Making Corporate Compliance Practical and Manageable in 2021: Webinar Recap

Webinar Presented by Patty Harper, RHIA, CHTS-IM, CHTS-PW, CHC®
Write-up Created by Caroline Billings
Release Date- May 1, 2021
Review Date- April 20, 2022

This document is a recap of a webinar presented by Patty Harper for CORH on April 13, 2021, and includes information on regulatory compliance, creating effective policies, compiling evidence documents, the required elements of regulatory compliance plans, and properly maintaining them. Many elements of this whitepaper also include action steps on creating and implementing these procedures.

Regulatory Compliance

Regulatory compliance is “the adherence to guidelines and requirements established by federal, state, and local laws (Definition: Scranton University).” For Medicare and Medicaid providers, and RHCs, there is both general compliance and facility-specific compliance.

  • How to Start: Creating or revamping a compliance plan can be overwhelming. The need for Facility-Specific Certification may be independent of what is needed for the parent organization/to meet other regulatory requirements. The need for Facility-specific Certification also might not wholly encompass everything needed for regulatory compliance.
  • Compliance Areas:
    • HHS Regulatory Compliance- CMS Conditions of Participation, CMS Facility- specific Conditions for Certification, CMS Guidance (IOMs and Appendices), Office of Civil Rights/HIPAA, and OIG Enforcement
    • Other Federal Laws- Labor Laws and OSHA
    • State-Specific Laws
    • Local Laws (County and City)

The regulations listed above can be used as a compliance blueprint. In addition, Federal, State, and Local regulations should be the blueprint for any facility’s compliance. Healthcare is a reactive industry by nature. Taking time to be strategic and proactive is difficult but necessary.

Creating Policies and Evidence for Facility-Specific Certification- Action Steps

Facility-specific Certification of Conditions, including CAHs and RHCs, require written policies to meet the Conditions of Participation. In addition, a formal Compliance Plan is needed to ensure the prevention of fraud, waste, and abuse. However, Accreditation Organizations may have other requirements.

  • Tips for Policy Development
    • More is not more—do not make policy writing more complicated than it needs to be
    • Broad language—use broad language that establishes compliance without locking your facility into rigid processes and procedures that could change.
    • Order—organize policies topically or in the order of the survey tags/standards with a standard format, show effective dates/versions
  • Policies should be used to ensure practical compliance, not manage people. These policies should also be numbered.
  • Policies: broad statements of compliance that are static unless there is a regulatory change (Definition: Merriam-Webster)
  • Processes: usually created internally or in conjunction with other guidance, provide clarity, and can be addendums/supplemental documents (Definition: Merriam-Webster)
  • Procedures: specific steps in performing tasks, can be dynamic and promote efficiencies in workflow, ensure quality performance, are used for training/internal guidance, and promote standardization of tasks (Definition: Merriam-Webster)

Compiling Evidence Documents

Identify which “Evidence” Documents demonstrate compliance and organize them for easy retrieval. Proof of compliance can be difficult if supporting “evidence” documents are not easy to retrieve. Correlate supporting evidence to respective policy numbers or survey tags/standards for an easy way to organize the documents. Refer to the SOM Appendices or the AO guidance to settle what might be needed.

  • Examples of Evidence Documents: Licenses, Certificates, Inspection Reports, Correspondence to/from CMS/Medicare Contractor, Correspondence to/from state agencies, Other Agency Correspondence, Quality/QAPI/Risk Documents and Forms, Samples of Notices and Disclosures, and Proof of Education and Training.

Identify supporting evidence documents and keep them up to date.

Date Subject Evidence
10/10/2019 200-C Review PHI Release Forms 200-C Authorization to Release PHI
    • Examples of Tickler Dates: License renewals, inspections, employee training (periodic/annual), policy review dates, program evaluation dates, performance evaluations, updated employee forms, emergency preparedness testing/training, and employee health
  • Spreadsheets, calendars, or tickler organizers can all work. Create a format that works for you and your facility.
  • Set reminders far enough in advance to allow for processing, approval, and scheduling.
  • Build in time for accountability so that more than one person is aware of a deadline.

7 Required Elements of a Corporate Compliance Plan- Action Steps

  1. Developing and Implementing Compliance Standards
Written Standard of Conduct Document Other Written Guidance
–        Fraud, waste, abuse

–        Ethics

–        Patient Care

–        Quality

–        Policies

–        Processes

–        Procedures

–        Job Aids

–        Performance Evaluations

  1. Designating a Compliance Professional
    • Can be system-wide or facility-wide, must have independence and authority, can report to Board or Ownership, and must be responsible for maintaining and coordinating compliance plan
  1. Open Communication
    • Open door policy, hotlines, blind email communication, complaint boxes, non-retaliatory policy, and culture of compliance
  1. Training & Education
    • Fraud, Waste, and Abuse, Quality of Care, Policies/Processes/Procedures, and roles and responsibilities
    • Create buy-in by engaging all staff, substance over form (be creative and interactive), have a training schedule (on hire, whenever there is a change, and periodically after that), make training specific to role or department, obtain feedback from staff, and document their training.
  1. Respond Promptly to Concerns and Incidents of Non-Compliance
    • Take all concerns seriously, have a process for investigation, and know how to handle non-compliance internally versus externally
  1. Conducting Monitoring and Auditing
    • Monitoring is Internal, and Auditing is External
    • Coding and Billing Reviews (internal/external) for accuracy, NCCI edits, and medical necessity
    • Revenue Cycle Functions/Checks and Balances
    • Clinical Documentation
    • Professional Services Contracts and Employment Agreements
    • Medical Staff Functions
    • Standard of Care
  1. Enforce Disciplinary Actions
    • Established policies, Consistency, Retraining, Consequences, and Self-Reporting

Keeping Compliance Relevant

Where We Go Wrong with Compliance:

  • We fail to create a culture of compliance
  • We reduce compliance to an HR checklist, or we have form over substance
  • We make policies too complex and difficult to follow
  • We distance the compliance function from daily operations
  • We do not stay current with regulations, policy maintenance, or education
  • We assume that everyone knows what to do

Compliance is Both Static and Dynamic

  • Redesign your blueprint as needed, keep training methods fresh, re-tool monitoring when you have operational changes, and balance responsibility and authority.
  • Do not assume that the written policies or compliance plan you inherited are up-to-date or complete. Even corporate-level policies can fail to meet compliance, especially when rural health providers are scarce within the system
  • Do not wait for a survey deficiency or a payer audit to reveal a gap in compliance
  • Revise and Simplify—making sure that the policies and training are following the regulatory blueprint

Monitoring Changes in Regulations- Action Steps

  1. Sign up for newsletters, announcements, newsfeeds, and emailing lists
  2. Set up email folders for these activities
  3. Allocate time weekly to review updates and clean up the folder
  4. Attend state, regional, and national meetings
  5. Develop relationships with other stakeholders outside your organization
  6. Join professional associations


  • The Electronic Code of Federal Regulations (e-CFR) is an updated version of the Code of Federal Regulations. It is not an official legal edition of the CFR. However, it is an editorial collection of CFR material and Federal Register amendments produced by the National Archives and Records Administration’s Office of the Federal Register (OFR) and the Government Publishing Office. This site is updated daily.
  • Office of Inspector General (OIG) Exclusions– use the Compliance tab for information regarding Accountability Care Organizations, Advisory Opinions, Compliance Guidance, etc.