In the first major update in fifteen years, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently released new voluntary compliance program guidelines (CPGs) for health care companies aimed at preventing fraud and waste in the health care system. 

Last spring, the OIG announced plans to update and to release new CPGs, recognizing that technology and which entities are involved in health care have vastly changed health care delivery. 

The first new CPG is a general CPG, offering a concise overview of compliance expectations for all providers. The OIG plans to release additional guidance for subcategories of providers, such as nursing facilities, later this year.

Overview

While CPGs are not binding, the documents provide useful insight into relevant federal laws, illustrative examples of common issues and references to other OIG resources that might be helpful for companies as they proactively shape their compliance programs and address issues as they arise. 

Further, the OIG recognizes that compliance efforts cannot be “one size fits all” given the range of entities involved in health care, and offers suggestions for both large and small companies to consider to create effective programs to meet their compliance obligations given their relative access to resources. 

The guide contains summaries of relevant laws, such as the Anti-Kickback Statute (AKS), Physician Self-Referral Law, known as the Stark Law, the False Claims Act, and the Health Insurance Portability and Accountability Act (HIPAA), among others. 

It also reiterates in detail the key elements of a compliance program, ranging from having written policies and procedures, training and education plans, and conducting risk assessments at least annually, among other components.

Recent Trends

While much of the guidance will be familiar to seasoned compliance professionals, the CPG does capture many recent trends in the health care industry. 

For example, in alignment with other federal efforts, the CPG explicitly states that quality and patient safety measures should be included as part of compliance efforts, and compliance materials should be accessible and inclusive of the diverse array of professionals in health care today, including publishing materials in different languages as applicable, and finding new ways to communicate with employees of different generations who may have different communication styles. 

Additionally, the OIG flags that over the last two decades, many new players, including private equity, technology companies and care coordination service providers, have entered the health care sphere, and even traditional entities have expanded into new services. The OIG stresses that investors and compliance officers should revise and tailor their efforts to these new offerings and relationships to avoid running afoul of federal requirements.

With more guidance on the way, owners, providers and other interested parties should take this opportunity to review their compliance programs as the landscape continues to evolve.