In November 2023, the Office of Inspector General (OIG) issued updated General Compliance Program Guidance, marking a significant evolution in the standards governing healthcare compliance. It has been 16 years since they last touched guidance for an industry-specific entity and 26 years since OIG issued the original Compliance Program Guidance for Hospitals. These enhancements are not just a mere update but a clarion call for hospitals to re-evaluate and fortify their compliance frameworks. The outlined seven elements of an effective compliance program underscore the complexity and the necessity of robust compliance mechanisms in today’s healthcare environment. However, hospitals must look beyond these elements to navigate the challenges and opportunities that lie ahead. Establishing clear, accessible, and comprehensive guidelines for conduct ensures that all personnel are aware of their compliance obligations. The development of a Code of Conduct and Compliance Policies and Procedures is central to this element. Policies and procedures need to address both your organization’s compliance program but also how the program reduces risks that occur due to non-compliance with federal and state laws. It is not enough to have policies and procedures; they also have to be up-to-date and accessible by your organization’s employees, contractors, and other relevant individuals. It is also necessary to review the employee handbook and update it to reflect changes to applicable statutes, regulations, and the Federal healthcare program requirements. Dedicated leadership, including a Compliance Officer and a Compliance Committee, ensures accountability and fosters a culture of compliance. Your healthcare organization’s governing board should exercise oversight over the compliance process and ensure the Compliance Officer is sufficiently empowered, independent, and has the resources necessary to carry out the compliance function.The board also needs to oversee the Compliance Committee and regularly receive reports on risk assessment activity, including how identified risks were resolved.1. Written policies & procedures
2. Compliance leadership & oversight
3. Training & education
Regular, targeted training programs are crucial for ensuring that all employees understand the compliance standards relevant to their roles. A compliance training program should include education on your organization’s compliance program, federal and state standards that are applicable to your organization, and board governance and oversight. The OIG recommends that all of your organization’s board members, officers, employees, contractors, and medical staff should receive annual training on the compliance program and potential compliance risks.Targeted training for specific risks to certain departments of your organization and for the board should also be undertaken and should address areas such as billing, coding, documentation, medical necessity, beneficiary inducements, gifts, interactions with physicians and other sources of referrals, and sales and marketing practices.
4. Effective lines of communication
Open and secure channels for reporting concerns or potential violations are essential for early detection and resolution of compliance issues. Hospital employees need to be aware of the available ways of reporting compliance concerns to the Compliance Officer and such reporting should be encouraged. In addition, your healthcare organization should have a policy of confidentiality and non-retaliation for reporters of compliance concerns. The Compliance Officer should have a log of compliance concerns and their follow-ups.
5. Enforcing standards – consequences & incentives
Implementing a balanced approach of consequences for non-compliance and incentives for compliant behavior helps to maintain high ethical standards. Consequences for non-compliance include remediation and/or sanctions and may be punitive or non-punitive and depend on whether the employee’s behavior is negligent or intentional.
6. Risk assessment, auditing, & monitoring
Proactively identify, assess, and mitigate compliance risks through regular audits and monitoring activities. It is important to note that risk assessment, or the process of identifying, analyzing, and responding to risk, is now part of a stated element of the Compliance Program Guidance. The OIG also talks about the timing of risk assessments, stating they should be done periodically and be conducted at least annually. In addition to regular risk assessments, your organization should conduct scheduled audits based on risks identified in the annual risk assessment. Audits should be identified in your organization’s compliance work plan.
7. Responding to detected offenses & developing corrective action initiatives
A prompt and thorough investigation of alleged violations, followed by appropriate corrective actions, is critical for maintaining the integrity of your compliance program. Alleged compliance violations are inevitable, and your healthcare organization must have policies and procedures governing how investigations are conducted and the necessary maintenance of the investigation record. Your Compliance Officer needs to be mindful of the required activities that must be reported by law to various government entities. Once violations are determined through investigation, corrective action plans need to be developed. Examples of corrective actions includerefunding overpayments, enforcing disciplinary policies and procedures, and making a policy or procedure change to prevent recurrence of the violation or other related, identified areas of vulnerability.
