Health Law Blog

New US HHS OIG Compliance Guidance Tool

On November 6th, 2023, the US Department of Health and Human Services Office of Inspector General (OIG) released its new General Compliance Program Guidance or “GCPG.” The new GCPG helps providers consolidate key federal laws including the Anti-Kickback Statute (AKS), Physician Self-Referral Law (Stark Law), the False Claims Act, and the Health Insurance Portability and Accountability Act (HIPPA). The goal of the GCPG is simple – to help create a fast and easy way to navigate through various statutes and regulations especially for new entrants in the health care sector such as technology companies, new investors, and organizations providing non-traditional services in health care settings.

Those interested in viewing the new GCPG can do so on OIG’s website ( and can also download and save a PDF version. Although it is recommended that the GCPG be reviewed in its entirety, below are some of the key sections addressed in the new GCPG:

  1. Quality and Compliance Considerations

The OIG has made clear that “entities should incorporate patient safety and oversight into their compliance programs.” Although these are generally treated as wholly separate and distinct from compliance, the OIG has stressed its high importance with certain federal agencies such as the Centers for Medicare & Medicaid Services (CMS) and the Food and Drug Administration (FDA). As such, the OIG now requires regular reports from those responsible for oversight of quality and patient safety compliance. Furthermore, regular reports on internal quality controls, quality assurance monitoring, and patient safety should be made and evaluated by the board. For more detailed information on Compliance Committee members and program requirements, see pages 76-78 of the GCPG.

  1. New Entrants in the Health Care Industry

The GCPG addresses new entrants in the health care industry who may be unfamiliar with regulations at both the State and Federal level. This appears to be an attempt to put those entering the industry on notice that ignorance of the law is no defense, and it makes no difference how unfamiliar or foreign these regulations may seem. The OIG stresses that all entrants are required to “possess a solid understanding” of Federal Fraud and abuse laws and other applicable laws.

  1. Risk Assessment Process

The OIG also notes the importance of Compliance Committees as it relates to the risk assessment process stating that:

“A formal compliance risk assessment process should pull information about risks from a variety of external and internal sources, evaluate and prioritize them, and then decide which risks to address and how to address them.  The Compliance Committee should be responsible for conducting and implementing the compliance risk assessment.”

For those seeking more information on establishing their own compliance programs, see page 56 of the GCPG, which provides helpful links to other risk management frameworks.

  1. Compliance Programs for Small and Large Entities

Lastly, the OIG has drafted a section addressing small and large entities recognizing that compliance programs may be structured differently depending on their size.

Small Entities

For small entities, the OIG suggests that six different elements be implemented into the compliance program to assure it can be successfully carried out: (1) designation of a compliance contact; (2) establishing policy, procedure, and training on how to comply with legal requirements; (3) formal disclosure programs and open lines of communication; (4) compliance and risk management procedures; (5) mechanisms to thwart violations; (6) responding to detected offenses and developing corrective action initiatives.

Large Entities

For larger entities, OIG suggests there be significant compliance resources and expertise to address complex issues.  As such, the OIG has highlighted two key areas including: (1) establishing a department of compliance with chief compliance officer and (2) establishing compliance committees with various subcommittees.

Please note that these compliance programs differ from the requirements of the New York State Medicaid program. Although the OIG’s guidance on these topics is lengthy, the new GCPG is a user-friendly resource designed to be utilized not only by major health care organizations but by those just entering the health care industry. Program guidance may be downloaded directly at

For legal assistance with compliance matters, including Medicaid compliance plans, please contact David R. Ross, Esq., Shareholder, at (518) 312-0167 or via email at Law Clerk Charles Serino assisted in the preparation of this article.

Back to Top