For the first time in 15 years, the Office of Inspector General (OIG) has issued updated compliance program guidance. The release of this guidance is part of the OIG's two-step approach to modernize its current compliance program guidance. In April 2023, the OIG indicated that it would publish general compliance program guidance by the end of 2023 as the first step to modernizing its current guidance and would then publish industry-specific compliance program guidance for different types of providers, suppliers, and other participants in health care industry subsectors or ancillary industry sectors relating to federal health care programs.
Unlike the OIG's previous compliance program guidance, which focused on specific segments of the health care industry, this new guidance applies generally to all individuals and entities involved in the health care industry and is designed as a user-friendly reference guide that provides information about relevant federal laws, compliance program infrastructure, OIG resources and other helpful information.
- Federal Laws. The general compliance guidance document includes a summary overview of certain federal authorities that may apply to individuals and entities involved in the health care industry, including, but not limited to, the Anti-Kickback Statute, the Physician Self-Referral Law ("Stark") and the new information blocking laws from the 21st Century Cures Act. Not only does the guidance document provide a general summary of applicable federal laws, it also includes helpful resources and tools such as including a list of questions that should be considered when attempting to identify problematic arrangements under the Anti-Kickback Statute, examples of referrals that are likely prohibited under Stark and a link to a HIPAA Security Risk Assessment Tool that may be helpful to small- and medium-sized health care practices and business associates when performing a risk assessment.
- Compliance Program Infrastructure. While the updated guidance generally reflects the seven elements of a successful compliance program previously described by the OIG, certain elements have been updated. The OIG re-emphasized the importance of Compliance Officers, Compliance Committees and governing board oversight and suggested that compliance committee member attendance, active participation and contributions be included in each member's performance plan and compensation evaluation. In addition, the applicable entity's governing board should set expectations for attendance that are enforced by the entity's CEO. As part of its updated guidance, the OIG now recommends that Compliance Committees be responsible for conducting annual risk assessments and that entities use both incentives and consequences to enforce compliance. As one of its tips, the OIG explained that although an entity may not be able to publicly recognize an individual who raised a substantiated compliance concern that results in mitigation of harm or risk to the entity, the entity should find a way to recognize this commitment to compliance in the individual's performance review, provided that the individual was not personally responsible for the reported compliance concern.
- OIG Resources and Other Helpful Information. Throughout the guidance document, the OIG includes compliance-related tips for individuals and entities to consider as well as helpful links to tools and resources, such as the DOJ's list of questions for entities to consider when evaluating their compliance programs; FAQs related to the application of fraud and abuse authority to certain types of arrangements; and other various compliance-related toolkits.
This new guidance can be found at HHS-OIG General Compliance Program Guidance | November 2023. It is important to note that this new guidance is not intended to be a model compliance program nor is it binding on any individual or entity. Instead, the OIG's intent for publishing the guidance is to provide participants in the health care industry with a voluntary set of guidelines and identified risk areas that the OIG believes individuals and entities in the health care industry should consider when developing and implementing a new compliance program or evaluating an existing one.
The OIG has stated that it will provide industry-specific compliance program guidance for different types of providers, suppliers, and other participants in health care industry subsectors or ancillary industry sectors relating to federal health care programs in 2024. This industry-specific compliance program guidance will be tailored to fraud and abuse risk areas for the applicable industry participant and measures to reduce those risks. Stay tuned for future compliance updates!
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.