Key Takeaways from OIG’s Newly Released General Compliance Program Guidance 

Key Takeaways from OIG’s General Compliance Program Guidance - cj wolf

It’s finally here. The long-awaited, new OIG General Compliance Program Guidance (GCPG) has been released, all 91 pages of it. If you have not viewed it yet, click here: 

This release is the first major compliance guidance document the OIG has shared in many years. While it is not possible to cover all 91 pages of the guidance in this brief article, here are the key takeaways to note from my perspective.   

Healthcare Compliance Laws and Enforcement 

A significant early portion of the document focuses on key healthcare laws and authorities that compliance programs should be familiar with. These include the Federal Anti-Kickback Statute, the Physician Self-Referral Law, the False Claims Act, the Civil Monetary Penalty (CMP) Authorities, Exclusion Authority, Criminal Health Care Fraud Statute, and the HIPAA Privacy and Security Rules. Under the Civil Monetary Penalty Authorities, the OIG emphasized the Beneficiary Inducements CMP, Information Blocking, and CMP authority as it relates to HHS grants, contracts, and other agreements. 

The Seven Elements 

The largest section of the document makes direct recommendations about compliance program infrastructure. Experienced compliance professionals will find the messaging in this section to be like past guidance. However, some notable portions appear to have additional nuanced focus: 

  • It makes a more direct plea to leadership such as the CEO and/or Board to include formal statements of support for a culture of compliance in the Code of Conduct. 
  • There is a direct recommendation that policies and procedures be reviewed at least annually. 
  • The compliance officer should either report directly to the CEO or the Board. If reporting to the CEO, it should be with direct and independent access to the Board. 
  • There are more references to quality of care in multiple elements. These include policies; coordinating with the Quality Department; clinical decision making; having representation from the Quality Department on the compliance committee; and calling out the potential of reporting serious breaches in quality and adverse events to the government. 
  • The Auditing and Monitoring element now specifically includes Risk Assessment. It discussed the importance of performing a risk assessment and provides links to helpful resources when doing so. 
  • The OIG calls out the importance of auditing for medical necessity. 


As has always been the case, the OIG is careful to point out that this guidance should not be considered a model compliance program. To further this message, there is an entire section titled “Compliance Program Adaptations for Small and Large Entities.” It is important to recognize that no two compliance programs are going to be the same. Successful compliance programs are adapted to fit the organization and maximize compliance for individual organizations with unique risk profiles. 

There is obviously much more to the GCPG that has not been discussed here. This new document is sure to become a staple for any compliance professional in the healthcare industry. 

CJ Wolf, MD, M.Ed. is a healthcare compliance professional with over 22 years of experience in healthcare economics, revenue cycle, coding, billing, and healthcare compliance. He has worked for Intermountain Healthcare, the University of Texas MD Anderson Cancer Center, the University of Texas System, an international medical device company and a healthcare compliance software start up. Currently, Dr. Wolf teaches and provides private healthcare compliance and coding consulting services as well as training.  

Qualified compliance professionals do the heavy lifting for you, simplifying regulatory change management   

Our in-house team works tirelessly to monitor U.S. regulators, carefully read the regulations in their entirety, and translate the information into simple regulatory intelligence you can use. We deliver model procedures and expert tools that can be used to fulfill your business requirements. Everything is validated by a third-party law firm.   

Get the latest from healthcare compliance experts  

Never miss an article by CJ Wolf. Sign up for YouCompli’s weekly email if you haven’t already.