Compliance Portal |  Customer Portal
Free Quote, Call Today!

Compliance Guide for Healthcare Organizations


Join thousands of other practices working with Healthcare Waste Management.
“The only company you will ever need.”

Compliance Guide for Healthcare Organizations

Healthcare is held to standards that encompass both state and federal laws for the protection of patients, employees, and patient data. The regulations for healthcare are elevated to such a degree that compare to few other industries. Compliancy for the laws can be a make-or-break condition for any healthcare organization. Since non-compliance can result in both legal and financial problems, every healthcare organization needs to have a clear and concise understanding of compliancy requirements, follow through, and individuals responsible for monitoring, tracking, and enforcing compliance. Professionals involved in assisting clinical facilities are needed to assure that all government regulations are understood, patient information privacy and usage standards are set, make sure there is quality patient care, for the prevention of fraud, and to protect the healthcare staff.

Establishing a Compliance Program

The complexities involved in the healthcare industry goes beyond patient care. Depending upon the size of the organization, you may want to have a team, committee or division involved in a compliance program that is led by a Healthcare Compliance Officer (HCO). In some situations, a smaller organization may only have an HCO that is responsible for all actions and activities involved in compliance. The HCO will work with executive management to convey compliance requirements and have the resources to establish all of the rules involved in a compliance program that is developed. The HCO will also be completely knowledgeable on all state and federal compliance laws as well as all internal functions of the healthcare organization.

A compliance program is designed to address the various nuances of operation, function, tracking, reporting, and follow through of all aspects of compliance. The HCO should be selected based on leadership qualities so that an organization can have a streamlined yet comfortable method of reporting and implementation of any changes that are needed. Each faction of a compliance program is designed to interact with the levels of operation within a healthcare environment and to assist in enforcing state and federal guidelines.

There are seven basic tools involved in a compliance program that will be covered here including:

  1. Establishing Standards: This is a code of ethics and operations that are created as part of the operational environment for all procedures and policies. It also includes maintaining updated information on all compliance changes as well as the issuance of compliance alerts, and communication with staff/employees to assure compliance maintenance.
  2. Training & Communication: Training should be completed prior to hiring a new employee. Each employee is required to be trained on compliance as it pertains to the work that he/she does with updated review training at least annually.
  3. Discipline: Part of the documentation involved in a compliance program involves a written procedure and policy that dictates the disciplinary actions involved for all levels of employee non-compliance. It should be clearly stated that disciplinary actions for non-compliance will be enforced regardless of organizational position or title.
  4. Internal Investigations: A healthcare organization must have commitment to the investigation and follow through of all compliance notifications and concerns with sensitivity on confidentiality. The HCO or team representative will then coordinate, document and report any investigative results.
  5. Self-Disclosure (Personal Reporting Obligations): This is a condition of honor requiring any employee or staff member to be responsible for reporting any activity that they have noted by anyone within the organization, including vendors, that has the appearance of compliance violations. The compliance program should include the method(s) that an employee can inform of violations without fear of retaliation of any sort and/or in confidence whenever possible.
  6. Third-Party Payor Audits: Any healthcare provider that participates in any of the government programs such as Medicare, Medicaid, as well as a commercial insurance network can be audited by the state and federal organizations as well as their contractors at any given time.
  7. A Plan for Corrective Action: When an investigation results in a compliance violation there should be corrective actions initiated. The actions will be dependent upon the violation but could include but are not limited to overpayment restitution, notification of appropriate government agencies, and immediate changes that prevents violations in the future. It can also include a “CAP” (Corrective Action Plan) that will be used as an agreement so that payors can continue to work with the healthcare organization.

Establishing Standards

A healthcare organization needs to establish specific procedures, policies and standards of conduct that demonstrate commitment to compliance regulations. These policies should be clear, concise, and written so that they are easily understood and are reviewed for updates or changes on a regular basis (typically annually). The Office of Inspector General in the Department of Health and Human Services indicate that this portion of the healthcare compliance program should assist staff in the performance of their job duties in a way that ensures compliance with the requirements of federal health care programs. The written procedures, policies, and standards of conduct should act to improve the objective and mission of the healthcare facility.  The standards set in a compliance program should be meaningful to the employees.

The standards set in the program need to be monitored on a regular basis to ensure that they include all information that is pertinent, relevant to the healthcare organizational environment, the jobs and duties accomplished, and are up to date to reflect all state and/or federal regulation changes.

The leader and/or team/committee members of the compliance program should have a complete view of what the standards are, establish the rules for the methods of how they should be followed and ensure that the standards are being met. Every department should be analyzed for compliance accommodation on a regular basis.

Training & Communication:

All staff/employees of every healthcare organization should have the appropriate training for his/her job or duty prior to starting the position. They should have receive training on the various guidelines and state and federal laws regarding fraud and abuse. A refresher training should occur at least annually. 

The training should include the various aspects of state and federal regulations for the healthcare facility as a whole as well as their specific duties. Each employee should have a clear understanding of the elements of the standards set and why compliance is important. There should be step-by-step instruction that is easily understood and allows for questions and answers.

The standard is the core of any compliance program and the message conveyed should be consistent. Members of the compliance team/committee should review and practice the standards process, and monitor and re-educate on a regular basis. Paying attention to any staff member that may be confused or forgetful to redirect to additional instruction should be another important duty for the compliance team. This is especially important in a situation where an employee may be following the rules of a previous facility that are insufficient for the current facility.

Creating a line of communication that is commonly known by all employees is the key to receiving potential non-compliance issues. Assuring that a report involves confidentiality will encourage reporting and empower the compliance team to act swiftly to correct the problem.


Adhering to standards of discipline may not be something that any of the compliance team prefers, but it is necessary to ensure that the compliance program standards are consistently followed throughout the healthcare organization. Beyond just making sure that non-compliance actions are circumvented, there are legalities involved that could cause problems for the healthcare facility if they were found to be negligent at monitoring, tracking, and responding to compliance issues. Part of the compliance program should incorporate a well-defined list of infraction levels and the discipline associated with each one.

Discipline can take many forms, and, depending upon the infraction could include but are not limited to: informal education, an oral reprimand, a written reprimand, suspension, or termination. Each disciplinary action must be tracked and documented as part of the complaint resolution. Taking immediate disciplinary action is critical for maintaining the effectiveness of a healthcare compliance program. The goal for discipline should always involve a method of teaching and learning rather than just punishment alone.

Internal Investigations

No matter what the size or rating of the non-compliance issue, it could be a symptom of other situations that are occurring. Conducting an internal investigation can reveal additional problems as well as shed a light on conditions that may not be completely obvious.  For those employees involved in a non-compliance situation it could expose the fact that they were confused in training, need additional training or did not receive training on a new position that they undertook. 

For larger healthcare organizations they will want to bring in their legal counsel that is knowledgeable on healthcare compliance, regulatory/governmental matters, and white-collar criminal defense to lead and advise in the investigation. Smaller organizations can enlist outside counsel of the same expertise. Internal investigations involve reporting to governmental agencies so it’s important to have the correct representation.

Gather all of the documents, reports, billing practices, Medicare claims, emails, and the personnel files of the witnesses as well as any other documentation that may be needed, including the guidelines in the organizational standards relating to internal investigations. Employees that are questioned should answer truthfully, know that their conversation is confidential, and their right to choose to talk to government officials or not. They should also be informed of client-attorney privilege. Depending upon the type of investigation, legal counsel can advise an employee as to whether they will want to get their own counsel as well.

Self-Disclosure – Personal Reporting Obligations

Any healthcare organization is aware of the repeated emphasis by the government regarding the importance of dealing with all of their healthcare programs with integrity. This includes an obligation to prevent illegal and improper acts and potential misconduct. Those in the healthcare industry have an ethical and legal duty to report any conduct that is knowingly against compliance.

Depending upon the offense, a healthcare organization is required to take different reporting actions and prior to reporting anything, they should confer with their legal counsel to be advised as to which state or federal agency is required for a self-disclosure report.

Beyond just doing the right thing and complying with the law, there are benefits to self-disclosure that can include:

Third-Party Payor Audits

Every type of healthcare organization experiences dread when the word “audit” is mentioned. From a pharmacy to a hospital, third-party audits are time-consuming and stressful. With over $800 billion spent every year by the federal government for Medicare and Medicaid products and services, and additional billions in federal healthcare programs, the environment is ripe for fraud. Healthcare providers are required to comply with all state and federal regulations and laws regarding policies and procedures for these programs. Contractors for Medicare, Medicaid and commercial insurance carriers have the right to conduct audits at any time for the healthcare providers that participate in any of their programs. The organization auditing usually reviews only the last two years of operation, however, they can go back as far as six years.

Depending upon which type of audit, a healthcare environment can take some preliminary actions as part of their business operations to help in reducing third-party payor audit time lengths that can include but are not limited to:

Even after the completion of an audit, a healthcare organization has the right to dispute the results (where pertinent) and offer additional information and documentation.

A Plan for Corrective Action

It may sound like an audit can cause major problems for a healthcare organization if infractions are found, however, there is a method that can be implemented that offers solace. If a third-party payor conducts an investigation, audit or survey and discovers that there are lack of compliance conditions, they do have the right to stop doing business with that healthcare organization. This is where a “CAP” Corrective Action Plan can come into play. A healthcare provider will develop a CAP that proves that changes have been made to ensure that the healthcare organization is complying with all state and federal guidelines and laws so that organizations can continue to do business with them. A CAP should be prepared by an attorney that specializes in healthcare or the organization’s compliance officer so that it meets the standards and regulations needed to ensure compliance in all activities. The information in the CAP must also be shared with all employees so that they are aware of and follow the rules designated in the CAP.

A CAP must list and detail six stages to be successful: identification, evaluation, root cause analysis, action plan, implementation, and follow up. Monitoring and tracking the CAP internally will assist in the reduction of audits and investigations from external sources.

Parent page – Safety & Compliance Training

Make The Switch

Join thousands of other practices working with HWM.
"The only company you will ever need."

Request a Quote!        Click to Call