On Nov. 6, 2023, the Department of Health and Human Services (“HHS”) Office of Inspector General (the “OIG”) issued its General Compliance Program Guidance User’s Guide (“GCPG”), a health care compliance program tool for health care providers and other health care industry stakeholders. The GCPG followed the OIG’s April 24, 2023 announcement in which the OIG stated its intention to refresh existing general and industry-specific compliance program guidance materials and resources.
The GCPG is the first new compliance guidance published by the OIG in approximately 15 years. Under the Social Security Act, certain health care providers are required to adopt a compliance program as a condition of enrollment. For health care providers that are not required to adopt a compliance program, the OIG and Department of Justice recommend establishing an effective compliance program as a best practice. While the GCPG is non-binding and offers voluntary guidance, demonstrated adherence to such guidance by health care providers will be considered when the government evaluates regulatory violations that occurred.
I. Key Updates to the OIG’s Compliance Program Guidance
While a large portion of the GCPG restates the OIG’s prior compliance program guidelines, including the seven elements of an effective compliance program and relevant federal laws applicable to compliance programs, the GCPG introduces several new principles for health care providers to consider when implementing and designing their compliance programs.
1. The GCPG refines prior OIG guidance and forecasts the OIG’s plan to publish industry-specific guidance starting in 2024.
The GCPG presents as a user-friendly manual, including illustrative examples of problematic arrangements that may be indicative of fraud and abuse, practical tips for health care providers and industry stakeholders, and key questions health care providers should ask when identifying potential instances of non-compliance. Health care subindustries historically addressed by the OIG, including home health agencies, clinical laboratories, medical billing companies, durable medical equipment suppliers, hospice agencies, Medicare Advantage payors, nursing facilities and small physician group practices, can expect to see industry-specific compliance program resources from the OIG starting in 2024.
2. Quality and patient safety concerns are introduced as a key area of compliance amid commonly cited fraud and abuse laws.
The GCPG dedicates considerable discussion to health care quality and patient safety as a key compliance consideration that health care providers and industry stakeholders should treat as an integral compliance concern. Specifically, the OIG recommends that compliance programs exercise oversight over quality and patient safety compliance measures, as such deficiencies can result in corporate integrity agreements (“CIAs”). The GCPG includes links and helpful resources, including questionnaires that health care providers can reference to evaluate its quality and patient safety performance and how to engage organization leadership in such discissions.
3. The GCPG addresses “new entrants” in the healthcare industry, including private equity investors, start-up companies and other non-traditional health care stakeholders.
The OIG acknowledges the emergence of new health care industry stakeholders and private equity’s growing presence in health care and reveals its intention to hold new entrants to the same standard of compliance as it holds traditional health care providers. Specifically, the OIG addresses ownership incentives, such as returns on investments for private equity stakeholders and financial arrangements as key areas of concern that must be monitored on a frequent basis. The GCPG offers practical tips and guidance for new health care entrants that are seeking to establish and operate effective compliance programs. Lastly, the OIG addresses traditional health care providers that are venturing into new areas, such as health care technology. The compliance risks associated with health care technology and other new ventures should be addressed by a provider’s compliance program.
4. The concept of “incentives” is introduced in the “Enforcing Standards” compliance programmatic element.
The OIG introduces a new “incentive” concept to the “Enforcing Standards” element. Prior OIG guidance required compliance programs to consider and issue disciplinary actions as a reactive measure to instances of non-compliance. Now, health care providers are encouraged to develop incentives, when appropriate, to encourage compliance program participation and to reward adherence to a health care provider’s compliance program. Incentives, including personnel recognition or grounds for compensation increases, may be issued by organizations for exceptional demonstrations of compliance. If such incentive measures are utilized, they must be issued in an ethical and compliant manner.
5. The GCPG adopts more comprehensive compliance program standards for small health care entities.
A new feature included in the GCPG is guidance for smaller health care entities, such as small health care clinics or small physician groups. The OIG modified its compliance program guidance for such entities by scaling the seven elements of an effective compliance program so that it is useful and easier to implement for smaller health care organizations.
The GCPG is a helpful and streamlined tool for health care providers when building, implementing, evaluating or revising their compliance program. Given the OIG’s update to general guidance and its intention to update guidance for sub-industries beginning in 2024, health care providers and industry stakeholders should be familiar with the OIG’s new guidance and the OIG’s compliance expectations, and they should understand the importance of an effective compliance program.