Posternak Blankstein & Lund LLP is now Arent Fox. Read the press release

In A Must Read, New OIG Guidance Provides Practical Ways to Evaluate Compliance Program Effectiveness

The Department of Health and Human Services recently issued an important new compliance guide, called Measuring Compliance Program Effectiveness: A Resource Guide.

The Guide is a combined effort of HHS’s Office of Inspector General and the Health Care Compliance Association and provides guidance on evaluating compliance program effectiveness based on the input of 40 compliance professionals and OIG staff.

For decades, the OIG has instructed health care providers to implement effective compliance programs and has issued voluntary compliance guidance for specific types of health care entities, including hospitals; home health agencies; third-party medical billing companies; the durable medical equipment, prosthetics, orthotics and supply industry; Medicare+Choice (now Medicare Advantage) organizations; individual and small group physician practices; nursing homes; hospices; clinical laboratories; ambulance service providers; and pharmaceutical manufacturers. Section 6401(a)(7) of the Affordable Care Act requires most providers and suppliers to establish compliance plans as a condition of enrollment in Medicare, Medicaid and the Children’s Health Insurance Program, although specific implementing regulations and implementation dates have not yet been issued for most types of providers1. The Guide is noteworthy for being one of the OIG’s only resources specifically focused on practical ways to  measure the effectiveness of compliance programs. 

The Guide provides an extensive and extremely detailed list of over 400 practical ways to assess whether a compliance program is effectively meeting the seven elements of a compliance program, which are described in the Guide as: (1) standards, policies, and procedures; (2) compliance program administration; (3) screening and evaluation of employees, physicians, vendors, and other agents; (4) communication, education, and training on compliance issues; (5) monitoring, auditing, and internal reporting systems; (6) discipline for non-compliance; and (7) investigations and remedial measures.2 Each element is subdivided into numerous categories, and then organized by program components relating to “what to measure” and corresponding suggestions on “how to measure” effective implementation of each component.  

For example, Element 1 (Standards, Policies and Procedures) contains 18 categories that are then further subdivided into 11 components, including:

  • Access,
  • Accountability,
  • Review/Approval Process,
  • Quality,
  • Assessment,
  • Code of conduct,
  • Updates,
  • Understanding,
  • Compliance Plan,
  • Confidentiality Statements, and 
  • Enforcement.

As one example, the section on “Enforcement” suggests:  

  • Measuring compliance with policies by conducting interviews and observation,
  • Measuring policy violations by auditing policies and procedures to ensure practice is consistent with policy, and 
  • In cases involving patient harm, measuring adherence to policies and procedures to validate appropriate reporting to a regulatory agency. 

There are numerous additional types of issues to measure with wide-ranging and detailed suggestions on how to measure them throughout the Guide. According to the OIG, the Guide contains a broad list of ideas intended to help all types of health care organizations. However,  the Guide emphasizes that “one size truly does not fit all,” and health care organizations should choose which ideas best suit their needs. The Guide specifically states that the Guide should not be used as a wholesale checklist, and “using [all the measurements described in the guide] or even a large number of these is impractical and not recommended.” An organization may choose to use only a small number of ideas in any given year, and some suggested items or ideas may be used frequently, while others are only used occasionally or not at all. Nevertheless, the Guide is a welcome, practical tool that compliance professionals and counsel should review to select measures suitable to their organization’s specific needs, resources, and risks. 

Arent Fox’s Health Care and Fraud & Abuse Compliance teams regularly monitor developments from the OIG and advise clients on compliance related matters. If you have any questions or need assistance on the topic covered here, please contact Linda A. Baumann, Hillary Stemple, Douglas Grimm, or Stephanie Trunk in our Washington, DC office, Thomas Jeffry in our Los Angeles office, or the Arent Fox professional who usually handles your matters. 

1. There are mandatory compliance program requirements for nursing facilities, Medicare Advantage Plans, and Medicare Part D Plan sponsors.

2. The voluntary compliance program guidance previously issued by the OIG describe the seven required elements of a compliance program somewhat differently: (1) implementing written policies and procedures; (2) designating a compliance officer and compliance committee; (3) conducting effective training and education; (4) developing effective lines of communication, such as a hotline; (5) conducting internal monitoring and auditing; (6) enforcing standards through well-publicized disciplinary guidelines; and (7) responding promptly to detected problems and undertaking corrective action. See, e.g., OIG Compliance Program Guidance for Pharmaceutical Manufacturers. One noteworthy difference is that the Guide devotes an entire section, and thus increased emphasis, to the screening and evaluation of employees, physicians, vendors, and other agents.


Continue Reading