Episode 78:
New OIG Guidance for a Changing Compliance Landscape

Watch the demo:

Compliance Manager

See the only all-in-one compliance solution today.

Compliance Manager

Check out this insightful conversation full of practical insights for compliance professionals navigating the changing landscape.

If you haven’t had the time yet to read all 90+ pages of the OIG’s New Compliance Program Guidance, we’ve got a great place for you to start.

We invited Sarah Couture, a nurse turned compliance consultant, to discuss the new guidance with us in our latest episode of Compliance Conversations. Join Sarah and CJ Wolf, MD as they break down the essential elements and updates, including:

    • The evolving role of Chief Compliance Officers 
    • The significance of incentives in compliance programs 
    • Collaborative risk management approaches 
    • Emphasizing medical necessity in billing audits 

Sarah is the Principal of Couture Compliance, an organization dedicated to elevating compliance program effectiveness through tailored compliance solutions. You can reach her at sarah@couturecompliance.co.   

Interested in being a guest on the show? Email CJ directly here.

Episode Transcript

CJ: Welcome everybody to another episode of Compliance Conversations. I am CJ Wolf with healthicity and today we have another wonderful guest. She has spoken with us before and has been on the podcast before. Sarah Couture, welcome Sarah! 

Sarah: Thanks CJ I appreciate the invitation to come back and join.  

CJ: Absolutely! It's always a pleasure to speak with you and we learn so much and there's a lot of people that learn a lot from you as well. And for those who haven't listened to prior episodes, we want to give you a chance just to tell us a little bit about yourself. You know, how you ended up in compliance and what you're doing today.  

Sarah: Great! Thanks, I appreciate it. Well CJ, I'm a nurse by background. I've been a nurse for a little over 20 years and accidentally fell into compliance around 2010. You know, like we all accidentally fall in.  

CJ: Right!  

Sarah: And then really just loved it. It really just clicked. So, I started my career as the hospital compliance officer in an academic medical center and then started in consulting in 2015. And that's what I've been doing since. The last time that we spoke, CJ, I was at Ankura Consulting and I have since left, and as of this month am starting a new venture, Couture compliance and I'm excited to see where that goes. A lot of exciting partnerships with different organizations and different people to provide a wide range of services to clients. Really the core of my practice will be focused on compliance program effectiveness. So, performing compliance program effectiveness assessments as well as helping organizations develop their own self assessments. Helping with compliance program development for maybe new healthcare organizations or small organizations that haven't taken time to build a program. And then helping with extra support, whether that's interim needs or fractional staffing, just to provide more hands to get more projects done. So really excited about that. And thanks for letting me share.  

I'm also faculty for the HCCA Research Compliance Academy and I'm faculty for the HCCA Compliance Essentials workshops. Very much enjoy teaching and writing, so thanks again for this opportunity to have an exciting conversation today.  

CJ: Yeah! And thank you for sharing that and we'll include some of your links to websites and those sorts of things in the show notes. So, everybody, if you need to reach out to Sarah, please feel free to do so.  

And Sarah, you and I are going to talk about kind of what the biggest news is in compliance these days. At least the biggest news for a while, which are the new general compliance program guidance principles and large documents; that the OIG...  

Sarah: Right! Large document. Yep! 

CJ: OIG released, right? And I've read through it once and then I first I did a real a real quick kind of cursory review. Then I did a more detailed review, but it's one of those things I'm going to have to read multiple times and but it's big news, right?  

Sarah: Yeah, no, absolutely. And you know, thinking about the guidance documents that have come out in the last few years, the 2017 OIG HCC Measuring Compliance program got effectiveness or resource guide and then the Department of Justice Evaluation of Corporate Compliance programs that came out in 2017 and then was updated in 2019-2020 and this year in 2023, totally like we skim it, then we read it, then we read it again, and then every time you go back to it to look for something or control + F, my favorite function in a guidance document or when you're working with a client like there's just so much to it and to your point, this one at 91 pages and it pulls so many things together like it's one all compliance professionals need to spend significant time in, but not just one time to your point, it's going to be repeated reviews and going back and reading particular areas.  

CJ: Yeah, absolutely! So, tell us a little bit about kind of the history of CPGS and kind of what led us to this point from your perspective.  

Sarah: Yeah. Well, I mean, I think in some ways this guidance and the direction that OIG seems to be going is really getting OIG into the correct century. The communication from OIG, I do think they do a really good job at communicating, but definitely their focus at this point seems to be on modernization, which I think is wonderful. I think this is a great document, we'll obviously spend some time talking about all the different angles of that, but for those of you who may not be familiar or are newer to compliance, you know, following the publication of chapter eight of the federal sentencing guidelines. In the 90s, in the late 90s, we saw OIG come out with specific compliance program guidance for specific sectors of the healthcare industry. So, from I think the first one was in 1998 and then over the next few years into the early 2000s, we saw them develop specific compliance program guidance for hospitals, for labs, for small physician practices. There are several out there and they're still on the website. We'll talk about that as we go as well.  

CJ: Right!  

Sarah: And these compliance program guidance really did provide like the foundation for what in the heck is a compliance program, you know from talking to compliance professionals who were doing something else in healthcare at the time and their boss asked them, "Hey, do you want to be our compliance officer?" Literally it was; "OK! what do we do?"  

So, these guidance documents really did provide the foundation. But they hadn't been updated in a really long time, and as you and I know CJ the Healthcare a regulatory landscape like changes faster than roller coasters sometimes, and they were also coming out back then in the Federal Register hadn't been updated. Wasn't in a format really that could be updated easily because of being in the Federal Register.  

So, as you, I think CJ, we saw each other there back in April at the Compliance Institute, Christy Grimm, the OIG announced that OIG was prioritizing some of its modernization would have first come out with general compliance program guidance, which is general, It's meant for all healthcare.  

And then starting in 2024, we will see industry-specific or sector-specific, I guess I should say, risk-specific compliance program guidance come out for various sectors of the healthcare industry and they haven't published yet what that list will be of; those are going to be called ICPG, this one is the GCPG. So, it's definitely something that we all need to stay on that front edge of and make sure that we're watching for, because I do think these will change some of the ways that we do compliance. There are some updates in this document, some surprising, some not as surprising, but like the next few months and years, there will be some evolution in the way that we do things.  

CJ: Yeah! And I remember it was a year ago, maybe a year and a half ago, the OIG published kind of their whole intent to modernize and they opened up, you know, for comments from the compliance Community, healthcare community and I was fortunate enough to be invited to participate in one of the round tables that they held. So when they were doing all the brainstorming and I just have to say, I felt very listened to. So, you know whether they're going to do everything that we said. There were a few of us, we did breakouts and then, I just, the people who were taking notes were just they kept asking questions. They were not preaching to us. They were listening actively and so I really appreciated that. And now to see this kind of come along a few years later, it's exciting.  

Sarah: Yeah! And like you said, to hear what you're sharing, I think should be encouraging for compliance professionals. It's not just coming down from the ivory tower, it's in collaboration with the compliance community.  

CJ: Yeah, absolutely!  

Sarah: So, in the document, it talks about how this is a more modern version, but it will stay updated in a more timely manner now it's no longer going to be published in the Federal Register, but updates will be made to the document online. So again, like it's 2023, it's almost 2024. Like this shouldn't be surprising, but it's just not the way that the government has worked. So I very much appreciate their progress on modernization.  

I got to say, CJ, one of my really favorite things about the document and yes, I printed it out because I think it's something I'm going to reference a lot and my husband's like, "Oh, my gosh, why are you printing 91 pages?" But these things we just keep going back to, right? CJ in my mind, it really takes a lot of the, I wouldn't say disparate information, but separately located information brings it together and condenses it and really makes it a lot clearer. It's definitely I mean knowing that CJ, you, and I started as compliance professionals when there's just all of these random pieces like breadcrumbs of information everywhere. For those who are new to compliance, this is like a wonderful document to say like this is, it's all here, right? It's the why. it's pertinent regulations. It's the elements. It talks about other guidance documents and tries to bring things together and really connects the dots, which not only for new compliance professionals but also we know sometimes it can be really challenging to communicate and paint the picture of compliance for our leaders and our boards. This document will help do that.  

CJ: Yeah, and what was your kind of sense as you went through, I know we're going to get a little deeper in a moment, but just kind of how they arrange things, the elements, risk assessment, what were your initial takeaways on that, piece of it? 

Sarah: Well, you know, I'm not really surprised that we have a new arrangement of the seven elements because it seems like every time we have a new iteration, it's the same concepts, right?  

CJ: Right! 

Sarah: But it's never the same list. It's never the same order. It's never the same configuration. So, as you noticed I'm sure CJ, they did include risk assessment in with auditing and monitoring as one of the seven elements. I've heard people say over the years they've called it the 8th element because it hadn't made it into the list. You know, it's honestly that's probably not my favorite place to put risk assessment as an element, because I think it's the foundation of all of the elements.  

CJ: Exactly! 

Sarah: I don't know that I love the idea that it's just tied to auditing and monitoring because it really should be tied to our policies. It should be tied to our governance. It should be tied to our response to our investigations.  

CJ: And the training? Yeah, everything.  

Sarah: Yeah! So, we may see that change over time. If there was a way to say here's, you know, risk assessment is the foundation for the seven elements, but they've decided to put it as, you know, mix in with auditing and monitoring element. I will say I'm kind of glad CJ that they changed it from the 2017 OIG HCCA. I don't know if you remember, but it had exclusion screening as an element.  

CJ: Which is like an activity, but it's a whole element!  

Sarah: Yeah, it's a risk area. So, like then make billing and coding an element and HIPAA an element like it didn't make sense to me that we would take a specific risk and make it an element because again those seven elements need to apply to all of the risks. So I think that's an update I'm glad to see. I think the risk assessment is interesting. Certainly, it needs to be on everybody's radar, but like, if we're talking about philosophy, I would have said it should be the foundation of all of them not a stand-alone. But you know what are your thoughts on that?  

CJ: Yeah, I agree. I was kind of in the camp of, we always when I was doing effectiveness reviews and things I would say, "We really have an eighth element because it's the foundation, right?" You can't develop an audit plan until you've done a risk assessment. You can't develop a training plan for the year or for two years until you've done a risk assessment. You know you can't do all of these activities policies to your point. How do you know what policies are needed most or need to be revised until you've done a risk assessment? So, I was kind of in that camp. So you know, as long as it's in there, I'm grateful that it's like a focus, right? And so I can at least refer to it and say no, what we've been saying all these years is now it's like, "Yeah, you got to do a risk assessment, for sure!"  

Sarah: Somebody wrote it down, which is nice, right?  

CJ: Yeah, exactly.  

Sarah: Another you know, from a structural perspective. I really like the summaries of the pertinent fraud, waste, and abuse laws. I think that's great. I'm not a lawyer and the people that are stakeholders are not lawyers, right? Our CFO and our CMO and our managers of revenue cycle like they're not lawyers, so I really appreciate that they took these regulations and it even says like, not everything is here like you need to go read the regulation and see if it applies. But it tried to develop understandable summaries explaining the risk and really gave some really practical tips. I was impressed. 

CJ: Yeah! And I like the fact that, I mean, I felt a little validated because you know, as I work with people, I'm like, these are the big buckets of risk in healthcare. I know we're going to get more specific, you know, for skilled nursing, I know we're going to get more specific for ambulance and pharma, but big bucket, you know, it's revenue cycle, so coding and billing, it's anti-kickback, right? So they isolated that. It's Stark. It's civil monetary penalties. It's these big buckets of because I'm kind of let's start at the top and kind of filter down and I like to just say, is that bucket covered in some form or fashion? So, I liked that approach too.  

Sarah: Yeah, that totally makes sense these had to apply to pharma, skilled nursing, hospitals, physician practices, DME. I mean, this is general guidance. So, they pick the right ones and I do think to your point, like it'll be interesting to see how they write the ICPGs, if they restate things versus do they just reference the other one. And I'm sure they're kind of working on that strategy now.  

CJ: Exactly! Let me ask you this, so for someone who hasn't read this yet, or maybe they're still kind of getting through it and digesting it. What are your recommendations for kind of taking it all in using it you know, is there a practical approach to this document that you found?  

Sarah: Yeah! And I think, CJ, it starts with what you and I have already done, which is well, first, we skimmed it and then we read it like people need to do that. So if you're hearing this for the first time and you're like, "Oh gosh, I missed the news! I haven't even heard of this!" Go print it out if you like paper like me or save it on your desktop, but like skim it to kind of see the overview and then take time and let me tell you it's going to take time. It took me two flights last week back-to-back. That's what I did on my flights all day. Reading and taking notes. Just going through what struck me. What jumped out at me? What questions did I have? What was different? And then let it sink in and there will be, you know, you might want to read it again.  

Certainly be ready to reference this as you're working on your education and training plan for 2024, as you're working on your auditing and monitoring plan as you're evaluating, what did we do well this month or this year in our compliance program, how do we be more effective next year? Like start using this.  

I do think it's important to point out, you know, people love a silver bullet, CJ, right? Everybody would love to say, "Check the box! My compliance program is effective!" I'm glad that in the intro it says you can't. That's not the point, you know, the 2017 guidance said this is not meant to be used as a checklist. This guidance says, it's not meant to be a model compliance program, it's not a one-size-fits-all, it's guidance. There are guidelines. So don't view it as an "Oh man, I need to do this. I need to make my program look just like this." No, these are the principles that you build your program specific to your organization's needs, its culture, its size, its risk profile. Apply it, but don't think this is the copy and paste of my compliance program.  

CJ: Yeah, exactly! No, I think you're spot on. Let's continue with this topic in a moment. We're going to just take a quick break and everybody will be right back.  

Welcome back everybody from the break. We're talking about the guidance, the new guidance from the OIG and we were kind of strategizing a little bit about how to digest it and go through it for the first time. Any other comments on that topic, Sarah, before we kind of start getting into some nitty gritty?  

Sarah: Yeah, I do think, CJ, it's important to inform your leaders and your board. In our communications, we need to make sure we're letting them know what's going on in the industry, but I think this is noteworthy, so as you're going through, as you're reviewing it, decide how and what to present to your board to your CEO, to your senior leaders and your compliance committee. Definitely let them know this guidance is out there, what's in it, why it matters, and then as you're going through pull out some of the things like if there's a, you know, if you've been hitting your head against a wall trying to communicate concept X and it's in here, use that in your conversation. But make sure that your board and your leaders understand what the document is and how it's relevant. And even if you already know how it's going to. Form some of your thoughts into 2024.  

CJ: Yeah, that's great advice. Anything else on that? I want to start getting into some of this.  

Sarah: No, let's turn the page. Let's keep rolling!  

CJ: All right, so you know, I saw certain things in there, you know, 'cause I've read all those other documents for years. And so I saw some subtle and not-so-subtle things. But what themes did you see emphasized that were really, really important? That's different, maybe from the past.  

Sarah: Yeah, and you know, CJ, I think some of them are different and some of them are, they just have to keep hitting us over the head with it, because people aren't getting it, right?  

CJ: Exactly!  

Sarah: Yeah! And I think that's the person we should talk about. We know from hearing OIG speak, and from looking at guidance documents, we know what the structure is supposed to be relative to the authority, stature, and independence of the Chief Compliance Officer. We know that.  

CJ: Right! 

Sarah: But I know CJ, you do effectiveness assessments as well. Like when, I can't tell you how many organizations don't have the right structure either they have the compliance officer subordinate to finance or subordinate to legal. Or they have the compliance officer reporting to the CEO and board, but have the person so low level in the organization from a stature perspective, they're not seated with senior leadership. So, they're not at the right conversations. They don't have that level of respect. It's mind-boggling to me the guidance is very clear, people aren't always following the guidance.  

CJ: Yeah. And at that same compliance institute in April where this was announced that this was going to be coming later in the year, I listened to one of the OIG speakers. I don't know if you were in that session.  

Sarah: Was it Laura?  

CJ: Yeah, and she focused on this point exactly. Now, it's not a law, right? There's no law that says, but people that get that, organizations that have trouble, it almost always seems like their structure is wrong, right? It's not to your point. It's not this. They haven't placed it in the appropriate stature within the organization, right? They need to be, you know, in the C-Suite or near the C-Suite, they need to be that chief compliance officer needs to be at a high stature within the organization. That message came through loud and clear for her.  

Sarah: Absolutely! And for reference, it's on page 39. If anybody needs to go look and see what it says if you're curious what we're talking about. But CJ, I mean, the reason for that is so clear. When compliance is prioritized when compliance has a voice, when compliance matters, it's seated with the other functions that matter, right? The CFO, the chief legal, the chief medical, the chief marketing. When compliance is not there, it sends the message that compliance is not as important and the rest of our organization sees that.  

CJ: Exactly, yeah!  

Sarah: When it's not prioritized, and like you said, those are the organizations that don't seem to have as strong of a program because it doesn't seem like the commitment is there.  

CJ: Yeah, those actions speak much louder than any set of words.  

Sarah: Yeah! Well, that in my mind, that's the one of the big ones that jumped out at me. Go ahead.  

CJ: I would say the other thing that point that kind of stuck out to me was about incentives. And I saw this also you referenced the DOJ evaluation of compliance program, about some of their updates, I think it was in March about incentives and clawbacks of people's salaries and things. What were your thoughts about incentives, compliance incentives?  

Sarah: Yeah, I appreciated what was in this document. I did note it doesn't go into the callback discussion like the DOJ did, which I was kind of looking for.  

But it definitely talks about incentives and you know, CJ, it's not new like chapter eight of the federal sentencing guidelines talks about incentives, yet so many compliance programs haven't even taken the steps to implement some of the recommendations from the 2017 guidance.  

I think it's a huge opportunity, like if I were, you know, making recommendations for what people should prioritize of, you know, what are the top five things developing an approach to compliance incentive should be on that list because it's very clear that's an expectation.  

CJ: And they don't all have to be like, negative incentives, right? Like I've seen some clients where, like they might take, you know, the vice president of an operational line, and his or her part of his or her bonus is tied to, you know, how quickly did everyone in your line of command get their compliance training done? Or, you know, things that move people, right?  

Sarah: Absolutely, right! Because we've always focused on the disincentives, the enforcement and discipline side. But this is kind of the opposite side of the coin. Let's reward the behavior. Yeah, absolutely. I think it really goes with compliance as part of the job description and compliance as an element of performance management compliance as an element. You know, what does your bonus look like? There should be a compliance element there. So yeah, that's definitely one that at least healthcare organizations need to evolve in other industries, I think have figured this out. But healthcare has been slow to adopt this one.  

CJ: Yeah! The other thing that stuck out to me, I'm interested in your thoughts on kind of the whole risk management like they made reference to certain other societies and documents and we talked a little bit about risk assessment already, but any more thoughts on that about kind of this collaborative approach between all these risk monitors within an organization?  

Sarah: Yeah, it's interesting! In the document, it talks about or it mentions that maybe risk assessment may be new to your compliance program. I wonder how many compliance programs like maybe it's not well developed, but I think that it the concept has been communicated that compliance programs need to be focused on risk. I think maybe this is just an evolution. Certainly, a risk assessment done in a silo, it's not like there's no benefit there, but it can be more beneficial, bring more value, and also engaged operational stakeholders. If there's a collaborative approach to risk assessment. So, you know if your organization does have enterprise risk management, ERM, if your quality department is doing a risk assessment, if internal audit does a risk assessment, I think it's a good use of resources and efficiency to not have a bunch of separate approaches. Certainly, that will need to be discussed and developed. But yes, so as you mentioned they put some really good resources in there from COSO, was it last year or the year before that COSO and HCCA worked together on a document.  

So, there's definitely a lot more resources now for how to how to do risk assessment. The guidance also talks about data and I know CJ that's another one where people either get it or they don't, but like the government uses data, we have to understand our data. Exactly!  

CJ: Exactly!  

Sarah: Our data should be, we should be leveraging that to have a smarter risk assessment process leveraging and our auditing and monitoring. So, I mean that that that was another interesting area, kind of jumping to the next one and I think this is one that, you know, you can probably speak to better than I could or maybe both of us can because we come from kind of that clinical background. I thought it was very interesting how many times in the document it talked about medical necessity as part of your billing audits, not just billing and coding. Did you notice that?  

CJ: I did and again I felt this was really important because it's something I have focused on for years. A lot of people do coding and billing. I was the director of billing compliance for a large academic institution. And yes, we did coding and billing and that's needed, right? But I've met so many individuals who are so good at that part of it, but they're not, but the services they're providing are not medically necessary, and now that can have different connotations, right? I'm not saying I want to be the doctor and tell the doctor what he or she can't do, but when it comes to billing, you have to follow certain rules, local coverage determination, and all that kind of stuff, and what I have found is, because I do a lot in the coding space, a lot of coders and auditors, they're just not comfortable with the medical side of it. And I get that they're not medically trained and I don't want to also pretend like I could be the expert in nephrology or the expert in neurosurgery and all the details. But I think there's an in-between. Before you jump up to hiring, you know a nephrologist to do external, you know, you can have somebody with a general clinical background who could at least pick things out, somebody who can understand, and I get called to do this more than anything else of what I get called to do. It's to kind of give an assessment of medical necessity not to be the final voice but to say, "Yeah, this is something that you might want to now go down this road and hire that nephrologist to get really specific," or "No, this falls within the general guidelines, you know what, I can read the medical literature, I can read what professional societies recommend," and this is, you know, within the general framework. And so I just think that's a really important part. What's your experience been with that?  

Sarah: No, I think you're absolutely right. I think you know people here; False Claims Act and they think about billing and coding audits and so we hire coders, but this medical necessity element, I think needs to be at least part of the conversation. So, knowing that the guidance talks about you know those with appropriate credentials, I think you were speaking very well to that CJ. There's different credentials needed for different kinds of reviews. But I think that you know that big picture view in on the front end, there are a lot of guidance documents or excuse me like clinical protocols out there that help us understand. We also have NCDs. I mean some of the national coverage determinations and when Medicare talks about medical necessity, they're talking about does the NCD allow it?  

CJ: Yeah, exactly. You're talking about coverage, right?  

Sarah: Correct! Coverage versus necessity.  

CJ: Exactly! And they're quick to say, as OIG is, "We're not here to tell you doctor how to practice medicine. But just because you order it doesn't mean we're going to pay for it." And so that's a different discussion. And like, some of those LCDs, for example, like with pain injections in the spine and sorts of things, most of those LCDs spell out, you need to exhaust conservative treatments first like you have, the patient has to fail at least three months of these conservative treatments before you jump up to this. And if you don't document that, then it's not going to be covered. It's not medically necessary from a coverage standpoint, and that's just one example. So, to your point, NCDS, LCDs, you got to read the details.  

Sarah: Right! So, I think you know the takeaway for those listening is really, you know as you're moving into 2024 thinking about your risk assessment and your work plan. Look at your approach to billing and coding audits. Does it include that medical necessity component in those areas where there's specific risk there, CJ. So, I think that's just a take away like it needs to be on people's radar.  

CJ: Right! And to your point about risk and this goes back to that whole importance of the risk assessment. So, you have to do a risk assessment to know what your organization is involved in. So, you could have two hospitals, one has a hyperbaric oxygen treatment center and the other doesn't, those two hospitals are now have a different risk profile because HBO therapy in the past has had real problems and you need to be up to date on where have settlements been, what have issues been, what's on the OIG work plan, what's on your local Max, TPE, you know, target, probe and educate. What's been approved for the racks and that's all-public information for them to audit. So, it's finding those risks and then; "Oh yeah we better audit for that!"  

Sarah: Yeah, for sure. Another area that like CJ, you and I know very well prioritizing effectiveness since that's something that you and I advise our clients in. But like, I'm really glad that this guidance said it. I think other documents have kind of danced around it, but organizations, compliance programs need to understand, is this program designed and being implemented in a way that will effectively prevent and detect fraud, waste, and abuse? You know my approach on that is number one; there's no one size fits all, right? And there's also not a pot of gold at the end of the rainbow. It's not like, "Oh, now this program is effective.” I think it's a continual pursuit. How can we more orient our program around risk? How can we become proactive? How can we do all these things to continue pursuing effectiveness?  

But CJ, I think having a consultant like you or me or other experts who do a great job in the market. Having someone come and look at your program every two or three years from an outside objective perspective because an outside consultant doesn't know your politics and doesn't get blinded to the culture. So having that objective perspective that also you know there's an opportunity there that we get to compare. We know what's going on in other healthcare compliance programs and we can provide input. But also developing an approach to assess your program internally each year. I've only seen one place that I did an effectiveness assessment that actually had a proactive each year they assess their own effectiveness and made kind of a corrective action plan on where they wanted to develop. So I'm glad it's in the guidance. It's been a huge priority for my practice and I'm glad to see it in there. Do you have other thoughts?  

CJ: Well, I completely agree with you and it's not new news, but it's being repeated, I think because not to your point, not a lot of people and programs are doing it on a regular basis. You should be doing it annually internally like you just mentioned the one you saw and then like you said, I what I've been seeing is that every two, three, four years bringing in somebody external like you said, that's not blinded by the politics and those sorts of things.  

Sarah: Yeah!  

CJ: So, Sarah, we're kind of coming to the end. I know we have so much that we'd like to talk about, but we probably have two or three minutes. What would you like to highlight from this guidance document that we haven't covered yet?  

Sarah: Yeah, I think a couple more interesting things. You know, there's a section on reporting to the government if you need to. Now that one I think should have a big asterisk that says; "Work with your legal counsel on this one!" But it's in there and I think it's helpful. You know the section CJ called other compliance considerations, I found fascinating, right? Quality; because we have not included quality at the table for compliance committees or risk assessments like that's huge. We could, CJ, let's plan in 2024, let's just do that as a podcast because I think there's so much we can do there, but I think the big thing, CJ, is just people need to know things are changing stay on the front edge of your seat. Make sure that you are subscribed to the list serves and the webinars and the podcasts you're going to HCCA events like don't get left behind to be relevant in compliance, in healthcare regulatory you have to stay on the front edge. I think that's the lesson here, and because this isn't all repeats of old stuff, there's some new stuff in here, so just stay current, keep you know, have your eyes open into 2024 as the new ICPGs come out and yeah, I think this is great. It's exciting, we're in an exciting career for sure and appreciate this opportunity to talk to you today.  

CJ: Yeah! Thank you for that! And I'll just comment in the last minute or two, the quality and safety and we just did a webinar, I want to say last week on the OIG's adverse events tool kits that they published in July. They've done some work in this space and traditionally and you've probably found this too, Sarah, that traditionally, compliance programs have left kind of quality and safety to another department, and that's OK because that requires a whole another type of training and specialization. I'm not saying compliance department should take it over, but they should be involved in knowing what the process is because it's going to be expected that the organization has some robust process for quality and safety and then to your point about medical necessity. And so there's overlap there. I'm not saying compliance has to take it over, but you should be talking to those folks, right? You should have a good relationship. You should understand their strategy and they should understand yours.  

Sarah: And I mean if we can guess at the writing on the wall, we have seen quality in False Claims Act be tied together in the past, we see it a lot in skilled nursing with worthless services. So like that may become a thing that may be somewhere we're heading here, so like quality matters. If you're giving terrible service to someone, you better not be billing for it. That's where this may be going.  

CJ: Yeah, you're spot on. And I really appreciate your insights kind of on what's next of keeping your eyes open, you know, listening, looking for what people are publishing and of course the OIG with the ICPGs that's going to be really, really exciting to see that roll out the next year. I have no idea how they're going to do it and what they're going to start with. Like you mentioned earlier. My suspicion, I don't know, let's just guess. If I'm a betting guy, they're probably going to do hospitals, skilled nursing and physician practices maybe.  

Sarah: And there may be one for Medicare Advantage. I would think would be at the top of the list too.   

CJ: I bet you're probably right. That's probably going to be number one absolutely.  

Sarah: Yeah. No, I think your list your list is right. I think it'll be skilled nursing Medicare Advantage hospitals. What was the other one you said?  

CJ: I was hoping for docs, but physician practices and medical practices and stuff.  

Sarah: OK. Yeah. Well, hey, let's, let's see if we're right, maybe we should, I don't know, make some other guesses about things and see if we're right in the future.  

CJ: Exactly! Sarah, this has been wonderful. Thank you so much. And again, everybody in the show notes, we'll have links to and ways to get in touch with Sarah, if you need her services, please reach out to her. And any last-minute thoughts, Sarah, before we say goodbye.  

Sarah: No, again, just appreciate this so much, CJ. I always love to get to come and have these discussions.  

CJ: Awesome! Thank you so much! And thanks everybody for listening. If you like these, please share them with your friends and please reach out to us if there are topics that you want to hear more about. If there are guests that you're aware of that would make good guests, we're always looking for others to kind of chit-chat about compliance. So thanks, everybody! Stay safe. And then till next time. Thanks!