HHS-OIG Releases General Compliance Program Guidance for Healthcare Industry

The U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG) earlier this week released General Compliance Program Guidance (GCPG) applicable to all individuals and entities involved in the healthcare industry. As discussed in a prior Sidley Update, the GCPG is the first in a series of voluntary, nonbinding compliance program guidances (CPGs) that HHS-OIG intends to publish in response to stakeholder feedback. The GCPG does not break new ground; instead, it reflects a compilation of previous guidance provided in various contexts by HHS-OIG regarding its perspective on the relevant fraud and abuse laws and the elements of effective compliance programs. Notably, the GCPG again spotlights HHS-OIG’s focus on manufacturer-sponsored speaker programs. It also addresses compliance considerations for private equity ownership, which is consistent with the government’s established scrutiny of private equity investment in healthcare.

HHS-OIG will begin publishing industry-specific CPGs (ICPGs) addressing fraud and abuse risk areas for each industry subsector in calendar year 2024, which may provide more insight than reflected in the GCPG on HHS-OIG’s enforcement priorities and evolving expectations for compliance programs. In a prior announcement, HHS-OIG stated that it would likely start with guidance for nursing facilities and Medicare Advantage.

A high-level summary of key takeaways from the GCPG follows.

Key Questions to Detect and Prevent Fraud and Abuse

A main objective of the GCPG is to help healthcare entities prevent and detect fraud and abuse in their operations and relationships. To that end, it summarizes key fraud and abuse laws, including the Federal Anti-Kickback Statute and the Physician Self-Referral Law (aka Stark Law) and poses the following key questions to help stakeholders assess their compliance risks arising from referral source arrangements, which remain the key driver of enforcement in the industry:

• Nature of the Relationship between the Parties. What degree of influence do the parties have, directly or indirectly, on the generation of Federal healthcare program business for one another?
• Manner in which Participants were Selected. Were parties selected to participate in an arrangement in whole or in part because of their past or anticipated referrals?
• Manner in Which the Remuneration Is Determined. Does the remuneration take into account, either directly or indirectly, the volume or value of business generated?
• Value of the Remuneration. Is the determination of fair market value based on a reasonable methodology that is uniformly applied and properly documented?
• Nature of Items or Services Provided. Are the items and services actually needed and rendered, commercially reasonable, and necessary to achieve a legitimate business purpose?
• Federal Program Impact. Could the remuneration lead to overutilization or inappropriate utilization?
• Clinical Decision Making. Does the arrangement or practice have the potential to interfere with, or skew, clinical decision making?
• Steering. Does the arrangement or practice raise concerns related to steering patients or healthcare entities to a particular item or service, or steering to a particular health care entity to provide, supply, or furnish items or services?
• Potential Conflict of Interest. Would acceptance of the remuneration diminish, or appear to diminish, the objectivity of professional judgment?

Compliance Program Guidance

The GCPG largely reiterates HHS-OIG’s longstanding guidance and expectations for healthcare compliance programs. Missing from the GCPG, however, is any reference to corporate compensation clawbacks, despite Department of Justice policy and its pilot program announced in March.

The CGPG also addresses corporate integrity agreements (CIAs). HHS-OIG invites stakeholders to take additional guidance from CIAs but does not itself offer any updates to the general compliance program guidance on that basis. HHS-OIG notes that CIAs for pharmaceutical and device manufacturers have unique requirements to monitor sales force activities, including related to speaker programs, direct field observations of sales personnel, and monitoring and review of records related to other healthcare provider interaction, which suggests an implied expectation that manufacturers should incorporate these activities into their standard compliance programs.

Adaptations for Small and Large Entities

The GCPG recognizes that compliance programs may vary depending on the size, complexity, and resources of the healthcare entity. Accordingly, it offers specific compliance program adaptations for small and large entities. For large entities, the GCPG emphasizes the importance of having a dedicated compliance officer, a compliance committee, and board compliance oversight as well as ensuring that the compliance program is integrated throughout the organization and its subsidiaries and affiliates. For small entities, the GCPG suggests concrete ways to implement the seven elements of a compliance program with limited resources and personnel, such as designating a compliance contact when resources do not allow a full-time compliance officer, using existing or template policies and procedures and training materials, and offering an “open door” policy in lieu of a formal communication program.

Private Equity Ownership in Healthcare

The GCPG section on financial incentives includes a specific subsection addressing ownership by private equity (PE) investors. HHS-OIG notes that PE investment “raises concerns about the impact of ownership incentives … on the delivery of high quality, efficient health care.” It is notable, and consistent with the government’s established skepticism and scrutiny of PE investment in healthcare, that HHS-OIG chose specifically to call out PE’s responsibility to understand the laws and guidance. The section also emphasizes the importance of this responsibility for PE investors who engage in active management of their portfolio entities.¹

Other Important Compliance Considerations

In addition to the core components of a compliance program, the GCPG addresses developments and emerging issues in the healthcare industry, including a recommendation to incorporate quality and patient safety oversight into compliance programs; new entrants in the healthcare industry; financial incentives and ownership; and financial arrangements tracking.

HHS-OIG Resources and Processes

Finally, the GCPG highlights additional HHS-OIG resources intended to help healthcare entities enhance their compliance programs and encourages healthcare entities to seek guidance on specific compliance issues and submit feedback pertaining to the GCPG and forthcoming ICPGs to Compliance@oig.hhs.gov.

¹See “Digital Health: A Regulatory Playbook for Private Equity Firms and Other Private Capital Investors,” Sidley Update, January 26, 2023; and “PE Investors – Even Minority – Exposed to False Claims Act Risk,” Original Source, Sidley's False Claims Act blog, October 15, 2021.