What Does a Healthcare Compliance Officer Do?

If you’re hearing more about compliance in the healthcare industry today, it’s primarily because government oversight of and regulatory action in healthcare is on the rise. At the healthcare provider and facility level, compliance requires a proactive, comprehensive, and well-organized program to safeguard patient safety and improve care quality—all while ensuring that healthcare business operations are conducted within the parameters of regulations. As if more incentive was needed, payment models now link reimbursement revenue to quality and compliance.  

These responsibilities require the specialized expertise and experience of a healthcare compliance officer. We explore who and what is involved in maintenance of compliance in today’s healthcare organizations.

What is GRC?

Compliance is one tenet of healthcare governance, risk management, and compliance (GRC). GRC spans your entire organization, and helps ensure safety, measure quality and performance, optimize your workforce, credential and enroll qualified providers, track facility access and security, and much more.

See symplr's GRC solutions.

Federal healthcare compliance

At the federal level, compliance efforts focus mainly on fiduciary oversight. The U.S. Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) is particularly attuned to healthcare compliance in protecting federal programs from fraud, waste, and abuse. 

As a result, the OIG has published guidance for healthcare organizations on how to structure their compliance programs. To comply with the OIG, healthcare organizations must address the following seven essentials when reviewing their healthcare compliance programs for effectiveness:

  1. Implement compliance policies, procedures, and standards of conduct
  2. Designate a compliance officer and a compliance committee
  3. Maintain effective compliance training and education for employees
  4. Maintain effective lines of communication that allow employees to report compliance concerns without retaliation
  5. Support internal monitoring and auditing of the compliance program to measure effectiveness and address deficiencies
  6. Enforce disciplinary guidelines to ensure employees continuously and consistently follow standards 
  7. Detect offenses in a timely manner, respond appropriately to them, and implement any necessary corrective action

Accreditation compliance

On top of ensuring adherence to federal regulations, healthcare compliance officers in hospitals, health systems, and payer organizations must also comply with their chosen accreditation body’s standards. These non-governmental, third-party accreditors receive deeming status from The Centers for Medicare & Medicaid Services (CMS) to promote high-quality healthcare through accountability and public disclosure using various quality initiatives. The most prominent accreditors are: 

  • The Joint Commission (TJC) accredits and certifies organizations, mostly hospitals and healthcare systems, that meet certain compliance standards in healthcare for patient care quality and safety. 
  • Det Norske Veritas (DNV), a competitor to TJC that received deeming status in 2008 for healthcare accreditation. Notably, DNV has long accredited organizations in other industries and is known for its ISO certification and standards for quality measurement.
  • The National Association for Healthcare Quality (NAHQ) fulfills a role similar to TJC’s, but primarily for payers (health plans), billers, and credentialing verification organizations
  • The Agency for Healthcare Research and Quality (AHRQ) provides a host of resources to help healthcare organizations provide safe, high-quality care.

Who’s responsible for healthcare compliance?

In hospitals and health systems

The governing body of a hospital or health system is ultimately responsible for the conduct of the organization and for its overall compliance. The governing body does this through authorizing funds and ensuring that the organization’s administrators develop and implement the compliance program. While the healthcare organization’s administrators may assign this responsibility to a compliance officer or team of compliance professionals, every employee of the organization has a responsibility for compliance in their day-to-day role. 

An integral part of a compliance program incorporates a mechanism for employees to be able to report any compliance issue they encounter in their jobs. That reporting mechanism should include employees’ ability to report compliance issues anonymously.

The OIG specifically recommends the designation of a compliance officer and provides guidance that the individual should be a high-level official in the hospital with direct access to the governing body and the CEO. In many larger healthcare organizations, multiple individuals work in the compliance department under the direction of the chief compliance officer (CCO).

In addition, the OIG also recommends that healthcare organizations have a compliance committee for advice and assistance in the implementation of the compliance program.

In payer organizations and billing companies

Hospitals and health systems are not the only entities that must comply with federal regulations. Because compliance oversight includes the healthcare payments process, payer organizations (i.e., healthcare insurers) and third-party medical billing companies are included. While the types of compliance risks among provider, payer, and billing companies may differ, the goals are the same: reduce fraud, waste, and abuse. 

Specifically, for the purposes of federal compliance program guidance, the term “provider” refers to any individual, company, corporation, or organization that submits claims for reimbursement to a federal healthcare program. This encompasses any plan or program that provides health benefits—whether directly, through insurance, or otherwise—that are funded directly, in whole, or in part by the U.S. federal government.

In addition, like provider organizations, payers and billers collect and maintain confidential health information. As a result, they also must include compliance with the Health Insurance Portability and Accountability Act (HIPAA) as part of their compliance program.

Job description for a healthcare compliance officer

Because of the anticipated ongoing compliance scrutiny in healthcare, the Bureau of Labor and Statistics projects the overall need for healthcare compliance officers to grow by 8% through 2026. The Compliance Officer’s responsibilities in provider and payer organizations largely align with the OIG’s seven elements of an effective compliance program and include the following:

  • Oversee and monitor the organization’s compliance program
  • Report on a regular basis to the organization’s CEO and to the compliance committee on the activities of the compliance program
  • Revise the compliance program periodically in response to changes in regulations and in accordance with the needs of the organization
  • Develop and coordinate an educational and training program for employees on the elements of the compliance program and ensure employees are knowledgeable of relevant federal and state regulations
  • Ensure that independent contractors who provide services in the organization are aware of the compliance program
  • Work with human resources to ensure all employees and contractors have been screened and checked against sanction and exclusion lists
  • Assist in internal compliance review and monitoring activities
  • Investigate and act on compliance matters including coordinating corrective actions
  • Develop policies and programs that encourage employees to report suspected compliance issues

The compliance committee also holds responsibilities in the organization, including the analysis of the organization’s risk, assessment of policies and procedures addressing the risk areas, and recommendations for and monitoring of internal systems and controls to accomplish the organization’s compliance objectives. Today’s compliance software programs provide many of the tools compliance committees require to fulfill their obligations in supporting the healthcare compliance officer.

A compliance officer’s background, and certifications

A healthcare compliance officer usually holds a bachelor's degree in a healthcare or related field such as nursing or healthcare administration. Increasingly, they may also have a master’s degree in health administration, business, or law. A CCO would typically have 5-10 years of experience in compliance or a leadership role in healthcare operations or management.

Healthcare compliance officers may also have certifications such as Fellow in the American College of Healthcare Executives (FACHE) or Certified in Healthcare Compliance (CHC). They are members or active in associations such as the Healthcare Compliance Association or the Society of Corporate Compliance and Ethics.

While healthcare compliance officers must be familiar with the many laws and regulations that govern their healthcare organization, they also must understand the financial aspects of the healthcare business. This includes coding and billing of medical claims and the reimbursement audit process. 

The healthcare compliance officer should be a highly ethical person who prioritizes the protection of their organization and is able to act in an unbiased and fair manner. They must act and investigate compliance concerns confidentially. They need to be proactive, organized, and trustworthy—while realizing that they could be put in a position to make difficult, unpopular decisions.  

Challenges for healthcare compliance officers

Healthcare compliance officers are involved in a variety of complex regulatory issues and face multiple, growing challenges in their position. Keeping abreast of the constant changes in healthcare requirements is a huge undertaking and is perhaps the biggest challenge. Other challenges a healthcare compliance officer faces include:

  • Creating and cultivating a culture of compliance within the organization
  • Ensuring all employees receive training on compliance and regulatory issues affecting their jobs
  • Ensuring all policies and procedures are compliant with current regulations and upholding the organization’s core values
  • Educating department directors, administrators, the CEO, and the governing board of the importance of compliance, and speaking up to leaders when compliance is jeopardized
  • Investigating compliance concerns with confidentiality and safeguarding employees who discover them
  • Advocating for adequate budget and funding for necessary compliance activities

Rewards of being a healthcare compliance officer

Adherence to federal and state laws and regulations will always be mission critical in hospitals, health systems, and payer organizations. Further, the trend of government oversight of healthcare will only continue as payment models link reimbursement revenue to quality and compliance. 

As gatekeepers of quality and patient safety—and guardians against fraud, waste, and abuse—healthcare compliance officers have a challenging but rewarding and prestigious role to play in their healthcare organizations and the healthcare community at large.  

symplr Compliance provides the software, tools, and unique expert content you need to assess your regulatory compliance stance and discover the changes in healthcare laws that affect your organization. You will see your regulatory stance and have a volume of regulations available at your fingertips. Our software provides clear visibility into the legal landscape, with real-time dashboards and powerful, built-in IBM Cognos reporting. With Issue & Action Management, you can manage any activity, event, issue, or investigation related to your organization’s compliance, audit, and risk activities from one central solution. And our Risk Assessment Management module can help you ensure your regulatory compliance to support your complete culture of compliance.



Request a Demo