HHS OIG Guidance Marks Revamp of Health-Care Industry

For the first time in more than 15 years, the Department of Health and Human Services Office of Inspector General has updated its general compliance program guidance, which will help the health-care industry further modernize to continue its growth.

The guidelines aim to help small entities working with limited resources as well as large entities that may face complex risk and require significant resources and expertise. This recognizes that small and large organizations need right-sized compliance programs to meet their individual needs.

The office also has issued guidance on Corporate Responsibility and Health Care Quality, as well as dashboards specifically for acute and long-term care. This highlights that quality and patient safety are integral to fraud and abuse compliance and advises that entities incorporate oversight of these areas into their compliance and audit programs.

However, the OIG is warning investors and governing bodies of health-care entities to scrutinize operations, incentive structures, and payment methodologies to ensure compliance with federal fraud and abuse laws. The agency is planning to publish additional broad, general health-care industry compliance program guidance. Industry-specific guidance will be published separately; the first two will be for Medicare Advantage and skilled nursing facilities.

The OIG will no longer publish compliance program guidance in the Federal Register but will provide updates on its website.

Successful Compliance

The updated guidance adopts its predecessor’s compliance program infrastructure, offering updated general advice based on its experience in monitoring corporate integrity agreements, industry feedback, and the evolution of the health-care industry.

While non-binding, OIG encourages health-care entity leadership to consider and incorporate all seven elements to comprehensively monitor, reduce, and mitigate risk.

Policies and Procedures

Compliance officers and committees should establish a written code of conduct and compliance policies. The code of conduct should communicate the organization’s mission, goals, and ethical requirements.

Compliance policies and procedures should include an overview of federal fraud and abuse laws, and areas of focus should include billing, coding, sales and marketing, quality of care, patient incentives, and physician and vendor arrangements. Policies should be easily accessible to all relevant individuals and should be updated regularly.

Leadership and Oversight

Boards and senior leadership should foster a compliance-oriented attitude. The updated guidance offers an overhaul of the role of the compliance officer. Notably, the OIG recommends that the compliance officer should report to the CEO or the board directly, should have sufficient stature and support within the entity, and should not lead or report to the entity’s legal or financial functions.

In addition to the compliance officer, organizations should appoint a compliance committee to aid in implementing the compliance program. Committee members should be adequately trained, and participation should be considered during members’ performance and compensation evaluations.

Training and Education

OIG recommends annual comprehensive training to all board members, officers, employees, contractors, and medical staff. Targeted training sessions should be developed based on individuals’ roles and responsibilities, especially for roles where the risk level is high, and material should be accessible to all employees.

Communication and Disclosure

Personnel should be made aware of the methods available to communicate compliance concerns, preferably with at least one anonymous method to post concerns. Creation of FAQs may assist in educating individuals on compliance expectations.

Consequences and Incentives

Organizations should establish appropriate incentives for compliance and consequences for noncompliance. Incentives and consequences should be consistently applied and enforced. Consequences may include remediation or sanctions, while incentives may additional compensation, recognition, or smaller forms of encouragement.

Risk Management

OIG recommends compliance committees conduct comprehensive risk assessments focusing on violations of law, regulations, or other legal requirements at least annually.

Resources are available to assist organizations in developing risk assessment processes. Scheduled audits should focus on areas of identified and ongoing risk, and a compliance workplan should be put in place to remediate identified issues.

Corrective Actions

Entities should develop protocols to investigate violations of the applicable laws and/or the compliance program. Internal investigations may include interviews, document review, documentation, and disciplinary action.

In some circumstances, self-reporting of misconduct to the government or affected individuals may be required. Implementing corrective action may include implementing refunds, enforcing disciplinary policies and procedures, or making changes to policies and procedures.

Health-care professionals should work to integrate the above updates into already existing policies and to fill in gaps where necessary. The first quarter is the perfect time take a closer look at your organization’s compliance program and set the tone for a successful year ahead.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Author Information

Olivia Seraphim is corporate health-care partner at Kirkland & Ellis, focusing on -regulatory and transactional matters on behalf of health-care entities and investors.

Janine Tougas is corporate health-care associate at Kirkland & Ellis, focusing on regulatory and transactional matters on behalf of health-care entities and investors.

Francine R. Michel is corporate health-care associate at Kirkland & Ellis, focusing on regulatory and transactional matters on behalf of health-care entities and investors.

Write for Us: Author Guidelines