As 2023 came to a close, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released an updated General Compliance Program Guidance (GCPG) manual, which serves as a reference guide for the health-care industry on the relevant Federal laws, compliance program infrastructure, OIG resources and other essential health-care compliance information. While this guidance is voluntary, it is the framework by which the OIG and other entities monitoring compliance will evaluate an entity’s compliance program.
Teased as forthcoming since April of 2023, the OIG has released this updated GCPG applicable to all individuals and entities in the health-care industry, with the intent to publish industry segment-specific compliance program guidance documents (ICPGs) for different types of providers, suppliers and other participants in health-care industry subsectors or ancillary industry sectors relating to federal health-care programs throughout 2024. It is anticipated that the first two ICPGs will address managed care programs and nursing homes.
Regarding the updated GCPG, while the fundamental standards remain the same, the OIG has provided a more in-depth discussion on the standards and provides illustrative examples and feedback received from industry stakeholders, enforcement actions and investigations. The seven elements of an effective compliance program remain, but the updated GCPG includes additional detail about compliance leadership and oversight, effective lines of communication with the compliance officer and disclosure program, enforcement standards, and risk assessment as a component of internal monitoring and auditing. The GCPG also includes modifications that small entities can make to achieve the seven elements within their limited financial and human resources.
New to the GCPG are discussions of quality and patient safety and new entrants in the health-care industry. The GCPG states that while quality and patient safety are often treated as separate and distinct from the structure of a compliance program — as quality and patient safety are integral to the work of HHS, Centers for Medicare and Medicaid Services (CMS), Food and Drug Administration (FDA) and other agencies — entities should incorporate quality and safety oversight into their compliance programs. The compliance program should include and address quality and patient safety compliance risks just as any other compliance risk area is included and addressed. The GCPG goes on to state that medical necessity, patient safety and other quality compliance issues should be incorporated into the overall compliance risk assessment process so that any potential risks can be addressed and incorporated into an entity’s overall compliance program.
With its section on new entrants into the health-care industry, the GCPG signals that the OIG is aware of and closely tracking the increasing number of technology companies, new investors and organizations providing non-traditional services in health-care settings. The GCPG reminds those entrants that the health-care industry is markedly different than other industries regarding its regulations and business constraints, and that any new entrant should prioritize the establishment of a comprehensive compliance program to protect themselves and their customers from potential risks.
As stated previously, the GCPG is relevant to any individual or entity participating in the health-care industry. While the industry awaits the ICPGs, healthcare providers, suppliers and other organizations or businesses serving the health-care sector are encouraged to take stock of their current compliance program to ensure it meets the standards set forth in the GCPG. The McNees Healthcare Law Group regularly conducts compliance program reviews and advises clients on any adjustments or revisions needed to meet the GCPG. The group can also help to provide a risk-based analysis of the elements in your compliance program that should receive the highest priority in an effort to meet both the business and compliance objectives of your organization.