Home Blog Post


Navigating the Evolving Compliance Landscape: Guidance and Implications for Your OrganizationBy Kelly Grahovac, General Manager, The van Halem Group

In recent months, the Office of Inspector General (OIG) has been working to update their compliance guidance. This was first apparent in the revisions made to corporate integrity agreements (CIAs) and integrity agreements (IAs). The revisions indicate that the OIG’s expectations concerning compliance program design and effectiveness are evolving, and all healthcare providers, not just those subject to integrity agreements, should be taking notice.

All healthcare providers, not just those subject to integrity agreements, should be taking notice.

Unveiling the Core of Agreements

To understand the importance of this update, let’s first dissect what it means to be under an integrity agreement and why these updates are significant. In the event a healthcare provider is faced with civil false claims violations, the OIG may negotiate a corporate integrity agreement as part of the settlement. Providers or entities agree to the obligations laid out in the settlement, and in exchange, the OIG agrees not to seek their exclusion from participation in Medicare, Medicaid, or other federal healthcare programs, according to the OIG website.

The OIG states that CIAs have many common elements, but each one addresses the specific facts at issue and often attempts to accommodate and recognize many of the elements of pre existing voluntary compliance programs. According to the OIG website, a comprehensive CIA typically lasts five years and includes requirements to:

  • Hire a compliance officer/appoint a compliance committee
  • Develop written standards and policies
  • Implement a comprehensive employee training program
  • Retain an independent review organization to conduct annual reviews
  • Establish a confidential disclosure program
  • Restrict employment of ineligible persons
  • Report overpayments, reportable events, and ongoing investigations/legal proceedings
  • Provide an implementation report and annual reports to OIG on the status of the entity’s compliance activities

Exploring the Latest Revisions

As you may have recognized, many of these requirements are elements of a compliance program, as previously communicated in compliance program guidance (CPG) developed by the OIG many years ago. Below I have highlighted some of the recent CIA requirement revisions:

  • Limiting the noncompliance responsibilities held by the compliance officer. The OIG has always acknowledged that the compliance officer could maintain noncompliance responsibilities; however, the recent revision implies that the compliance officer should not be tasked with responsibilities that would move the focus of their role from overseeing the compliance program.
  • Expanding the role and responsibility of the compliance committee to include more involvement with compliance activities. This includes annual reviews of policies and procedures, compliance training, and risk assessment.
  • Guidance that identifies the requirement to include state Medicaid program exclusion lists as required screening. Healthcare providers should be checking both the OIG List of Excluded Individual and Entities (LEIE) and state Medicaid exclusion lists as part of their compliance activities.
  • Enhanced focus on policies and procedures and internal processes that address compliance with Anti-Kickback Statute and Stark Law. In the past, CIAs that did not involve arrangement-related issues did not emphasize the need for these controls. Updated CIA language now includes compliance with arrangement controls.

Empowering the Healthcare Industry

As I previously mentioned, the OIG developed voluntary compliance program guidance for various segments of the healthcare industry, including hospitals and durable medical equipment suppliers. The guides are accessible on the OIG’s website and were developed to “encourage the development and use of internal controls to monitor adherence to applicable statutes, regulations, and program requirements.”

On April 24, 2023, the OIG announced plans to improve and update the current compliance program guidance, and to also develop new guidance. The OIG stated that the goal is to “produce useful, informative resources—as timely as possible—to help advance the industry’s voluntary compliance efforts in preventing fraud, waste, and abuse in the healthcare system.”

Many of these guides have not been updated since they were published. The OIG stated that they will publish a General CPG (GCPG) by the end of calendar year 2023. This GCPG will apply to all individuals and entities involved in the healthcare industry and address topics such as federal fraud and abuse laws and compliance program basics. In addition to the general guidance, the OIG will publish industryspecific CPGs, tailored to fraud and abuse risk areas, that will address compliance measures that can be taken to reduce risk in these areas. Most notably, the OIG indicated that they intend to update these CPGs periodically to ensure timely and meaningful guidance. These guides will likely be published on the OIG website beginning in 2024.

Ensuring Success with Compliance

These revisions and updates are helpful for providers to better understand the expectations of the OIG when it comes to compliance. Additionally, understanding revisions to CIAs provides compliance officers with areas to focus compliance efforts and conduct risk assessments. It is also helpful to understand such changes, as they may impact an organization’s current compliance program design.


A robust compliance program does not have to be overly burdensome or cost prohibitive. Even a small provider can establish a compliance program that is well-suited to their organization and utilizes the guidance put forth by the OIG. It is important to understand that compliance activities should be maintained internally; however, some activities, like auditing and monitoring, can be outsourced. Ultimately, the goal of any compliance program is to ensure that the provider has developed internal controls that ensure they are adhering to federal regulations.


VGM Playbook Business Solutions to Optimize Success in DMEPOSThis article was originally featured in the VGM Playbook: Business Solutions to Optimize Success in DMEPOS. To read the full article and more like this, download your copy of the playbook today