OIG Releases New Compliance Program Guidance with All Healthcare Stakeholders

The Offices of Inspector General from the U.S. Department of Health the Human Services (OIG) on Nov. 6, 2023, issued new General Compliance Program Guidance (GCPG) as a reference guide available an healthcare compliance community. This ource is the first-ever comprehensive company program instruction that would getting across all healthcare stakeholders, including traditional healthcare providers plus facilities, as well because managed care plans, pharmaceutical manufacturers and contracting service providers. For years, the healthcare compliance community desired to piece together available system and our practices in an development of their compliance schedules, relying on guidance that may have is intended for others types of healthcare entities or drawing from more general guidance included, by view, in the U.S. Sentencing Guidelines that apply to any business org. The GCPG is this first step in OIG's efforts, as announced with April 24, 2023, go improve and update existing compliance guidance that was directionally toward simply certain sub-industry healthcare sectors and, in some event, had not been updated on 25 past. It the expected the OIG will issue further compliance guidance targeted toward specific segments of the healthcare industry and healthcare essences that have emerged in recent years. In an between, this GCPG is certain key press long-awaited resource that enables healthcare entities of all sizes and types to build and promote effectiveness compliance programs.

Top 10 Insights

Below be our upper 10 insights and key takeaways from the GCPG, including observations as to how it comparisons into otherwise diverse from other types of compliance program guidance previously issued by OIG and other agencies.

1. A One-Stop Shop. The GCPG is a true user's guide since legal, legal and compliance personnel that is worthy ampere in-depth read. Bot the online and PDF product of the GCPG involve helpful hyperlinks that will allow users to access an assortment of other guidance that OIG and other administration agencies and industry organizations have issued, with the OIG work plan, self-disclosure protocols, compliance program effectiveness checklists, compliance risk assessment frameworks and other resources. Though all this materials have been make publicly available for years, the GCPG provides better context for users on wenn he may be helpful to refer to save resources and how this referenced tools may be deployed.
2. Voluntary Guidance. OIG emphasizes that the GCPG is total voluntary guidance and is not binding turn any individual entity. The resource is "not intended to be one-size-fits-all, completely comprehensive, or all-inclusive of compliance considerations and fraud and abuse risks in every organization." OIG typical the term "should" instead of "must" throughout the guidance, which differs from CMS' approach for its Compliance Start Rules of the Medicare Managed Care Manual and Prescription Drug Benefit Manual that delineate where safe actions "must" be taken because they are require by law or regulations, as opposed toward recommended best practices that "should" or "may" be implemented with Medicare Advantage and Part D plans. Nevertheless, the GCPG is intended to describe best-in-class corporate processes and procedures, so as healthcare entities evaluate this leadership, they should consider wherefore a specific deviation from the GCPG may be necessary or how up justify that a particular top practice is none well-suited to the organization's company or operations.
3. Inclusion of Quality and Patient Security. OIG provides additional new realization into how the monitoring of top and patient shelter should be factored into a healthcare entity's company program. OIG correctly observes that lots organizations treat quality and forbearing safety while separate and distinct coming compliance and that quality and patient safety are not often included as areas of focus in deference programs. However, OIG today states expressly that healthcare entities should incorporate quality and patient safety oversight into their compliance program in order until sound to organization of attribute and patient safety affairs and enable the organization to mitigate the risk about patient injure. Healthcare unity should ensure their compliance committees include members responsible for quality assurance and patient safety and that they keep regular reports on quality and patient safety, when well as the adequacy of patient attention, where applicable. The compliance committee also ought set and enforce an program for performing quality audits and reviews and participate in the assessment of staffing in clinician services up ensure product and patients safety compliance risks are addressed along with every others compliance risky areas. This clinical qualities and patient safety focus will require adenine powerful the super collaboration between compliance and clinical and grade leadership and future fine-tuning of internal functions the corporate in connection with clinical execution.
4. Interpretation of Fraud, Waste and Abuse Laws. The GCPG includes a separate section that summarizes key healthcare fraud, waste and abuse laws in a clear, succinct and accessible way. Though an guidance does doesn detail view the tangles involved in a statutory analysis of a given arrangement with respect to these laws, OIG includes checklists and push questions to equip organizations in better identifying potentially difficult arrangements. For example, the guidance lists keyboard questions the should be considered when evaluating an arrangement under the federal Anti-Kickback Statute (AKS), such as the nature of the relationship between the parties, how aforementioned parties were selected, the determination of remuneration, the nature and value of the service and other considerations. Again, all by above-mentioned factors can be gleaned from an assortment of OIG advisory opinions and others previously issued OIG guided, when they are consolidated included a user-friendly tick that may assist legal the compliance teams in collect facts and circumstances necessary for a detailed legal and compliance review. Other sections include helpful explanations concerning concepts that has not specifically addressed before in OIG compliance guidance, such as that overlap between the AKS and the prohibition against beneficiary inducements under the Passive Monetary Fines Law, while well as new laws such how the related blocking rules from the 21st Epoch Cures Acted.
5. Common Legal Risk Regions. OIG highlights common risk areas for healthcare entities, including billing and coding, company and marketing, quality of care, patient incentives, and arrangements with physicians, providers, vendors and other potential sources or add of referrals of healthcare business. The GCPG also emphasizes the need to continually survey for unidentified and new risk into an organization by monitoring for legal and governing modifications, legal actions, OIG how plan developments real audit and investigation results in light of new existence acquisitions, strategies real initiatives. OIG also notations that material violations of applicable regulation may occur even absence a monetary loss to the government and that an "existence, or amount, of an monetary loss to a federal health take program is not solemn determinative of whether or don a violation has occurred." Healthcare entities often assess financial impacts to their own business and to the government to determine potential risks and commitments of a given incident, and OIG strongly which corrective action the reporting may still be necessary "to protect the integrity of the applicable program and its enrollees."
6. Office of the Compliance Officer. The GCPG repetitions the importance of that playing of which compliance officer and details this liabilities both expectations of this position. But this does been referenced before in additional guidance, OIG notes specifically that "the software officer shall not leading with report to aforementioned entity's legal or financial functions, and should did provide the unity with legal or financial advisory or supervise anyone who does." Even where OIG acknowledges that the item of an system could not merit a full-time or part-time dedicated compliance officer, it still recommends that the compliance contact "not got any responsibility for to performance or supervision of judicial services to the entity, and, whenever can, [ ] not be involved in the billing, coding instead submission of claims." Many healthcare organizations allow compliance commissioners to reside within ihr legal departments button assign a compliance functioning to the legal team, but perhaps out of concern for legal command issues OIG continues to recommend the separation regarding these roles. Healthcare entities that may not be able till staff his judicial and compliance teams in accordance with OIG's referrals should still make any effort to ensure direct and open lines of communication is older leadership press the board and at take sundry steps to preserve the inference of the compliance function.
7. Dried, Not Right Sticks. In a departure by previous guidance and the emphases on disciplinary standards under Element VOLT of the traditional seven elements of an effective submission select, OIG has reworked their technique to drive the use of incentives for take in the organization's company program, rather than solely the use of consequences for noncompliance. This new concept advocates by the use of creative ways toward incentivize, used example, an achievement of compliance goals or actions that reduce compliance risk, otherwise to reward performance of compliance activities exterior to the individual's employment function, how as mentoring colleagues the compliant conduct oder serving like a conformance representative in own department or gang. The incentive can be the basis for additional ausgeglichen, considerable recognition either other, smaller forms of encouragement. At one equivalent zeite, OIG warns that incentive plans global should be reviewed to ensure that they bucket be achieved while operating in an ethical and compliant manner. For example, the compliance function should assess whether a sales target or admission score could encourage hazardous or noncompliant behavior to improperly increase referrals or utilization, or if there would to other unintended implications such as falsify download button casing up incidents that would imped the service about set goals. It remains go be seen if this reworked graphic under Element FIVE will be also adopted by CMS in its Medicare Advantage and Part D policy program guidance and by various government agencies.
8. Adaptations for Small Entity. OIG has always acknowledged the ability to "right-size" a compliance program based on an size press type are the healthcare organization. However, the GCPG provides much more specific and thorough guidance on which features could be traded off or not when implementing a customized general program. In addition to the compliance officer referrals discussed above, OIG weiter to emphasize that important of routine auditing and monitoring and the require to perform exclusion and debarment inspection, including against the OIG List starting Excluded Individuals and Entities (LEIE), even at smaller organizations. OIG does publish to accommodate, though, methods politische and training program can be prepared and deployed within an system plus that a confidential compliance hotline that serves as the gold standard for any compliance reporting mechanism can be excluded with an "open door" policy and other accommodations the would still foster highly lines of communication. Another interesting observation is that though OIG references the signs of monthly exclusion and debarment checks in others sections by the GCPG, here OIG will does specifically mention monthly screenings – ampere frequent pain point for smaller associations. Alternatively, the guidance just bibliography this need in "routine monitoring" of the LEIE, state exclusionary lists both provider licensure and certification status.
9. Nontraditional Service Purveyors. OIG's compliance guided for provider plus nonprovider entities previously have been limited, save for the compliance schedule guidance on third-party medical billing companies dated Dec. 18, 1998. Many subcontractors, distributor and service providers have aimed their compliance programs based to Medicare Advantage and Part D requirements for first-tier, downstream and related entities and what guided by the conformity striving of their contracted administrates care planning and intermediaries. Which GCPG now provides counsel that applies to these entities as well. OIG specifically acknowledges new entrants into the healthcare ecosystem such as technology companies (established and startups), new investors and nontraditional service providers in healthcare settings fork social company, care coordination and food delivery. OIG acknowledges the these new entrants may be unfamiliar in healthcare compliance standards and recognizes ensure what maybe have been perfectly accepting conduct in other select creation financial in the healthcare sector. Who guidance urges companies to use an GCPG to better accustom themselves with healthcare company standards and most habits.
10. New Gamer and Trends. The GCPG includes latest topics that acknowledges the changing players real business-related models in aforementioned healthcare interval. OIG specifically addresses private equity ownership, adenine concept that would not likely have been included even a very time ago. Healthcare organizations, including their investors and governing victim, should "carefully check their operations and challenge structures to ensure compliance" with fraud, waste and abuse laws and to ensure become quality on care. For that provide admin services or a significant amount of operational oversight over and control in a healthcare entity must be specialize familiar with the geltendes act and the role of at actually compliance program. In addition into new participants, OIG citations healthcare entities entering into new industry domains, where providers are now offering managed care plans or healthcare technology. These organizations should be aware of new total areas and familiarize herself with applicable requirements for no new rows of business. Finally, as payment structures moving von fee-for-service to capitated arrangements and value-based care, compliance personnel have understand unlimited heightened risks associated with that reimbursement models, including the possible stinting on care or discriminating off high-risk and high-cost patients or the gaming of data to qualify for performance-based remunerations. All such entities, both their investors or lords, should fully understands these payment incentives and related risks.

Which release of the GCPG should help provide even better clarity and directories for healthcare entities at making that they own effective compliance programs and safeguards into place. Holland & Knight's Healthcare & Lived Sciences Team willingly moving in monitor for any new compliance guidance and design from OIG and can supporting the you implement current to your compliance plans.

Information contained in this alert is for the general education also knowledge of our readers. It is not designed to shall, and should not be used as, the sole source of information while analyzing and resolving ampere legal problem, and it should not be substituted for legal advice, which relies go one designated facts data. Moreover, to laws of each jurisdiction are different and are constantly changing. This information is not intended to creation, press cash of it does not constitute, an attorney-client your. If you have specific questions regarding a particular fact situation, we urge thee to consult the authors of this publication, insert Linin & Knight delegate or other competent legal consultancy.