The OIG’s New Healthcare Compliance Guidance – An Interview with Two Industry Experts

On May 16, 2024, at 12 pm (PST), we are holding a webinar for the new healthcare compliance guidance issued by the Office of Inspector General (“OIG”) for the U.S. Department of Health and Human Services. This is the first update to the OIG compliance guidance that was originally issued in 1998 for hospitals only. Over time, the OIG issued compliance guidance for many of the participants in the healthcare industry (e.g., physicians, hospitals, pharmaceutical manufacturers, home health agencies, third-party billing companies, and others).

The OIG issued its new general compliance recommendations on November 6, 2023. The OIG stated that it will begin issuing industry-specific guidance starting this year. The importance of healthcare compliance cannot be understated. The OIG, in conjunction with the Department of Justice, continues to prosecute providers and other participants in the healthcare industry for various fraud and abuse legal violations. A compliance plan can help to reduce exposure to federal and state healthcare fraud and abuse violations. And a compliance plan can also mitigate potential criminal penalties. Federal and state healthcare fraud and abuse laws have criminal and/or civil penalties.

The webinar will feature two healthcare veterans, Ambika Kanta, MSHCA, and Sheryn Honest, MBA, MLS, CHCO, CHA, CPC. Both women have spent their careers in healthcare, including working for Medicare Advantage Plans in areas such as compliance, revenue cycle management, quality, and utilization review and management. Ambika and Sheryn are on the frontlines of healthcare compliance and know the issues as well as anyone else in the healthcare industry. They provide practical solutions to complex issues.

Sheryn is an experienced healthcare professional with expertise collected over 20+ years of leading clinical, operational, financial, and client and patient relations initiatives. Her areas of expertise span Compliance, Operations, Revenue Cycle, and Technology (Compliance & Operationalizing).  Sheryn’s Compliance work includes creating and evaluating Compliance Programs, designing risk-based audit and monitoring plans, developing corporate training and education, conducting coding and documentation audits, as well as having the honor of being invited by the OIG to participate in their Medicare Advantage iCPG (industry Compliance Program Guidance) Focus Group at the beginning of 2024.

Ambika Kanta is an accomplished healthcare professional with over 12 years in the field. As the Senior Director of Quality Improvement at Valley Oaks Medical Group/Astrana Health, Ambika specializes in HEDIS, Patient Safety, Risk Adjustment, Annual Wellness Visits, and education – with a focus on automation and data integration. Additionally, Ambika has over 10 years of oversight experience for Management Services Organizations Delegated services, Utilization Management, Care Management, and Credentialing. Ambika obtained NCQA UM-CR reaccreditation. She develops foundations and structures to streamline processes in support of achieving strategic goals and performance. Ambika graduated from the University of Nevada, Las Vegas in 2010 with a Bachelor of Science in Public Administration and an Associate of Science in Political Science. She went on to attain her Master of Science in Healthcare Administration from Grand Canyon University. As a daughter of immigrants and a first-generation American, Ambika is passionate about raising awareness for preventative care and health insurance options.

I recently caught up with Ambika and Sheryn to ask some questions about the new compliance guidance.

Sheryn, who is the OIG and what do they do?

The OIG is pivotal in the fight against Fraud, Waste, and Abuse (FWA). Their mission is to provide oversight and promote integrity, efficiency, and effectiveness of the Health and Human Services programs. They do this through auditing, evaluating, investigating, and prosecuting bad actors.

Sheryn, can you generally discuss why it’s important for healthcare industry participants to follow the OIG’s compliance guidance?

Not only does a compliance program set expectations of accountability and ethical behavior within an organization, but it also enables the organization to identify risks and regulatory requirements that must be managed.

Sheryn, is it mandatory that healthcare participants follow the OIG’s compliance guidance?

No, it is not mandatory to follow the OIG’s compliance guidance. It is done voluntarily. However, it is best practice to have a compliance program (based on the size and structure of the organization) and the government recommends that healthcare organizations have a compliance program in place.

It also indicates that the organization operates ethically and believes in quality patient care. And, as Ethan noted above, there can be legal consequences for having or not having a compliance plan.

Ambika, the new OIG compliance guidance was recently released. From your perspective, what are some of the significant takeaways?

Organizations large or small should devote time to risk assessments. As stated in the new OIG guidance, this does not need to be intensive or costly, but checks and balances can make significant impact and possibly negate risks. Ideally, these processes are applied to all departments, not just the compliance department. For example, having a non-clinical team member review prior authorization and claims denials for easy-to-understand language.

Ambika, what are some of the major risk areas for healthcare companies?

As more regulations are released, the odds of an audit increase. Like we are seeing with the new Risk Adjustment Data Validation rule, which focuses on diagnoses that are at higher risk of improper or overpayment. This is not something new – fraud, waste, and abuse have been ingrained in healthcare professionals for years. I believe healthcare companies should be aware of the tools and resources provided by the OIG and other governmental or national entities. This assists with preparing and setting standards ahead of an audit.

Sheryn, you recently sat on a panel for the OIG that relates to some of the new guidance. Can you tell us a little bit about that experience and how could impact future compliance guidance issued by the OIG?

I had the honor of being invited by the OIG to participate in their Medicare Advantage industry Compliance Program Guidance (iCPG) Focus Group at the beginning of 2024. This focus group specifically discussed First-Tier, Downstream, and Related entities (FDRs) in the Medicare Advantage space. The other five individuals who were invited to participate had a variety of experiences with FDRs…from industry experts who deal with regulatory compliance in the Medicare Advantage space, compliance consultants, and attorneys. The feedback that the OIG received from the different focus groups will be used to develop the iCPG for Medicare Advantage. In February 2024, the OIG announced that the Medicare Advantage iCPG will be released in 2024.

Ambika, if I understand correctly, you work primarily in the quality area. Any thoughts on how your area will be impacted by the new guidance? Do you have any tips for others that work in the quality area?

A few notable pieces. While compliance encompasses audits, root cause analysis, corrective action plans, and tracking – quality must be a partner in these fundamentals. For example, the quality department should assist in auditing and monitoring excessive utilization of services or patient safety concerns.

Sheryn, you have designed and implemented compliance programs before. Will existing compliance programs for hospitals, doctors, and other healthcare participants need to be updated in light of the new OIG compliance guidance? Do you anticipate that this will be a lot of work for the industry? Do you have any suggestions about how best to approach these updates?

The General Compliance Program Guidance (GCPG) was released by the OIG in November 2023.  It is the first installment in updating the current guidance (first released in 1998). For the most part, the GCPG information should be familiar to healthcare compliance professionals. There may be some areas that need to be revisited and updated in current compliance programs. So, based on current and active compliance programs, the new GCPG should not require a lot of work for the industry. However, as each iCPG is released, each industry area (e.g., Medicare Advantage, nursing facilities, hospitals, billing companies, physician practices) should conduct an in-depth re-evaluation of their program.

Additionally, the OIG provided additional insight on new areas of focus that should be reviewed:

  1. Quality and patient safety is now a consideration in a compliance program;
  2. New Entrants in the Health Care Industry, such as private equity companies, technology companies, start-ups, and new lines of business for healthcare organizations; and
  3. Information Blocking, Cybersecurity attacks requiring enhanced Privacy, Security, and Breach Notification procedures.

Becoming very familiar with the GCPC and iCPG will be the first step to updating a compliance program. Next, you would want to identify any new or existing risks. This can be done through a risk assessment. Once priority risk areas have been identified, a work plan for the year should be developed. The work plan should identify risk areas and indicate the timing and frequency of auditing/monitoring. The compliance plan will outline the auditing and monitoring (A&M) of the risk areas. Based on the results of the A&M, the compliance department should issue any necessary corrective action plans (CAPs). If there are no CAPs, then move to the next priority risk area… rinse and repeat.

Sheryn, you have worked in other healthcare areas, like revenue cycle management. Do you have any thoughts about how the new guidance will impact those areas?

The Fraud Enforcement section of the GCPG has a direct impact on revenue cycle management and operations. Although the laws and statutes listed in this section are not new, the document provides clearer descriptions, examples, and/or resources that can be utilized by a healthcare organization.

Ambika, we are holding a webinar on the new guidance on May 16, 2024. What are some of the important issues you intend to address?

Applying compliance guidelines and standards to departments such as Quality and Utilization Management.