OIG Compliance – The Line In The Sand You Don’t Want to Cross

March 8, 2017 Phil C. Solomon

Understanding OIG Compliance


On October 15, 1976, President Gerald Ford signed into law legislation creating an Office of Inspector General (OIG) at the Department of Health, Education and Welfare (HEW).  HEW OIG would become HHS-OIG in 1980 when the Department was redesignated as the Department of Health and Human Services (HHS).

The OIG and HHS oversee various segments of the healthcare industry, such as hospitals, nursing homes, third-party billers and durable medical equipment suppliers to monitor adherence to applicable statutes, regulations and program requirements.

OIG compliance programs provide oversight toward promoting ethical and lawful corporate conduct that focus on encouraging prevention, detection and resolution of occurrences of conduct that do not meet federal and state law, and a hospital or health system’s business policies.

The OIG, HHS, Association of Healthcare Internal Auditors, American Health Lawyers Association, Health Care Compliance Association created a guide titled Practical Guidance for Health Care Governing Boards on Compliance Oversight that highlighted five key areas that healthcare stakeholders should understand so that they can develop a comprehensive compliance program.  The elements listed below provide hospitals with the overarching elements the OIG relies upon in making conclusions as to the effectiveness of hospital compliance programs.

  1. The compliance function promotes the prevention, detection and resolution of actions that do not conform to legal, policy or business standards. The principles for compliance include:
  • Developing policies and procedures to provide employees guidance;
  • The creation of incentives to promote employee compliance;
  • The development of plans to improve or sustain compliance;
  • The development of metrics to measure execution (particularly by management) of the program; and
  • The implementation of corrective actions and reporting that evaluate and manage the effectiveness of the program.
  1. The legal function advises the organization on the legal and regulatory risks of its business strategies, providing advice and counsel to management about relevant laws and regulations that govern relate to or affect the organization. The function also defends the organization in legal proceedings and initiates legal proceedings against other parties if such action is warranted.
  2. The internal audit function provides an objective evaluation of the existing risk and internal control systems and framework within an organization. Internal audits ensure monitoring functions are working as intended and identify where management monitoring may be required. Internal audits help management develop actions to enhance internal controls, reduce risk to the organization and promote more effective and efficient use of resources.
  3. The human resources function manages the recruiting, screening and hiring of employees; coordinates employee benefits and provides employee training and development opportunities.
  4. The quality improvement function promotes consistent, safe and high-quality practices within health care organizations. This function improves efficiency and health outcomes by measuring and reporting on quality outcomes and recommends necessary changes to clinical processes to management. Quality improvement is critical to maintaining patient-centered care and helping the organization minimize the risk of patient harm.

The Seven Elements of an Effective Compliance Program

The OIG sets minimum standards that all compliance programs should include.  The following are seven critical elements the OIG recommends that should be included in any comprehensive compliance program.  They are:

  1. The development and distribution of written standards of conduct, as well as written policies and procedures that promote the hospital’s commitment to compliance and that address specific areas of potential fraud, such as claims development and submission processes, code gaming, and financial relationships with physicians and other health care professionals;
  2. The designation of a chief compliance officer and other appropriate bodies, e.g., a corporate compliance committee, charged with the responsibility of operating and monitoring the compliance program;
  3. The development and implementation of regular, effective education and training programs;
  4. The maintenance of a process, such as a hotline, to receive complaints and the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation;
  5. The development of a system to respond to allegations of improper/illegal activities and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations or federal health care program requirements;
  6. The use of audits and other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas; and
  7. The investigation and remediation of identified systemic problems and the development of policies addressing the retention of sanctions.

Every effective hospital compliance program needs to address the seven elements listed above to mitigate risk areas such as billing for items or services not rendered, providing medically unnecessary services, up-coding, duplicate billing and preparing false cost reports.

 Compliance Responsibilities for Boards

Hospital boards must be fully engaged in their oversight responsibility for compliance.  A key element of effective oversight relies on board members asking the right questions of management to determine the sufficiency and effectiveness of the organization’s compliance program.

Compliance responsibility falls on the shoulders of all levels of management and boards must keep a keen eye on monitoring compliance processes to ensure the proper protections are in place.  With the heightened industry and professional interest in governance and transparency, boards must be diligent.

The report, Practical Guidance for Health Care Governing Boards on Compliance Oversight outlined several important areas a healthcare organization’s board should be assessing.  They are:

  • The roles of, and relationships between, the organization’s audit, compliance and legal departments;
  • The mechanism and processes for issuing reporting within an organization;
  • The approach to identifying regulatory risk; and
  • The methods for encouraging enterprise-wide accountability for compliance goals and objectives.

Typical Types of Fraud and Abuse

Occasional billing mistakes and errors will occur inadvertently or by accident.  When errors are discovered, the prompt remediation of issues must occur.  In those cases, typically no penalties are levied by the OIG unless there is a violation of civil, criminal or administrative law.  To keep your organization safe and in compliance, the following are activities not in keeping with proper compliance guidelines and should be avoided.

  • Billing for services, procedures, and supplies that were not provided;
  • Misrepresentation of services; what was provided; when it was provided; the condition or diagnosis; the charges involved; and the identity of the provider-recipient;
  • Providing unnecessary services or ordering unnecessary tests;
  • Unbundling of claims: billing separately for procedures that normally are covered by a single fee;
  • Double billing: charging more than once for the same service;
  • Up-coding: charging for a more complex service than was performed;
  • Miscoding: using a code number that does not apply to the procedure;
  • Kickbacks: receiving payment or another benefit for making a referral;
  • Performing unnecessary X-rays and tests;
  • Charging insured patients more than uninsured; and
  • Waiving copayments and deductibles.


New forms of reimbursement, such as value-based purchasing, bundled services, global payments, emerging payment models and increasingly available public data and transparency efforts have led to new incentives and greater compliance risks.  Addressing these risks by having a comprehensive compliance program in place is essential for operating a successful healthcare organization.  Governmental prosecutions for fraud and abuse are growing and hospitals cannot risk the possible repercussions that go along with an OIG investigation.  It is important that hospitals establish all-inclusive compliance programs to mitigate risks that could lead to administrative sanctions, penalties and assessments.  Hospitals should develop, review and/or revise their compliance programs to ensure they are making good faith efforts towards complying with the law.


Phil C. Solomon is the publisher of Revenue Cycle News, a healthcare business information blog and serves as the Vice President of Global Services for MiraMed, a healthcare revenue cycle outsourcing company.  As an executive leader, he is responsible for creating and executing sales and marketing strategies which drive new business development and client engagement. Phil has over 25 years’ experience consulting on a broad range of healthcare initiatives for clinical and revenue cycle performance improvement.  He has worked with industry’s largest health systems developing executable strategies for revenue enhancement, expense reduction, and clinical transformation. He can be reached at philcsolomon@gmail.com

This post can be viewed on MiraMed Global Services blog.

The post OIG Compliance – The Line In The Sand You Don’t Want to Cross appeared first on REVENUE CYCLE NEWS.

Previous Article
Consumers, Employers and Providers Take the Hit  from Rising Healthcare Spending
Consumers, Employers and Providers Take the Hit from Rising Healthcare Spending

Since the adoption of the Affordable Care Act (ACA) and the subsequent rules changes that have taken effect...

Next Article
Healthcare’s Newest Security Threat:  IoT
Healthcare’s Newest Security Threat: IoT

One of the greatest technological achievements in the 21st Century was is the creation of the Internet.  It...