Risk Management Tools & Resources


Corporate Compliance: Covering the Bases

Corporate Compliance: Covering the Bases

Corporate compliance is a concept that broadly applies to a range of corporate entities and refers to the processes these organizations follow to adhere to regulations and ethical standards. In healthcare, corporate compliance refers to an organization's commitment to, and procedures for, detecting and preventing violations of state and federal laws, establishing expectations for ethical business practices, and setting appropriate standards for patient care and services. In short, corporate compliance is a commitment to do the right thing, both legally and ethically.

The notion of corporate compliance in healthcare is not new. For years, the U.S. Department of Health and Human Services, Office of Inspector General (HHS-OIG) has encouraged healthcare providers to adopt corporate compliance initiatives. In doing so, HHS-OIG has supported seven fundamental elements of a corporate compliance plan, which are described in Chapter 8 of the 2015 United States Sentencing Commission Guidelines Manual. These elements are:

  1. Implementing written policies, procedures, and standards of conduct
  2. Designating a compliance officer (CO) and compliance committee (CC) to provide program oversight
  3. Using due diligence in the delegation of authority
  4. Educating employees and developing effective lines of communication
  5. Conducting internal monitoring and auditing
  6. Enforcing standards through well-publicized disciplinary guidelines
  7. Responding promptly to detected offenses and undertaking corrective action1

With the implementation of the Patient Protection and Affordable Care Act (ACA) in 2010, compliance plans went from voluntary efforts to mandatory programs. Section 6401 of the ACA stipulates that healthcare providers must establish compliance programs as a condition of enrollment in Medicare, Medicaid, or the Children's Health Insurance Program (CHIP).2

Whether developing a new compliance program or auditing an existing plan, healthcare organizations should consider their specific risks. Just as no two healthcare practices or organizations are exactly the same, compliance programs also are not one-size-fits-all. Organizations should tailor their compliance plans to meet their particular needs.

Areas that might benefit from review include:

  • Business operation policies and procedures
  • Billing and coding processes and review of claims submissions, including availability and adequacy of documentation, reasonable and necessary services, and accurate payment
  • Health record documentation standards
  • Health record retention policies and procedures
  • Appropriate use of federal and state forms and documents
  • Adherence to federal fraud and abuse laws (i.e., the False Claims Act, the Anti-Kickback Statute, the Physician Self-Referral Law, the Exclusion Statute, and the Civil Monetary Penalties Law)
  • Compliance with federal and state safety codes, regulations, and standards (e.g., Occupational Safety and Health Administration [OSHA] standards, the Health Insurance Portability and Accountability Act [HIPAA], the Emergency Medical Treatment and Active Labor Act [EMTALA], Centers for Medicare and Medicaid Services [CMS] Conditions of Participation, Centers for Disease Control and Prevention [CDC] guidelines, Food and Drug Administration [FDA] standards, etc.)
  • Organizational roles and responsibilities, including following licensing and scope of practice regulations, prescription authority rules, and professional standards
  • Patient care standards and compliance with specialty protocols/guidelines
  • Patient satisfaction and resulting corrective action plans
  • Processes or functions that have been problematic in the past
  • Training and education (e.g., fulfillment of required continuing education, training for new technologies or equipment, HIPAA training, etc.)

For further details about developing a corporate compliance program and policy, visit the HHS-OIG website and the CMS Medicare Learning Network Provider Compliance webpage. For tools and resources related to Medicaid fraud, waste, and abuse, see the CMS webpage on Medicaid Program Integrity Education.

1 United States Sentencing Commission. (2015, November). Sentencing of organizations. In United States Sentencing Commission guidelines manual (§8B2.1). Retrieved from www.ussc.gov/guidelines-manual/2010/2010-federal-sentencing-guidelines-manual

2 Patient Protection and Affordable Care Act, 42 U.S.C. § 18001 et seq. (2010).

MedPro Twitter


View more on Twitter