The 91-page document, published on the OIG's website rather than in the Federal Register, describes the primary responsibilities for compliance officers, including a new obligation to be an adviser to the chief executive officer, the board of directors and other senior leaders on compliance risks facing the entity.
The board should ensure that the compliance officer has "sufficient power, independence and resources" to implement, maintain and monitor the entity's compliance program and advise the board about the entity's compliance operations and risk, according to the updated guidelines.
The document also outlines seven elements of a successful compliance program: written policies and procedures; compliance leadership and oversight; training and education; effective lines of communication with the compliance officer and disclosure program; enforcing standards, with consequences and incentives; risk assessment, auditing and monitoring; and responding to detected offenses and developing corrective action initiatives.
The compliance committee should be led by the chief compliance officer, and risk assessment should be conducted by the organization, not by the compliance committee, according to one government attorney. Laura Ellis, a senior counsel at the OIG, spoke on a panel Monday at a Health Care Compliance Association conference in Washington, D.C.
The guidance applies to hospitals; home health agencies; clinical labs; third-party clinical billing companies; the durable medical equipment, orthotics, prosthetics and supply industry; hospices; Medicare Advantage nursing facilities; physicians' ambulance suppliers and pharmaceutical manufacturers. HHS will publish industry-specific compliance guidance in 2024, the document said.
Laws and regulated topics covered in the guidance include the False Claims Act, the Anti-Kickback Statute, the health care fraud statute and information blocking practices that discourage the use, sharing of or access to electronic health information.
The guidelines were initially published in 1998. While current guidance is available on the HHS website, older compliance program guidance, or CPGs, remains archived on the site. The guidance was last updated in 2008, and this new version marks the first time links are available.
An HHS handout describes some of the differences between the old CPGs and the new General Compliance Program Guidance, or GCPG.
HHS said publishing the guidance on the website allows officials greater flexibility to update it as needed, and noted that comments and suggestions on new risk areas are being sought on an ongoing basis.
While current guidance is available on the HHS website, older CPGs remain archived on the site.
During her panel, Ellis urged compliance officers and health care company officials to widely share success stories — for example, of how a compliance officer learned about an issue and dealt with it appropriately.
"Stories have a larger impact than data," she said.
--Editing by John C. Davenport.
For a reprint of this article, please contact reprints@law360.com.
