Risk Management Tools & Resources


Corporate Compliance: Covering the Bases


Corporate compliance is a concept that broadly applies to a range of corporate entities and refers to the processes these organizations follow to adhere to regulations and ethical standards. In healthcare, corporate compliance refers to an organization’s commitment to, and procedures for, detecting and preventing violations of state and federal laws, establishing expectations for ethical business practices, and setting appropriate standards for patient care and services. In short, corporate compliance is a commitment to do the right thing — both legally and ethically.

The notion of corporate compliance in healthcare is not new. For years, the U.S. Department of Health and Human Services, Office of Inspector General (HHS-OIG) has encouraged healthcare providers to adopt corporate compliance initiatives. In doing so, HHS-OIG has supported seven fundamental elements of a corporate compliance plan:

  • Implementing written policies, procedures, and standards of conduct
  • Designating a compliance officer (CO) and compliance committee (CC) to provide program oversight
  • Using due diligence in the delegation of authority
  • Educating employees and developing effective lines of communication
  • Conducting internal monitoring and auditing
  • Enforcing standards through well-publicized disciplinary guidelines
  • Responding promptly to detected offenses and undertaking corrective action1

With the implementation of the Patient Protection and Affordable Care Act (ACA) in 2010, compliance plans went from voluntary efforts to mandatory programs. Section 6401 of the ACA stipulates that healthcare providers must establish compliance programs as a condition of enrollment in Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP).2

Whether developing a new compliance program or auditing an existing one, healthcare organizations should consider their specific risks. Just as no two healthcare practices or organizations are exactly the same, compliance programs also are not “one size fits all.” Organizations should tailor their compliance plans to meet their particular needs.

Areas that might benefit from review include:

  • Business operation policies and procedures
  • Billing and coding processes and review of claims submissions, including availability and adequacy of documentation, reasonable and necessary services, and accurate payment
  • Health record documentation standards
  • Health record retention policies and procedures
  • Appropriate use of federal and state forms and documents
  • Adherence to federal fraud and abuse laws (i.e., the False Claims Act, the Anti-Kickback Statute, the Physician Self-Referral Law, the Exclusion Statute, and the Civil Monetary Penalties Law)
  • Compliance with federal and state safety codes, regulations, and standards (e.g., OSHA standards, HIPAA, EMTALA, CMS Conditions of Participation, CDC guidelines, FDA standards, etc.)
  • Organizational roles and responsibilities, including following licensing and scope of practice regulations, prescription authority rules, and professional standards
  • Patient care standards and compliance with specialty protocols/guidelines
  • Patient satisfaction and resulting corrective action plans
  • Processes or functions that have been problematic in the past
  • Training and education (e.g., fulfillment of required continuing education, training for new technologies or equipment, HIPAA training, etc.)

For further details about developing a corporate compliance program and policy, visit the HHS-OIG website and the CMS Medicare Learning Network Provider Compliance webpage. For tools and resources related to Medicaid fraud, waste, and abuse, see the CMS webpage on Medicaid Program Integrity Education.


1 U.S. Department of Health and Human Services, Office of Inspector General, Health Care Fraud Prevention and Enforcement Action Team. (n.d.). Health care compliance program tips. Retrieved from https://oig.hhs.gov/documents/provider-compliance-training/945/Compliance101tips508.pdf

2 Patient Protection and Affordable Care Act, 42 U.S.C. § 18001 et seq. (2010).

MedPro Twitter


View more on Twitter