4 minute read | November.10.2023
The Department of Health and Human Services Office of Inspector General (HHS-OIG) has issued new general compliance program guidance, marking the first time the agency has released this type of “reference guide for the health care compliance community.” It brings together information previously scattered across different sources, including on relevant federal laws, elements of an effective compliance program, OIG resources and other compliance material.
The guidance demonstrates the agency’s effort to make compliance more accessible and its continued, and likely increased, interest in corporate compliance programs. Although much of the substance is not new, by collecting and publicizing it in this form, OIG is putting companies on notice of what it means to address compliance risks.
As discussed below, OIG specifically flagged its interest in topics such as private equity investment in health care and new entrants to health care, specifically including technology companies, and the potential compliance risks posed. These companies should be aware that, with this guidance, OIG is signaling heightened expectations and a potential increased willingness to evaluate their corporate compliance programs.
This guidance has been a long time coming. As the agency announced this year, it is pushing to modernize its approach, including the accessibility and usability of its public resources. This includes moving away from relying on the Federal Register, which can be challenging to access, identify and follow, and issuing new compliance tools and material—of which this guidance is the most critical piece to date.
As noted, the content largely affirms existing guidance and highlights key risk and compliance program issues relevant to the health care industry. Specifically, it covers:
(1) Written policies and procedures
(2) Compliance leadership and oversight
(3) Training and education
(4) Effective lines of communication with the compliance officer and disclosure programs
(5) Enforcement of standards, including consequences and incentives
(6) Risk assessment, auditing and monitoring
(7) Responding to offenses and corrective actions, including investigations and reporting
OIG makes clear that a company should commit to effectively implementing all seven elements.