FAQ – Common Heathcare Compliance Questions

Navigating the intricacies of healthcare compliance can be daunting. It’s why we’ve compiled a series of the most common healthcare compliance questions we’re asked and their answers.

Healthcare compliance refers to the process by which healthcare organizations ensure they follow all applicable federal and state laws, regulations, and ethical standards. Because healthcare is one of the most heavily regulated industries in the United States—and the largest area of federal spending through programs like Medicare and Medicaid—compliance is essential to protect public funds and maintain trust in the system.

Why It Matters

  • The U.S. government spends more on healthcare than any other sector.
  • These expenditures are funded by taxpayers and must be safeguarded against fraud, waste, and abuse.
  • Healthcare providers are expected to uphold legal and ethical standards to protect these programs and the individuals they serve.

Compliance Programs

To meet these expectations, healthcare organizations are required to implement Compliance Programs. These programs:

  • Establish policies, procedures, and processes to ensure adherence to laws and regulations.
  • Promote a culture of compliance, accountability, and ethical conduct.
  • Help identify, assess, and mitigate legal and financial risks.

Although agencies like HHSOIG, and DOJ provide guidance, there is no single formal definition of a Compliance Program. A widely accepted definition is:

“A system of policies, procedures, and processes developed to assure compliance with and conformity to all applicable federal and state laws governing the organization.”

See our other FAQ: “What is a Compliance Program?”

Compliance Programs are a collection of operational processes developed to help ensure compliance with all applicable federal and state laws governing the organization, and can be defined as Compliance Operations. Compliance Programs are further about the prevention, detection, collaboration, and enforcement of rules and regulations.

“Compliance Programs provide a central coordinating mechanism for furnishing and disseminating information and guidance on applicable Federal and State statutes, regulations and other requirements.” (OIG “Compliance Program Guidance for Hospitals”)

The Office of Inspector General (“OIG”) of the Department of Health and Human Services (“HHS”) has encouraged the development of Compliance Programs in health care for more than 25  years. They offer a number of “guidances” for various sectors of the health care industry explaining what is expected in a Compliance Program, all of which contain the “7 Elements of a Compliance Program.”

Element I.
Written Policies and Procedures
Element II.
Compliance Leadership and Oversight
Element III.
Training and Education
Element IV.
Effective Lines of Communication with the Compliance Officer and Disclosure Programs
Element V.
Enforcing Standards:  Consequences and Incentives
Element VI.
Risk Assessment, Auditing, and Monitoring
Element VII.
Responding to Detected Offenses and Developing Corrective Action Initiatives

All health care entities are expected to have all of these Elements implemented however, “how” you do that is highly variable and organization-specific. Wild Consulting can help you to build a strategy to define and obtain your objectives within your organizational structure and budget.

Yes. That may seem like a simple question, but the answer is a bit nuanced!  Compliance Programs are mandatory for certain providers but very strongly encouraged for all.

Implementation of a health care Compliance Program has, historically, been voluntary. In 2010 this changed with the passing of the Affordable Care Act which contained a provision that deemed Compliance Programs mandatory as a condition of enrollment in Medicare, Medicaid, and other federally funded health care programs.  And, while HHS and the OIG have long acknowledged the criticality of organizations establishing an “effective” Compliance Program, enforcement has been extremely slow (or non existent!). It is, nonetheless, a mandatory provision of the ACA.

In November 2024 CMS incorporated “Compliance and Ethics Program” requirements into the survey protocol for skilled nursing facilities (“SNF”), meaning that failure to implement all requirements, can result in citation or additional penalties. Implementation of an effective Compliance Program is actively being enforced for SNFs as a condition of participation in Medicare and Medicaid!!

Medicare Advantage Organizations, Medicare Prescription Drug Plans, and other entities enrolling in federal programs have long been obligated to implement compliance programs with seven core elements.

For hospice and home care agencies, clinical labs, DME companies, third party billing companies, ambulance suppliers, it is anticipated that CMS will enforce Compliance Program implementation in the same manner as it has for SNFs, i.e., included in the Conditions of Participation survey process. This enforcement, while it has been a long time coming, is on the horizon.

Implementation of a Compliance Program is strongly recommended that individual and small group practices.

Choosing NOT to have a Compliance Program is a risky decision. Health care is the most regulated industry in the country! Without a Compliance Program in place to help monitor, interpret, and implement the huge variety of rules and regulations and on-going changes, no organization can hope to effectively manage and mitigate the associated risk of non-compliance.

Further, should you be investigated by a government entity, and found guilty of some type of wrong-doing (not uncommon) the government states that having a Compliance Program in place can reduce your exposure to penalties. Compliance Programs are often looked at as a type of insurance plan that protects your organizational finances, time and resources, and reputation.

Compliance Programs are now mandatory for skilled nursing facilities, who can be cited for non-compliance through the Conditions of Participation survey process if they don’t have all of the elements implemented. Continued noncompliance can result in limitation or exclusion from billing Medicare, Medicaid, and other federal and state programs. It is believed this expectation will soon be in place for other types of providers as well.

Well, great start! There is no single way to develop a Compliance Program so just start to work from where you are. Begin with learning what each of the Elements of a Compliance Program are and what is expected. Then take a step back and assess what you have in place, and what you don’t – conduct your own internal assessment. Then, devise a step by step plan to put the pieces in place on a timeline and budget that is realistic and attainable. Be sure to get support from the governing body and the CEO/President, and then the Compliance Committee, even if those are pieces you still need to implement.

There is no defined, single way to implement a Compliance Program. The OIG does not provide guidance on “how” you implement the 7 Elements but here are a few pointers we have found work well.

Start with getting support from the governing body and the CEO. Implementation of a Compliance Program is an organizational effort, not the sole responsibility of one individual whose been designated as the Compliance Officer.  Once you have their backing, build your Compliance Committee. The Compliance Committee is there to support further efforts and is needed to assist with implementation of the other Elements such as the developing a Risk Assessment, reviewing and possibly approving policies and procedures, drafting educational materials, etc. From there, build a plan to implement the rest of the requirements such as developing the necessary policies and procedures and a Code of Conduct, and educating on them, putting a hotline in place, etc. Other Elements can be implemented over time and as practical for your specific organization.

If you need further guidance, call us, we’re here to help you along the way: (262) 993-4747