A Guide to Healthcare Compliance Regulations

Over the past few years, healthcare regulations have introduced new rules and undergone frequent revisions. So whether you are a solo practitioner or a multinational healthcare organization, it is important to adapt and take note of these changes. 

In the United States, healthcare is one of the most regulated industries. Some are torn on whether this is unnecessary or a much-needed means to improve the quality of healthcare. For some, it is an imposition and it makes healthcare professionals’ job a lot harder; while others see these regulations as a means to track, maintain, and improve the overall quality of the healthcare system.

That being said, we have created this guide for you to decide whether all these regulations are necessary or not. Keep in mind that this guide is loosely based on the federal and other regulations commonly faced by healthcare professionals. Each state-imposed its healthcare regulations differently so some information may or may not apply to you and your state. 

Duty of Care

Healthcare professionals and corporate directors are obliged to exercise a proper amount of care in their decision-making process. This means that anyone who works in the medical field sector owed a legal duty to the patients. 

Their principal duty is to act in the best interest of the patients and comply with the minimum set of standards set by both the state and the fed. 

If you are a physician, member of the healthcare board, or even from a pharmaceutical company, you are required to abide by the Office of the Inspector General (OIG) compliance manual, which mainly consists of the duty of care in two different context

The decision making function

According to the OIG, it is an application of the duty of care principles to a specific decision or a particular board action. 

When you apply it in context, this simply means having a collaborative decision-making process with the patients. It ensures that you and your patients are making treatments and healthcare decisions together with these things into consideration

  • The system should be patient-centred and should empower the patient.
  • Instantaneous consumer responses gathered in an experiment are not necessarily the same decisions that would be made by that consumer as a patient. Most treatment decisions include family members and other trusted advisers.
  • Decision making is not equal across individuals. While some people learn the basics of good decision making through experience, others do not.
  • Treatment information should be decision-friendly—patients and their advisers should clearly understand the likely consequences of each alternative, and the preferences of the patient should be respected, even if they are judged unstable by their advisers.
  • In a patient-centred approach, drug benefit-risk decision making is usually within the frame of a broader treatment decision that likely includes non-drug options. Every alternative needs to be considered, including “do nothing.” 

The oversight function

According to the OIG, it is an application of the duty of care principles concerning the general activity of the board in overseeing the day-to-day business operations of the corporation.

This mainly applies to board committees and executives. This means that they are mainly responsible for everything that happens within the hospital, healthcare services, organization, companies, and so on. 

They usually oversee

  • Management 
  • Finances
  • Quality of healthcare being provided
  • The strategic direction of the hospital or organization
  • Relationship of the hospital or organization with the community
  • Ethical Standards and values
  • CEO selection process
  • Employees’ duties and progress

Board committees, executives, or directors should always strive to assure that 

  1. a corporate information and reporting system exists; and
  2. this reporting system is adequate to assure the board that appropriate information as to compliance with applicable laws. 

Department In-charge

Given that the healthcare compliance systems encompass a broad section of the industry, the government has segmented different departments in different roles. 

Apart from the OIG, these government departments play a specific role in making sure that healthcare compliance regulations are always followed and effectively implemented. 

The Office for Civil Rights (OCR)

This government agency is mainly responsible for enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. HIPAA is basically a set of rules that protects a patient’s medical records and other personal health information (PHI). 

The OCR investigates and enforces penalties for non-compliance with the HIPAA. Aside from that, they also conduct periodic audits of healthcare providers to ensure that they are in compliance with the HIPAA. 

Centres for Medicare & Medicaid Services (CMS)

Most of us are already familiar with this government agency because they administer the nation’s major healthcare programs. 

As we have mentioned before, healthcare is one of the most heavily regulated industries in the US. And since the federal and state-sponsored health programs play an important role in the industry, the CMS are the ones responsible for imposing sanctions against non-compliant healthcare providers. These non-compliance practices mostly involve fraudulent claims and billing malpractices. 

Office of the National Coordinator for Health IT

In line with the Federal and State’s efforts in making our healthcare system more efficient, the ONC for Health IT is currently in charge of moving the US healthcare system from paper to electronic health records (EHR). 

They aid healthcare providers and make sure that the sharing between patients’ PHI is secure, safe, and convenient. Rather than rely on paper for medical records, the ONC for Health IT is now trying to streamline the healthcare process and make it more convenient and accessible for everyone.

It is worth pointing out that since they are the ones handling electronic PHI, they also work and coordinate with the OCR in making sure that all healthcare providers who use the EHR are in compliance with HIPAA. 

Food and Drug Administration

As we have mentioned before, healthcare regulations also apply to multinational organizations such as medical equipment and pharmaceutical companies. 

With that, the FDA regulates the safety of this equipment and drugs being used and distributed in different healthcare facilities. Their role includes examining, testing, and approving medical equipment and drugs.

On top of that, they also monitor and track non-compliant medical equipment and drugs being rolled out and used for public consumption. 

Accreditation Agencies

The CMS has approved several independent hospital accreditation agencies as part of their requirement. Most states require accreditation from these agencies in order to be approved by the CMS for licensing and Medicaid reimbursement. 

These agencies include the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), the National Committee for Quality Assurance (NCQA), the American Medical Accreditation Program (AMAP), the American Accreditation HealthCare Commission/Utilization Review Accreditation Commission (AAHC/URAC), and the Accreditation Association for Ambulatory Healthcare (AAAHC).

Hospitals or healthcare providers without accreditation from these agencies would have a hard time participating in Medicare. 

Top Healthcare Compliance Issues 

Aside from the ones we briefly glossed over in this article, the Association of Corporate Counsel has also listed a few compliance issues that are most common nowadays.


Since we have mentioned before that several healthcare providers are now transitioning towards EHR, the Department of Health and Human Services has identified a series of ransomware attacks on PHI. All healthcare providers, especially board committees, should remain alert to this security threat.

Unethical Medical Billing Practices

Due to the lack of understanding and compliance planning, several healthcare providers are now making more mistakes in the way they code, bill, and document their products or services. 

Value-Based Compensation Arrangements

Given that value-based compensation can be tricky, healthcare providers, especially physicians, should prepare value-based reimbursement inventories as a reference as well as be able to understand what the outcome to incentivize really is. 

Telemedicine Compliance

With the new and increasing popularity of telemedicine, these clinical service providers are now having a hard time securing licenses and complying with the clinical practice requirements set by the state and the fed. 

Fraud and Abuse

Noncompliance to healthcare regulations often stems from fraud and abuse.

According to the Department of Justice, they have charged more than 1,000 individuals with more than 10 billion dollars in healthcare fraud since 2017 alone. All of these were made possible because health providers are not complying with the minimum standards set by the state and the fed. 

Fraud and abuse have long plagued the system and made patient’s and honest health providers life a lot difficult. That being said, we have listed the most you should abide by. Whether you are an individual or a multinational organization, these laws directly affect you as long as you work in the healthcare industry. 

Anti-Kickback Statute

The Anti-Kickback Statute or AKS is a healthcare regulation that prohibits anyone from the medical industry from receiving payment of “remuneration” or anything of value in exchange for referrals. 

Stark Law

Stark Law is slightly similar to AKS, however, Stark Law only pertains to referrals from physicians and the scope is only limited to Medicare and Medicaid. 

False Claims Act

A federal act that criminalizes anyone from the healthcare community who makes false records and files false claims to any healthcare federal or state-funded programs. 

Importance of Healthcare Regulations

The health compliance regulations are created mainly to serve the patients and make professional healthcare jobs a lot easier. This way, the healthcare system would not be plagued with abuse and the system would run smoothly without any interruption. 

When everyone complies with these healthcare regulations, the healthcare system would be more efficient and they would not be burdened by other unnecessary tasks not related to healthcare such as imposing penalties, undergoing investigations, doing due diligence, attending lengthy litigations, and so on. 

It is also worth mentioning that aside from the healthcare regulations imposed by the fed and the state, healthcare providers and institutions also have their own guidelines and regulations to follow. 

This only proves that even though some regulations might seem like a hassle, the government and several healthcare providers both agree that having compliance regulations would ultimately make the system more efficient and convenient for everyone. 

Even though some regulations might seem completely unnecessary, the whole point of having it would essentially benefit everyone in the long-run. 

Measures to Prevent Violations 

  • Conduct training on compliance standards and procedures. In addition, you should be able to identify risk areas where noncompliance tends to happen often, and then provide specific training tailored to address these problems. 
  • Keep apprised of the significant regulatory and industry developments affecting the healthcare providers or organization’s risk.
  • Initiate further internal review process.
  • Responding immediately and appropriately to deficiencies or suspected noncompliance

If you find yourself in trouble, it’s important to contact an experienced healthcare fraud lawyer.


We hope you managed to gain some valuable insight into the Healthcare Compliance Regulations. 

Let’s recap our healthcare compliance regulations guide:

  • Duty of Care
    • The decision making function
    • The oversight function
  • Department In-charge
    • The Office for Civil Rights (OCR)
    • Centres for Medicare & Medicaid Services (CMS)
    • Office of the National Coordinator for Health IT
    • Food and Drug Administration
    • Accreditation Agencies
  • Top Healthcare Compliance Issues 
    • Ransomware
    • Unethical Medical Billing Practices
    • Value-Based Compensation Arrangements
    • Telemedicine Compliance
  • Fraud and Abuse
    • Anti-Kickback Statute
    • Stark Law
    • False Claims Act
  • Importance of Healthcare Regulations
  • Measures to Prevent Violations 

If you require legal services pertaining to healthcare compliance regulations don’t hesitate to contact us today.