HHS-OIG Publishes New General Compliance Program Guidance for Health Care Industry
On November 6, 2023, the Department of Health and Human Services, Office of Inspector General (“OIG”) issued its General Compliance Program Guidance (“GCPG”) to provide the health care compliance community and other health care stakeholders resources to assist with their health care compliance efforts. Plans to develop the GCPG were first announced at the April 24, 2023 Health Care Compliance Association’s 27th Annual Compliance Institute. During her Keynote Speech, Inspector General Christi A. Grimm announced the OIG’s two-part plan to update the existing OIG Compliance Program Guidance documents that were first introduced in 1998. The GCPG is the first step in modernizing the voluntary compliance programs, offering tips and resources applicable to all health care industry sectors. Part 2, which will begin rolling out in 2024, will address tailored, industry-specific content.
The GCPG is broken into Seven Parts of general applicability:
- In Part I (Introduction), the OIG discusses the history of the its compliance program guidance documents and its plans moving forward to assist the health care industry with its voluntary compliance efforts, including the issuance of the GCPG and the forthcoming industry segment-specific CPGs ("ICPGs"). Notably, the OIG also seeks feedback from the health care industry on general compliance considerations and suggestions for future resources.
- Part II of the GCPG (Health Care Fraud Enforcement and Other Standards) provides an overview of relevant Federal fraud and abuse laws, including: (i) the Anti-kickback Statute, (ii) the Physician Self-Referral (“Stark”) Law, (iii) the False Claims Act, (iv) the Civil Monetary Penalty Authorities, (v) the Exclusion Authorities, (vi) the Criminal Health Care Fraud Statute, and (vii) the HIPAA Privacy and Security Rules. For each referenced law, the OIG provides an overview of the law and examples of scenarios that may implicate their prohibitions.
- In Part III of the GCPG (Compliance Program Infrastructure), the OIG reviews the seven elements of a successful compliance program. For each element, the GPCG provides tips to assist entities—and more notably, “relevant individuals” and “senior leadership”—in building their own “successful” compliance program and identifies common compliance risk areas to consider. In this Part, the OIG also provides detailed information about the duties of critical players charged with ensuring the entity’s compliance, including the Compliance Officer, Compliance Committee and governing board.
- While Part III provides insightful guidance on creating a successful compliance program, Part IV recommends methods for modifying the seven elements based on the size and resources available to the entity, addressing small entities and large entities separately and recognizing that small entities likely face financial and staffing constraints that are not present for large entities.
- Finally, in Parts V through VII, the OIG provides other compliance considerations relative to various risk areas and an overview of OIG resources available to the health care industry, including Compliance Toolkits, Advisory Opinions, Special Fraud Alert, Frequently Asked Questions Corporate Integrity Agreements and Enforcement Action Summaries, and asks for industry input for future compliance resources.
As the OIG concludes, the GCPG is an “opportunity to both affirm and emphasize our longstanding and continuing commitment to support voluntary compliance efforts and to update and consolidate compliance tools and resources consistent with contemporary industry practices and current law.” Health care entities, both large and small, should review the GCPC and the future ICPGs to ensure that their current compliance efforts are effective at weeding out fraud and abuse.
The issuance of the GCPG is a reminder to the health care industry that compliance is not a one-size fits all concept and is not a one-time effort. Compliance programs should be dynamic, addressing identified risks and processes on a regular basis. With the end of the year approaching, taking time to review the GCPG and your organization’s compliance program should take precedence to ensure ongoing compliance. If you would like assistance with developing or updating your organization’s compliance program, please contact the authors of this Client Alert.
Debra A. Geroux
Mark R. Lezotte
Robert H. Schwartz