OIG’s General Compliance Program Guidance

Posted by Steven Grossman on November 7, 2023 in Industry News,

At the recent Health Care Compliance Association (HCCA) HECC Conference in Washington, D.C., the Office of Inspector General (OIG) made a significant move toward enhancing compliance without introducing major industry changes. Robert DeConti, the OIG’s Chief Counsel, unveiled a noteworthy initiative: a Unified Compliance Resource.

The big news isn’t about sweeping regulatory changes but rather about streamlining the existing regulations. This initiative consolidates all compliance requirements, tips, and essential guidance into a single comprehensive resource guide. The aim is to raise awareness and make compliance more accessible and user-friendly. Additionally, a dedicated website is in the works to make this valuable resource even more readily available. Stay tuned as we delve into the key highlights from this guide!

General Compliance Program Guidance

The General Compliance Program Guidance (GCPG) is a comprehensive reference guide that provides valuable information for the health care compliance community. It covers a wide range of topics, including Federal laws, compliance program infrastructure, OIG resources, and more. This guide serves as a valuable resource for organizations and individuals looking to understand and navigate the complex landscape of health care compliance. It offers insights, best practices, and guidance to help ensure compliance with applicable laws and regulations. Whether you are new to compliance or an experienced professional, the GCPG can provide you with the knowledge and tools necessary to establish and maintain an effective compliance program.

Exclusion Screening

Exclusion screening is an important component of compliance programs. It involves the screening of employees, contractors, and other individuals and entities against the LEIE (List of Excluded Individuals and Entities) and any applicable State Medicaid program exclusion lists. This screening helps organizations ensure that they are not employing or contracting with individuals or entities that have been excluded from participating in federal healthcare programs.

Validation of Screening Conducted by Contractors

Entities may choose to rely on screening conducted by a contractor, such as a staffing agency or third-party billing company. However, it is recommended that entities validate that the contractor is conducting the necessary screening on their behalf. This can be done by requesting and maintaining screening documentation from the contractor.

Responsibility for Overpayment or CMP Liability

Even if an entity relies on a contractor for screening, the entity remains responsible for any overpayment or Civil Monetary Penalty (CMP) liability that may result from employing or contracting with an excluded individual or entity. It is crucial for organizations to ensure compliance with exclusion authorities to avoid potential financial and legal consequences.

Compliance program infrastructure

The General Compliance Program Guidance (GCPG) provides information on the seven elements of compliance program infrastructure, including written policies and procedures, code of conduct, and compliance policies. 

  1. Written Policies and Procedures: Organizations should have written policies and procedures that outline their commitment to compliance and provide guidance on specific compliance-related activities.
  2. Code of Conduct: A code of conduct sets forth the organization’s ethical standards and expectations for employees and other stakeholders.
  3. Compliance Officer and Compliance Committee: Organizations should designate a compliance officer who is responsible for overseeing the compliance program. A compliance committee may also be established to assist the compliance officer in carrying out their duties.
  4. Training and Education: Organizations should provide regular training and education to employees and other relevant individuals to ensure they understand their compliance obligations.
  5. Effective Communication: Communication channels should be established to facilitate the reporting of potential compliance concerns and to disseminate information about the compliance program.
  6. Monitoring and Auditing: Regular monitoring and auditing should be conducted to assess the effectiveness

State Medicaid

Organizations should screen individuals and entities against State Medicaid program exclusion lists as part of their screening process.

State Medicaid programs maintain their own exclusion authorities and maintain their own State exclusion lists. These lists contain individuals and entities that have been excluded from participating in the State Medicaid program due to various reasons, such as fraud or abuse.

Entities that participate in State Medicaid programs are recommended to screen all employees, contractors, and other individuals or entities that provide items or services paid for by the State Medicaid programs against the State Medicaid exclusion lists. This screening helps organizations ensure compliance and minimize potential overpayment and CMP (Civil Monetary Penalty) liability.

Federal laws

The context mentions several important Federal laws, including the Federal Anti-Kickback Statute, Criminal Health Care Fraud Statute, and HIPAA Privacy and Security Rules.

Federal Anti-Kickback Statute

The Federal Anti-Kickback Statute prohibits entities involved in Federal health care programs from offering, paying, soliciting, or receiving remuneration in exchange for referrals or generating business. Violating this statute can result in criminal penalties, civil fines, and exclusion from Federal health care programs.

Criminal Health Care Fraud Statute

The guide mentions the Criminal Health Care Fraud Statute, which makes it illegal to knowingly and willfully execute a scheme to defraud any health care benefit program or obtain money or property through false pretenses. Violations of this statute can lead to criminal penalties, including imprisonment and fines.

HIPAA Privacy and Security Rules

The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules establish standards for the protection of individuals’ health information. Covered entities and business associates must comply with these rules to ensure the privacy and security of protected health information (PHI). Non-compliance with HIPAA can result in civil and criminal penalties.

Important resources

The Office of Inspector General (OIG), Department of Justice (DOJ), Centers for Medicare & Medicaid Services (CMS), and HHS Office for Civil Rights (OCR) are government agencies responsible for interpreting and enforcing healthcare laws and regulations. They provide tools and resources to aid compliance efforts.

The Office of Inspector General (OIG)

The OIG provides guidance, resources, and enforcement actions related to healthcare compliance. They offer compliance program guidance documents, advisory opinions, and other publications that can help organizations understand and implement effective compliance programs.

Department of Justice (DOJ)

The DOJ is responsible for enforcing federal laws related to healthcare fraud and abuse. They provide guidance and resources to help organizations prevent and detect fraud, such as the “Evaluation of Corporate Compliance Programs” document.

Centers for Medicare & Medicaid Services (CMS)

CMS is the federal agency that administers the Medicare and Medicaid programs. They provide guidance and resources related to compliance with Medicare and Medicaid regulations, including the Medicare Compliance Program Policy and Guidance Manual.

HHS Office for Civil Rights (OCR)

The OCR enforces HIPAA regulations and provides guidance on compliance with HIPAA Privacy and Security Rules. They offer resources, such as the HIPAA Security Rule Toolkit, to help organizations protect patient information.

About Steven Grossman

About Steven Grossman

Related Articles

NY Medicaid Exclusion

April 14, 2016

New York State Medicaid Exclusion New York’s Office of the Medicaid Inspector General exists to “to enhance the integrity of the New York State Medicaid program by preventing and detecting fraudul...

Licensure Verification

June 7, 2021

Introduction For most health care organizations, their primary purpose is to provide high quality patient care to support the best outcomes possible.  The qualifications and expertise of an or...

Employee Screening: Endless, thankless…hopeless?

July 27, 2015

Streamline Verify recently posted a guest blog on E-Visit on the topic of pre-screening employees, and we ran into a simple but major question while compiling the post. Which employee screenings SH...

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

Our Culture

We build the best, so you can perform at your best.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking




Average workload reduction by implementing the Streamline Verify program



Establishments trust Streamline Verify nationwide



Serving the healthcare industry’s unique compliance needs since 2011



Setting standards with hourly synchronization to primary source data