Key Takeaways from OIG’s Newly Released General Compliance Program Guidance 

Healthcare Compliance Laws and Enforcement 

A significant early portion of the document focuses on key healthcare laws and authorities that compliance programs should be familiar with. These include the Federal Anti-Kickback Statute, the Physician Self-Referral Law, the False Claims Act, the Civil Monetary Penalty (CMP) Authorities, Exclusion Authority, Criminal Health Care Fraud Statute, and the HIPAA Privacy and Security Rules. Under the Civil Monetary Penalty Authorities, the OIG emphasized the Beneficiary Inducements CMP, Information Blocking, and CMP authority as it relates to HHS grants, contracts, and other agreements. 

The Seven Elements 

The largest section of the document makes direct recommendations about compliance program infrastructure. Experienced compliance professionals will find the messaging in this section to be like past guidance. However, some notable portions appear to have additional nuanced focus: 

• It makes a more direct plea to leadership such as the CEO and/or Board to include formal statements of support for a culture of compliance in the Code of Conduct. 
• There is a direct recommendation that policies and procedures be reviewed at least annually. 
• The compliance officer should either report directly to the CEO or the Board. If reporting to the CEO, it should be with direct and independent access to the Board. 
• There are more references to quality of care in multiple elements. These include policies; coordinating with the Quality Department; clinical decision making; having representation from the Quality Department on the compliance committee; and calling out the potential of reporting serious breaches in quality and adverse events to the government. 
• The Auditing and Monitoring element now specifically includes Risk Assessment. It discussed the importance of performing a risk assessment and provides links to helpful resources when doing so. 
• The OIG calls out the importance of auditing for medical necessity. 

Adaptations 

As has always been the case, the OIG is careful to point out that this guidance should not be considered a model compliance program. To further this message, there is an entire section titled “Compliance Program Adaptations for Small and Large Entities.” It is important to recognize that no two compliance programs are going to be the same. Successful compliance programs are adapted to fit the organization and maximize compliance for individual organizations with unique risk profiles. 

There is obviously much more to the GCPG that has not been discussed here. This new document is sure to become a staple for any compliance professional in the healthcare industry. 

Qualified compliance professionals do the heavy lifting for you, simplifying regulatory change management   

Our in-house team works tirelessly to monitor U.S. regulators, carefully read the regulations in their entirety, and translate the information into simple regulatory intelligence you can use. We deliver model procedures and expert tools that can be used to fulfill your business requirements. Everything is validated by a third-party law firm. Follow the button below to get a tour of our healthcare compliance software.  

Get the latest from healthcare compliance experts  

Never miss an article by CJ Wolf. Sign up for YouCompli’s weekly email if you haven’t already.