Inside Change Healthcare’s award-winning compliance program
Change Healthcare’s legal and compliance team has, in a relatively short period of time, proven itself to be adept at tackling major compliance and ethics challenges in a highly regulated industry.
The department began work in 2017 when the company was created in a joint venture between McKesson Corporation and the Blackstone Group. With general counsel Loretta Cecil at the helm, the team integrates all parts of the business that deal with governance, compliance, ethics and risk-management issues. That reflects Cecil’s desire to remove organizational silos, a process that continues each month when team leaders focus on alignment and lessons learned on legal and compliance issues.
In preparing for an IPO in 2019, the legal and compliance team had to untangle and then properly reconnect the systems, processes, assets and people of the two joint venture partners. Cecil designed several new legal functions to help with this process, including the corporate secretary office. Then in March 2020 McKesson exited as planned and the new company transitioned to an independent board.
‘These transactions were critical for our future and complicated by the extensive regulatory environment,’ board chair Howard Lance explains in a statement. ‘I continue to be impressed with the vision and execution of Loretta and her incredibly dynamic legal team.’
The board now features governance best practices intended to ensure compliance, independence and transparency such as independent audit, compliance, compensation and nominating and governance committees, and oversight of risks related to ESG, data privacy and cyber-security. The focus on risk and compliance is evident in the recent legal and regulatory risk assessments of the company’s four business units. Cecil selected a separate independent vendor for each project and made sure projects were conducted without attorney-client privilege to ensure transparency. The legal and compliance team then worked with the business units to implement remediation plans.
Change Healthcare’s legal and compliance team takes a serious approach to the company’s multi-media, values-based 'Integrity of Change' code of conduct and related training, which are updated each year. ‘I wanted to make sure [the code] was a document our employees would want to go to and would find very helpful,’ Cecil explains. She describes how the team developed training on the code to use a social media-type approach that employees could hop in and out of.
The team in 2019 solicited detailed feedback on the training via focus groups and message boards before holding a day-long summit and months of additional work to improve the program. Each module of the 2019-2020 version now includes multi-media features, such as one that allows employees to ‘listen in’ on a call to the company’s ethics line to show how the reporting process works. The modules also include real-life situations and ways to ‘see what would happen’ if different choices are made in certain scenarios.
More than 20,000 employees and contractors completed the 2019 training and gave largely positive reviews – for example, 94 percent said they would use the training information when making future decisions.
Over the past year the team has conducted an audit to organize Change Healthcare’s more than 60 domestic and international entities. The new entity management program includes a comprehensive international compliance matrix and entity organizational charts developed by the team.
Among other things, the team is also focused on privacy. For example, it recently sought to build customers’ trust by launching an enhanced, data-driven privacy program ‘that looks beyond what is legal within the current regulatory framework and looks at what is right,’ the company states.
You can read more about the Corporate Governance Awards in the Corporate Secretary Yearbook