On November 6, 2023, the HHS Office of Inspector General published a new compilation of compliance guidance under the title General Compliance Program Guidance (GCPG) for the healthcare compliance community and other health care stakeholders. Consistent with the OIG’s April 24, 2023 announcement of its plan to issue modernized, improved, and accessible guidance, the 91-page document is now available on the OIG’s website. The OIG stressed that the GCPG is voluntary and nonbinding, even though it used the word “should” throughout the document.

While much of the information has been included in prior guidance, the OIG added insights and updates, including a focus on quality and patient safety. The GCPG is easy to navigate and contains the following main sections:

  • Health Care Fraud Enforcement and Other Standards: Overview of Certain Federal Laws
    • In addition to the False Claims Act, Anti-Kickback Statute, and Stark Law, the list includes civil monetary penalty authority related to Information Blocking and HHS Grants, Contracts, and other Agreements, as well as enforcement authority under HIPAA
  • Compliance Program Infrastructure: The Seven Elements
    • Emphasizes that the Compliance Officer should have the stature of a leader and interact as an equal of other senior leaders
    • Emphasizes the importance of the Compliance Committee in proactive annual risk assessments
    • Promotes thoughtful consideration of appropriate incentives to encourage participation in the entity’s compliance program
  • Compliance Program Adaptations for Small and Large Entities
    • Even for small entities, the Compliance Officer “should not have any responsibility for the performance or supervision of legal services to the entity and, whenever possible, should not be involved in the billing, coding, or submission of claims.”
    • Large entities “will likely need a department of compliance personnel with a variety of skills and expertise to implement and monitor the organization’s compliance program and address its manifold compliance needs.”
  • Other Compliance Considerations
    • Quality and Patient Safety
    • New Entrants in the Health Care Industry, including technology companies, new investors, and organizations providing non-traditional services such as food delivery and care coordination
    • Financial Incentives: Ownership and Payment – Follow the Money, including private equity ownership, payment incentives, and financial arrangements tracking
  • OIG Resources and Processes
    • Includes Compliance Toolkits, the OIG Work Plan, Advisory Opinions, Safe Harbor Regulations, and Self-Disclosure Protocols

Each of the sections includes “Tips” marked by a yellow circle with a star icon and “What to Do if You Identify a Problem” marked by a yellow triangle with an exclamation point icon.

Be on the lookout for the OIG to issue industry specific compliance guidance (ICPG) for multiple types of providers, suppliers, and participants in healthcare industry subsectors. The first two in 2024 are expected to cover Medicare Advantage and nursing facilities. The OIG intends to update the ICPGs periodically “to address newly identified risk areas and compliance measures and to ensure timely and meaningful guidance from OIG.” Revised guidance documents will replace the original compliance guidance documents that have been issued over the years starting with hospitals in 1998. Compliance guidance documents will no longer be published in the Federal Register but will remain available on the OIG website with interactive links to useful resources.

Although the content of the GCPG is not entirely new, it is definitely recommended reading and a useful resource for compliance professionals, governing bodies, and investors in all types of health care organizations, including health care providers, suppliers, life sciences companies, and managed care plans.


For more information, please contact Terri Harris at 336.378.5383 or tjharris@foxrothschild.com, or another member of Fox Rothschild’s national Health Law Practice Group.