On November 10, 2023, the Office of the Inspector General (OIG) released its widely anticipated General Compliance Program Guidance (GCPG). The OIG had previously announced that it would update its current compliance program guidance, much of which was released 25 years ago in 1998.
In the introduction to the GCPG, the OIG explains that this guidance is meant to be general guidance to all individuals and entities involved in the health care industry and will be updated as needed. The introduction also states that the OIG will begin publishing industry segment-specific compliance program guidance (ICPG) tailored to different types of providers, suppliers, and other health care stakeholders in 2024.
Below, we have briefly summarized some of the more important changes from previous OIG compliance program guidance. We recommend that stakeholders take the time to review this guidance fully and make any necessary changes to their compliance programs.
The GCPG serves as a one-stop shop for health care compliance. It keeps the same seven-element compliance program infrastructure that was used by previous compliance program guidance. It is obvious that OIG tried to make the GCPG as accessible as possible to laypeople. The GCPG’s language is simple and accessible, providing frequent explainers/tips throughout the 91-page document. For example, the GCPG contains helpful summaries of complex laws and concepts such as the Federal Anti-Kickback Statute, the Physician Self-Referral Law (commonly referred to as “the Stark Law”), the False Claims Act, and Information Blocking rules. These explanations will provide a helpful starting point for those without a legal background in the world of health care fraud and abuse.
The GCPG implements several ideas that, in the past, were required in corporate integrity agreements, such as advising that the compliance officer should not have any responsibility for financial or legal duties within the health care entity and should report directly to the CEO or board. This may require many organizations to restructure their C-suites to comport with this change, as many organizations often combine legal and compliance roles. Additionally, the GCPG recommends that the compliance committee meet at least quarterly to increase routine attendance. Finally, the GCPG advises that an entity’s board has an involved role in the compliance program by ensuring that the compliance officer has the resources needed to effectively “implement, maintain, and monitor the entity’s compliance program and advise the board about the entity’s compliance operations and risk,” meeting with the compliance officer at least quarterly, overseeing the compliance committee, and being clear about its commitment to compliance to everyone that board members communicate with.
The GCPG also introduces the idea of quality of care and patient safety into an effective compliance program. The GCPG points out that, while not emphasized in the past, quality of care and patient safety are health care fraud issues that can lead to False Claims Act liability if not overseen correctly. The GCPG suggests implementing compliance program features such as having employees who are responsible for quality assurance and patient safety on the compliance committee and having the board keep a close eye on quality of care and patient safety by requiring regular reports from both senior leadership and the compliance officer regarding the current status of quality control and patient safety.
One new concept that the OIG introduced in the GCPG is the idea of incentivizing participation in the compliance program. The GCPG encourages this via “additional compensation, significant recognition, or other, smaller forms of encouragement.” In addition to participation in the compliance program, the GPCG also states that incentives may be introduced for (i) achieving compliance goals, (ii) reducing compliance risk, and (iii) performing compliance activities outside of one’s job description. Tied in with this concept, the GCPG advises that entities should examine their compensation and incentive structures to ensure that they are not encouraging noncompliant behavior through these structures. One with a dark sense of humor might interpret this to mean that the OIG is suggesting that parties use kickbacks to encourage compliance.
Not all entities are large enough to implement a full compliance program, and the GCPG recognizes this. Helpfully, the GCPG contains a section that modifies the GCPG’s recommendations to suit smaller entities, allowing them to remain in line with the GCPG without implementing compliance structures unsuitable to the entity’s size. These tweaks include designating a current employee to serve as the entity’s “compliance contact” instead of hiring a full-time compliance officer and implementing an open-door policy inviting employees to discuss compliance concerns instead of implementing more costly measures such as a compliance hotline. The GCPG also contains additional considerations and guidance for large entities needing to go above and beyond the GCPG.
As previously mentioned, while past compliance program guidance was addressed to specific types of entities, the GCPG is general and addressed to all entities working in the health care space. This includes technology companies, new investors, and organizations providing non-traditional services in health care settings (such as social services, food delivery, and care coordination services). The GCPG warns these entities that they need to ensure that they are up to speed regarding health care fraud and abuse laws and implementing a compliance program.
Dovetailing from this, the GCPG takes a moment to specifically address private equity spending in health care, warning private equity firms that they should “follow the money” to determine whether there are any potential compliance issues and understand the payment methodologies by which they are compensated so that they can understand what noncompliant behavior might be incentivized by such payment methodology.
Finally, the GCPG encourages entities involved in federal health care programs to introduce financial arrangements tracking to keep track of the web of financial and transactional relationships that are constantly changing within healthcare organizations. Among other things, this tracking system should ensure that proper supporting documentation is maintained, regular legal reviews are conducted, and fair market value assessments are performed and updated routinely as appropriate.
Stakeholders should review this guidance in-depth to ensure their organization complies with it. While this is voluntary guidance, it is strongly recommended that stakeholders make all necessary efforts to implement most (if not all) of the GCPG’s recommendations. Additionally, stakeholders should be on the lookout for any applicable ICPGs relating to the field in which they operate. Chambliss will continue to follow the OIG’s compliance program updates to keep clients up to date, and we are happy to discuss any questions or concerns you may have regarding the GCPG.
