Expert Insights from the 2023 HCCA Compliance Institute

If you’re like me, you were in hog heaven at the HCCA’s Compliance Institute in Anaheim. It was so nice catching up with friends and colleagues while meeting and making new friends too.

As far as compliance content is concerned, here are some of my biggest takeaways. My insights are subjective and based on the sessions I attended; I couldn’t be in all places at once (though I plan to listen to all the recordings when they become available).

Inspector General Christie Grimm

I appreciate how engaged the HHS OIG is with the compliance industry. This year, HHS Inspector General Christie Grimm did not disappoint.

  1. Self-Disclosure Protocol (SDP) Hits $1 Billion! Ms. Grimm recognized that at the end of 2022, more than $1 billion was returned to the government through the Health Care Fraud Self-Disclosure Protocol (SDP).  She identified this as a significant event and shared that this achievement is a testament to the success of the health care compliance community.
  2. Future Focus  OIG sees an increased need for work in two significant areas: (1) improving nursing homes and (2) strengthening program integrity in managed care. Ms. Grimm said, “You have heard me say that nursing homes are my top priority.” And regarding managed care, she said, “It is a booming part of health care for which a rigorous compliance focus on financial integrity is sorely needed.”
  3. Ending the Public Health Emergency (PHE)  As waivers expire, providers must chart a course forward to assure compliance with regulations that were effectively suspended or significantly modified during the PHE. Unwinding will not be an easy task after the last three years.*
  4. New Guidance Forthcoming  As part of the OIG’s modernization efforts, they aim to publish later this year a new General Compliance Program Guidance (CPG) with tips and pointers applicable to all industry sectors. Starting next year, they will roll out supplemental CPGs with tailored, industry-specific content.

*Click here to view Healthicity's recent webinar on implications for compliance professionals at the end of the Public Health Emergency.

Laura Ellis, Senior Counsel, Office of Inspector General, HHS

  1. Since 2003, corporate integrity agreements (CIA) have clarified that the Chief Compliance Officer (CCO) should not be or be subordinate to the company’s General Counsel or Chief Financial Officer. The CCO should really report to the CEO and the Board. To paraphrase Ms. Ellis, “what kind of message does it send to the organization if the CEO has time to manage the CFO but not the CCO?"
  2. Organizations should be conducting an annual risk assessment.
  3. Medical necessity audits and reviews require reviewers with the appropriate clinical knowledge.
  4. Is there a transition plan in place for compliance leadership?  Will the program continue when leaders change?

Update on Laboratory Issues

  1. Audits on COVID testing during the pandemic are showing many medically unnecessary genetic tests, especially as it relates to marketers and telehealth providers.
  2. Audits on COVID testing are also showing many medically unnecessary add-on respiratory panel tests.
  3. In February 2023, OIG issued a report on definitive drug testing when presumptive testing was performed first:
  4. There are concerns about laboratory testing as it relates to telehealth providers, and OIG recently released a toolkit to help identify telehealth risks:
  5. The Eliminating Kickbacks in Recovery Act of 2018 (EKRA) was passed as a part of the Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act (SUPPORT Act). It applies to recovery homes, clinical treatment facilities, and laboratories. It prohibits the solicitation, receipt, payment, or offer of remuneration to induce patient referrals. This extends to services covered by both government and private payors.

OCR Update and 2023 Priorities

  1. 2023 Priorities for OCR include:
    • Advancing health equity and nondiscrimination in health and human services nationwide
    • Ensuring individuals know their rights
    • Protecting privacy and security of health information
    • Vigorous enforcement of the law
  2. Ending of the PHE:
    • OCR’s Enforcement Discretion will expire at 11:59 pm on May 11, 2023, due to the expiration of the COVID-19 public health emergency.
    • OCR is providing a 90-calendar day transition period for covered health care providers to come into compliance with the HIPAA Rules with respect to their provision of telehealth.
    • The transition period will be in effect beginning on May 12, 2023, and will expire at 11:59 p.m. on August 9, 2023.


If you attended the conference, HCCA will give you access to recordings of all the sessions for a period of time.  If you didn’t attend, you can still access the recordings by purchase. So, either way you look at it, the compliance fun that we had in Anaheim does not have to come to an end!


To download this blog post as a pdf, click the button below.

Download the PDF

Questions or Comments?