The U.S. Department of Health and Human Services Office of Inspector General (HHS OIG) released an important new compliance resource in November 2023. The HHS OIG’s new General Compliance Program Guidance (GCPG) is intended as, “a reference guide for the health care compliance community and other health care stakeholders. . . . provid[ing] information about relevant Federal laws, compliance program infrastructure, OIG resources, and other information useful to understanding health care compliance.” HHS OIG will also issue revised industry segment-specific compliance program guidance starting in 2024.

The release of the new GCPC guidelines presents an ideal opportunity to conduct a compliance audit and ensure your compliance program meets HHS OIG standards.

HHS OIG’s New General Compliance Program Guidance

The GCPG covers various compliance aspects and directs health care stakeholders to other available compliance resources. Below, we provide an overview of some of the highlights.

Health Care Fraud Enforcement and Other Standards

After a brief introduction, the GCPG begins by outlining some primary sources of governing authority in the health care industry. Along with highlighting some key provisions of statutes, including the Federal Anti-Kickback Statute and Physician Self-Referral Law, this section discusses HHS OIG’s exclusion authority and the potential civil and criminal implications of non-compliance.

Compliance Program Infrastructure: The Seven Elements

The GCPG outlines seven key components required for a compliance program to be effective. It is noteworthy that "Risk Assessment" has now been clearly defined as one of the seven elements of an effective compliance program.

1. Written Policies and Procedures
2. Compliance Leadership and Oversight
3. Training and Education
4. Effective Lines of Communication
5. Enforcing Standards
6. Risk Assessment, Auditing and Monitoring
7. Responding to Detected Offenses and Developing Corrective Action Initiatives

For each of the seven elements, the GCPG includes a general overview of the HHS OIG’s nonbinding recommendations and some tips for effective implementation. At the same time, however, the HHS OIG clarifies that these are not necessarily the only steps entities need to take to put an effective program in place.

Key Takeaways

In the revised GCPG, the HHS OIG clarifies that the GCPG is “voluntary, nonbinding guidance.” Nonetheless, it covers mandatory compliance obligations, and federal authorities like HHS OIG use these types of resource documents to ensure that stakeholders are aware of their statutory and regulatory mandates. As a result, while the GCPG may be nonbinding, stakeholders in the health care industry should use it as a tool (among others) to identify and address their compliance duties.

Along with providing nonbinding compliance guidance, the GCPG also serves as notice that HHS OIG will no longer publish new compliance guidance documents in the Federal Register, but instead will begin publishing them online. The GCPG also notes that, starting in 2024, HHS OIG will issue “industry segment-specific CPGs (ICPGs) for different types of providers, suppliers, and other participants in health care industry subsectors or ancillary industry sectors.”