What is Healthcare Compliance?


Healthcare compliance is an essential activity for organizations in, or providing a service to, the healthcare industry. It involves adherence to laws, regulations, standards, and practices that govern healthcare providers, payers, pharmaceutical companies, and other entities involved in the delivery of health care.

Components of Healthcare Compliance

Federal and State Laws

Healthcare compliance requires adherence to all applicable federal and state laws. Federal laws include the Social Security Act, the Public Health Act, the Health Insurance Portability and Accountability Act (HIPAA), and the 21st Century Cures Act.

State laws can apply to organizations doing business in a particular state or apply to citizens of the state wherever they are located. An example of the former is Illinois’ Biometric Information Privacy Act, while an example of the latter is Texas’ Medical Records Privacy Act.

Regulations and Standards

Healthcare regulations and standards are “Rules” developed by federal agencies in response to the passage of an Act. The best known example of this scenario is the publication of the Privacy and Security Rules following the passage of HIPAA.

Other regulations and standards published following the passage of an Act (or an amendment to an existing Act) include the Medicare Conditions of Participation, OSHA’s standards for healthcare, and the prohibition of engaging an individual or entity on HHS OIG’s Exclusions List.

Organization-Specific Policies

Organizations in, or providing a service to, the healthcare industry are most often responsible for the compliance of members of the workforce. Consequently, organizations usually develop policies and procedures that must be followed by members of the workforce.

The policies and procedures are typically designed to meet or exceed legal compliance requirements, and each organization is permitted to enforce its own policies and procedures with a sanctions policy that penalizes members of the workforce for compliance violations.

The Importance of Healthcare Compliance

Privacy Protection and Patient Safety

Laws such as HIPAA stipulate the measures that must be implemented to protect the privacy of individually identifiable health information to avoid the information being disclosed without authorization and use to commit identity theft and healthcare fraud.

The protection of health information can have a positive impact on patient safety. When patients are confident their information will remain confidential, they disclose more information to healthcare professionals, which can result in better diagnoses, treatments, and patient outcomes.

Legal Consequences

The legal consequences of healthcare compliance are that compliance often results in fewer violations that can result in enforcement action, civil monetary penalties, and exclusion from state and federally funded health care programs like Medicare.

Additionally, when a violation occurs, organizations that can demonstrate a good faith effort to comply with laws, regulations, and standards, often avoid a penalty, have the amount of a penalty reduced, or the length of an audit or corrective action plan shortened.

Financial Consequences

In addition to the avoidance or mitigation of civil monetary penalties, compliance helps prevent healthcare fraud and fraudulent practices – such as overbilling – thereby protecting the organization, patients, and the healthcare system.

Finally, when a safe and compliant environment results in better working conditions and better patient outcomes, workforce morale improves. This can lead to increased staff retention and fewer recruitment costs trying to attract replacement staff.

Challenges of Healthcare Compliance

The challenges of healthcare compliance can be attributed to many factors. First of all, the healthcare compliance landscape is complicated and continually evolving. With frequent amendments to existing laws, regulations, and standards, staying up to date can be demanding.

Secondly, organizations may not have the skillsets required to comply with the evolving healthcare landscape. A good example of this is the latest Interoperability regulation that requires healthcare providers to develop patient-friendly technologies to access data.

Finally, there is resistance to change. Both patients and workforce members may be resistant to change, and it may need a significant swing in culture to overcome this challenge as compliance by enforcement in these circumstances is not always successful.


There is no doubt that healthcare compliance can be complex. The challenges to compliance are understanding what healthcare compliance consists of, having the skills and the resources to comply with an evolving landscape, and providing adequate workforce training.

Organizations that find it difficult to overcome the challenges of healthcare compliance have the option of outsourcing some or all of the challenges to healthcare compliance experts. While this may incur a cost, the cost of non-compliance can be far greater.