WSJ logo
Forbes logo
Fox News logo
CNN logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo

OIG Compliance Program Guidance for Physician Practices

oig compliance investigation

Whether you are preparing to open your own practice or you have questions or concerns about your existing practice’s compliance efforts, you need to make informed decisions when it comes to evaluating your practice’s compliance needs. While there are numerous aspects to compliance for physician practices, one of the more-important aspects is compliance with the federal laws and regulations enforced by the U.S. Department of Health and Human Services Office of Inspector General (OIG).

The OIG is one of the primary federal agencies responsible for enforcing health care providers’ compliance obligations. It provides compliance guidance for many different types of providers, including individual and small group physician practices. In this article, we provide an overview of the OIG’s compliance guidance for physician practices, and we discuss some additional considerations for developing (or updating) a comprehensive compliance program.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



Lynette S. Byrd
Lynette S. Byrd

Former Assistant U.S. Attorney


Ellen Comley
Ellen Comley

Senior Counsel


Roger Bach
Roger Bach

Former Special Agent (OIG)

Steven Taylor
Steven Taylor

Healthcare Compliance Consultant

Susan Sage
Susan Sage

Healthcare Auditor

The OIG’s Compliance Program Guidance for Individual and Small Group Physician Practices

Lynette Byrd
Attorney Lynette S. Byrd
Healthcare Team Lead
Former Federal Prosecutor

OIG compliance is not only important as a means of risk mitigation for physician practices, it is also legally required. As the OIG states, “[w]ith the passage of the Patient Protection and Affordable Care Act of 2010, physicians who treat Medicare and Medicaid beneficiaries [are] required to establish a compliance program.”

In its compliance guidance, the OIG identifies seven core areas of compliance for physician practices. In the words of the OIG, “a basic framework for any voluntary compliance program begins with a review of the[se] seven basic components of an effective compliance program.” These basic components are:

  • Internal Monitoring and Auditing
  • Compliance and Practice Standards
  • Designation of a Compliance Officer or Contact
  • Appropriate Training and Education
  • Appropriate Response and Corrective Action for Detected Offenses
  • Open Lines of Communication with Employees
  • Enforced Disciplinary Standards with Well-Publicized Guidelines

Let’s take a closer look at the OIG’s compliance program guidance in each of these seven areas.

1. Internal Monitoring and Auditing

“An ongoing evaluation process is important to a successful compliance program. This ongoing evaluation includes not only whether the physician practice’s standards and procedures are in fact current and accurate, but also whether the compliance program is working . . . .”

The OIG advises that physician practices should conduct periodic audits to assess the sufficiency of their compliance efforts. Provisions for conducting these audits should be included in practices’ compliance policies and procedures.

Preliminarily, physician practices should conduct audits to assess their compliance needs. While most practices’ compliance needs are similar, there are many nuances that will dictate individual practices’ specific requirements. Once a practice has a compliance program in place, then the internal audit becomes a tool for managing compliance on an ongoing basis. Physician practices’ ongoing monitoring efforts should focus on matters including (but not limited to):

  • Accurate billing and coding
  • Documentation of medical necessity and compliance
  • Avoiding incentives for unnecessary services
  • Adherence to the practice’s policies and procedures

2. Compliance and Practice Standards

“After the internal audit identifies the practice’s risk areas, the next step is to develop a method for dealing with those risk areas through the practice’s standards and procedures. Written standards and procedures are a central component of any compliance program.”

Documentation is critical to compliance. This begins with physician practices’ compliance policies and procedures. The OIG advises that compliance policies and procedures should address all aspects of practices’ operations, from human resources to billing, and from third-party relationships to patient care.

In addition to written policies and procedures, physician practices should adopt various other forms of documentation as well. As the practice conducts periodic internal audits, these documents should be reviewed and revised to maintain compliance over time. Additional forms of documentation the OIG recommends include:

  • Clinical forms
  • Clinical protocols and pathways
  • Treatment guidelines
  • Accurate patient records
  • Accurate billing records
  • Documentation of compliance
  • Third-party documentation (i.e. carrier bulletins and OIG Advisory Opinions)

3. Designation of a Compliance Officer or Contact

“After the audits have been completed and the risk areas identified, ideally one member of the physician practice staff needs to accept the responsibility of developing a corrective action plan, if necessary, and oversee the practice’s adherence to that plan.”

The OIG recommends that all physician practices designate a compliance officer or equivalent. This does not necessarily need to be a full-time position, but it is important that the designated individual has time set aside specifically for compliance-related functions.

In its compliance guidance for physician practices, the OIG also notes that it is acceptable for physician practices to designate multiple “compliance contacts,” each of whom is responsible for a specific aspect of compliance. For example, a practice could have different compliance contacts who are separately responsible for billing, administrative, and care-related compliance.

4. Appropriate Training and Education

“Education is an important part of any compliance program and is the logical next step after problems have been identified and the practice has designated a person to oversee educational training. Ideally, education programs will be tailored to the physician practice’s needs, specialty and size . . . .”

Once a physician practice has taken the steps necessary to develop an OIG compliance program, the next step is to internally publicize the program and provide appropriate training and education to all employees. Employees in different areas of the practice (i.e. billing versus patient care) will need different training, though there are some areas of compliance that will be relevant to all practice personnel.

Importantly, the OIG’s compliance guidance for physician practices emphasizes providing training and education is not a one-time need. In addition to determining who needs training and what type of training is best-suited to the practice’s needs, the OIG advises that physician practices should also, “[d]etermine when and how often education is needed and how much each person should receive.”

5. Appropriate Response and Corrective Action for Detected Offenses

“When a practice determines it has detected a possible violation, the next step is to develop a corrective action plan . . . . Violations of a physician practice’s compliance program, significant failures to comply with applicable Federal or State law, and other types of misconduct threaten a practice’s status as a reliable, honest, and trustworthy provider of health care.”

Event response is a key aspect of OIG compliance. Even with an effective compliance program in place, failures can still happen—and when they do, physician practices need to be prepared to respond appropriately.

When developing OIG compliance programs, physician practices should proactively plan for the risk of non-compliance. This includes developing procedures and protocols for both identifying and responding to compliance failures. For example, the OIG recommends adopting “warming indicators” such as:

  • Significant changes in the number and/or type of claim rejections
  • Challenges to the practice’s medical necessity determinations
  • Unusual changes in CPT, HCPCS, or ICD code utilization

6. Open Lines of Communication with Employees

“In order to prevent problems from occurring and to have a frank discussion of why the problem happened in the first place, physician practices need to have open lines of communication.”

Beyond initial training, the OIG advises that physician practices should maintain open lines of communication with employees. These lines of communication should be clearly documented in a practice’s policies and procedures, and practices should foster an environment where employees are encouraged to report any and all compliance-related concerns.

7. Enforced Disciplinary Standards with Well-Publicized Guidelines

“An effective physician practice compliance program includes procedures for enforcing and disciplining individuals who violate the practice’s compliance or other practice standards.”

Finally, the OIG advises that physician practices should adopt and enforce disciplinary standards focused specifically on compliance violations. While practices need to foster an environment where employees feel comfortable communicating about compliance-related issues, they also need to make clear that significant compliance violations will not be tolerated. This can be a difficult balance to strike, and developing appropriate policies and procedures requires the advice and insights of experienced OIG compliance counsel.

Additional Considerations for Developing (or Updating) a Comprehensive Compliance Program

Here are some additional considerations for developing (or updating) a comprehensive compliance program from our federal health care compliance lawyers and former OIG agents:

Physician Practices Must Custom-Tailor Their Compliance Programs to Their Specific Needs

Physician practices need custom-tailored compliance programs. There are simply too many nuanced aspects of compliance for practices to rely on off-the-shelf or one-size-fits-all products. The OIG expects practices to develop and implement compliance programs that address their practices’ specific needs, and a program that omits relevant issues or addresses irrelevant issues will raise flags during an OIG audit or investigation.

OIG Compliance is Just One Aspect of Overall Compliance for Physician Practices

While OIG compliance is essential for physician practices, it is ultimately just one aspect of overall compliance. From DEA compliance to private insurance carrier compliance, there are many other areas that physician practices must address in their compliance programs.

Maintaining Compliance is an Ongoing Process

While many practices view developing a compliance program as a one-time event, the reality is that maintaining compliance is an ongoing process. Physician practices must not only monitor their compliance efforts, but they must monitor for changes in their compliance obligations as well.

Speak with a Federal Health Care Compliance Attorney or OIG Compliance Consultant at Oberheiden P.C.

Do you have questions or concerns about your practice’s OIG compliance efforts? If so, our federal health care compliance lawyers and former OIG agents can help. To schedule a complimentary initial consultation at Oberheiden P.C., please call 888-680-1745 or tell us how we can reach you online now.

If you need help
defending your medical license
you should contact us today

Contact the
Experienced Attorneys of Oberheiden P.C.
Now for a Confidential Consultation

Contact Us Now