Hospital Accreditation: Joint Commission on Accreditation of
Healthcare Organizations' Relationship with Its Affiliate
(15-DEC-06, GAO-07-79).
Hospitals must meet certain conditions of participation
established by the Centers for Medicare & Medicaid Services (CMS)
in order to receive Medicare payments. In 2003, most
hospitals--over 80 percent--demonstrated compliance with most of
these conditions through accreditation from the Joint Commission
on Accreditation of Healthcare Organizations (Joint Commission).
Established in 1986, Joint Commission Resources, Inc. (JCR), a
nonprofit affiliate of the Joint Commission, provides
consultative technical assistance services to hospitals. Both
organizations acknowledge the need to ensure that JCR's services
do not--and are not perceived to--affect the independence of the
Joint Commission's accreditation process. GAO was asked to
provide information on the relationship between the Joint
Commission and JCR. This report describes (1) their
organizational relationship, and (2) the significant steps they
have taken to prevent the improper sharing of information,
obtained through their accreditation and consulting activities,
respectively, since JCR was established. GAO reviewed pertinent
documents, including conflict-of-interest policies and
information about the organizations' financial relationship, and
interviewed staff and board members from both organizations, JCR
clients, and CMS officials.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-07-79
ACCNO: A64185
TITLE: Hospital Accreditation: Joint Commission on Accreditation
of Healthcare Organizations' Relationship with Its Affiliate
DATE: 12/15/2006
SUBJECT: Agency protocols
Consultants
Firewalls
Health care facilities
Health resources utilization
Hospitals
Information disclosure
Institution accreditation
Internal controls
Policy evaluation
Program evaluation
Reporting requirements
Government agency oversight
Policies and procedures
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-07-79
* [1]Results in Brief
* [2]Background
* [3]The Joint Commission Has a Close Relationship with JCR throu
* [4]The Joint Commission Has Substantial Control over JCR throug
* [5]The Joint Commission and JCR Provide Operational Assistance
* [6]The Joint Commission and JCR Have Taken Steps to Prevent the
* [7]The Joint Commission and JCR Have Policies Designed to Preve
* [8]Firewall Policies
* [9]Additional Firewall-Related Policies and Guidance
* [10]The Joint Commission and JCR Have Taken Steps to Train Staff
* [11]Staff Training on Firewall and Firewall-Related Policies
* [12]Mechanisms for Reporting Violations
* [13]Monitoring of Firewall and Related Policies
* [14]Concluding Observations
* [15]Agency Comments
* [16]GAO Contact
* [17]Acknowledgments
* [18]GAO's Mission
* [19]Obtaining Copies of GAO Reports and Testimony
* [20]Order by Mail or Phone
* [21]To Report Fraud, Waste, and Abuse in Federal Programs
* [22]Congressional Relations
* [23]Public Affairs
Report to Congressional Requesters
United States Government Accountability Office
GAO
December 2006
HOSPITAL ACCREDITATION
Joint Commission on Accreditation of Healthcare Organizations'
Relationship with Its Affiliate
GAO-07-79
Contents
Letter 1
Results in Brief 4
Background 5
The Joint Commission Has a Close Relationship with JCR through Their
Governance Structure and Operations 9
The Joint Commission and JCR Have Taken Steps to Prevent the Improper
Exchange of Facility-Specific Information 15
Concluding Observations 23
Agency Comments 24
Appendix I Scope and Methodology 26
Appendix II Timeline of Key Developments in the Organizations'
Relationship 30
Appendix III Policies, Protocols, and Guidelines Related to the Firewall,
as of 2006 31
Appendix IV Elements of the Firewall Policies, as of 2006 33
Appendix V Comments from the Joint Commission on Accreditation of
Healthcare Organizations 35
Appendix VI GAO Contact and Staff Acknowledgments 37
Table
Table 1: Joint Commission's Powers Over JCR Enumerated in JCR Bylaws 11
Figures
Figure 1: Relationship between the Joint Commission, JCR, and Hospitals 7
Figure 2: Board Structure of JCR in Relation to the Joint Commission 12
Abbreviations
CEO Chief Executive Officer CFO Chief Financial Officer CMS Centers for
Medicare & Medicaid Services CSR Continuous Service Readiness HHS
Department of Health and Human Services JCR Joint Commission Resources,
Inc.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
United States Government Accountability Office
Washington, DC 20548
December 15, 2006
The Honorable Charles E. Grassley
Chairman
Committee on Financ
United Senate
The Honorable Pete Stark
Ranking Minority Member
Subcommittee on Health
Committee on Ways and Means
House of Representatives
In order to be eligible to receive payments from Medicare--the federal
program that provides health care benefits to over 42 million elderly and
disabled beneficiaries--hospitals must meet certain criteria established
by federal law. The Centers for Medicare & Medicaid Services (CMS), the
federal agency within the Department of Health and Human Services (HHS)
that administers Medicare, has established conditions of participation
that hospitals must meet to be eligible to participate in the Medicare
program. The Joint Commission on Accreditation of Healthcare Organizations
(Joint Commission), a nonprofit corporation, has developed its own
accreditation standards that are intended to meet or exceed Medicare's
conditions of participation.^1 Hospitals accredited by the Joint
Commission are, in general, deemed to meet most of the conditions to be
eligible for Medicare payment.^2 In 2003, most hospitals--over 80
percent--demonstrated that they met the applicable conditions of
participation through accreditation from the Joint Commission.^3
^1Accreditation is an assessment process by which an organization's
performance is measured against certain standards defined by industry
experts.
^2Hospitals accredited by the Joint Commission are deemed to be in
compliance with all of the Medicare conditions except three. These three
conditions are related to hospital utilization reviews, certain
psychiatric hospital staffing and records standards, and any standards
that CMS, after consulting with the Joint Commission, identifies as being
higher or more precise than the Joint Commission's accreditation
standards. See 42 C.F.R. S 488.5 (2005).
The Joint Commission's status as a hospital accrediting body was
established by statute in 1965, and consequently, can only be changed by
Congress.^4 Although CMS has approved other organizations' hospital
accreditation programs, the Joint Commission is the only organization
whose approval is expressly provided for in statute. As such, the Joint
Commission is not required to periodically reapply to CMS for this
approval.
In 1986, the Joint Commission created Joint Commission Resources, Inc.
(JCR),^5 a nonprofit, controlled affiliate.^6 JCR's stated purpose is to
assist health care organizations in improving the quality of their care
through educational and research activities. Of particular interest, JCR
provides consultative technical assistance services--referred to as
"consulting services" throughout the remainder of this report--to health
care facilities, including individual hospitals and members of state
hospital associations, to help facilities comply with the Joint
Commission's accreditation standards. While JCR is a separate entity
legally from the Joint Commission, the organizations are related corporate
entities. As a result, the two organizations have acknowledged the need to
ensure that JCR's consultative services do not affect, and are perceived
not to affect, the independence of the Joint Commission's accreditation
process, either through the improper sharing of information about
facilities using JCR's services with Joint Commission accreditation staff
or through any implication that using JCR's services will provide an undue
advantage in the Joint Commission accreditation process. Both of the
organizations attempted to address these concerns through the development
of a "firewall"--policies designed to establish a barrier between the
organizations to prevent conflicts of interest and sharing of
facility-specific information.^7 For example, the firewall is intended to
prevent JCR from sharing the names of its hospital clients with the Joint
Commission.
^3Hospitals may also demonstrate compliance through accreditation from the
American Osteopathic Association or by applying to CMS for a review to
determine whether they satisfy the conditions of participation. A review
by CMS is typically conducted by a state agency under contract with CMS.
^4See 42 U.S.C. S 1395bb(a) (2000); see also 42 C.F.R. S 488.5 (2005).
^5JCR was known as Quality Healthcare Resources until 1998, when its name
was changed.
^6The Joint Commission and JCR have used the terms "affiliate" and
"subsidiary" interchangeably to describe JCR. For purposes of this report,
we refer to JCR as an "affiliate." In a "controlled" affiliate, the
affiliate is a separate legal entity, but the parent organization has
authority over the affiliate's activities.
You asked us to provide information on the relationship between the Joint
Commission and JCR as it relates to the hospital accreditation process. In
this report, we describe (1) how the Joint Commission and JCR are related
to one another through their governance structure and operations, and (2)
the significant steps both organizations have taken to prevent the
improper sharing of facility-specific information, obtained through their
hospital accreditation and consulting activities, since the creation of
JCR.
To describe the relationship between the Joint Commission and JCR,
specifically as it pertains to their governance structure and operations,
we interviewed senior staff at both organizations, including the President
of the Joint Commission and the individual who serves as both President
and Chief Executive Officer (CEO) of JCR. We also interviewed board
members from the Joint Commission and JCR and reviewed documents from both
organizations, including documents related to the organizations' financial
relationship.^8 Further, we interviewed staff at CMS to obtain information
on their oversight of the Joint Commission and other accreditation
organizations, and reviewed reports CMS provides to Congress related to
its validation surveys of Joint Commission accredited hospitals. To
further our understanding of issues related to organizational governance,
conflicts of interest, and independence standards, we interviewed
officials from both the private and public sector^9 and reviewed pertinent
documents.
To provide information on the significant steps taken by the Joint
Commission and JCR since JCR's creation to prevent the improper sharing of
facility-specific information, we reviewed relevant policies developed by
the two organizations. We reviewed versions of the firewall and related
policies issued between 1987 and 2006 and interviewed senior staff with
responsibility for this area, including the person who serves as the
Corporate Compliance and Privacy Officer (Compliance Officer) for both
organizations. We also conducted interviews with staff members at each
organization to obtain information on their understanding of the firewall
and related policies and guidelines, their training on these policies and
guidelines, and their awareness of possible firewall violations. In
addition, to learn about JCR's clients' understanding of the relationship
between JCR and the Joint Commission, we conducted interviews with state
hospital associations that, as of May 2006, used JCR's consulting
services, and hospitals that used these services during calendar year
2005. We also conducted interviews with state hospital associations that
had not used JCR's consulting services as of May 2006 to learn more about
their reasons for not doing so. The information provided from our
interviews with staff, state hospital associations, and hospitals reflects
the comments of those we interviewed and cannot be generalized to all
Joint Commission and JCR staff or all state hospital associations and
hospitals using JCR consulting services. (For additional information on
our methodology, see app. I.)
^7For the purposes of this report, when we refer to facility-specific
information, we are referring to information on hospital facilities only.
The Joint Commission's status in statute as an approved accreditation
organization for Medicare purposes extends only to hospitals. Therefore we
excluded other types of facilities accredited by the Joint Commission from
our work.
^8We excluded Joint Commission International, a division of JCR that
provides consulting and accreditation services to foreign health care
facilities, from the scope of our work because these facilities are not
eligible to participate in the Medicare program.
^9Among others, we spoke with officials at the United States Department of
Education, the Council on Higher Education Accreditation, Independent
Sector, and the National Center for Nonprofit Enterprise.
We conducted our work from October 2005 to December 2006, in accordance
with generally accepted government auditing standards.
Results in Brief
Although the Joint Commission and JCR provide different types of services
to health care organizations, they remain closely related to one another
in their efforts to achieve their similarly stated missions. Their close
relationship is demonstrated through both their governance structure and
operations. The Joint Commission has substantial control over JCR through
powers provided in JCR's bylaws as well as through Joint Commission
commissioners that also serve on JCR's board. In addition, the two
organizations provide various operational services to one another.
The Joint Commission and JCR have taken steps designed to prevent the
improper sharing of facility-specific information obtained from their
accreditation or consulting activities. In 1987, shortly after the
creation of JCR, the organizations developed initial firewall guidance.
Beginning in 2003, both organizations began taking additional steps
designed to enhance the firewall guidance. They have also implemented
additional policies and guidance designed to further strengthen the
firewall between the two organizations. Both the Joint Commission and JCR
report providing training to staff on these policies, and have developed
mechanisms to allow staff to report possible firewall violations. They
both have also taken steps, primarily since 2003, to strengthen the
oversight of the implementation of, and compliance with, the firewall and
related policies.
Ensuring the independence of the Joint Commission's accreditation process
is vitally important. To ensure that the firewall and other mechanisms
instituted are sufficient to prevent the improper sharing of
facility-specific information, it would be prudent for the Joint
Commission and JCR to continue to assess these mechanisms and monitor
their implementation.
The Joint Commission agreed with our concluding observations and
emphasized that its highest priority is to preserve the integrity of its
accreditation process. CMS did not comment on our findings or concluding
observations.
Background
The Joint Commission, a nonprofit organization founded in 1951, was
created to provide voluntary health care accreditation for hospitals. All
but one of the Joint Commission's founding members continued to serve on
its Board of Commissioners as of October 2006, including the American
Hospital Association and the American College of Surgeons.^10 The
standards established by the Joint Commission address a facility's level
of performance in areas such as patient rights, patient treatment, and
infection control. To determine whether a facility is in compliance with
those standards, the Joint Commission conducts on-site evaluations of
facilities, called accreditation surveys. The Joint Commission recognizes
a facility's compliance with its standards by issuing a certificate of
accreditation, which is valid for a 3-year period. In 2004, the Joint
Commission implemented a new accreditation process in an effort to
encourage hospitals to focus on continuous quality improvement, rather
than survey preparation. Previously, facilities were told in advance when
Joint Commission surveyors would conduct their evaluations. As a part of
the new process, the Joint Commission began conducting unannounced
surveys.^11 The Joint Commission employs over 900 staff members, including
approximately 200 hospital surveyors from a range of disciplines--such as
physicians, nurses, and hospital administrators--who conduct the
accreditation surveys. In 2005, the Joint Commission accredited
approximately 4,300 hospitals.
^10The other founding members of the Joint Commission were the American
College of Physicians, the American Medical Association, and the Canadian
Medical Association. In 1959, the Canadian Medical Association withdrew to
form its own accreditation body in Canada. The American Dental Association
joined the Joint Commission as a member in 1979.
The Joint Commission established JCR to provide consultative technical
assistance to health care organizations seeking Joint Commission
accreditation. (See fig. 1.) JCR is governed by a Board of Directors and
employs approximately 180 staff members, including consultants located
throughout the country. In 2000, the Joint Commission expanded JCR's role
beyond consulting to include all educational services, such as seminars
and audio conferences, which the Joint Commission previously provided.
(See app. II for a timeline of key developments in the Joint Commission
and JCR relationship.) JCR also became the official publisher of the Joint
Commission's accreditation manuals and support materials. JCR offers
consulting services either independently to health care facilities or
through a subscription-based service called the Continuous Service
Readiness (CSR) program, which is typically offered in partnership with
state hospital associations.^12 The CSR program provides ongoing technical
assistance and education to subscribers through a variety of means,
including meetings, e-mails, telephone calls, and conferences.
^11Organizations volunteered for unannounced surveys in 2004 and 2005, and
all surveys (with certain exceptions, such as prison hospitals) became
unannounced effective January 1, 2006.
^12Previously housed at the Joint Commission, the CSR program was also
transferred to JCR in 2000. JCR also expanded its services to include
international accreditation activities through Joint Commission
International, which is a division of JCR that provides consulting and
accreditation services to foreign health care facilities. The activities
of Joint Commission International are beyond the scope of this work.
Figure 1: Relationship between the Joint Commission, JCR, and Hospitals
In 2004, we reported that CMS's oversight of the Joint Commission hospital
accreditation process is limited. Although it conducts on-site validation
surveys of a sample of Joint Commission-accredited hospitals, the agency
cannot restrict or remove the Joint Commission's accreditation authority
if it detects problems.^13 CMS reported that the agency and the Joint
Commission engage in ongoing dialogue to identify potential hospital
accreditation performance issues. In addition, CMS provides an annual
report of its findings to Congress. Unlike the Joint Commission, JCR is
not subject to any oversight by CMS.
^13In our 2004 report, we suggested that Congress consider giving CMS the
authority over the Joint Commission's hospital accreditation program that
it has over other accreditation programs. We also recommended that CMS
modify its methods for assessing the Joint Commission's performance. For
more information, see GAO, Medicare: CMS Needs Additional Authority to
Adequately Oversee Patient Safety in Hospitals, [24]GAO-04-850
(Washington, D.C.: July 20, 2004).
When developing policies regarding its relationship with JCR, the Joint
Commission has been affected by the increased focus in both the public and
private sectors on governance issues. The Sarbanes-Oxley Act of 2002,^14
passed in response to corporate and accounting scandals, required publicly
traded companies to follow new governance standards, including those
designed to ensure auditors' independence from their clients. Even though
most provisions of the Sarbanes-Oxley Act are not applicable to nonprofit
organizations, activities that have occurred in the wake of the act have
affected nonprofits. For example, several state legislatures are
considering legislation that applies standards similar to the
Sarbanes-Oxley requirements to nonprofit organizations. In addition, some
nonprofit organizations, such as the Joint Commission, have voluntarily
adopted policies and altered governance practices based upon the act.
Organizations in the public and private sectors have also begun to
institute compliance programs^15 and those that provide accreditation or
certification services have developed standards to ensure the independence
of these services. Compliance programs for health care organizations--such
as hospitals, home health agencies, and medical supply companies--have
used provisions of the federal Sentencing Guidelines,^16 developed in
1991, as a program model. These guidelines lay out two common principles
of adequate compliance programs--to prevent and detect criminal conduct,
and to promote an organizational culture of ethics and compliance with the
law. In 1998, the HHS Office of Inspector General developed a model
compliance program for hospitals.^17 Regarding independence standards,
organizations that provide accreditation or certification, or recognize
accreditation bodies, have begun to impose certain criteria to demonstrate
independence. For example, the Department of Education developed criteria
for educational accrediting bodies that are designed to ensure that those
organizations granting accreditation are not improperly influenced by
related trade or membership associations.
^14Pub. L. No. 107-204, 116 Stat. 745.
^15Compliance programs are designed to encourage the development and use
of internal controls to monitor adherence to applicable statutes,
regulations, and program requirements.
^16Federal Sentencing Guidelines have been developed both for individuals
and for organizations. The Sentencing Guidelines for organizations provide
for reduced sentences for federal crimes if the organization demonstrates
adherence to certain elements that demonstrate an effective compliance
program.
The Joint Commission Has a Close Relationship with JCR through Their Governance
Structure and Operations
The mission statements of the Joint Commission and JCR both share the same
phrase of seeking "to continuously improve the safety and quality of
care." While each organization differs in the activities it engages in to
achieve that mission, they maintain a close relationship through both
their governance structure and operations. The Joint Commission has
substantial control over the governance of JCR through the powers retained
by the Joint Commission in JCR's bylaws as well as through the Joint
Commission's representation on JCR's Board of Directors. In addition, JCR
manages all Joint Commission publications and educational activities,
while the Joint Commission provides various support services and some
management oversight to JCR.
The Joint Commission Has Substantial Control over JCR through Its Governance
Authority
The Joint Commission has substantial control over the governance of its
affiliate, JCR. In 2003, the Joint Commission undertook a major review of
the structural, operational, and legal aspects of its relationship with
JCR in an effort to address any real or perceived conflict-of-interest
issues. This review led to the restructuring of JCR through revisions to
JCR's bylaws, which govern the internal affairs of the organization, and
resulted in changes to the composition of JCR's board and the appointment
of board officers. In particular, after the restructuring the Joint
Commission no longer retained a majority on the JCR board through board
members who served on the boards of both organizations. However, through
changes to JCR's bylaws, the Joint Commission maintained control over JCR
by reserving powers that would otherwise have been exercised by JCR.
^17The HHS Office of Inspector General Compliance Program Guidance for
Hospitals is intended to help health care facilities promote adherence
with laws and regulations, as well as with ethical and business policies.
This guidance recommends the inclusion of several elements in a compliance
program, such as the development of written policies and procedures, a
compliance officer and compliance council, a hotline for staff to report
violations, and ongoing staff training. While these guidelines were not
developed for accreditation bodies, the Joint Commission used this
framework when developing its compliance program.
The 2003 restructuring of JCR allowed the Joint Commission to effectively
maintain control over JCR by implementing a change in the "corporate
membership" of JCR. Similar to for-profit entities that may have
stockholders, nonprofit corporations may have corporate members who, in
general, are responsible for major organizational decisions, such as
electing the corporation's board.^18 If a nonprofit corporation does not
have any members, the corporation's board of directors holds
decision-making authority.^19 With the restructuring of JCR, the Joint
Commission became the "sole member" of JCR.
The sole member has the ability to exercise substantial control over the
affiliate through its "reserved powers"--powers that would otherwise be
exercised by the affiliate board, if the sole member did not reserve them
for itself. When the Joint Commission became the sole member of JCR, its
reserved powers included those previously held and a number of additional
powers, as shown in table 1.^20 A practicing attorney with expertise in
transactions involving nonprofit health care organizations and who has
served as external counsel for the Joint Commission considers this
structure necessary to enable the parent to protect itself from the
possibility of the affiliate acting against the parent's interests.
However, an article published in a law journal cautions that this
structure allows the parent to make decisions solely in its own interest
without considering the impact on the affiliate.^21
18See, e.g., 12A Fletcher Cyclopedia Corporations S 5687 (Perm. Ed.).
^19The laws related to the organization of nonprofit corporations may vary
by state. Both the Joint Commission and JCR were organized under the laws
of the State of Illinois and are subject to its laws. See 805 ILCS
105/107.03 (f)(2004).
^20The bylaws of JCR indicate that the sole member shall have the reserve
powers listed in the bylaws in lieu of reserve powers that would be
otherwise provided by applicable statute.
^21See Dana Brakman Reiser, "Decision-Makers Without Duties: Defining the
Duties of Parent Corporations Acting as Sole Corporate Members in
Nonprofit Health Care Systems," Rutgers L. Rev. 53 (2001): 991.
Table 1: Joint Commission's Powers Over JCR Enumerated in JCR Bylaws
Joint Commission's powers in
JCR bylaws before 2003 Joint Commission's powers added to JCR
restructuring bylaws as a result of 2003 restructuring
o Appoint JCR directors o Appoint JCR board vice chairman and
o Remove JCR directors, President/CEO
with or without cause, by a o Remove JCR board chairman, vice
two-thirds vote chairman, and President/CEO, with or
o Appoint the JCR board without cause
chairman o Amend JCR articles of incorporation
o Approve amendments to JCR and bylaws
articles of incorporation o Approve all creations of subsidiaries
and bylaws or controlled affiliates, mergers,
o Approve JCR's mission consolidations, certain affiliations,
statement and strategic and all joint ventures of JCR involving
plans capital investments in excess of
o Approve all JCR debt in $250,000
excess of $250,000 o Approve sale or encumbrance of all or
o Approve JCR's budget substantially all assets of JCR
o Approve JCR's dissolution o Approve all liquidations from JCR
Source: GAO summary of the Joint Commission and JCR Bylaws.
As part of the 2003 restructuring, the Joint Commission took steps to
reduce the proportion of persons serving on the JCR board who also served
as board members on the Joint Commission board. Prior to the 2003
restructuring, JCR's board had 13 directors with a majority--7
directors--from the Joint Commission, including the President of the Joint
Commission as an ex officio director with voting rights.^22 The other 6
directors were from outside the Joint Commission, and included the CEO of
JCR as an ex officio director with voting rights. After the 2003
restructuring, directors from the Joint Commission no longer comprised the
majority of members on JCR's board. There are 17 directors on JCR's board,
consisting of 7 Joint Commission directors--including the President of the
Joint Commission as an ex officio director with voting rights--and 9
external directors who cannot be, either concurrently or within the prior
3 years, Joint Commission commissioners or employees. The President/CEO of
JCR also serves on the JCR board, serving as a voting ex officio
director.^23 (See fig. 2.)
^22"Ex officio" means that "by right of their office" these officers are
able to serve on the board.
^23The previously separate officer positions of President and CEO of JCR
were combined into the single position of President/CEO following the
restructuring of JCR in 2003.
Figure 2: Board Structure of JCR in Relation to the Joint Commission
Directors we interviewed who serve on both the Joint Commission and JCR
boards said that serving on the two boards has not been problematic
because both organizations share the same mission. However, they also
recognized the potential for overlapping board members to be faced with
competing organizational interests if differences between the Joint
Commission and JCR arise. These directors noted that, if competing
organizational interests were to occur, the Joint Commission's reserve
powers would dictate the final decision.
The restructuring also affected the appointment of JCR officers. Prior to
the restructuring, the President and the Chief Financial Officer (CFO) of
the Joint Commission also served in those same positions for JCR. The CEO
of JCR was appointed by, and reported to, the President of the Joint
Commission, and could only appoint other JCR officers after consulting
with the Joint Commission's President. Changes to JCR's bylaws through the
2003 restructuring removed the requirement that the Joint Commission's
President and CFO serve in those positions for JCR. Rather, the Joint
Commission appoints and has the power to remove the President/CEO of JCR.
The President/CEO of JCR also now has the authority to appoint officers,
such as the CFO, without consulting with the Joint Commission's President.
In addition, the Joint Commission, rather than JCR's board, now appoints
the vice chairman of JCR's board.
One other noteworthy change as a result of the 2003 restructuring dealt
with the role of two Joint Commission board committees in relation to JCR
and the creation of a new JCR board committee. The Joint Commission
created a Governance Committee, which has a number of responsibilities
involving JCR, such as nominating JCR board directors and certain
officers. This committee also has oversight responsibility for JCR
governance issues and JCR conflict-of-interest policies, and reviews the
bylaws and other documents of JCR. Further, the Joint Commission expanded
the responsibilities of an existing committee--the Finance and Audit
Committee--to include reviews of annual financial audits and other matters
related to oversight of the firewall between the Joint Commission and JCR.
Within the JCR board, a Firewall Oversight Committee was created as a
result of the restructuring. This committee is charged with monitoring
compliance with the firewall and related policies.
The Joint Commission and JCR Provide Operational Assistance to One Another
The structure of the Joint Commission and JCR allows the two organizations
to provide certain operational assistance to one another. The Joint
Commission provides support and management services to JCR. Through a
January 2001 service agreement, the Joint Commission provides JCR with
financial, legal, marketing and public relations, human resources,
accounting (bookkeeping and payroll), information technology, and other
support services such as office management and mail.^24 JCR pays for these
services through a management fee.^25 The methodology used to determine
the appropriate allocation of expenses varies by department. For some
departments, the allocation is based upon JCR's percentage of total
revenues, whereas in other departments, the estimate is made using the
amount of time spent doing work on behalf of JCR. Departments also vary in
whether they include overhead costs in the allocation.
^24In general, an affiliate may contract with a parent organization for
support services as long as the transactions are considered reasonable for
both organizations at the time they enter into the agreement. To maintain
the affiliate's status as a separate legal entity, certain formalities
should be followed, such as the affiliate maintaining separate bank
accounts and records, and being responsible for its own corporate filing
requirements. JCR maintains its own separate bank account and records and
handles its own corporate filing requirements.
^25The management fee paid by JCR is considered a related party
transaction--a transaction between related parties such as controlled
entities, principal stockholders, or management. It has no net effect on,
and is eliminated from, the Joint Commission's consolidated financial
statements.
Along with support services, the Joint Commission also provides management
services to JCR through its General Counsel and Compliance Officer.^26 For
example, all JCR materials, including the publications it produces on
behalf of the Joint Commission and materials produced for its own
purposes, must be reviewed and approved by the Joint Commission's General
Counsel prior to issuance. The Compliance Officer, a position created by
the Joint Commission in 2005, oversees compliance duties for both the
Joint Commission and JCR. Among other duties, the Compliance Officer is
responsible for implementing, providing training on, and monitoring
compliance with the firewall policies.^27 The Compliance Officer reports
directly to the President of the Joint Commission and President/CEO of
JCR, the Joint Commission's Governance Committee, JCR's Firewall Oversight
Committee, and may also report to the full boards of both organizations.
The Compliance Officer is aided by a Compliance Council, which was created
in late 2005 and consists of members who represent multiple departments
from both the Joint Commission and JCR. The Council works with the
Compliance Officer to develop an annual work plan that focuses on areas of
greatest risk, recommended training, auditing, and measures of the
compliance program's effectiveness.
JCR also provides assistance to the Joint Commission, including
publication and educational services. The Joint Commission transferred its
publications and educational product lines to JCR in 2000 in order to
combine support services within JCR and to allow for organizational
separation between the Joint Commission's evaluation and accreditation
function and the consultation and educational services provided by JCR.
JCR currently offers a variety of educational programs regarding Joint
Commission accreditation, including seminars, e-learning opportunities,
and audio, satellite, and video conferences. These programs cover a range
of topics and include information on the Joint Commission standards and
changes to those standards. JCR also publishes its own books on health
care issues and periodicals on patient safety and quality improvement.
^26JCR's board decided to retain external counsel in 2005 to represent its
interests.
^27In addition to issues related to the firewall policies, the Compliance
Officer is responsible for oversight of other compliance issues, such as
unethical conduct. Such conduct may include employee harassment, divulging
protected health information, and abuse of organizational resources.
The operational services the Joint Commission and JCR provide to one
another result in a flow of funds between the two organizations. In
exchange for the license to publish Joint Commission materials, JCR pays
the Joint Commission a royalty fee that ranges from 4.75 to 9.5 percent on
gross sales. JCR also annually transmits assets to the Joint Commission in
excess of the amount needed to operate JCR's business. The amount of the
transfer is based on a formula that considers JCR's cash, investments, and
average operating expense.^28
The Joint Commission and JCR Have Taken Steps to Prevent the Improper Exchange
of Facility-Specific Information
The Joint Commission and JCR have taken steps, primarily since 2003,
designed to strengthen the firewall guidance initially developed in 1987,
shortly after the creation of JCR. They have also further developed
guidance addressing the relationship between the two organizations. In
addition, they have made an effort to educate staff at both organizations
on these matters and have enhanced monitoring of compliance with the
firewall and related policies.
The Joint Commission and JCR Have Policies Designed to Prevent the Sharing of
Facility-specific Information
The Joint Commission and JCR firewall polices were initially developed as
guidelines in 1987. Relatively few changes were made to these guidelines
until 2003, when they were extensively modified. In addition, since 2003,
the Joint Commission and JCR have developed other policies and guidance
designed to further strengthen the firewall between the two organizations.
^28Between January and September of 2005, royalty fees paid by JCR to the
Joint Commission totaled $713,825 and the management fee JCR paid for
support services totaled $2,648,646. In 2004, JCR paid $3,249,862 of
excess net assets to the Joint Commission. Net assets of a nonprofit
affiliate may be transferred to its nonprofit parent organization. Like
the management fee JCR pays the Joint Commission, the royalty fees are
considered a related party transaction and are eliminated from the Joint
Commission's consolidated financial statements.
Firewall Policies
Since 1987, shortly after the creation of JCR, both the Joint Commission
and JCR have operated under a set of firewall guidelines designed to
prevent conflicts of interest between the Joint Commission's accreditation
activities and JCR's consultative services. Between 1987 and 2003, the
firewall guidelines were modified twice--once in 1992 and again in
1999--to reflect JCR's name change and other issues related to JCR
services. In 2003, the Joint Commission and JCR made extensive
modifications to the guidelines, which were released to staff in the form
of policies in 2004.^29 (See app. III for a list of key policies,
guidelines, and protocols.) These modifications stemmed from the Joint
Commission's review of its relationship with JCR following the passage of
the Sarbanes-Oxley Act in 2002. According to senior staff from the Joint
Commission and JCR, the revised firewall policies are not based on any
specific model. However, they are a component of the two organizations'
joint compliance program,^30 which was developed in part using the
hospital compliance program guidelines issued by HHS's Office of Inspector
General.
The stated purpose of both organizations' firewall policies is "to
eliminate any real or perceived conflict of interest" between the Joint
Commission's accreditation activities and JCR's consulting services.
Certain requirements in the firewall policies of the two organizations are
very similar, such as a prohibition on accessing confidential
facility-specific information from, or sharing any facility-specific
information with, staff from the other organization. (See app. IV for more
information on the contents of each organization's firewall policies.)
Joint Commission and JCR staff are also prohibited from suggesting that
the use of JCR consulting services is necessary for, or will influence,
Joint Commission accreditation decisions. In addition, staff and board
members of both organizations are required to sign an annual statement
signifying that they have read, and agree to comply with, the firewall
policies. Of the 25 staff members we spoke with from the Joint Commission
and JCR, all but 1 reported signing the required annual compliance
statement and all but 4--2 from the Joint Commission and 2 from JCR--were
aware that the firewall policy required them to sign this statement on an
annual basis.
^29The policies were effective January 1, 2004, and were modified in 2005
and 2006.
^30The Joint Commission and JCR compliance program is overseen by the
organizations' Compliance Officer, and focuses on preventing violations of
law and unethical conduct and investigating and responding to allegations
of violations. The Compliance Program addresses a variety of issues,
including confidentiality issues, fraud, and conflicts of interest, as
well as issues related to the organizations' firewall.
While both organizations' firewall policies share similar requirements,
each has certain provisions that focus specifically on the services
offered by its own organization. For example, the Joint Commission's
firewall policy stipulates that Joint Commission staff will not seek or
solicit information on whether or not a facility has used JCR consulting
services. The Joint Commission policy also provides guidance on how Joint
Commission staff should respond to requests for consulting services. For
example, if a facility asks Joint Commission surveyors for advice on these
services, they are required to direct the facility to an appropriate
senior staff member in the Joint Commission's central office. That senior
staff member can provide limited information on JCR, including its
services and the reason for its creation. JCR's firewall policy limits,
among other things, the language JCR can use to promote its services. It
also requires that JCR's consulting services staff be housed in separate
facilities from Joint Commission staff and use separate telephone and
computer systems.^31
Most of the state hospital associations and hospitals we interviewed that
use JCR's consulting services were familiar with the firewall between the
Joint Commission and JCR. Of the five state hospital associations we
interviewed that participate in JCR's CSR program, four said they were
provided with information on the relationship between the Joint Commission
and JCR or had been told by JCR staff about the firewall between the two
organizations. Further, all five associations stated that JCR staff have
never indicated that participation in the CSR program would affect the
accreditation process, other than through the general improvements that
are expected when using consulting services. Similarly, staff we
interviewed at six hospitals that use JCR's consulting services stated
that there had been no indication from JCR consultants that the use of
these services would influence their facility's Joint Commission
accreditation process.
Additional Firewall-Related Policies and Guidance
In addition to the recent changes to the firewall policies, the Joint
Commission and JCR developed other policies and guidance beginning in 2003
that further address possible areas of risk to the firewall. JCR
formalized protocols for its consultants in the field, which provide
specific guidance related to their interaction with the Joint Commission
staff. For example, if Joint Commission staff members arrive at a facility
to conduct a survey when a JCR consultant is on site, the JCR consultant
must leave the facility immediately. In 2003, JCR also developed a
policy--referred to as the "scope limitations policy"--which is designed
to clarify what services can be provided to Joint Commission-accredited
facilities.^32 The policy specifically prohibits JCR from providing
certain consulting services to facilities after they have undergone a
Joint Commission survey, including helping facilities challenge the Joint
Commission's accreditation decisions or findings, resolving Joint
Commission deficiency findings, or preparing facilities that have been
denied Joint Commission accreditation for future surveys.^33
31While some JCR publications and education staff are co-located with
Joint Commission staff, all JCR consulting services staff are either
housed at the separate JCR offices or are based throughout the country.
In 2004, the Joint Commission developed an additional policy reiterating
the importance of the firewall for those Joint Commission
employees--information technology and planning and financial affairs
staff--who, through the service agreement between the two organizations,
need, and are able, to access JCR financial or operational information.^34
In addition to the firewall compliance statement all Joint Commission
staff are required to sign, these particular staff members are required to
sign a separate compliance statement associated with this specific policy.
Also in 2004, JCR approved a formal firewall policy related to JCR
marketing materials in an effort to ensure that JCR marketing materials
contain no implication that purchasing its products or services will
impact the Joint Commission accreditation process.^35 Because JCR markets
some products that it develops on the Joint Commission's
behalf--publications and educational services--as well as its consulting
services, the marketing policy clarifies the language and logos that can
be used on marketing materials for these different products. For example,
while marketing materials for the Joint Commission accreditation manuals
published by JCR can only carry the Joint Commission logo, JCR's marketing
materials promoting its consulting services carry only the JCR logo.
^32This policy went into effect January 1, 2004.
^33If JCR has provided consulting services to a facility within the
facility's current Joint Commission accreditation period, JCR may review
and comment on documents the facility has prepared for the Joint
Commission. However, in these cases, JCR may not charge a fee for these
services. According to 2005 meeting minutes, JCR's firewall oversight
committee may review the scope limitations policy to address recent
changes in the Joint Commission survey process.
^34This policy is referred to as the "firewall policy for planning and
financial affairs and information technology staff."
^35Guidelines related to the marketing of JCR services were developed in
2003.
In 2006, the Joint Commission and JCR published posters, which are
displayed in Joint Commission and JCR meeting rooms, to govern meetings
that involve staff from both organizations. These posters reiterate the
organizations' firewall policy requirements, in place since 1987, that
facility-specific information should not be discussed at meetings that
include staff from both organizations and such information cannot be
included in materials prepared for those joint meetings. The posters also
state that, if facility-specific information must be discussed for
business purposes by staff from one organization, the staff from the other
organization must leave the meeting. There are a number of occasions when
Joint Commission and JCR staff interact during which these guidelines may
be applicable. For example, both Joint Commission and JCR staff
participate on internal interdepartmental teams designed to review Joint
Commission programs and ensure they are valuable to health care
organizations. Because these meetings include reviews of the programs'
publication and education services--services provided by JCR--JCR staff
participate on these teams. Another area of interaction is through
educational programs offered by JCR. These programs may include training
by Joint Commission surveyors and central office staff and may take place
at the Joint Commission's headquarters.
The Joint Commission and JCR have also developed a joint code of
conduct^36 and organization-specific conflict-of-interest policies that,
while not focused exclusively on firewall issues, address aspects of the
relationship between the two organizations and the independence of the
accreditation process. In particular, the Joint Commission's
conflict-of-interest policy prohibits staff from providing
accreditation-related consulting and prohibits survey staff from surveying
facilities to which they provided consulting services during the previous
3 years.^37 Similarly, JCR's conflict-of-interest policy prohibits staff
from providing external accreditation-related consulting services and
prohibits JCR consultants from providing consulting services to any
facility they may have surveyed in the past 3 years.
^36The code of conduct provides general information on acceptable staff
behavior and the confidentiality of information, as well as information on
mechanisms for reporting violations.
^37Prior to January 2004, Joint Commission surveyors were allowed to
provide consulting services. Until that time, some surveyors also worked
as JCR consultants, while others worked as independent contractors.
The Joint Commission and JCR Have Taken Steps to Train Staff on, and Monitor,
the Firewall
The Joint Commission and JCR report providing ongoing training to ensure
that staff understand the firewall and related policies. The organizations
have also developed mechanisms, primarily since 2003, that allow staff to
report possible firewall violations. Both organizations report monitoring
compliance with these policies on an ongoing basis and, in 2005, underwent
a joint external review of their implementation.
Staff Training on Firewall and Firewall-Related Policies
The Joint Commission and JCR reported that both board and staff members
receive training on the firewall and related policies--board members are
trained when they join the board and staff are trained during new employee
orientation. In addition, Joint Commission and JCR staff receive annual
training on the firewall and related policies and procedures and are
further reminded of these policies through periodic presentations at
departmental staff meetings.
As of June 2006, the organizations' staff training did not include a
testing component to measure how well staff understand the policies.^38
However, most staff members and senior staff we spoke with at both
organizations were aware of the firewall policies and were able to
accurately describe their purpose. All but 1 of the 25 staff members we
spoke with--13 with the Joint Commission and 12 with JCR--reported being
familiar with these policies. In addition, all but 1 of the 24 staff
members who were familiar with the firewall policies stated that the
training and information they received made them sufficiently aware of the
firewall and its appropriate implementation. None of the 25 staff members
we spoke with were aware of cases in which staff from either organization
had suggested that the use of JCR consulting services would influence
Joint Commission accreditation.
In addition to training sessions, staff members at the Joint Commission
and JCR have access to information on the compliance program through an
intranet Web site.^39 This site includes copies of the organizations'
respective firewall policies and other compliance-related materials, as
well as information on the role of the organizations' joint Compliance
Officer and Compliance Council.
^38The Joint Commission reported that a testing component was added to its
staff training program in late 2006 and that it will be expanded in 2007.
^39Facility-specific information is not available through this site.
Mechanisms for Reporting Violations
The firewall policies for both organizations require employees to report
violations to their management, the Compliance Officer, or the Joint
Commission General Counsel. In keeping with this requirement, senior Joint
Commission and JCR management stated that they encourage employees to
contact their supervisors or these other management officers if they are
aware of possible violations or have questions on the firewall. Of the 24
staff members we interviewed at both organizations who were familiar with
the firewall policies, 20 indicated that if they became aware of a
violation, they would contact another staff member, such as their direct
supervisor, division head, or the Compliance Officer.
The Joint Commission and JCR have also developed a compliance hotline that
allows staff to anonymously report any concerns related to compliance
issues. While the firewall policies require employees to report violations
to certain staff, this hotline offers another means of reporting possible
firewall violations.^40 From its inception in March 2005 through December
2005, the hotline received three calls, none of which involved a firewall
violation.^41 All 24 of the Joint Commission and JCR staff members we
spoke with who were familiar with the firewall policies reported being
aware of the compliance hotline. Of those staff members, 6 stated that
they would contact the hotline if they became aware of a firewall
violation.
Monitoring of Firewall and Related Policies
The Joint Commission and JCR staff report taking multiple steps to monitor
implementation of, and compliance with, the firewall and related policies.
The organizations have created the Compliance Officer position, the
Compliance Council, and the JCR Firewall Oversight Committee, all of which
have a role in monitoring compliance with the firewall and related
policies.
^40The hotline is available 24 hours per day, 7 days a week and is
operated by a contractor. When a call is received, the hotline operator
takes information on the caller's concern and, at the end of the call,
provides the caller with a report number that can be used when following
up with the hotline. Within 24 hours of receiving a call, hotline staff
are required to prepare a report on the call and submit that report to the
Compliance Officer and other specified staff. The Compliance Officer is
then charged with investigating any reported issue.
^41According to Joint Commission staff, two of these calls were from staff
confirming the hotline's existence. The third call concerned a complaint
about a specific facility. This call should have been made to another
Joint Commission hotline that allows members of the public to report
complaints about specific facilities.
According to Joint Commission and JCR staff, the firewall policies have
been monitored internally on an ongoing basis and are now subject to
external reviews. The Joint Commission conducted an internal review in
2002, which was presented to the Joint Commission and JCR boards in 2003.
The 2004 and 2005 firewall policies for both organizations called for an
annual audit of the policy by the Joint Commission's Office of Legal
Affairs, but these audits were not conducted. According to senior Joint
Commission staff, the Joint Commission determined that its legal
department could not conduct a sufficient audit and that instead, the
audits should be conducted by an external body with experience in this
area. In 2005, the Joint Commission and JCR hired a consulting firm to
conduct the first external review of the organizations' firewall policies
and related guidance. Following this review, in 2006, the requirement for
an annual audit by the Office of Legal affairs was deleted and was
replaced with a requirement for an annual review, the results of which are
presented to the appropriate committees of each board. According to Joint
Commission staff, the Joint Commission and JCR anticipate continuing to
contract for an external review of the firewall on an annual basis.
The external review conducted in 2005 did not identify any major
violations of either organization's firewall policy--violations that could
potentially breach the integrity of the accreditation process. In its
report, the consulting firm stated that the implementation of the firewall
policies "represented a reasonable effort to prevent any behavior that
could result in a breach of the integrity of the accreditation process."
However, because no guidelines or standards exist for this kind of review,
the consulting firm did not certify that the firewall and related policies
protected the integrity of the accreditation process.
The external review did identify some minor violations of the
firewall--defined as violations that resulted from the staff's failure to
completely follow operational procedures required by the policies, but
which are not considered to potentially breach the integrity of the
accreditation process. For example, at the time of the 2005 review, JCR
publications and education staff housed in the Joint Commission offices
had access to a Joint Commission shared network folder on a computer
drive. While this shared folder could not be accessed by JCR consulting
staff and Joint Commission surveyors used a separate network, the
consulting firm recommended eliminating JCR staff access. The Joint
Commission and JCR agreed with this and other recommendations made, and
report taking steps to address the issues, including eliminating JCR's
access to Joint Commission computer systems.^42
In addition to this external review, the Joint Commission reported that,
throughout the year, the Compliance Officer monitors concerns and
questions related to the firewall and related policies. Based on this
analysis, the organizations review the policies to determine what, if any,
changes need to be made to improve their clarity. In 2006, the Compliance
Officer developed a list of commonly asked questions and answers, which
was approved by the senior management of both organizations and released
to staff.
According to the Compliance Officer, when minor firewall violations are
identified, each instance is reviewed to determine if it had any impact on
the accreditation decision process and if it was due to a lack of
understanding of the policies or was an intentional violation. She will
then either provide clarification, counseling, or, if necessary, initiate
disciplinary action, including possible dismissal, through the human
resources department. As of July, 2006, no Joint Commission or JCR staff
had been terminated as a result of violating the firewall policies.
However, a senior staff member at the Joint Commission reported that staff
have been terminated for violating the Joint Commission's
conflict-of-interest policies. This staff member noted that two of the
organization's surveyors had been fired for providing consulting services,
although these services were not provided to facilities they had
previously surveyed.
Concluding Observations
Accreditation is a key mechanism to ensure the safety and quality of
hospital services provided to Medicare beneficiaries and other members of
the public. The Joint Commission's role in accrediting the majority of
hospitals participating in Medicare makes the issue of ensuring the
independence of the Joint Commission's accreditation process vitally
important. Any threat to the independence of the accreditation process
could undermine its ability to ensure the safety and quality of services
provided to Medicare beneficiaries and the general public.
^42Among the other recommendations made by the consultant were
recommendations to develop guidelines for meetings involving staff from
both organizations, require board members from both organizations to sign
the annual firewall compliance statement, and modify the firewall policy
to reflect that the Joint Commission Office of Legal Affairs was not
conducting annual audits of the organizations' firewalls.
The Joint Commission and JCR have taken steps to protect the Joint
Commission's accreditation process from influence by JCR's consulting
services by developing mechanisms to protect against the improper sharing
of facility-specific information. However, the majority of these
mechanisms, including the firewall and firewall-related policies, the
compliance hotline, and the annual external review of the firewall, have
either been developed or significantly revised within the past few
years--primarily since 2003. The next step is for management of both
organizations to assure that these mechanisms are sufficient to protect
the integrity of the accreditation process. In addition, even with
appropriate policies and procedures in place, it will take ongoing
monitoring and a concerted effort on the part of the leadership of both
organizations to ensure that these policies and procedures are
appropriately implemented by both their board and staff members.
Agency Comments
We provided a draft of this report to the Joint Commission and CMS for
comment. In its response, the Joint Commission agreed with our concluding
observations, specifically that ensuring the independence of the
accreditation process is vitally important. It indicated that the report
accurately reflects its relationship with JCR, and emphasized that its
highest priority is to preserve the integrity of the Joint Commission's
accreditation process. (The Joint Commission's written comments are
reprinted in app. V.) CMS did not comment on our findings or concluding
observations. Both the Joint Commission and CMS provided us with technical
comments, which we incorporated as appropriate.
As we agreed with your offices, unless you publicly announce the contents
of this report earlier, we plan no further distribution of this letter
until 30 days after the date of this letter. At that time, we will send
copies to the Administrator of CMS, appropriate congressional committees,
and other interested parties. In addition, the report will be available at
no charge on the GAO Web site at http://www.gao.gov .
If you or your staff have any questions about this report, please contact
me at (312) 220-7600 or [email protected]. Contact points for our Offices
of Congressional Relations and Public Affairs may be found on the last
page of this report. GAO staff who made major contributions to this report
are listed in appendix VI.
Leslie G. Aronovitz
Director, Health Care
Appendix I: Scope and Methodology
We examined the relationship between the Joint Commission on Accreditation
of Healthcare Organizations (Joint Commission) and Joint Commission
Resources, Inc. (JCR) as it relates to the independence of the Joint
Commissions' hospital accreditation process from JCR's hospital consulting
services. To provide information on the governance structure and
operations of the two organizations, we reviewed multiple documents,
including organizational charts reflecting the organizations' structure as
of 2006, a service agreement signed in 2001 and still in effect as of
2006, Internal Revenue Service tax documents from calendar years 2001
through 2004, and agendas and minutes from board meetings of both
organizations from 2003 through September 2006.^1 We also interviewed the
President of the Joint Commission and the President/Chief Executive
Officer of JCR, as well as officers from the Joint Commission Board of
Commissioners and the JCR Board of Directors. In addition, we interviewed
senior staff at both organizations, including the organizations' General
Counsel, each organization's Chief Financial Officer, and the Joint
Commission's Vice President for Human Resources.
To describe the policies the Joint Commission and JCR have developed to
prevent the improper sharing of facility-specific information, we reviewed
Joint Commission and JCR documents, including current and past policies
and guidance related, either directly or indirectly, to the firewall. We
also examined training materials and reports from the compliance hotline
contractor. We conducted interviews with senior staff from the Joint
Commission and JCR. These senior staff included the shared Corporate
Compliance and Privacy Officer, the Joint Commission's Vice President of
Accreditation Services, and the Executive Directors of JCR's consulting
services.
In addition to interviews with senior staff, we selected a sample of 15
staff members at each organization to interview. These semistructured
interviews were designed to collect information on Joint Commission and
JCR staff members' understanding of the firewall and related guidance,
their training on this guidance, and their awareness of possible firewall
violations. Our selection of staff members concentrated on those who were
JCR consultants and Joint Commission staff conducting surveys or working
in the areas of information technology, planning and financial affairs,
and marketing. We considered these particular staff members more likely to
be in a position to breach the firewall than other employees. We selected
staff using random lists of JCR consultants, Joint Commission hospital
surveyors, and employees from the information technology, planning and
financial affairs, and marketing departments, as well as a random list of
employees from all other areas at each organization. Selected staff were
contacted by phone and e-mail. If, after three attempted phone calls and
one e-mail, staff did not respond to our request for an interview we moved
to the next staff member identified in our random selection.^2 We were
able to conduct a total of 25 interviews with Joint Commission and JCR
staff. We were unable to arrange interviews with 2 Joint Commission
surveyors and 3 JCR consultants. We excluded any Joint Commission survey
staff who were not hospital surveyors, JCR staff who provided only
international services, senior staff at both organizations who we had
already interviewed, and Joint Commission staff acting as liaisons to our
work. The information gathered from these interviews reflects the
experience of these staff members and cannot be generalized to all Joint
Commission or JCR staff. While the interviews provide information on staff
awareness of the firewall policies and related guidance, as well as their
awareness of possible firewall violations, they are not sufficient to
determine if there have or have not been any firewall violations.
^1JCR's Firewall Oversight Committee was not formed until 2004; therefore,
we reviewed the agendas and meeting minutes from 2004 through September
2006.
We also conducted interviews with officials from a random sample of 5 of
the 14 state hospital associations that participated in JCR's Continuous
Service Readiness (CSR) program as of May 2006, and with officials from 5
state hospital associations that do not participate in the CSR program.
These interviews were designed to obtain information on the associations'
understanding of the relationship between the Joint Commission and JCR and
how they perceived that their participation in the CSR program might
impact their members' Joint Commission accreditation. To select the sample
for these interviews, we sorted the associations by census regions. We
then selected a random sample of associations that participate in the CSR
program and a random sample of those that do not from within each census
region. We conducted semistructured interviews with each of the selected
associations. One state hospital association did not respond to our
request for an interview. In this case, we replaced that association with
the next association in the same census region identified in our random
selection.
^2E-mail addresses were not available for certain staff members. In these
cases, staff were contacted by phone four times.
We also conducted interviews with officials from 6 hospitals that use
JCR's consulting services to learn more about their understanding of the
relationship between JCR and the Joint Commission. To conduct these
interviews, we determined the number of hospitals that had contracted with
JCR for these services in calendar year 2005. JCR compiled a spreadsheet
that contained e-mail addresses for JCR's 2005 domestic hospital clients.
We identified a random sample of JCR's hospital clients and JCR sent these
hospitals an e-mail asking them to contact us if they were willing to be
interviewed. We selected our sample of approximately 10 percent of that
population--80 facilities--using a randomly generated number list. This
selection was done at the JCR offices and the e-mails were sent to
hospital facilities under our supervision. Facilities were given 2 weeks
to contact us to schedule interviews if they were interested. The
information gathered from these interviews with JCR hospital clients and
the interviews with state hospital associations reflects the experience of
these particular facilities and state hospital associations and cannot be
generalized to all JCR consulting clients.
As part of our work, we also interviewed staff at the Department of Health
and Human Services' Centers for Medicare & Medicaid Services to obtain
information on their oversight of the Joint Commission and other
accreditation organizations. In addition, we interviewed officials from
multiple organizations and reviewed documents to obtain background
information on possible criteria or best practices related to the
governance of nonprofit organizations, conflicts of interest, compliance
programs, and independence standards. Those we interviewed included
officials at Independent Sector--a coalition of charities, foundations,
and corporate giving programs which focuses on strengthening these
particular types of organizations--and the Hauser Center for Nonprofit
Organizations--a research center at Harvard University focusing on the
nonprofit sector. We also interviewed officials from federal agencies and
organizations to obtain information on how they separate accreditation or
certification programs from consulting services. Those we interviewed
included representatives from the Department of Education, the Council on
Higher Education Accreditation, and the National Organization for
Competency Assurance.^3
3The Council on Higher Education Accreditation is an association of
colleges and universities which certifies institutional accrediting
organizations. The National Organization for Competency Assurance includes
the National Commission for Certifying Agencies, which accredits
certification programs for a variety of professions.
Because the Joint Commission's status related to Medicare applies only to
hospitals, our review was limited to information related to its
accreditation of hospitals and services provided by JCR to hospitals. We
did not conduct a review of the Joint Commission's accreditation decision
process. We also did not review information on other activities conducted
by the Joint Commission or JCR that were not related to the relationship
between the Joint Commission's hospital accreditation process and JCR's
hospital consulting services. Further, we excluded Joint Commission
International, a division of JCR that provides consulting and
accreditation services to foreign health care facilities, from the scope
of our work because these facilities are not eligible to participate in
the Medicare program.
We conducted our work from October 2005 to December 2006 in accordance
with generally accepted government auditing standards.
Appendix II: Timeline of Key Developments in the Organizations' Relationship
Appendix III: Policies, Protocols, and Guidelines Related to the Firewall,
as of 2006
Joint Commission Policies
Firewall specific Non-firewall specific
o Firewall policy o Conflict-of-interest policy
Designed to eliminate any real or Prohibits involvement in
perceived conflict of interest activities that might constitute
between the Joint Commission or be perceived to constitute a
accreditation activities and conflict of interest with the
JCR's consulting services. overall mission of the Joint
Provides specific direction to Commission. Requires staff to
Joint Commission staff on their abide by the Joint Commission's
interaction with JCR staff and firewall policy and prohibits the
services. This policy applies to disclosure of confidential or
all Joint Commission staff. proprietary information. Prohibits
Joint Commission staff from
o Firewall policy for planning providing accreditation-related
and financial affairs and consulting services. Prohibits
information technology staff Joint Commission staff from
surveying facilities to which they
Reinforces the Joint Commission provided consulting or related
Firewall Policies and applies services during the previous 3
specifically to Planning and years.
Financial Affairs and Information
Technology Staff who provide
support services to JCR.
JCR Policies and Protocols
Firewall specific Non-firewall specific
o Firewall policy o Conflict-of-interest policy
Designed to eliminate any real or Prohibits involvement in
perceived conflict of interest activities that might constitute
between the Joint Commission or be perceived to constitute a
accreditation activities and conflict of interest with the
JCR's consulting services. mission of JCR and the Joint
Provides specific direction to Commission. Requires staff to
JCR staff on their interaction abide by JCR's firewall policy and
with Joint Commission staff and prohibits the disclosure of
services. This policy applies to confidential or proprietary
all JCR staff. information. Prohibits JCR staff,
in most cases, from providing
o JCR marketing firewall policy outside consulting services.
Prohibits JCR consultants from
Provides requirements for providing consulting services to
marketing strategies to protect facilities they have surveyed in
the integrity of the Joint the past 3 years.
Commission accreditation process
and ensure that materials contain
no implication that purchasing
products or services from JCR
will impact accreditation
decisions.
o Protocols for JCR field staff
Provides specific direction to
JCR consultants in the field,
including their interaction with
the Joint Commission staff.
o JCR scope limitations policy
Delineates certain consulting
services that cannot be provided
to Joint Commission-accredited
organizations, including
assistance in preparing
challenges to accreditation
decisions, resolving Joint
Commission deficiency findings,
preparing root-cause analysis for
sentinel events, and preparing
organizations that have been
denied Joint Commission
accreditation for future surveys.
Combined Joint Commission and JCR
Policies and Guidelines
Firewall specific Non-firewall specific
o Combined meeting guidelines o Code of conduct
poster
Provides guidance on standards for
Guides conduct in meetings that staff conduct and the
include both Joint Commission and confidentiality of information,
JCR staff, reiterating that including mechanisms in place to
organization-specific or help staff report violations of
nonpublic accreditation or survey the code of conduct.
process information should not be
discussed and, if business needs
dictate that
organization-specific information
be shared, stating that
appropriate staff must excuse
themselves.
Source: GAO analysis of Joint Commission on Accreditation of Healthcare
Organizations and Joint Commission Resources, Inc. documents.
Appendix IV: Elements of the Firewall Policies, as of 2006
Elements common to both
Elements unique to Joint Joint Commission and JCR Elements unique to
Commission firewall policy firewall policies JCR firewall policy
o Staff may not seek or o Staff may not o Facilities
solicit information on suggest that the use using JCR's
whether or not a facility of JCR consulting consulting
has used JCR and is not services is necessary services are
provided this information to obtain or influence informed that
by the Joint Commission Joint Commission the Joint
or JCR representatives. accreditation. Commission is
o Survey teams are o Staff may not access not told that
instructed that confidential the facility
participation in JCR's facility-specific used JCR's
Continuous Service information from, or services and a
Readiness program (CSR) share disclaimer to
is not considered in the facility-specific this effect is
accreditation process. information with, the included in JCR
o Joint Commission other organization. contracts.
surveyors may not discuss o JCR staff may not o Participants
any survey assignments, access the Joint in JCR's CSR
or possible assignments, Commission's program are
with any JCR consulting Historical File informed that
staff. Room.^a Joint Commission
o Joint Commission o Staff at JCR may not survey teams are
surveyors are instructed access information told that CSR
that survey report forms about the application participation is
may not include of the Joint not considered
information on whether or Commission standards in the
not the surveyed or accreditation accreditation
organization has used procedures that is not process.
JCR's services. already available, or o JCR
o A list of current JCR will be made available consultants may
staff is provided to the promptly, to outside not communicate
Joint Commission parties. with surveyors
Historical File Room o JCR staff may not about specific
staff to allow them to attend Joint facility
monitor access.^a Commission surveyor accreditation
o Certain staff who have training and may not decisions, may
access to JCR financial have access to not in any way
and operational surveyor educational participate in
information as part of tools not generally the
their role in providing available to outside accreditation
services to JCR may not parties. process as a
disclose JCR o All staff must sign representative
organization-specific a compliance statement of the facility,
information to other on an annual basis.^b and may not
Joint Commission staff. o The firewall policy discuss the
o JCR publishes the Joint is sent annually to choice of
Commission's all staff, and is surveyors for
accreditation materials referenced in each particular
and supplies their organization's facilities with
educational services. conflict-of-interest the Joint
These services are policies, which staff Commission.
promoted in Joint are also required to o All JCR
Commission and JCR sign on an annual promotional
materials. Any reference basis.^b materials
in Joint Commission o The firewall policy related to
materials to JCR's is covered during new consulting
consulting services is employee orientation services are
generally limited to and training. reviewed by the
acknowledging JCR's o Staff must report Joint Commission
existence, its services, any violation of their Office of Legal
and the reason for its organization's Affairs.
creation. firewall policy to the o JCR consulting
o Facilities asking for Compliance Officer, services
information on consulting the Joint Commission maintain
services are referred to General Counsel, or separate
the Joint Commission's their organization's offices,
central office. Staff at management. telephone
the central office will o An annual review is numbers, and
refer to the availability conducted to ensure computer systems
of JCR's services, and appropriate separation from the Joint
will also emphasize the between the Joint Commission.
separateness of the Joint Commission o JCR
Commission's accreditation promotional
accreditation process activities and JCR materials are
from JCR's consulting consulting services limited to
services. and the results are identifying JCR
o The firewall policy is presented to the as a nonprofit
posted on the surveyor relevant board affiliate of the
Web site. committees. Joint Commission
and the
separateness
between
accreditation
decisions and
JCR's services
should be
identified.
Source: GAO analysis of Joint Commission on Accreditation of Healthcare
Organizations and Joint Commission Resources, Inc. documents.
aThe Historical File Room is a secured space at the Joint Commission
offices in Oakbrook Terrace, Illinois.
bStaff are required to sign compliance statements signifying that they
have read, and agree to comply with, both the firewall policy and
conflict-of-interest policy that apply to their specific organization.
Appendix V: Comments from the Joint Commission on Accreditation of
Healthcare Organizations
Appendix VI: GAO Contact and Staff Acknowledgments
GAO Contact
Leslie G. Aronovitz, (312) 220-7600 or [email protected]
Acknowledgments
In addition to the person named above, Geraldine Redican-Bigott, Assistant
Director; Emily Gamble Gardiner, Thomas Han, Kevin Milne, Daniel Ries,
Janet Rosenblad, and Jessica Cobert Smith made key contributions to this
report.
(290499)
GAO's Mission
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061
To Report Fraud, Waste, and Abuse in Federal Programs
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
[email protected] Automated answering system: (800) 424-5454 or (202)
512-7470
Congressional Relations
Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548
Public Affairs
Paul Anderson, Managing Director, [email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
www.gao.gov/cgi-bin/getrpt?GAO-07-79 .
To view the full product, including the scope
and methodology, click on the link above.
For more information, contact Leslie G. Aronovitz at (312) 220-7600 or
[email protected].
Highlights of [33]GAO-07-79 , a report to congressional requesters
December 2006
HOSPITAL ACCREDITATION
Joint Commission on Accreditation of Healthcare Organizations'
Relationship with Its Affiliate
Hospitals must meet certain conditions of participation established by the
Centers for Medicare & Medicaid Services (CMS) in order to receive
Medicare payments. In 2003, most hospitals--over 80 percent--demonstrated
compliance with most of these conditions through accreditation from the
Joint Commission on Accreditation of Healthcare Organizations (Joint
Commission). Established in 1986, Joint Commission Resources, Inc. (JCR),
a nonprofit affiliate of the Joint Commission, provides consultative
technical assistance services to hospitals. Both organizations acknowledge
the need to ensure that JCR's services do not--and are not perceived
to--affect the independence of the Joint Commission's accreditation
process.
GAO was asked to provide information on the relationship between the Joint
Commission and JCR. This report describes (1) their organizational
relationship, and (2) the significant steps they have taken to prevent the
improper sharing of information, obtained through their accreditation and
consulting activities, respectively, since JCR was established. GAO
reviewed pertinent documents, including conflict-of-interest policies and
information about the organizations' financial relationship, and
interviewed staff and board members from both organizations, JCR clients,
and CMS officials.
The Joint Commission and JCR have a close relationship as demonstrated
through their governance structure and operations. The Joint Commission
has substantial control over JCR and the two organizations provide
operational services to one another. For example, JCR manages all Joint
Commission publications, while the Joint Commission provides support
services to JCR. Despite the Joint Commission's control over JCR, the two
organizations have taken steps designed to protect facility-specific
information. In 1987, the organizations created a firewall--policies
designed to establish a barrier between the organizations to prevent
improper sharing of this information. For example, the firewall is
intended to prevent JCR from sharing the names of hospital clients with
the Joint Commission. Beginning in 2003, both organizations began taking
steps intended to strengthen this firewall, such as enhancing monitoring
of compliance.
Ensuring the independence of the Joint Commission's accreditation process
is vitally important. To prevent the improper sharing of facility-specific
information, it would be prudent for the Joint Commission and JCR to
continue to assess the firewall and other related mechanisms.
Relationship between the Joint Commission, JCR, and Hospitals
The Joint Commission agreed with GAO's concluding observations. CMS did
not comment on GAO's findings or concluding observations. Both provided
technical comments, which we incorporated as appropriate.
References
Visible links
24. http://www.gao.gov/cgi-bin/getrpt?GAO-04-850
33. http://www.gao.gov/cgi-bin/getrpt?GAO-07-79
*** End of document. ***