Health Care Compliance: New Federal Guidance Seeks a Modernized Approach and Shows OIG’s Specific Interest in Private Equity and Tech Companies

4 minute read | November.10.2023

The Department of Health and Human Services Office of Inspector General (HHS-OIG) has issued new general compliance program guidance, marking the first time the agency has released this type of “reference guide for the health care compliance community.” It brings together information previously scattered across different sources, including on relevant federal laws, elements of an effective compliance program, OIG resources and other compliance material.

Overall Takeaways

The guidance demonstrates the agency’s effort to make compliance more accessible and its continued, and likely increased, interest in corporate compliance programs. Although much of the substance is not new, by collecting and publicizing it in this form, OIG is putting companies on notice of what it means to address compliance risks.

As discussed below, OIG specifically flagged its interest in topics such as private equity investment in health care and new entrants to health care, specifically including technology companies, and the potential compliance risks posed. These companies should be aware that, with this guidance, OIG is signaling heightened expectations and a potential increased willingness to evaluate their corporate compliance programs.

Background

This guidance has been a long time coming. As the agency announced this year, it is pushing to modernize its approach, including the accessibility and usability of its public resources. This includes moving away from relying on the Federal Register, which can be challenging to access, identify and follow, and issuing new compliance tools and material—of which this guidance is the most critical piece to date.

What’s in the Guidance

As noted, the content largely affirms existing guidance and highlights key risk and compliance program issues relevant to the health care industry. Specifically, it covers:

Overview of relevant laws and legal frameworks – sets out the primary federal statutes that govern the area and other authorities OIG recommends parties should be aware of, including the Anti-Kickback Statute, Physician Self-Referral (or “Stark”) Law, the False Claims Act and others.
The Seven Elements of a Compliance Program – as the agency has previously set forth, the core elements of an effective compliance program are:

(1) Written policies and procedures

(2) Compliance leadership and oversight

(3) Training and education

(4) Effective lines of communication with the compliance officer and disclosure programs

(5) Enforcement of standards, including consequences and incentives

(6) Risk assessment, auditing and monitoring

(7) Responding to offenses and corrective actions, including investigations and reporting

OIG makes clear that a company should commit to effectively implementing all seven elements.
Compliance Program Adaptation – along with the below, a “newer” aspect of the guidance is OIG recognizing that a company will need to build a compliance program that is appropriately sized and adapted to meet its needs.
Other Compliance Considerations – a list of various issues that OIG is highlighting as also relevant.Some of the most interesting are highlighted below.
OIG Resources – parties may want to consult.

Key New / Interesting Points:

First, OIG specifically addresses private equity and other ownership structures (in the “other compliance considerations” section), explaining that the flow of funds may help identify compliance issues. As the guidance notes, “the growing prominence of private equity and other forms of private investment in health care raises concerns about the impact of ownership incentives (e.g., return on investment) on the delivery of high quality, efficient health care.”While it does not further specify how such ownership changes things, OIG is clearly signaling its continued interest in such entities and investors.
Second, OIG includes a section on the “increasing number of new entrants” in health care—specifically mentioning technology companies—that may be unfamiliar with the applicable laws and regulatory regimes. As the guidance explains, “business practices that are common in other sectors create compliance risk in health care.” As a result, new entrants should ensure they know the relevant laws and how an effective compliance program should work in this setting.
Third, and in contrast with the above, OIG’s “program adaptation” section suggests that, while OIG is going to expect these companies to have a compliance program, that program should be reasonably tailored to the specific entity. In combination with the expanded discussion of compliance risk assessments (compliance program “element 6”), the agency seems to recognize that tailoring needs to respond to the actual risks identified by the company, but also building an effective program, does not always mean that more is more.

Authors

David Rhinesmith Partner, Government Investigations and Enforcement Actions, False Claims Act

Washington, D.C.

See my bio

Practice:

Government Investigations and Enforcement Actions
False Claims Act
Life Sciences & HealthTech
White Collar, Investigations, Securities Litigation & Compliance
FCPA & Anti–Corruption
Litigation for the Life Sciences & HealthTech Sector
Whistleblower & Corporate Investigations
FDA & Healthcare Regulatory
Global Investigations
Artificial Intelligence (AI)
Ethics & Compliance
Strategic Advisory & Government Enforcement (SAGE)
Corporate Governance
White Collar Criminal Defense

vCard

See full bio

David Rhinesmith Partner

Washington, D.C.

David represents clients in matters involving the False Claims Act, the Anti-Kickback Statute, the Foreign Corrupt Practices Act (FCPA), federal securities laws, and the Food, Drug, and Cosmetic Act, among others. He routinely leads internal investigations relating to a range of ethics, fraud and corruption issues, including bribery, corruption, accounting fraud, revenue recognition, embezzlement and other alleged misconduct. His litigation experience includes oral argument before the First Circuit and state appellate courts, leading briefing in federal and state trial and appellate courts, and deposing senior government officials.

David has extensive compliance experience. He served as Global Investigations & Compliance Counsel at a leading medical device company, and served as Counsel with the Legal Compliance & Investigations team at one of the world's largest technology companies (both client secondments). He played a key role in multiple DOJ- and SEC-appointed corporate compliance monitorships, as both counsel to the Monitor and helping clients successfully navigate monitorships. He routinely works with clients to develop and enhance their compliance programs.

David previously worked as an Assistant Attorney General in the Massachusetts Attorney General’s Office, serving as lead counsel in more than a dozen criminal and civil matters at all levels of federal and state court.

David is the hiring partner for the Washington, D.C. office and partner in charge of Orrick's D.C. summer program. He serves as firm-wide staffing partner for his practice group and is a member of the practice's professional development committee. He is deeply committed to associate development and mentoring.

In 2017, 2018, 2019, and 2020 David was selected to the Washington, D.C. Super Lawyers Rising Stars list.

Thora Johnson Partner, Life Sciences & HealthTech, Cyber, Privacy & Data Innovation

Washington, D.C.

See my bio

Practice:

Technology & Innovation Sector
Life Sciences & HealthTech
Cyber, Privacy & Data Innovation
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Thora Johnson Partner

Washington, D.C.

Thora works with medical device, pharmaceutical, biotech and digital health companies, helping them navigate the increasingly complex patchwork of state and federal health privacy laws. One client described her to the Legal 500 as a “very practical” advisor providing “exceptional guidance” on health information privacy and HIPAA compliance matters.

Her breadth and depth of experience enable Thora to assist clients in harnessing the power of artificial intelligence and executing data-sharing arrangements, all while protecting health data. As a result, Thora spends much of her time counseling pioneering startups and high-growth companies on responsible innovation in healthcare and life sciences.

Thora brings extensive experience counseling clients, including Fortune 500 companies and brick and mortar providers, on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
Part 2 confidentiality requirements applicable to substance abuse records
State health information privacy laws
State consumer privacy laws with special controls for health data
Medicare/Medicaid compliance
Mental Health Parity and Addiction Equity Act (MHPAEA)
Genetic Information Nondiscrimination Act (GINA)
Affordable Care Act (ACA) compliance
Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans

Thora routinely helps companies and large employers prepare for and respond to privacy and security incidents involving health information. She also defends clients in government investigations initiated by the OCR, OIG, DOJ, FTC and State AGs, among others.

Stephen Thau Partner, Technology Companies Group, Life Sciences & HealthTech

New York; Silicon Valley

See my bio

D:+1 212 506 5076
E: [email protected]

Practice:

Technology & Innovation Sector
Technology Companies Group
Life Sciences & HealthTech
Mergers & Acquisitions
Corporate Governance
Capital Markets

vCard

See full bio

Stephen Thau Partner

New York; Silicon Valley

Stephen’s practice focuses on the representation of life science, medical device, health IT, and other technology companies in transactional matters, including public and private financings, licensing, collaborations and strategic alliances, and mergers and acquisitions. He also represents venture capital firms in public and private financing transactions.

Stephen is recognized as a Leading Life Sciences Lawyer by LMG Life Sciences in their 2021/2022 rankings and short-listed as Venture Capital Attorney of the Year. He has served as a member of the Board of Tech Council of Maryland, the leading technology and life science association in that state, and of BayBio, Northern California’s leading life sciences association. Stephen is a frequent speaker on venture capital financings and served on the faculty at the 2005 and 2007 Emerging Entrepreneurs workshops at Stanford University.

Prior to joining Orrick, Stephen was a partner at Morrison & Foerster, Venture Law Group and Heller Ehrman. He began his legal practice as a litigator, focusing on securities and intellectual property. He also served as a law clerk to the Hon. Vaughn R. Walker in the United States District Court in the Northern District of California. Stephen graduated Order of the Coif from Stanford Law School, where he was managing editor of the Stanford Law Review, and graduated magna cum laude from Harvard College in Biology.

Tony Chan Partner, Life Sciences & HealthTech, Mergers & Acquisitions

Washington, D.C.; Boston; New York

See my bio

Practice:

Technology & Innovation Sector
Life Sciences & HealthTech
Mergers & Acquisitions
Private Equity
Fintech

vCard

See full bio

Tony Chan Partner

Washington, D.C.; Boston; New York

Tony regularly advises clients on mergers and acquisitions (M&A), private equity, growth equity, and venture capital transactions, as well as on corporate governance, joint ventures and corporate finance.

His clients include global strategic buyers and sellers, as well as financial sponsors and their portfolio companies in the life science, healthcare, investment management, technology and video game industries.

Tony has been recognized for his life sciences and M&A work by a number of notable publications, including The Legal 500 US, Law360, IFLR1000 and Legal Media Group. In particular, Law360 highlighted his work in navigating the complex life sciences industry and key partnership negotiations between biotechnology and drug companies.

In addition, Tony sustains an active pro bono practice, serving as counsel to nonprofit organizations such as Aequitas, APAI Vote, Chefs Stopping Asian American Hate, Rebuilding Together Philadelphia, the Philadelphia Film Society, and the Harvard Asian Alumni Alliance. Tony also serves as an adjunct professor at Georgetown Law School where he has taught Takeovers, Mergers and Acquisitions since 2015.