The Office of Inspector General of the U.S. Department of Health and Human Services (the OIG) recently released an updated General Compliance Program Guidance document (GCPG). The GCPG has been anticipated since the OIG announced on April 25, 2023, that it planned to modernize the accessibility and usability of its publicly available resources, including the OIG’s Compliance Program Guidance (CPG) documents. We recommend that the healthcare compliance community and other healthcare stakeholders review the GCPG carefully, and, in particular, that all healthcare compliance officers ensure they use the GCPG as a guidebook going forward.

The OIG has been releasing voluntary, nonbinding CPG documents since 1998 “to encourage the development and use of internal controls to monitor adherence to applicable statutes, regulations, and program requirements.” The GCPG discusses general compliance risks and compliance considerations. Next, the OIG will begin publishing industry-specific CPGs to update prior CPGs that provided guidance for specific providers such as hospitals, clinical laboratories, hospices, Medicare Advantage (formerly known as Medicare+Choice) organizations, and nursing facilities. The OIG anticipates addressing Medicare Advantage and nursing facilities next. While previous CPGs were released in the federal register, going forward they will be published directly to the OIG’s website. As new CPGs are released, prior CPGs will be archived but will remain available as resources on the OIG’s website.

A summary of the information the OIG discussed in the GCPG is provided below:

• Overview of Certain Federal Laws. Key federal laws are discussed and useful tips are provided regarding, but not limited to, the Federal Anti-Kickback Statute, the Physician Self-Referral Law, the False Claims Act, and HIPAA Privacy and Security Rules.

• The Seven Elements of an Effective Compliance Program. Each element is discussed, along with useful tips to aid in ensuring that a successful compliance program is put in place.

• Compliance Program Adaptations for Small and Large Entities. Acknowledging that the size of a compliance program may impact how the OIG’s guidance is implemented, the OIG provides guidance regarding how small entities can implement a compliance program that satisfies the seven elements even with limited resources and how larger entities can ensure the compliance needs of larger organizations are met.

• Other Compliance Considerations. The OIG discusses other compliance considerations related to areas such as quality and patient safety, the growing prominence of private equity in healthcare, and how to appropriately track financial arrangements, including those with referral sources that can implicate the Federal Anti-Kickback Statute and other Federal fraud and abuse laws.

• OIG Resources and Processes. The various resources available for the healthcare industry are discussed, such as the OIG’s Compliance section of its website, updated Frequently Asked Questions, and the ability to subscribe to the OIG’s “What’s New” Newsletter to receive notifications regarding new reports, enforcement actions, and more.

Compliance officers will find the revamped GCPG particularly helpful, as it goes a step further than prior CGPs and offers useful tools and tips to help mitigate risks and maintain compliance with Federal healthcare program requirements. For example, the GCPG provides the below recommendations for compliance officers:

• Annually Review Policies and Procedures. Review policies and procedures at least annually to ensure they reflect any modifications to applicable statutes, regulations, and Federal healthcare program requirements.

• Be an Effective Compliance Committee Chair. Follow the GCPG’s guidance regarding how to appropriately chair the Compliance Committee, which, for example, includes providing training to new members regarding their duties and responsibilities for serving on the committee.

• Offer Additional Compliance Education Opportunities. Direct Compliance Committee members and entity leaders to deliver compliance training in meetings they already attend (e.g., executive leadership meetings and medical staff meetings) by having a standing compliance item on the agenda of those meetings.

• Do Not Deter Reporting of Compliance Concerns. Ensure individuals are not deterred from reporting compliance concerns (e.g., personnel should not be required to bring compliance concerns to their manager or supervisor before contacting the compliance officer).

• Maintain Responsibility for Investigations. Remain involved in all healthcare compliance investigations even when counsel takes the lead.

• Review Medical Necessity. “Ensure that any claim reviews and audits include a review of the medical necessity of the item or service by an appropriately credentialed clinician.”

• Identify Problematic Arrangements. When attempting to identify problematic arrangements, review the inquiries provided in the GCPG. Determine which follow-up steps may be necessary to reduce or eliminate the risk of a Federal Anti-Kickback Statute violation.

Now is the time for compliance officers to ensure they have effective compliance programs in place. A thorough review of the GCPG is a great starting place. We are available to assist compliance officers and other members of the healthcare community seeking assistance with adherence to the guidance discussed in the GCPG.