Written by Sandy Piersol, Senior Director & Compliance Officer, and Mykel Banks, Senior Manager of Advisory Consulting

In a rapidly evolving regulatory landscape, it’s crucial for organizations to ensure their compliance efforts are not only effective but also aligned with the latest guidance and protocols set forth by authoritative bodies like the Office of Inspector General (OIG).

Since its inception in 1998, the OIG has played a pivotal role in shaping compliance standards across various sectors, including healthcare. They have offered guidance for entities such as hospitals, home health agencies and more, offering a framework to uphold ethical and legal practices.

In recent years, the OIG has taken significant strides to keep pace with the ever-changing compliance landscape. They have made updates and provided extensive guidance on critical aspects, notably anti-kickback laws. Moreover, they have addressed new and emerging risks that pose challenges to industries today. Recently, the OIG issued an updated General Compliance Program Guidance, November 2023.

Developments in Corporate Integrity Agreements (CIAs) have introduced notable changes that providers must pay close attention to. CIAs, which are signed with the federal government following settlements, are essential for providers to avoid exclusion from Medicare and Medicaid programs. Traditionally, eligibility for exclusion pertained to individuals currently excluded from all federal healthcare programs. However, recent CIAs have ushered in a significant shift in this definition, encompassing not just the list of excluded individuals and entities on the Office of Inspector General (OIG) website but also state Medicaid program exclusions. This expansion underscores the increasing emphasis on thorough screening at various stages of healthcare operations.

One of the prominent trends in CIAs is the growing emphasis on “arrangement control.” While earlier CIAs often revolved around billing, coding, and documentation, the focus has now expanded to encompass the Anti-Kickback and Stark Laws. Healthcare providers are now under scrutiny regarding how they implement controls and mitigate risks associated with arrangements, including how they compensate medical directors and interact with contractors. The OIG’s heightened expectations regarding arrangement control highlight the importance of providers exercising oversight and maintaining control over their contracts. Implementing a rigorous review process for contracts, ensuring fair market value compensation, and verifying that vendors fulfill their contractual obligations, especially when dealing with protected health information (PHI) data, is now more critical than ever.

Another significant shift in CIAs is the inclusion of underpayments in the scope of review by Independent Review Organizations (IROs). Traditionally, CIAs only focused on overpayments, but now underpayments are being considered as well. This change implies that providers may have been leaving money on the table in the past. The ability to net out underpayments from overpayments adds a layer of complexity to the compliance landscape, underscoring the importance of precise financial controls and thorough auditing practices.

It’s important to note that every CIA is unique and subject to negotiation. Providers entering into CIAs have the opportunity to negotiate the terms that best suit their specific circumstances. While CIAs offer guidance on the OIG’s areas of concern, they do not encompass an entire compliance program. Instead, they are tailored to address the specific issues that led to the settlement.

In light of these evolving trends in CIAs, healthcare providers must take proactive measures to ensure compliance with both federal and state regulations. This includes implementing robust screening processes to check for excluded individuals and entities, strengthening contract management procedures, and conducting thorough audits to address both overpayments and underpayments. Additionally, providers should regularly review and update their compliance programs to align with the shifting regulatory landscape, ensuring they remain in compliance with the ever-changing expectations of the OIG and federal authorities.

The landscape of Corporate Integrity Agreements continues to evolve, reflecting the changing priorities and expectations of the federal government in the realm of healthcare compliance. Providers must remain vigilant, adapt to these changes, and continuously improve their compliance programs to meet the standards set forth in CIAs and, more importantly, to ensure ethical and legal practices within the healthcare industry.

When it comes to corporate compliance programs, seven key elements stand as pillars of ethical and legal practice: Standards and Procedures, Education and Training, Oversight, Monitoring and Auditing, Reporting, Enforcement and Discipline, and Response and Prevention. These elements form the bedrock of a comprehensive compliance program, and they are essential for entities like hospitals, home health agencies, and hospice providers.

Recent developments have emphasized the importance of assessing these elements rigorously. Oversight is paramount—is there a dedicated compliance officer in place? Do standard policies and procedures exist? Education and training are vital to ensure that all staff members are aware of compliance requirements. Monitoring and auditing should be continuous, encompassing claims, HR practices, and regular checks of exclusion lists. A holistic view of the organization is necessary when evaluating a corporate compliance program.

Reporting and enforcement are areas of increased focus. Transparency in reporting findings and swift, appropriate enforcement measures are essential to demonstrate commitment to compliance. The Department of Justice (DOJ) rigorously upholds the rules and the law, imposing hefty fines for violations. Hence, having a robust compliance program is not just an option; it’s a necessity to mitigate risks and show diligence in preventing infractions.

Updates in Stark Law and anti-kickback regulations further underscore the need for stringent compliance efforts. Violations under Stark Law can incur penalties of up to $100,000, while anti-kickback violations can result in fines of $25,000 per violation. These hefty penalties reinforce the imperative of staying compliant and having a proactive compliance program in place.

When it comes to compliance in healthcare, it’s not a matter of choosing between OIG Guidance or the Department of Justice (DOJ) standards—you must follow both. It’s a common understanding that no compliance program can completely eliminate all risks; it’s about how you respond to the challenges that arise.

The DOJ emphasizes the importance of having a well-functioning and adequately funded mechanism for investigating allegations or suspicions of misconduct. This underscores the significance of the monitoring and auditing element within the seven elements of a compliance program. They want to see organizations actively working to mitigate risks and dedicating resources to that end. Equally crucial is having a clear action plan for addressing identified risks. Demonstrating these efforts can earn leniency from the DOJ, as it shows a commitment to risk mitigation.

When evaluating the effectiveness of your corporate compliance program, consider three key questions. First, is it well designed? This means following the established elements, having policies and procedures in place, and cultivating a culture of compliance. Second, is it applied earnestly in good faith? Are you actively implementing and enforcing the program, rather than just having it on paper? Lastly, does it work in practice? Is it a living, breathing part of your organization, or is it merely a binder on a shelf?

To ensure that your corporate compliance program is well designed, you need to implement the fundamental elements. This includes appointing a compliance officer or leader, establishing and maintaining policies and procedures, conducting regular monitoring and reporting, and providing education and training throughout the organization. However, one critical aspect that’s gained prominence is risk assessment. Continuously evaluating your organization and compliance program for potential risks, performing regular audits, and updating policies and procedures accordingly is vital. Demonstrating this commitment to risk mitigation is a key component of a strong compliance program.

Ultimately, building a culture of compliance within your organization is paramount. When everyone understands the importance of compliance and sees it as a top priority, your program becomes more effective. It’s not just about following rules; it’s about fostering a mindset where ethical and legal practices are at the forefront of employees’ minds. Aligning with both OIG and DOJ expectations, actively mitigating risks, and nurturing a culture of compliance are essential steps to safeguarding your organization’s integrity and reputation.

McBee Compliance Services

McBee is here to help your organization tackle your biggest challenges & mitigate risk.

Learn more about McBee compliance services including compliance program reviews, risk assessments, internal audits and more.

Sandy Piersol - McBee Associates

About the Author

Sandy Piersol, Senior Director & Compliance Officer

Sandy Piersol has over 25 years of healthcare experience. As Compliance Officer, Sandy provides guidance for the Board and the senior management team on matters relating to compliance. She oversees the Corporate Compliance Program, functioning as an objective body that reviews and evaluates compliance issues/concerns within the organization. This position ensures the Board of Directors, management, and employees are in compliance with the rules and regulations of regulatory agencies, that company policies and procedures are being followed, and that behavior in the organization meets the company’s Standards of Conduct.

Never miss an update. Subscribe to our blog and get the top industry insights delivered right to your inbox.