ComplianceOnline

An Overview of the Guidance and Laws that Healthcare Compliance Officers and Associated Professionals must know


A Healthcare compliance program is a regulatory requirement for various segments of the healthcare industry, such as hospitals, nursing homes, third-party billers, and durable medical equipment suppliers.

The compliance officer, the compliance committee, the c-suite and any healthcare compliance professional of healthcare organizations can greatly benefit by understanding the key requirements needed to effectively develop, implement and monitor a healthcare compliance program. Gaining expertise will equip them to help a healthcare organization manage increased scrutiny of Medicare and Medicaid fraud and abuse and keep physicians free from legal issues. This articles sheds light into OIG Compliance Guidance, Healthcare fraud and abuse laws, and provides references to other associated guidance and laws that a compliance professional should know about.

Understanding the Office of Inspector General (OIG) Compliance Guidance

OIG Compliance Components

The Office of the Inspector General (OIG) provided a series of voluntary compliance guidance documents. You can find a list of these documents by clicking here. Much of this guidance has been incorporated as required elements of the mandate

Following is an overview of the Guidance and the components:

  1. The development and distribution of written standards
  2. Written standards of conduct, written policies and protocols that promote the organizations commitment to compliance should be part of the healthcare compliance program. These must address specific areas of prevention of fraud and abuse such as claims development and submission processes, anti-kickback and self-referral programs, credit balances, retention of records, quality of care issues and more. These standards come handy in the evaluation of the managers and employees.


  3. The designation of a compliance officer and other relevant bodies
  4. The guidance recommends the designation of a compliance committee, and other relevant bodies such as compliance committee. These should have access to the governing body and or/CEO. The compliance officer, committee should have sufficient resources authority, and autonomy to carry out its mission

  5. The development and implementation of regular, effective, ongoing training program
  6. Recommendations for the content of the training program include recent developments/changes in the federal healthcare program, results of audits and investigations, results from preceding training sessions, trends in hotline reports, prevention of fraud and abuse, OIG, CMS or other agency guidance or advisories. While reviewing the written procedures, protocols, and code of conduct, role based training programs also play a vital part in being compliant. Points to consider include hiring qualified trainers, providing adequate training programs, the length of the program and medium of delivery, gathering feedback, and ensuring retention of the subject matter.

  7. The creation and maintenance of an effective line of communication
  8. Communication is the life blood of any organization. It is recommended that the compliance program must communicate potential compliance issues effectively by keeping the lines of communication open. By implementing a hotline or other reporting system to receive complaints, while protecting the anonymity of the complainants, organizations can foster a culture of free communication without retaliation.

  9. The use of audits and/or other risk evaluation techniques to monitor compliance
  10. Auditing and monitoring include reviewing procedures to gauge whether they are working as intended and following up on the recommendations and corrective action plans. Monitoring should be done in regular frequency.

    The use of Auditing ensures compliance with statutory and CMS requirements. The results of the audit should be documented. The findings of the report should be in written format and must be copied to the compliance officer, compliance committee to follow up as part of their responsibilities.

  11. The development of policies and procedures for Enforcement of Standards through well-publicized disciplinary guidelines
  12. An effective compliance program involves the development of policies and procedures on how you intend to enforce the compliance program - starting with how you plan to distribute and train your staff on the policies and procedures. Promote the organizationbs compliance program and enforce it consistently throughout the organization.

  13. The development of policies and procedures with regard to the investigation of identified systemic problems
  14. The guidance recommends the compliance program to use corrective actions when vulnerabilities, non-compliance or potential violations are identified. These can include staff education, repayment of overpayments, and disciplinary action against the responsible personnel. Also, measures the current program can be adjusted to prevent the issue from recurring.

Understanding the Health care fraud and abuse laws (False Claims Act, Stark Laws, and Anti-kickback Statute, etc.) including associated penalties

  1. False Claims Act [31 U.S.C. B' B' 3729-3733]
  2. Submitting false or fraudulent claims whether with actual knowledge or with deliberate ignorance or reckless disregard of the truth is illegal

    Penalties: Fines of up to three times the programs' loss and $11,000 per claim filed, imprisonment and criminal fines. May also be imposed with administrative civil monetary penalties for false or fraudulent claims.


  3. Anti-Kickback Statute [42 U.S.C. B' 1320a-7b(b)]
  4. In the federal healthcare programs, paying a referral under is a crime. The statue applies to payers of kickbacks.

    Penalties: Fines, jail terms, and exclusion from participation in the Federal health care programs. Physicians who pay or accept kickbacks have to pay penalties of up to $50,000 per kickback and triple the remuneration amount.


  5. Physician Self-Referral Law [42 U.S.C. B' 1395nn]
  6. 'Section 1877 of the Social Security Act (42 U.S.C. 1395nn) prohibits physicians from referring Medicare patients for certain designated health services (DHS) to an entity with which the physician or a member of the physician's immediate family has a financial relationship unless an exception applies. It also prohibits an entity from presenting or causing to be presented a bill or claim to anyone for DHS furnished as a result of a prohibited referral.

    In addition, section 1903(s) (42 U.S.C. 1396b) of the Social Security Act extends this referral prohibition to the Medicaid program'

    Penalties: : Fines, plus exclusion from participation in the Federal health care programs.


  7. Exclusion Statute [42 U.S.C. B' 1320a-7]
  8. OIG shall exclude from participation in all Federal health care programs individuals and entities convicted of the following types of criminal offenses:

    • Conviction of program-related crimes
    • Conviction relating to patient abuse
    • Felony conviction relating to health care fraud
    • Felony conviction relating to controlled substance
      • OIG has discretion to exclude individuals and entities on several other grounds,

Associated Information References

  1. EMTALA
  2. 'In 1986, Congress enacted the Emergency Medical Treatment & Labor Act (EMTALA) to ensure public access to emergency services regardless of ability to pay. Section 1867 of the Social Security Act imposes specific obligations on Medicare-participating hospitals that offer emergency services to provide a medical screening examination (MSE) when a request is made for examination or treatment for an emergency medical condition (EMC), including active labor, regardless of an individual's ability to pay. Hospitals are then required to provide stabilizing treatment for patients with EMCs. If a hospital is unable to stabilize a patient within its capability, or if the patient requests, an appropriate transfer should be implemented.'


  3. Clinical Laboratory Improvement Amendment (CLIA)
  4. 'The objective of the CLIA program is to ensure quality laboratory testing. Although all clinical laboratories must be properly certified to receive Medicare or Medicaid payments, CLIA has no direct Medicare or Medicaid program responsibilities.'

  5. Corporate Integrity Agreements
  6. 'A comprehensive CIA typically lasts 5 years and includes requirements to:

    • Hire a compliance officer/appoint a compliance committee;
    • Develop written standards and policies;
    • Implement a comprehensive employee training program;
    • Retain an independent review organization to conduct annual reviews;
    • Establish a confidential disclosure program;
    • Restrict employment of ineligible persons;
    • Report overpayments, reportable events, and ongoing investigations/legal proceedings; and
    • Provide an implementation report and annual reports to OIG on the status of the entity's compliance activities.'

Click here for Enforcement actions under CIAs.

Attend the seminar How to start a Healthcare Compliance Program to take a deep-dive into the current regulatory enforcement environment in the health care industry, Review recent settlement cases due to a lack of compliance, analyze and apply the 7 elements of an effective compliance program as defined by the U.S. Sentencing Guidelines, Understand the Role of the U.S. Health and Human Services Office of Inspector General in regards to Compliance Programs, Review principles of and effective compliance program and Summarize skills and roles of a Chief Compliance Officer.

The speaker C.J. Wolf, MD, M.Ed. has been involved in healthcare for over 20 years beginning with his years in medical school. He has worked in various coding, reimbursement or Chief Compliance Officer Roles for Intermountain Healthcare, the University of Texas MD Anderson Cancer Center, the University of Texas System and Merit Medical Systems. He currently is Sr. Compliance Executive at Healthicity.