HHS OIG requires physician practices to have a written compliance plan and program. The compliance plan addresses practice adherence to laws, regulations, and ethical standards.
That said, many compliance plan documents are outdated or incomplete, either by failing to address the latest guidelines from HHS OIG or by omitting guidance from HHS OIG and other regulators like the DOJ. Given the 2025 guidance from HHS and OIG, every practice needs to update its compliance framework. Here’s what you should know.
Contents of the Compliance Plan?
The compliance plan should set the tone for a culture of integrity aligned with a commitment to follow all regulations and act ethically. It begins with clear, written policies that guide your employees, board members, contractors, and vendors. Keeping up with these regulations can be a challenge, but regular policy updates keep your practice protected.
Practices are required to appoint a compliance officer and form a compliance committee. Recent guidance from HHS OIG includes an expanded discussion of the role, independence, and resources that are recommended for an effective compliance plan.
Regular monitoring may seem time-consuming, but it helps identify issues early and prevent future problems. Outlining the duty for all team members to report compliance concerns and having clear processes for anyone to report a concern without repercussions reinforces your ethical commitment. Balancing necessary enforcement with recognition for compliance champions can boost morale.
By integrating these elements into daily operations, you’re building a robust framework that protects your practice from making unintentional errors and staying in touch with potential issues so that any errors can be corrected promptly. It’s about creating a thriving healthcare environment that goes beyond mere box-ticking, embodying your commitment to excellence in all aspects of your practice.
Updated General Compliance Program Guidance
The updated HHS OIG guidance emphasizes the need for annual risk assessments while emphasizing quality of care and patient safety in your practice. The guidance also discusses increased scrutiny of private equity or investor-sponsored practices and emphasizes privacy and security considerations.
Risk assessments
The new HHS-OIG General Compliance Program Guidance regarding risk assessments aims to support your practice by emphasizing the importance of annual, formal risk assessments. They should cover key areas like:
- Billing
- Coding
- Patient incentives
The guidelines also now stress the inclusion of quality of care in your compliance program to protect patients. For practices with private equity sponsors or investors, there’s a call for heightened scrutiny to ensure compliance and quality care.
Remember to include privacy and security considerations in your assessments. While these guidelines may seem demanding, they’re designed to help you create a safer, more compliant practice environment.
Compliance officers
The new guidelines emphasize the critical role of compliance officers in safeguarding your practice. The compliance officer’s key responsibilities per HHS OIG include advising leadership regarding regulator risk, reviewing documents, and conducting interviews when necessary.
To maintain their independence, the guidance also recommends separating compliance officers from functions such as:
- Legal
- Financial
- Operational functions
Compliance officers should have direct access to leadership, including the CEO and board, with sufficient authority and resources to lead an effective program.
Private Investment Considerations for Medical Practices
The landscape of medical practice ownership is rapidly evolving, driven by significant financial pressures and industry consolidation. Medical practices considering private investment must carefully navigate a complex decision-making process that involves multiple strategic considerations.
Private investment offers potential solutions to these challenges, providing opportunities for practices to:
- Enhance their financial stability
- Reduce administrative burdens
- Improve competitive positioning
Practices must critically evaluate the trade-offs between maintaining independence and gaining the benefits of larger-scale operations.
The choice between corporate and hospital employment has also become increasingly nuanced, with corporate employment showing more rapid growth, which is driving governmental oversight.
Ultimately, the decision to pursue private investment should align with the practice’s core values, strategic goals, and vision for future growth. Oftentimes, the due diligence process for practices considering taking on investors focuses on the practice’s operations and financial outlook. However, practices should also conduct comprehensive due diligence regarding the impact of joining an investor-sponsored practice. This includes weighing the potential benefits against the potential risks and changes to their operational model.
Areas To Focus On
Healthcare compliance is a critical aspect of managing legal and financial risks in the medical field. To ensure adherence to regulations, healthcare organizations should concentrate on essential areas, such as:
- Compliance with the Anti-Kickback Statute and Stark Law
- A thorough review of coding, billing, and clinical documentation practices
- Privacy and security
- Worker and patient safety
- Quality of patient care
By developing and implementing specific action items within key domains, healthcare providers can maintain their integrity, protect their reputation, and avoid costly violations that could jeopardize their operations and patient care.
The Anti-Kickback Statute and Stark Law
Start by incorporating the GCPG’s “key questions” checklist into your evaluation process for potential arrangements. This will help you identify any red flags that could violate the Anti-Kickback Statute.
Next, develop comprehensive policies and procedures that address high-risk areas such as:
- Gifts
- Free patient services
- Joint ventures
- Physician arrangements
It’s also important to establish clear standards of conduct and make sure to regularly review and update these policies as regulations evolve. Finally, conduct thorough risk assessments to identify any vulnerabilities in your practice.
Coding, billing, and clinical documentation review
To help you navigate these challenges and ensure compliance, implement a cyclical process that starts with providing baseline education for your providers and coding and billing staff. From there, conduct targeted sample reviews of claims and records to identify any potential issues.
You can then draft a comprehensive report of your findings, reviewing and finalizing it thoroughly. Use this information to correct any identified errors and develop robust policies to prevent future issues.
Repeating this process regularly will help you stay ahead of compliance issues and continuously improve your practice’s documentation and billing processes.
Civil monetary penalties
A crucial step in avoiding civil monetary penalties is implementing a monthly check of the HHS-OIG List of Excluded Individuals/Entities for all your employees, contractors, and vendors. To make this process manageable, establish a clear, documented procedure for conducting these checks and train your staff on how to perform them correctly.
It’s also important to have a plan in place for immediate action if an excluded individual or entity is identified. Remember to regularly review and update your compliance policies to reflect any changes in regulations.
How Compass Healthcare Consulting Can Help
Physician practices face complex regulatory challenges that can be overwhelming to navigate alone. At Compass Healthcare Consulting, we understand these pressures and offer tailored solutions to develop robust healthcare compliance frameworks. With roots in operations and administration, our team provides practical solutions that ensure peace of mind.
Compass offers flexible pricing models and has served clients in more than 20 states since 2010. Our virtual team collaborates seamlessly with your organization, providing certified expertise in:
- Medical billing and coding
- Risk assessment and compliance
- Mergers and acquisitions
By partnering with Compass, your practices can focus on patient care while ensuring regulatory compliance and risk management are expertly handled.
