Healthcare compliance refers to following relevant regulations, standards, and guidelines related to healthcare practices. Perhaps the most well-known example of healthcare compliance is healthcare organizations’ ongoing efforts to conform to the requirements set forth by HIPAA, although healthcare compliance can also refer to conforming to an organization’s internal or corporate rules or standards of conduct. Jump to resource links -->
Healthcare compliance has a broad scope and impacts every business function and department in a healthcare organization, as well as to the businesses that work with or provide services to healthcare organizations. Compliance requirements stem from many industry standards and regulations, including:
In addition to the laws and regulations noted above, healthcare organizations must comply with rules and regulations set forth by the Drug Enforcement Administration (DEA) and the Food and Drug Administration (FDA) regarding medication creation and distribution, as well as any requirements set forth by the Department of Health and Human Services and the Office of the Inspector General.
In addition to industry-specific regulations, healthcare organizations are also subject to broader regulations that apply to non-healthcare entities as well, such as the requirements set forth by:
Healthcare compliance laws can also differ from state to state, and specific compliance needs can vary between different types of healthcare organizations.
A healthcare compliance program aims to reduce risks and minimize liabilities, such as fines for non-compliance. The Affordable Care Act requires that any organization enrolled in federal healthcare programs like Medicare and Medicaid have a healthcare compliance program in place.
Large healthcare organizations typically have a chief compliance officer, or a compliance department dedicated to creating programs to ensure compliance. Healthcare compliance requires the buy-in and cooperation of every staff member to follow regulations and procedures, so many healthcare organizations appoint compliance teams with representatives from every business function to ensure the needs of all departments are adequately addressed.
Healthcare compliance programs should include written policies and procedures that are readily accessible to all employees. Initial onboarding typically involves healthcare compliance training to ensure that new hires are familiar with relevant industry regulations and the organization’s compliance policies and procedures. Ongoing training is also recommended to address regulatory changes and to provide a refresher to ensure that staff are following the appropriate standards of conduct.
Organizations should also implement methods to evaluate the success of their healthcare compliance program, including periodic internal or external audits to evaluate compliance with applicable industry regulations and standard procedures for reporting known or suspected compliance violations.
Healthcare organizations seeking certified healthcare compliance often opt to pursue certification through the Health Information Trust Alliance (HITRUST) Common Security Framework. The HITRUST CSF brings HIPAA compliance requirements together with other security and privacy frameworks such as NIST and ISO to provide a comprehensive but customizable approach to risk management and compliance. Organizations may need to take additional measures to ensure compliance with regulations not related to privacy and security.
To ensure professional oversight of their healthcare compliance program, organizations may hire chief compliance offers and other compliance professionals who are certified in healthcare compliance. There are several industry associations that offer programs for professionals who want to become certified in healthcare compliance, including specialty certified healthcare compliance programs for roles with a specific focus such as medical coding, research, and privacy.