On November 6, 2023, U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a General Compliance Program Guidance (GCPG) as part of its plan to renovate its library of compliance program guidance documents (CPGs). As we previously reported, the OIG announced in April its plans to issue the GCPG, and to deliver new “industry-specific” (ICPGs) that—like the older CPGs—will each address a different subsector of the healthcare industry or ancillary related fields. The OIG stated that the ICPGs—which the OIG expects to begin publishing in 2024—will address subsectors that have emerged in recent years; the OIG announced that new guidance would first issue for Medicare Advantage organizations and nursing facilities. The OIG stated that it intends to update its CPG library periodically, integrating new risk areas and compliance measures.
As background, starting in 1993, the OIG issued CPGs—reference guides for compliance risks and voluntary compliance programs—addressed at discrete healthcare industry subsectors, e.g., hospitals and home health agencies. The new GCPG stands apart from its predecessors for its length (91 pages), comprehensive breadth, and the fact that it is drafted as a general reference for all healthcare industry stakeholders. That said, the GCPG mainly reprises familiar themes and recommendations from past agency guidance such as OIG’s Seven Elements of Compliance. This alert spotlights novel and notable guidance in the GCPG that a reader might otherwise miss and more broadly discusses the significance of the GCPG.
What’s New in the GCPG
It is important to acknowledge what is the novel about the GPCG as a whole: OIG has rarely issued guidance that is not tailored for a narrow audience (e.g., older CPGs), a discrete concern (e.g., Special Fraud Alerts and Bulletins) or specific factual circumstances (e.g., advisory opinions). By contrast, the GCPG explicitly addresses all stakeholders across the healthcare industry—as well as service operations, tech companies, investors, and other outside players—whose activities ancillary to healthcare implicate the OIG’s fraud and abuse authorities. The GCPG offers a singularly broad overview of those authorities, associated regulatory risk areas, advice for effective compliance programs, and introduces important agency processes such the advisory opinion process and self-disclosure protocols. It contains an apparently unprecedented collection of useful links to resources at OIG and elsewhere. As noted, however, the GCPG mainly appears to recap guidance aggregated from elsewhere in OIG publications.
Below is a selected listing of points where the GCPG offers novel guidance from OIG:
Conclusion
The OIG offers novel guidance in the subsections of the GCPG listed above, among others. The introduction of the information blocking rule, discussion right-sizing small entity compliance, and references to new entrants and nontraditional ventures and private equity and investors merit consideration in light of the OIG’s decision to break with past practice by issuing a general-purpose compliance program guidance. OIG apparently seeks to convey the message of the GCPG as broadly as possible. OIG is putting on notice the gamut of healthcare entities, even in the context of nontraditional ventures, and outside actors in roles ancillary to healthcare operations—including service operations, tech companies, and investors: anyone whose activities implicate OIG fraud and abuse authorities will be expected to be avoid regulatory risk and operate under situation-appropriate and effective compliance oversight.
The OIG said that it welcomes feedback from the healthcare community and other stakeholders in connection with the GCPG and forthcoming ICPGs; feedback can be sent to compliance@oig.hhs.gov. If you have any questions or are interested in submitting feedback to the OIG on the GCPG, please contact James Ravitz, Georgia Ravitz, Eva Yin, Andrea Linna, Shari Esfahani, Jeff Weinstein, Marissa Hill Daley, or any member of the firm’s FDA regulatory, healthcare, and consumer products practice.
Jamie Ravitz, Jeff Weinstein, and Marissa Hill Daley contributed to the preparation of this Wilson Sonsini Alert.