The US Department of Health and Human Services Office of Inspector General (OIG) announced on April 25 that it would be updating its Compliance Program Guidances (CPGs).

Since 1998, OIG has released a series of CPGs focused on different healthcare industry participants, including, among others, hospitals, physician practices, home health agencies, hospices, clinical laboratories, pharmaceutical manufacturers, and third-party medical billing companies. The CPGs provide voluntary, nonbinding guidance on the development, implementation, and evaluation of effective healthcare compliance programs.

OIG’s changes to its compliance guidance process, which stem from feedback received through the agency’s request for information related to its Modernization Initiative To Improve Its Publicly Available Resources, are aimed at “modernizing the accessibility and usability” of the CPGs.

What’s changing?

First, OIG will no longer publish new CPGs in the Federal Register. Instead, all existing and new or updated CPGs will be made available directly on OIG’s website. OIG will alert the public of new guidance through its public listserv and other communication platforms.

Second, OIG is introducing a new bifurcated format for CPGs—a general CPG (GCPG) and industry-specific CPGs (ICPGs):

  • The GCPG will generally apply to all healthcare industry participants and address key topics, including compliance program fundamentals and operational considerations, fraud and abuse laws, and OIG processes and resources. Accordingly, it is likely that the GCPG will largely consolidate existing OIG compliance program guidance on the “seven elements” issued in the late 1990s. OIG plans to update this standalone guidance document from time to time, as prompted by changes in compliance practices or legal requirements. OIG expects to publish the initial GCPG by the end of 2023.
  • In contrast, the ICPGs will focus on specific healthcare industry participants, as well as ancillary industry subsectors applicable to the Federal health care programs. These guidance documents will be more narrowly-tailored than the GCPG, providing fraud and abuse law compliance pointers relevant to the particular audience. OIG plans to update the ICPGs as needed to address newly identified areas of risk and corresponding compliance considerations. OIG expects to release the first ICPGs in 2024, starting with guidance focused on Medicare Advantage and nursing facilities.

In its notice, OIG reemphasized that these CPGs do not constitute a model compliance program, but are intended to provide voluntary compliance guidance.

All in all, OIG’s updated CPGs should be welcome news for healthcare providers and other industry participants, given that OIG has not updated its baseline compliance program guidance in over 20 years. Perhaps most anticipated are the ICPGs, as they will offer OIG’s targeted guidance on timely and relevant healthcare subsector risks. It is not yet known which provider and manufacturer types or other topics will be the focus of the ICPGs, however, as OIG has only previewed the initial two ICPGs. Through these more tailored guidance documents, OIG has the opportunity to advise healthcare industry participants on subsectors the CPGs have not historically addressed —including pharmacies, healthcare management services organizations, medical device manufacturers, and telehealth, among other potential areas.

OIG has historically exhibited a collaborative approach to compliance guidance by co-hosting a number of compliance roundtables with the Health Care Compliance Association (HCCA) on various topics—although six years has elapsed since the most recent of these events was held.

OIG’s overhaul of its CPG process in response to industry feedback similarly reflects the agency’s continued emphasis on collaboration. Although OIG’s notice on its updated compliance program guidance process did not solicit or seemingly invite industry input on potential topics for the ICPGs, we would encourage industry associations to offer their insight to OIG on important compliance risk areas given their industry expertise. This is in keeping with OIG’s historical collaborative approach to prior CPGs and compliance program best practices.