In an era of increasing scrutiny on healthcare organizations, the board has a critical role in creating and maintaining an ethical organizational culture.
This is the first in a two-part bulletin series looking at the board’s role in creating and maintaining a strong 'ethical architecture' within their organization. In this bulletin, we explore two options for boards who wish to go beyond the usual policy groundwork of conflict of interest policies, codes of conduct, etc.—ethical frameworks and ethical audits.
In our next bulletin we will provide more general guidance on how to develop an effective, resilient ethical architecture, and tips for policy development.
Many in the health sector have adopted ethical frameworks to guide clinical decision-making in ethical grey areas. We recommend adopting a similar framework for board and management decisions.
An ethical framework can be particularly valuable when organizations are confronted with big or challenging decisions. This could include making a major new investment, launching a new service or ancillary revenue venture or ceasing to provide an existing clinical program, etc. This ethical review should take place in the context of and with the support of other due diligence (e.g. financial due diligence to confirm the fiscal soundness of the proposed action, and legal due diligence to confirm the legality and risk profile of the proposed action).
It is helpful to articulate the framework in a written policy, including:
- A statement of principle. This statement should be guided by and consistent with the purposes and, where applicable, charitable objects of the healthcare organization.
- An ethical review process. The framework should outline a review process that can be adapted for many different circumstances. The process could include the following steps (and potentially others):
- Identification of the stakeholders involved in or affected by the decision (including, potentially, funders, patients, families, donors, community partners, etc.)
- Is this decision or direction legal? Is it ethical?
- In considering the latter, what are the interests of the organization? Does the proposed action align with the objects of the organization? How will it further the objects and strategic goals of the organization?
- What are the interests of the stakeholders who would or could be impacted by the proposed action?
- Have we sufficiently weighed the risks of action and inaction (to the organization, to its stakeholders) and considered how best to mitigate those risks? Are we acting strategically? Are we taking appropriate risks to support the mission of the organization? (as opposed to simply avoiding risk altogether?)
- Is there alignment of interests between the stakeholders and the organization? If not, identify potential gaps.
- Are ethical risks and/or gaps between the interests of stakeholders and the organization sufficiently addressed by the organization's current 'ethical architecture' (i.e. its existing ethics policies and procedures)? If not, can changes be made to address the concern?
- Procedures for follow-up. The framework should require implementation review and follow-up. For example, if a new program is launched, a one-year review of the implementation of the program should include a component to evaluate the success and failures of the program against the expectations of the ethical review.
The board may also consider implementing an internal ethics audit function.
The function of an internal auditor is to conduct "deep dive" audits on a limited number of programs or services per year. In the private sector, such audits tend to be focused on identifying and rooting out fraud and other questionable conduct. In the healthcare context, we suggest taking a more holistic view. In addition to evaluating the financial health of the program or service (and testing internal fraud detection processes, etc.), the auditor can also be tasked with considering how the activities of the program fit with the objects and current strategic goals of the organization and other matters.
The programs or services selected should be determined in conjunction with the Audit Committee, preferably through a combination of random selection and risk-based selection. The internal auditor should be tasked with reporting directly to the Audit Committee at least semi-annually. His or her reports should include updates on the organization's progress with respect to prior audit recommendations that were adopted by Board.
The internal auditor should be empowered with broad authority:
- to examine all files, records, books, data, papers, and any other materials whatsoever related to the organization's activities,
- to take copies of any material referred to above, and
- to interview staff (at all levels) and ask for and receive information on any matter relating to the activities of the organization.
The auditor should be expected and empowered to ask tough questions and to probe for honest views. The auditor should have a corresponding obligation to hold all such information in appropriate confidence, disclosing it only to the Audit Committee (and, in some cases, only on an anonymized basis).
In addition to their risk management function, such audits can offer the board a uniquely deep understanding of program and service delivery in the organization. Audits should spot areas of potential concern or risk—but can also be used as an opportunity to identify pockets of innovation or best practice that might otherwise go unnoticed at the board level. Such discoveries can, where appropriate, be scaled up within the organization.
The next bulletin in this two-part series will offer additional guidance on how to develop an effective, resilient ethical architecture, including tips for developing meaningful policies.
*A similar version of this bulletin series was published in the February 2017 issue of Boards, the official publication of the Ontario Hospital Association's Governance Centre of Excellence*