OIG Issues General Compliance Program Guidance

The Office of the Inspection General (“OIG”) recently issued its new General Compliance Program Guidance (the “GCPG”), which covers a broad array of compliance topics. Much of what is in the GCPG has been addressed by the OIG before, but the GCPG is a single and well-laid out reference guide that will make life easier for compliance professionals.  It applies to all health care industry stakeholders.

Like previous OIG compliance guidance, the GCPG is voluntary, nonbinding guidance meant to assist health care industry stakeholders in their efforts to self-monitor compliance. It is not meant to be a one-size-fits-all, comprehensive compliance guide for every organization.

The GCPG is broken down into the following substantive sections:

1. Health Care Fraud Enforcement and Other Standards. This section summarizes and gives some compliance insight into the primary federal fraud and abuse laws as well as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.
2. Compliance Program Infrastructure. This section discusses the seven elements of an effective compliance program.
3. Compliance Program Adaptations for Small and Large Entities. This section explains how smaller entities with limited resources can implement a compliance program that meets the seven elements described in the previous section. For larger organizations, it provides guidance on the role of the compliance officer, the compliance committee and the board in developing and monitoring an entity’s compliance program needs.
4. Other Compliance Considerations. This section offers compliance considerations related to several generally applicable risk areas, including quality and patient safety, consideration for new entrants in the health care industry, financial incentives and financial arrangements tracking.
5. OIG Resources and Processes. This section includes lots of links and references for stakeholders to obtain more compliance guidance, as well as a description of the other types of compliance guidance available.

Starting in 2024, the OIG will begin publishing industry segment-specific compliance program guidance (“ICPG”) that will be tailored to risk areas specific to each industry subsector. Existing compliance program guidance will remain available as the OIG develops ICPGs. Once an ICPG is issued for a particular subsector, any previous compliance program guidance for that subsector will be archived but still available on the OIG website. Both the GCPG and ICPGs will be updated periodically. Note that going forward, the OIG will no longer publish updated or new compliance program guidance in the Federal Register. All current, updated and new compliance program guidance will be published on the OIG website.