Physicians have a lot going on. Between the pressures of clinical and administrative responsibilities, sometimes the only way to keep everything together is with a to-do list. Unfortunately, it can often feel as though some items never come off that list. Often, the bigger a project sounds, the more likely it is to sit on that list for months—or even years. Revising or implementing a compliance plan can be just one of those big projects that tends to linger.
Although compliance programming takes a lot of resources or may be already happening informally, all physicians should review their activities to ensure they are fulfilling their obligations under the law, as well as to their practice.
- Written policies and procedures;
- Compliance leadership and oversight;
- Training and education;
- Effective lines of communication;
- Enforcing standards;
- Risk assessment, auditing and monitoring; and
- Response and corrective action initiatives.
A General Compliance Program Guidance (GCPG) document, published by the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) in 2023, provides a crash course in how to create your compliance program. In addition to providing substantial background on the seven core elements, the document provides information on important healthcare laws and how different-sized organizations can scale their compliance programs on the basis of their available resources.
The OIG is also phasing in Industry Segment-Specific Compliance Program Guidance (ICPG) documents. In 2024, the OIG published its first ICPG, focused on nursing facilities. In 2025, OIG anticipates publishing three more ICPGs, focused on Medicare Advantage, hospitals and clinical laboratories. Click here for the GCPG, HHS-OIG-GCPG-2023(35802555.1), and here for the ICPG, nursing-facility-icpg(35802556.1). Check the OIG’s website for updates.
In addition to these guidance documents, a healthcare lawyer can play a crucial role in reviewing the contents of a compliance program to advise on its effectiveness.
Setting up a compliance program is only the first step. To meet the requirement of establishing a compliance program, providers must be able to demonstrate they actually adhere to it. In other words, providers need to walk the walk and not just talk the talk. Compliance programs are a living document, and they evolve over time.
In addition to being a requirement for participation in federal healthcare programs, compliance programs can be used to mitigate sanctions imposed on providers as a result of a violation of federal laws, such as the Anti-Kickback Statute or the Physician Self-Referral Law (casually referred to as the Stark law). Under the U.S. Federal Sentencing Guidelines, the existence of an effective compliance program has the potential to reduce the culpability of the provider organization when determining sanctions for that organization.
The U.S. Federal Sentencing Guidelines document mirrors the seven core elements published by the OIG in describing the minimum requirements for a compliance program. If the provider organization is found to have exercised due diligence in detecting and preventing criminal conduct, and to have promoted a culture of compliance by executing on these seven elements, the organization may experience leniency by the sanctioning agency.
Where to Start?
Between the ability to participate in Medicare and Medicaid and protecting your organization from possible sanctions, the incentives are clear that compliance programming should be taken seriously. But where should you start? Here are three tips to get your compliance programming on track.
First, if you are new to compliance programming, read the GCPG. You need a framework for compliance programming to effectively establish a foundation that includes the seven core elements.
Second, identify the individuals who will be responsible for the compliance program. Depending on the size of the organization, this may be one person or it may be an entire department. It may even be an independent contractor. One of the key features of the seven elements is the personnel used to design and execute the compliance program. For example, the OIG stresses the need for a compliance officer, a compliance committee and the involvement of a Board of Directors or CEO.
Third, realize there is no finish line in compliance. Laws change, organizations change, and healthcare changes. The compliance concerns of 2000 look quite different from the concerns of 2025. Do not let this overwhelm your practice or organization into inaction. Understand that compliance will be a stepwise process. Although the work of compliance never ends, organizations gain compliance skills over time. Engaging with a healthcare lawyer can assist your organization in keeping up with changing regulatory landscapes.
Taking control of your compliance program now could pay dividends later. As stated previously, the OIG has not officially mandated that its seven core elements be implemented to meet the requirements of a compliance program. However, these elements have been widely adopted by the industry. If the OIG eventually mandates specific elements of compliance programming, it is very likely these seven core elements will be required. As such, it is prudent to take advantage of this voluntary period to roll out your compliance program in a controlled manner.
If a physician eventually plans to sell their practice to or merge with another organization, compliance will play a large role in the transaction. As part of the transaction, many purchasers directly ask if a written compliance program is in place at the organization. Additionally, as part of a purchaser’s due diligence process, instances of noncompliance with federal healthcare laws may be uncovered. This could lead to delays in the transaction, a reduction in purchase price or even the transaction falling apart altogether. An effective compliance program could prevent some of these potential problems.
Final Thoughts
Although very few people find the thought of compliance programming exciting, it is an important facet of the healthcare industry. In addition to providing valuable protections for your organization, it is simply the right thing to do. By conducting your practice’s business in a compliant manner, you play your part in ensuring the healthcare system can provide high-quality, ethical care to all patients.
So as you write up your next to-do list, keep compliance programming near the top.
Emily A. Johnson, JD
Emily A. Johnson, JD, is a nationally recognized attorney, author and speaker with McDonald Hopkins LLC. Email her at [email protected].
