On November 6, 2023, the DHHS OIG published its long-awaited General Compliance Program Guidance (GCPG). It has been 15 years since the last compliance guidance was published. This new general guidance includes, in its 91 pages, advancements of concepts in the many Compliance Program Guidance (CPG) documents that focus on various health care sectors. It essentially pulls together compliance program guiding principles into a single resource for those in healthcare desiring to build an effective program meeting applicable laws, regulations, and standards. They continue to follow the seven standard compliance program elements set forth by the U.S. Sentencing Guidelines as the framework for compliance programs. The GCPG will be followed by new CPGs that address different sectors of healthcare that will replace the existing guidance that has been issued since 1998. The OIG advises continued use of the older guidance until they are replaced. The next CPG planned in the upcoming year will be for managed care plans and nursing facilities.
The GCPG provides a variety of valuable suggestions for developing effective compliance programs, compliance oversight committees, conducting risk assessments, compliance education content, employee incentives to promote compliance program engagement, etc. Special attention was given to compliance with the federal Anti-Kickback Statute (AKS), which continues to be the principal avenue for enforcement by the OIG and DOJ. The GCPG speaks to the nature of relationships between parties, how parties to arrangements are selected, the determination of value of remuneration, the nature of items/services to be provided, potential conflict of interest, and documentation of arrangements. Other guidance sections speak to the differences between small and large entities. They recognize that smaller entities have limited resources to support a full-time compliance officer and note they may use contracted part-time support. For larger organizations, having a dedicated compliance officer with compliance committee(s) is imperative. The guidance also stresses the importance of compliance program assessments, noting that “in recent years, OIG, the compliance community, and other stakeholders have come to recognize and place increasing emphasis upon the importance of a formal compliance risk assessment process as part of the compliance program.” Although they don’t suggest that external parties must conduct the risk assessment, they believe that information gathered from both internal and external sources should be considered in the risk assessment.
You can keep up-to-date with Strategic Management Services by following us on LinkedIn.