physicians, the American Medical Association, and
the Canadian Medical Association. In 1959, the Canadian Medical
Association withdrew to form its own accreditation body in Canada. The
American Dental Association joined the Joint Commission as a member in
1979.
[11] Organizations volunteered for unannounced surveys in 2004 and
2005, and all surveys (with certain exceptions, such as prison
hospitals) became unannounced effective January 1, 2006.
[12] Previously housed at the Joint Commission, the CSR program was
also transferred to JCR in 2000. JCR also expanded its services to
include international accreditation activities through Joint Commission
International, which is a division of JCR that provides consulting and
accreditation services to foreign health care facilities. The
activities of Joint Commission International are beyond the scope of
this work.
[13] In our 2004 report, we suggested that Congress consider giving CMS
the authority over the Joint Commission's hospital accreditation
program that it has over other accreditation programs. We also
recommended that CMS modify its methods for assessing the Joint
Commission's performance. For more information, see GAO, Medicare: CMS
Needs Additional Authority to Adequately Oversee Patient Safety in
Hospitals, GAO-04-850 (Washington, D.C.: July 20, 2004).
[14] Pub. L. No. 107-204, 116 Stat. 745.
[15] Compliance programs are designed to encourage the development and
use of internal controls to monitor adherence to applicable statutes,
regulations, and program requirements.
[16] Federal Sentencing Guidelines have been developed both for
individuals and for organizations. The Sentencing Guidelines for
organizations provide for reduced sentences for federal crimes if the
organization demonstrates adherence to certain elements that
demonstrate an effective compliance program.
[17] The HHS Office of Inspector General Compliance Program Guidance
for Hospitals is intended to help health care facilities promote
adherence with laws and regulations, as well as with ethical and
business policies. This guidance recommends the inclusion of several
elements in a compliance program, such as the development of written
policies and procedures, a compliance officer and compliance council, a
hotline for staff to report violations, and ongoing staff training.
While these guidelines were not developed for accreditation bodies, the
Joint Commission used this framework when developing its compliance
program.
[18] See, e.g., 12A Fletcher Cyclopedia Corporations § 5687 (Perm. Ed.)
[19] The laws related to the organization of nonprofit corporations may
vary by state. Both the Joint Commission and JCR were organized under
the laws of the State of Illinois and are subject to its laws. See 805
ILCS 105/107.03 (f)(2004).
[20] The bylaws of JCR indicate that the sole member shall have the
reserve powers listed in the bylaws in lieu of reserve powers that
would be otherwise provided by applicable statute.
[21] See Dana Brakman Reiser, "Decision-Makers Without Duties: Defining
the Duties of Parent Corporations Acting as Sole Corporate Members in
Nonprofit Health Care Systems," Rutgers L. Rev. 53 (2001): 991.
[22] "Ex officio" means that "by right of their office" these officers
are able to serve on the board.
[23] The previously separate officer positions of President and CEO of
JCR were combined into the single position of President/CEO following
the restructuring of JCR in 2003.
[24] In general, an affiliate may contract with a parent organization
for support services as long as the transactions are considered
reasonable for both organizations at the time they enter into the
agreement. To maintain the affiliate's status as a separate legal
entity, certain formalities should be followed, such as the affiliate
maintaining separate bank accounts and records, and being responsible
for its own corporate filing requirements. JCR maintains its own
separate bank account and records and handles its own corporate filing
requirements.
[25] The management fee paid by JCR is considered a related party
transaction--a transaction between related parties such as controlled
entities, principal stockholders, or management. It has no net effect
on, and is eliminated from, the Joint Commission's consolidated
financial statements.
[26] JCR's board decided to retain external counsel in 2005 to
represent its interests.
[27] In addition to issues related to the firewall policies, the
Compliance Officer is responsible for oversight of other compliance
issues, such as unethical conduct. Such conduct may include employee
harassment, divulging protected health information, and abuse of
organizational resources.
[28] Between January and September of 2005, royalty fees paid by JCR to
the Joint Commission totaled $713,825 and the management fee JCR paid
for support services totaled $2,648,646. In 2004, JCR paid $3,249,862
of excess net assets to the Joint Commission. Net assets of a nonprofit
affiliate may be transferred to its nonprofit parent organization. Like
the management fee JCR pays the Joint Commission, the royalty fees are
considered a related party transaction and are eliminated from the
Joint Commission's consolidated financial statements.
[29] The policies were effective January 1, 2004, and were modified in
2005 and 2006.
[30] The Joint Commission and JCR compliance program is overseen by the
organizations' Compliance Officer, and focuses on preventing violations
of law and unethical conduct and investigating and responding to
allegations of violations. The Compliance Program addresses a variety
of issues, including confidentiality issues, fraud, and conflicts of
interest, as well as issues related to the organizations' firewall.
[31] While some JCR publications and education staff are co-located
with Joint Commission staff, all JCR consulting services staff are
either housed at the separate JCR offices or are based throughout the
country.
[32] This policy went into effect January 1, 2004.
[33] If JCR has provided consulting services to a facility within the
facility's current Joint Commission accreditation period, JCR may
review and comment on documents the facility has prepared for the Joint
Commission. However, in these cases, JCR may not charge a fee for these
services. According to 2005 meeting minutes, JCR's firewall oversight
committee may review the scope limitations policy to address recent
changes in the Joint Commission survey process.
[34] This policy is referred to as the "firewall policy for planning
and financial affairs and information technology staff."
[35] Guidelines related to the marketing of JCR services were developed
in 2003.
[36] The code of conduct provides general information on acceptable
staff behavior and the confidentiality of information, as well as
information on mechanisms for reporting violations.
[37] Prior to January 2004, Joint Commission surveyors were allowed to
provide consulting services. Until that time, some surveyors also
worked as JCR consultants, while others worked as independent
contractors.
[38] The Joint Commission reported that a testing component was added
to its staff training program in late 2006 and that it will be expanded
in 2007.
[39] Facility-specific information is not available through this site.
[40] The hotline is available 24 hours per day, 7 days a week and is
operated by a contractor. When a call is received, the hotline operator
takes information on the caller's concern and, at the end of the call,
provides the caller with a report number that can be used when
following up with the hotline. Within 24 hours of receiving a call,
hotline staff are required to prepare a report on the call and submit
that report to the Compliance Officer and other specified staff. The
Compliance Officer is then charged with investigating any reported
issue.
[41] According to Joint Commission staff, two of these calls were from
staff confirming the hotline's existence. The third call concerned a
complaint about a specific facility. This call should have been made to
another Joint Commission hotline that allows members of the public to
report complaints about specific facilities.
[42] Among the other recommendations made by the consultant were
recommendations to develop guidelines for meetings involving staff from
both organizations, require board members from both organizations to
sign the annual firewall compliance statement, and modify the firewall
policy to reflect that the Joint Commission Office of Legal Affairs was
not conducting annual audits of the organizations' firewalls.
[43] JCR's Firewall Oversight Committee was not formed until 2004;
therefore, we reviewed the agendas and meeting minutes from 2004
through September 2006.
[44] E-mail addresses were not available for certain staff members. In
these cases, staff were contacted by phone four times.
[45] The Council on Higher Education Accreditation is an association of
colleges and universities which certifies institutional accrediting
organizations. The National Organization for Competency Assurance
includes the National Commission for Certifying Agencies, which
accredits certification programs for a variety of professions.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
