By Roni Glaser rglaser@mlg.com

The Office of the Inspector General (OIG) of the Department of Health and Human Services was established in 1976 to identify and eliminate fraud, abuse and waste in Federal health care programs, including Medicaid and Medicare. It accomplishes this through audits, investigations and inspections. In the years since the office was established, the OIG has issued suggested guidelines for compliance with the rules and regulations of governmental health care programs, called "Compliance Program Guidances," for several sectors of the health care industry. These include hospitals, clinical laboratories, home health agencies, durable medical equipment suppliers, third-party medical billing companies, hospices, Medicare+Choice organizations and nursing facilities. The most recent Guidance, issued in final form in September 2000, is the OIG's Compliance Program Guidance for Individual and Small Group Physician Practices.

The OIG recognizes that compliance programs must necessarily be tailored to reflect the differing sizes, locations and organizational structures of the particular entities, i.e., that "one size does not fit all" when it comes to corporate compliance in the health care field. On the other hand, its Guidances have common themes running through them, which represent the OIG's ideas on how best to establish internal controls and monitoring to correct and prevent practices the OIG considers fraudulent.

Seven Elements of an Effective Compliance Program

The OIG believes that, at a minimum, a comprehensive compliance program should include the following elements:

• Written standards of conduct and policies and procedures
• A designated compliance officer or contact person
• Comprehensive training and education
• Accessible lines of internal communication
• Enforcement of standards through well-published disciplinary guidelines
• Internal monitoring and auditing
• Prompt response to detected offenses and prompt undertaking of corrective action

The implementation of these elements for specific entities is addressed comprehensively in each of the OIG's Guidances. For example, in the Guidance for Home Health Agencies, the OIG identifies "risk areas" for agencies to focus on, primarily in the claims development and bill submission process, and alerts agencies to the upcoming new risks which may attend the implementation of the Prospective Payment System of reimbursement for home health care agencies. Likewise, in its Guidance for small physician practices, the OIG recognizes that "the extent of implementation will depend on the size and resources of the practice", and encourages physician practices to innovate to find ways to develop their own, or share with others, compliance programs which best achieve their aims.

Adapting Compliance Guidances to Small Businesses

The OIG offers several tips for adapting its Compliance Guidances to small business. With regard to written standards it recommends that, instead of creating comprehensive policies and procedures on every conceivable compliance issue, a business could identify "risk areas" which may be unique to its industry or may reflect its own compliance experience, then focus mainly on addressing those risk areas. In designating a compliance officer, the OIG suggests that this may be someone wearing more than one hat in a business and that, rather than forming a standing compliance committee, an ad hoc task force may be created when a problem is actually identified. The OIG allows that a business may hold regular meetings to update staff on policy changes and developments, rather than holding formal and specialized training sessions. While a "hotline" may not be feasible and anonymity illusory in a small business, employees should know whom to go to and have confidence that there will be no retribution for reporting concerns. A small business may not be able to conduct mock audits, but should review random samples of claims, based upon identified risk areas. If a practice does not have the resources to create separate mechanisms for imposing disciplinary measures, the employees should still know the consequences of their misconduct and this may be integrated into existing human resources tools.

Benefits of a Compliance Program

Important benefits may be gained by developing and implementing an effective compliance program within the framework of the OIG's Guidances. A compliance program may help to streamline business operations, identifying and preventing illegal and unethical conduct, thus saving money for the entity. It may also lead to improved quality of care for patients. Businesses that implement compliance plans may avoid liability resulting from noncompliance; and if noncompliance is found, may reduce penalties by demonstrating to the OIG the existence and enforcement of a compliance program.