Last month, the Office of Inspector General (OIG) issued its General Compliance Program Guidance (GCPG), which serves as a comprehensive reference guide for compliance considerations applicable to healthcare stakeholders. The GCPG is not a model compliance program. Rather, it is voluntary, nonbinding guidance that allows users to access the specific topic they are interested in to understand more about the framework of compliance in that area. With the publication of the GCPG, the OIG also indicated that it intends to publish industry segment-specific CPGs tailored to fraud and abuse considerations for different types of providers, suppliers, and others beginning in 2024.
Frier Levitt recommends reviewing the GCPG in its entirety given its scope, however, the following include some of the key takeaways that healthcare stakeholders should consider when reviewing and updating their compliance programs.
Fraud Waste and Abuse – The Enforcement of Healthcare Standards
The GCPG provides an overview of applicable laws relevant to compliance programs, particularly targeted at an organization’s requirements to abide by relevant fraud waste and abuse laws and privacy and security rules. The OIG addresses the framework for, and exceptions to, the Federal Anti-Kickback Statute, Stark Law, False Claims Act, Health Care Fraud Statute and the OIG’s authority under the Civil Monetary Penalty Law, among other topics. The resource also provides guidance on health IT information blocking and HIPAA.
The Seven Elements of a Compliant Infrastructure Program
One main focus of the GCPG outlines the seven elements of an effective Compliance Program, which includes (i) written policies and procedures, (ii) compliance leadership and oversight, (iii) effective lines of communication with a compliance officer and disclosure program, (iv) enforcement of standards, consequences and incentives, (v) risk assessment, auditing and monitoring, and (vii) responding to non-compliance and developing corrective actions. As a standard, having up-to-date policies and procedures that are accurate and reliable is a critical element of compliance that increases a program’s authority, credibility and effectiveness with relevant individuals and government regulators.
Of note, the guidance directs that a key indicator of an organization’s commitment to compliance is the appointment and support of a compliance officer as a “senior leader” who has the authority, stature, access, and resources necessary to lead an effective and successful compliance program. A compliance officer should report to the chief executive officer or directly to the board of an organization, and have sufficient funding, resources, and staff to operate a compliance program capable of identifying, mitigating and remediating an organization’s compliance risks.
The GCPG provides further detail and recommendations for each of the seven key elements of an adequate compliance program, along with links to additional resources.
Small and Large Entity Compliance Program Adaptations
The GCPG acknowledges that compliance programs for small companies with limited employees may look substantially different from large organizations with sophisticated infrastructure and the financial resources to hire teams of staff to manage internal compliance. To this end, the GCPG provides recommendations for smaller entities to enable them to adhere to their compliance obligations without incurring the cost associated with a dedicated, full time compliance officer or robust compliance manuals.
Other Compliance Considerations
While quality and safety are often thought of separately from “compliance,” these concepts form a significant part of compliance under the authority of CMS and FDA. Through the GCPG, the OIG highlights past enforcement actions predicated on the basis of quality and patient safety, and emphasizes the importance of a wholistic approach to compliance.
The GCPG also highlights that new entrants into the healthcare industry (such as technology companies or investors) are often unfamiliar with the unique regulations and business constraints that uniquely apply to healthcare. OIG reiterates that common business practices from other sectors can create both civil and criminal liability when applied to healthcare arrangements. Thus, as a starting point, OIG recommends that organizations identify fraud and abuse risks by evaluating financial arrangements to understand how funds flow through a business and the GCPG provides certain tools to assist in this process.
OIG Resources and Processes
Finally, the OIG uses the GCPG to consolidate various resource links into one document. The resources include, but are not limited to, past and current compliance program guidance, advisory opinions, special fraud alerts, bulletins, relevant statutes, regulations, safe harbors, compliance toolkits, FAQs, self-disclosure information, and educational videos.
How Frier Levitt Can Help
The GCPG is an effective tool for reviewing general areas of risk for healthcare entities. If your organization needs assistance assessing its overall regulatory compliance, including for issues related to fraud, waste and abuse, privacy and security, or quality and safety issues, contact Frier Levitt. Through a compliance review, we can assist in creating or updating compliance policies and programs, developing corrective action plans, responding to and mitigating instances of noncompliance, and navigating audits and investigations for both large and small organizations. Additionally, Frier Levitt can assist new entrants become familiar with the regulatory framework with which their ventures will be expected to comply.
