Strengthening Your CMS and OIG/HHS Compliance Programs

Share Post :

Complying with the various federal and state laws and regulations governing healthcare practices in the U.S. can seem daunting and overwhelming – and in some cases, it is. However, establishing effective compliance programs at your practice or organization is beneficial. They aim to protect patients, prevent criminal conduct, and enforce government regulations without impeding quality service to patients.

Once you establish an effective program and set up well-maintained systems to keep it running, compliance becomes less of an administrative burden. Instead, it provides a welcome comfort that your practice operates legally, efficiently, and with a minimal risk level.

What is Healthcare Regulation Compliance

Healthcare regulatory compliance is concerned with healthcare organizations’ adherence to laws, guidelines, regulations, and specifications relevant to their business processes. Violations of any regulatory compliance regulations result in legal punishment such as federal fines.

A healthcare compliance program is an ongoing process of meeting or surpassing the legal, professional, and ethical standards applicable to a healthcare provider or organization. Healthcare regulatory compliance covers several areas, including patient care, billing, reimbursement, OSHA, managed care contracting, HIPAA privacy and security, The Joint Commission (TJC), CMS programs, and OIG/HHS compliance programs.

Healthcare compliance helps healthcare providers and organizations avoid trouble with government authorities. An effective compliance program identifies problems and finds solutions before a government agency does.

Effective compliance programs mitigate the imposition of financial penalties or sanctions on an organization. Additionally, these programs help healthcare providers and organizations avoid malpractice liability by following best clinical practices.

OIG/HHS Compliance Programs

The Office of Inspector General (OIG) – Department of Healthcare and Human Services (HHS) focuses on protecting federal healthcare programs from abuse, fraud, and waste. The OIG has published comprehensive guidance for U.S. healthcare organizations on the essence and effectiveness of compliance programs.

According to the OIG, effective healthcare compliance programs must address the following seven areas:

  1. Develop, distribute, and implement written standards of conduct, procedures, and policies that describe and advance the healthcare organization’s commitment to meeting the legal and ethical standards that apply to it

  2. Designate a chief compliance officer and other appropriate committees and employees responsible for monitoring and operating the compliance program. They should report directly to the governing body

  3. Develop and deliver effective employee training and education programs

  4. Develop and maintain effective communication lines that allow individuals to report compliance complaints and concerns without retaliation

  5. Develop and implement a process to respond to concerns and complaints with the capability of imposing appropriate corrective action that includes disciplining employees

  6. Using internal monitoring and audit processes to measure compliance and address deficiencies

  7. Respond appropriately to identified offenses and implement corrective action quickly

The OIG further believes that any effective healthcare organization or provider compliance program should address the following risk areas:

  • Billing for services and items not rendered

  • Up-coding

  • Duplicate billing

  • Providing medically unnecessary services

  • False costs reports

  • Hospital teaching requirements

Healthcare providers and organizations deal with confidential health information, requiring compliance with HIPAA (Health Insurance Portability and Accountability Act). The HHS Office of Civil Rights enforces and implements HIPAA privacy and security rules.

Federal and state healthcare regulations and laws continuously change, as does their interpretation. Therefore, healthcare compliance is an ongoing process that involves meeting and exceeding the legal, ethical, and professional standards and regulations applicable to a provider or organization.

Organizations must continually review and update their processes, policies, and procedures. They should also continually train and educate their employees and third-party vendors based on changes in the regulations.

CMS Compliance Program

CMS – OIG compliance is a healthcare organization’s written program to achieve ethical business practices and overall regulatory compliance for all of its business activities. Organizations need to implement and maintain effective compliance programs and establish a compliance culture. As a minimum, they need to develop:

  • Policies and procedures

  • A robust annual training program with new hire training

  • A designated compliance officer

  • Open lines of communication

  • Pre-designed methods to handle concerns, complaints, and potential problems

Healthcare organizations need to establish open communication lines with their workforce and ensure all employees understand the CMS compliance program. They should also have the opportunity to file complaints and grievances free of repercussions and the option of doing it anonymously.

Additionally, healthcare organizations need a risk mitigation plan. It is a schedule that allows them to remediate any issues raised in an audit – whether it’s a coding, security risk assessment, or comprehensive compliance audit. A risk mitigation plan is a corrective action strategy. Performing evaluations and audits can uncover potential risk areas, so healthcare organizations need to install reasonable measures to correct them.

Audits and assessments form only one part of the compliance picture. Remediating open issues, training employees, maintaining open communication lines, taking corrective action for non-compliance, and keeping up-to-date policies and procedures all contribute to a strong compliance culture.

The Future of Healthcare Compliance

In the coming years, organizations will continue investing in compliance programs because they are worth it. They will flow from healthcare organizations’ mission and values rather than from the minimum standards that laws and regulations set.

Healthcare organizations will develop extensive, independent internal tracking systems, audits, reports, and measurements to spot trends and risks and address them. These programs will also operate like business units rather than response teams. Additionally, future compliance programs will be more collaborative – inside and outside the organization.


Designing and implementing a healthcare compliance program with Riddle Compliance allows you to focus on other management aspects of your organization and provide quality care to patients. We offer compliance services across all aspects of your healthcare organization’s operation.

Our fully outsourced advisory solutions result in a rock-solid compliance program, more profits, and fewer management headaches. We provide healthcare compliance consulting to help growing businesses manage their regulatory environment, integrity and ethics needs, governance practices, and risk mitigation controls. Contact us today.

Recent Posts

We are dedicated to delivering top-notch compliance consulting services, ensuring your success and peace of mind. This principle is the cornerstone of our approach in every project we undertake. Contact us today for a free consultation and see how we can support your compliance needs.