How the OIG’s New General Compliance Program Guidance (GCPG) Addresses the Seven Elements  

OIG's GCPG Denise atwood

The updated General Compliance Program Guidance (GCPG) from the Office of the Inspector General (OIG) is an extremely helpful reference with an easy-to-understand user’s guide. As Shawn DeGroot noted in her recent look at top takeaways from the document, “The GCPG should be used to establish a compliance program, clarify roles and responsibilities, identify risks, and align current policies and procedures with what should be done.” 
 
Compliance officers can make the most of the new GCPG to meet the requirements of the OIG’s seven elements in a relevant and meaningful way. Below are recommendations – with tips for each of the seven elements – on how the new GCPG can help you develop and maintain your organization’s compliance program.  

Element 1 (page 33): Written Policies and Procedure 

  • An organization’s Code of Conduct, which reflects its mission, vision and goals, should be revised regularly. Each employee and board member should read and acknowledge the Code of Conduct, reflecting their attestation to act ethically and comply with federal and state laws and regulations. 
  • Policies around billing, coding, marketing, quality of care, and physician and vendor arrangements should be reviewed regularly. This means they should be revised if necessary, and a system should be created and maintained with outdated or retired policies.  

Element 2 (page 37): Compliance Leadership and Oversight 

  • Organizations should designate a compliance officer who reports to the Board of Directors and/or the CEO directly. This person should have the authority and resources necessary to implement an effective compliance program.  
  • All organizations’ compliance committees should support the compliance officer in carrying out the compliance program objectives. The committee should meet no less than quarterly.  
  • The Board of Directors should oversee compliance, as they have a fiduciary duty to understand compliance operations and organizational risks.  

Element 3 (page 46): Training and Education  

  • Make clear the identity and role(s) of the compliance officer and the compliance committee. 
  • Be sure to highlight ways that individuals can raise compliance concerns or questions. Support an environment of nonretaliation. 
  • Organizations should have a system to monitor training and education completion by every employee, contractor, student, and volunteer. 

Element 4 (page 50): Effective Lines of Communication  

  • Organizations should allow confidential or anonymous reporting of concerns. This could be done through a hotline number, a website, an email, or mail.  
  • Organizations then should develop and maintain a disclosure log and reported concerns.  

Element 5 (page 53): Enforcing Standards – Consequences and Incentives 

  • Ensure that consequences for noncompliance are well-known throughout the organization. To deter noncompliance, these consequences should be consistently applied and enforced.   
  • Develop incentives, such as staff recognition, to promote and encourage participation in the organization’s compliance program.  

Element 6 (page 55): Risk Assessment, Auditing, and Monitoring 

  • Utilize risk-assessment tools to identify, analyze, and appropriately respond to organizational risks.   
  • Develop and implement an auditing and monitoring plan and calendar for due dates. These audits can be conducted by internal or external auditors.  

Element 7 (page 59): Responding to Detected Offenses and Developing Corrective Action Initiatives 

  • Investigate alleged violations. Summarize the investigative process and investigation findings, and report it all to the compliance committee, CEO, and Board.  
  • Report misconduct or noncompliance to the appropriate governmental agency, as required. For example, in accordance with HIPAA breach notification requirements.  

As healthcare delivery systems become more complex, compliance professionals need to develop and implement compliance programs that are robust enough to provide a good foundation yet flexible enough to allow for change. Mapping the OIG’s new GCPG document to the seven elements can help compliance officers start the new year from a place of strength. 

Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal, and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix and Vice President of the company’s self-insurance captive.  

denise atwood

Qualified compliance professionals do the heavy lifting for you, simplifying regulatory change management   

Our in-house team works tirelessly to monitor US regulators, carefully read the regulations in their entirety, and translate the information into simple regulatory intelligence you can use. We deliver model procedures and expert tools that can be used to fulfill your business requirements. Everything is validated by a third-party law firm.

Get the latest from healthcare compliance experts  

Never miss an article by Denise Atwood. Sign up for YouCompli’s weekly email if you have not already.