On November 6, 2023, the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) released its new General Compliance Program Guidance (“GCPG”). The GCPG serves as a “reference guide for the health care compliance community and other health care stakeholders.”
The OIG previously issued Compliance Program Guidances (“CPGs”) directed at various segments of the health care industry, including hospitals, home health agencies, clinical laboratories, nursing facilities, and small group physician practices. Each CPG included the seven elements of a compliance program and identified top compliance risks by the specific industry.
With the release of the GCPG, the OIG is moving toward a new format that will include the GCPG and industry-specific CPGs. The GCPG is applicable to all individuals and entities involved in the health care industry and includes:
- Key federal authorities for entities engaged in health care business: The OIG provides summaries of the primary federal fraud and abuse laws (including the Anti-Kickback Statute, Physician Self-Referral Law (the “Stark Law”), False Claims Act, Civil Monetary Penalty Authorities, Exclusion Authorities) and the HIPAA Privacy and Security Rules.
- Seven elements of a compliance program: The OIG provides guidance on the elements of an effective compliance program:
- Written policies and procedures
- Compliance leadership and oversight
- Training and education
- Effective lines of communication with the compliance officer and disclosure program
- Enforcing standards: Consequences and incentives
- Risk assessment, auditing and monitoring
- Responding to detected offenses and developing corrective action initiatives
- Adaptations for small and large entities: Recognizing the different resources available to small and large entities, the OIG provides guidance on how each should implement the seven elements of a compliance program. For example, small entities may designate a compliance contact, instead of a compliance officer, and large entities may need a department of compliance personnel to support the compliance officer.
- Other compliance considerations: The OIG provides guidance on:
- Incorporating quality and patient safety into the compliance program
- Using OIG tools, including the GCPG, when a health care organization enters a new arena (such as developing health IT or offering a managed care plan)
- Understanding how financial arrangements (ownership interests, pay for performance, etc.) may create compliance risk and developing monitoring and auditing plans to identify and mitigate these risks
- OIG resources and processes: The OIG provides an overview of and links to its resources, which include toolkits, trainings, reports and publications, advisory opinions, FAQ and corporate integrity agreements.
The OIG anticipates updating the GCPG to reflect changes in compliance practices or legal requirements, with new versions being published on their website.
In 2024, the OIG will begin publishing industry-specific CPGs (“ICPGs”) for different subsectors of providers, suppliers and participants in the health care industry. Each ICPG will address the fraud and abuse risk areas for the industry subsector and will include compliance measures that participants can take to reduce risk. The OIG expects the first ICPGs to address Medicare Advantage and nursing facilities.
For more information on the new OIG compliance guidance, take advantage of these upcoming FTLF webinars and toolkits:
If you have any questions regarding the OIG updates, please contact Dianne Pledgie at firstname.lastname@example.org or 202.466.8960.