Healthcare Compliance Training: an essential guide

A group of workers receiving healthcare compliance training.

Staying informed and compliant with regulatory standards is not just a best practice—it’s a necessity for healthcare providers. This is certainly true when it comes to the details of healthcare compliance training, a critical component for maintaining the integrity and efficiency of your healthcare services.

In this Article …


For over 30 years, healthcare provider organizations have been advised to develop and implement corporate compliance programs. We say advised because, with a couple of exceptions, the advice has come in the form of guidance from the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS). The OIG has issued compliance program guidance for healthcare providers ranging from hospitals to physicians to laboratories to home health and hospice providers. Since it is guidance, not law or regulations, these providers are not required to implement compliance programs, but are strongly encouraged to do so. Every one of the OIG Guidance documents contains the advice to include compliance training as part of the compliance program.

The two exceptions noted are organizations such as skilled nursing facilities (SNFs) and Accountable Care Organizations (ACOs). These healthcare organizations are required by law and regulations to develop and implement compliance programs that include compliance training.

The OIG has recently issued a new document summarizing all of the compliance guidance it has issued over the past three decades. It contains useful summaries of all elements healthcare organizations should address in their compliance programs, including compliance training. Let’s take a deep dive into the recommendations for compliance training. These recommendations are suitable for SNFs and ACOs as well.


What is the scope of Healthcare Compliance Training?

Healthcare compliance training for employees should be related to the scope and type of services provided by the healthcare organization. It should also take into account the risks the healthcare organization is exposed to as a result of its operation. Some topics would be part of compliance training in all healthcare organizations.

These topics should be supplemented by training related to the risks of the organization for noncompliance in specific areas.

  • One of the risk areas applicable to most healthcare providers is the risk of submitting false or inaccurate claims to government healthcare programs such as Medicare or Medicaid. These programs have lengthy and complicated rules for submitting claims and the medical record documentation required to support claims. It is beyond the scope of most general compliance education programs to educate employees on the full scope of these requirements. However, every healthcare organization can help employees understand that it is the organization’s policy to comply with all federal and state laws, rules, and regulations. Education on the Federal False Claims Act is also applicable to this risk area.
  • A second risk area applicable to healthcare organizations that are Designated Health Services (DHS) is relationships with physicians who refer patients for services that are billed to federal healthcare programs. There are 10 DHS identified in the Stark Law, ranging from hospitals and laboratories to imaging centers and home health care organizations. The Stark Law and regulations prohibit a financial relationship between a DHS and a referring physician unless the arrangement meets specific “safe harbor” regulations. There are several requirements for safe harbor arrangements that are usually the responsibilities of attorneys and administrators. However, all employees should understand the policies and limitations of practices like non-monetary compensation to physicians and their family members.
  • There may be other risk areas related to unique programs operated by the organization such as clinical research, that also need to be included in the healthcare compliance education of the organization.


Who should receive Compliance Training?

The short answer is everyone in or associated with the healthcare organization! This includes Board members, executives and officers, employees, contractors, and medical staff (as applicable).

Compliance training should be tailored to individuals based on their roles and responsibilities when necessary. For instance, Board members have ultimate responsibility for the entity, with responsibilities and expectations often spelled out in state laws and regulations. Board member training should address the risks faced by the organization and Board members themselves. It should also include their responsibility for effective oversight of the compliance program.

Executives and managers also need more in-depth education on risk area related to physician relationships and their role in creating a culture of compliance.

Compliance training should be part of the initial orientation of all Board members, employees, contractors, and medical staff members. Training should be repeated annually. One of the challenges for employers is how to make training interesting the second or third or tenth time around. Employers may want to consider using a variety of courses, especially if they are using outside resources for compliance training. Most companies offering online training have courses suitable for initial training and periodic refresher training to minimize the repetitive nature of training in this area.

Of course, other methods of employee education are available. These include discussion at morning huddles or department meetings, columns in newsletters, and even Compliance Week contests.


What about HIPAA Compliance training?

Another compliance-related issue is HIPAA and the training required by HIPAA regulations. The HIPAA regulations require initial and periodic training, just like the OIG guidance on compliance training. In particular, the HIPAA Security Rule requires periodic security awareness reminders for all staff members. It can be useful to include these security awareness reminders in a formal program of compliance and privacy/information security articles or communications to employees.

Health Care Compliance is a never-ending endeavor. A successful organization finds ways to make its compliance program an asset to the organization. This can pay off when employees come forward with issues before they become major problems. And that starts with a commitment to compliance training and education.

When you need proven expertise and performance

Jim Hook, MPH

Mr. James D. Hook has over 30 years of healthcare executive management and consulting experience in medical groups, hospitals, IPA’s, MSO’s, and other healthcare organizations.