HHS Delivers a Warning Shot for Small and Mid-Sized Health Care Entities
HHS doesn’t put out guidance for link clicks and followers, they do so with the intent of delivering an almighty “I told you so” when you mess up.
On November 6, 2023 the Department of Health and Human Services’ Office of Inspector General (OIG) released an updated General Compliance Program Guidance (GCPG). This guidance is the first significant update since 2008 and is part of OIG's Modernization Initiative. This is akin to your local police department publishing the new traffic rules on its website.
On its surface, HHS claims that the:
“GCPG serves as a central resource for healthcare industry stakeholders to voluntarily reference for self-monitoring compliance with laws and program requirements”.
It offers “practical tips” for developing robust compliance programs and addresses specific areas such as effective compliance committees, risk assessments, compliance training, and employee incentives for compliance engagement. But we must treat this guidance as more than “helpful tips” - these are essential requirements.
CCG Health Care Compliance Experts
First, lets review the key components of the GCPG.
Key components of the GCPG include:
Anti-Kickback Statute (AKS) Considerations: The GCPG details key health care fraud and abuse laws, including the federal AKS. It outlines factors to assess potential fraud and abuse risks in arrangements not covered by AKS safe harbors. These factors include the nature of relationships between parties, how participants are selected, how remuneration is determined, the value of remuneration, the nature of services provided, potential conflicts of interest, and documentation practices.
Financial Incentives: The guidance emphasizes the role of financial incentives in identifying fraud and abuse risks. It suggests tracking and managing financial arrangements and transactional agreements, including those between referral sources and recipients, to prevent compliance issues and implement effective monitoring.
Guidance for Small and Large Entities: The GCPG provides tailored guidance for small entities, like physician practices and start-ups, recognizing their limited resources. It advises on compliance officer roles, annual compliance training, open communication lines, and risk assessments. For large organizations, it recommends having a dedicated compliance officer, a department of compliance personnel, and compliance committees.
Information Blocking: The guidance covers OIG's authority to investigate claims of "information blocking" by health information technology developers, exchanges, or networks. This term refers to practices likely to interfere with access to, exchange of, or use of electronic health information, unless covered by an exception or required by law.
Updates to Separate CPGs: The OIG has announced forthcoming updates to separate CPGs for Medicare Advantage and skilled nursing facilities, signaling ongoing modernization efforts.
We’ve Saved our Clients $550 Million in Audits, Overpayments, and Forfeitures. National Health Care Compliance Experts with Former Federal and State Health Care Experience
The OIG's GCPG underscores the importance of compliance training, open communication, and risk assessments, even for small practices and startups. Here’s the import, small entities and startups, often with limited resources, must recognize the necessity of these aspects to maintain compliance with healthcare regulations.
Here’s where mid and small sized entities and startups must focus:
Compliance Training: The guidance suggests that if a small entity cannot support a full-time compliance officer, a designated compliance contact should be in place. This individual, reporting to the owner or CEO, should focus on compliance issues without being involved in billing or legal services. The OIG provides training resources, including videos, which are particularly useful for small entities.
Open Communication: Maintaining open lines of communication for reporting compliance concerns is vital. While anonymity may not always be feasible, it's crucial that staff feel comfortable reporting issues without fear of retaliation.
Risk Assessments: The GCPG advises that small entities should conduct at least annual risk assessments. This can be as simple as a brainstorming session during a staff meeting. It's important for these entities to review their own data, such as claims denials and patient safety records, to identify and address potential risks.
For small and mid-sized entities, navigating these requirements can be challenging. Engaging a specialized compliance company for employee training and risk assessments can provide the expertise needed to ensure adherence to these guidelines. This approach not only helps in meeting legal requirements but also in fostering a culture of compliance and ethical practice, which is essential for long-term success in the healthcare industry.
This comprehensive guidance is crucial for healthcare organizations to ensure they are up-to-date with compliance requirements and best practices. As a compliance company, assisting healthcare clients in navigating and implementing these guidelines effectively would be pivotal in ensuring their adherence to legal and ethical standards, thereby safeguarding their operations and reputation in the healthcare industry.
If you are just getting started or haven’t invested in a compliance program, contact CCG Today. Our experts will help you achieve a culture of compliance economically and efficiently.