Skip Navigation Links
Products and Services
Partner Community

Healthcare Requirements Addressed

Compliance 360 – Healthcare Requirements Addressed

The Compliance 360 on-demand solution for healthcare reduces the overhead and risks of regulatory compliance initiatives, enabling increased focus on the core business of providing quality health care. With over 250,000 active users, Compliance 360 is the most widely used compliance, risk and governance solution in the healthcare industry today. Key healthcare industry requirements addressed by Compliance 360 include:

Joint Commission Accreditation

Preparing for a Joint Commission survey can be challenging process for any healthcare provider. At a minimum a hospital must be completely familiar with the current standards, examine current processes, policies and procedures relative to the standards and prepare to improve any areas that are not currently in compliance. The Hospital must be in compliance with the standards for at least four months prior to the initial survey. The hospital should also be in compliance with applicable standards during the entire period of accreditation which means that surveyors will look for a full three years of implementation for several standards-related issues.

How can Compliance 360 help?

Compliance 360 can help you organize all policies and procedures in a manner that streamlines the preparation for a survey and expedites the survey. The solution will also help you track all details related to incidents to demonstrate adequate processes as evidence of compliance with the relevant standards and guidelines. As an example, contracts can be associated with the standards typically found in the "Environment of Care" section of the Joint Commission standards. An especially useful feature is the ability to manage the standards with associated a common taxonomy such as federal and state regulations. All of this detail can be linked together and managed through Compliance 360's exclusive Virtual Evidence Room®.

HIPAA / HITECH Compliance

The Administrative Simplification provisions under Title II of the Health Insurance Portability & Accountability Act (HIPAA) were enacted to improve the efficiency of healthcare delivery by establishing guidelines for standardizing electronic patient data interchange and securing patient confidentiality. These provisions have had broad implications for healthcare providers because the administrative oversight needed to stay in compliance impact an organization’s time, finances and reputation. The Economic Stimulus Act of 2009 significantly expanded the scope of HIPAA requirements. The HITECH provisions of the act expanded HIPAA regulations to include mandatory data breach notifications, heightened enforcement, increased penalties and expanded patient rights.

Starting in 2012, the HHS Office for Civil Rights (OCR) is piloting a program to perform as many as 150 audits of covered entities to assess privacy and security compliance as mandated under the HITECH Act. The audits will be focused on assessing whether each covered entity: (1) has comprehensive policies and procedures that address critical requirements of the HIPAA Privacy and Security Rules; and (2) has implemented these policies and procedures through routine operations in a manner consistent with the Rules.

When you consider the myriad of tasks, projects and assessments that an organization must undertake to ensure an effective HIPAA compliance program, you are likely navigating through multiple, independent IT solutions and manual processes including: policy development, incident reporting, employee surveys, policy acknowledgements and risk assessments. Even if fully automated, staff must still expend enormous effort to tie all aspects together to document evidence of your overall HIPAA compliance efforts.

How can Compliance 360 help?

Compliance 360 offers a proven, web-based framework allowing you to collaboratively manage your HIPAA/HITECH Act compliance initiatives including HIPAA Audits and HITECH Privacy Breach Management using a single, integrated solution. You can identify the various provisions, show the policies developed to address the provisions, document any risk assessments performed, as well as tie employee training, relevant documents, incident reporting and other remediation efforts back to the individual HIPAA/HITECH Act compliance requirements within an easily accessible, Virtual Evidence Room. With Contract Management, you can efficiently achieve the oversight of business associate agreements. Through email integration, the vast majority of users are not even required to log into Compliance 360 to collaborate on policy initiatives, investigate and remediate incidents or participate in compliance.

Healthcare Finance

Within the context of a dynamic regulatory environment, today’s healthcare CFO’s must manage increasing financial risk to ensure the financial health of their organizations. Regulations such as Sarbanes-Oxley create many new challenges and risk management assessments are now being included in many of the credit and bond ratings conducted by Standard and Poors and the other ratings agencies. Finance executives must be able to efficiently manage compliance and risk reduction efforts working collaboratively with the corresponding line-of- business executives in their healthcare organizations.

How can Compliance 360 help?

Compliance 360 allows healthcare organizations to manage all facets of compliance and audit management within the framework of their overall corporate governance and risk management initiatives. The collaborative tools from Compliance 360 enable healthcare organizations to proactively demonstrate their corporate governance and strategic risk management initiatives by automating processes associated with assessing and monitoring risk, managing the risk response strategy, linking risk management data to compliance activities and providing a global view to all risk-related activities through an executive dashboard. Finance, audit and risk management professionals have the ability to organize and manage projects across the organization, document audit tasks and audit findings, track issues, manage remediation tasks, and record resulting actions.

Revenue Cycle

To ensure the financial health of a hospital, it is critical that compliance is practiced, by all staff, throughout the revenue cycle process. From the beginning of the revenue cycle (patient registration and determination of insurance eligibility) to the completion (billing for services administered to patients), each successful step in the process minimizes the hospital’s A/R days and improves cash flow. Errors made by staff in the revenue cycle process, however, can prove detrimental to a hospital’s financial stability, reputation, and brand. The requirements for compliance with laws and regulations, providing necessary care, accurately documenting each patient’s hospital experience, and generating clean claims for payment can create an overwhelming amount of overhead and responsibility. These measures are necessary however, to maximize the efficiency of your hospital’s revenue cycle process, protect your financial and reputational welfare, and maintain your organization’s compliance with the law.

How can Compliance 360 help?

The Compliance 360 solution lets you create customizable surveys to audit for Medical Necessity and proper coding activity for instance. Our secure, online solution allows for centralization and storage of all Patient Financial Services documents (including signed ABNs, Acknowledgement Reports, Remittance Documents, Chargemaster, Coding and Modifier Tables). Through Compliance 360’s regulatory intelligence features, your hospital can now track laws and regulations as they relate to EMTALA, HIPAA Privacy and Security, CMS, the OIG, False Claims Act, and more. Compliance 360 allows you to conduct enterprise-wide project management around the RAC process: from receipt of letter to reconciliation and recovery. Compliance 360's policy management functionality allows you to associate all procedure codes with appropriate hospital policies. View On-Demand Webinar

Medicare Recovery Audit Contractors (RAC)

As of June 2008, RAC audits had already corrected more than $1 billion in improper Medicare payments. The corresponding bounty for RAC auditors amounts to more than $200 million. RAC auditors are highly motivated to stake their next claim in your hospital. You need to be prepared to fight this onslaught - with proactive defenses and appeals strategies – to keep your potential losses to a minimum.

How can Compliance 360 help?

The Compliance 360 solution supports both proactive compliance programs for audit avoidance as well as audit response and appeal initiatives. The system provides robust capabilities for facilitating internal audits and self assessments to proactively identify outlier cases based on standard practices for diagnosis related groups (DRG’s). As a result, hospitals can identify and address claims errors and outliers before they are submitted, thus reducing the number of claims denials and the likelihood of raising the red flag with auditors. The Compliance 360 solution also facilitates audit response and appeal requirements with the workflow needed to collaborate on compliance- related incidents and track the progress of investigations. Learn More

OIG Work Plan

The OIG Work Plan, in many cases, is the bedrock for healthcare provider compliance programs. Released each fiscal year by The Office of Inspector General of the Department of Health and Human Services (OIG), the Work Plan gives healthcare providers visibility into the issues that will receive particular attention from the OIG and provides the necessary guidance to address the related requirements. The Work Plan also serves as a roadmap to future government enforcement activity. As was the case with previous work plans, the 2008 Work Plan is organized based on HHS programs (Medicare, Medicaid, other Centers for Medicare and Medicaid Services (CMS) issues, Public Health Programs, Human Service Programs, and overarching department-wide issues), and by the type of provider within each category. The OIG Work Plan is an invaluable tool that enables healthcare providers to prioritize risk, focus efforts, and create effective compliance programs.

How can Compliance 360 help?

Compliance 360 provides a single, integrated platform to help healthcare organizations manage complex industry requirements. Compliance 360 provides clients with a content repository, consisting of most healthcare laws, regulations, standards and guidelines. The OIG Work Plan, along with many other regulatory items, is stored and maintained in Compliance 360’s Content Library for easy retrieval, access, and evaluation. Compliance 360’s content workflow engine enables organizations to route content to the appropriate people, build custom risk assessments, prioritize risk and identify compliance shortfalls related to the OIG Work Plan, and create and manage the appropriate policies & procedures affected by the OIG’s guidance. Risk Assessments can be routed to employees via email for easy completion, with Compliance 360 calculating the risk exposure and action plans necessary to remediate any gaps. In addition to identifying key action required by the OIG Work Plan, Compliance 360 has a single repository for all documentation of compliance, called the Virtual Evidence Room. All activities and documentation are directly linked to the OIG Work Plan and other requirements to demonstrate real-time proof of compliance in an easily accessible view for internal & external audits. The Virtual Evidence Room creates an audit-ready environment and links key policies, incidents, projects, contracts, risk assessments, reports, and surveys back to the OIG Work Plan. In addition, custom reports and dashboards can be designed to monitor compliance with the OIG Work Plan and other regulations.

OIG Corporate Integrity Agreement (CIA)

The imposition of a Corporate Integrity Agreement (CIA) from the Office of the Inspector General (OIG) on any healthcare provider that participates in one of the federal healthcare programs, generally creates significant risk and compliance overhead. These corporate integrity agreements (CIA) generally last for 5 years and include specific compliance stipulations that must be enacted within specified time frames which are often as short as 90 days. These stipulations frequently include verifiable code of conduct attestations and training certifications from all “covered persons” (employees and all contractors and vendors) as well as verifiable distribution of relevant policies and procedures to all appropriate covered persons. Corporate Integrity Agreements (CIA) also frequently mandate specific claims review criteria and reporting of the findings as well as the establishment of processes for managing and reporting on “Reportable Events” that might be criminal or fraudulent in nature.

How can Compliance 360 help?

With little time to react and comply with the mandates of a corporate integrity agreement (CIA), healthcare providers must move quickly and thoroughly to avoid the risk of losing the revenue from a federal healthcare program. Compliance 360 has been proven to be very effective in its ability to help manage many corporate integrity agreements (CIA) to a successful conclusion. The system can be up and running in as little as 60 days and it supports the entire process of managing the code of conduct and policies and procedures, including the dissemination to all covered persons and the verification of all attestations as well as the remediation of any issues that arise during the process. The unique Virtual Evidence Room serves as the collection point for all relevant data and reports needed by the OIG. Some customers even chose to provide online access for the OIG, directly to their Virtual Evidence Room to eliminate the laborious task of compiling and submitting reports manually. This approach demonstrates a cooperative, transparent approach, akin to sharing the books with a financial auditor. The Incident Management capabilities of Compliance 360 are also particularly useful in compliance with the “Reportable Events” stipulations of a corporate integrity agreement (CIA). The Incident Management system collects, stores, and allows your departmental personnel to collaborate on compliance-related incident information and track progress of investigations. All incident information can be included in reports and graphically represented to demonstrate trends and correlations. Compliance managers will frequently use this area for audit committee meetings and board meeting presentations. These same reports and trends are highly useful in compliance with a corporate integrity agreement (CIA). NIH to Crack Down on Conflicts of Interest (Wall Street Journal may require registration)

Fraud, Waste and Abuse

For the many hospitals that treat Medicare and Medicaid recipients, the risk of fraud, waste and abuse violations has increased. The OIG and Inspector Generals across the country have stepped up their audit and inspection efforts to root out fraud and abuse in these government programs. The recent appointment of the Medicaid Inspector General in New York is a good example of the increased focus on identifying and prosecuting fraud, waste and abuse. The bounty for whistle-blowers, ranging from 15 percent to 25 percent can create a very compelling motive and necessitates the establishment of preventative and response measures for healthcare providers. Improving the management and overall outcomes of fraud, waste and abuse claims now harbors a significant financial advantage for most hospitals.

How can Compliance 360 help?

With Compliance 360, hospitals can centrally manage their policies and standard practices as well as the investigation of fraud, waste and abuse claims. All information compiled for each claim is centrally stored in Compliance 360. The review process is set up in the workflow-enabled Incident Management system and the process is efficiently managed with a complete audit trail of actions and signoffs for accountability.

Sensitive investigation data is secured within each department, with central access provided to Regulatory Assurance individuals for identifying issues that may be broader in nature, possibly impacting the entire organization.

False Claims Act (FCA) Compliance and Provider Self-Disclosure Protocol (SDP)

The False Claims Act (31 U.S.C. Sections 3729-33) also called the “Lincoln Act”, “Informers Act” or the “Qui Tam statute” allows a private individual or “whistleblower” with knowledge of past or present fraud on the federal government, to sue on behalf of the government to recover civil penalties and damages. Fraud under the False Claims Act means that a contractor has knowingly presented a false claim for payment to the United States. The fraud can occur wherever federal and state monies are directly or indirectly used to purchase services or goods. On April 15, 2008 The OIG published an Open Letter to Health Care Providers restating the value and purpose of the Provider Self-Disclosure Protocol (SDP). The SDP provides the healthcare provider with a proactive way of notifying the OIG of potential fraud. Through a process of proactive cooperation, a healthcare provider may be able to settle liabilities with the OIG for an amount near the lower end of the damages continuum. Organizations who fail to self report or who do not cooperate can be placed under a Corporate Integrity Agreement (CIA) or Certification of Compliance Agreement (CCA).

How can Compliance 360 help?

Compliance 360 can assist hospitals establish a proactive fraud prevention program with the ability to manage and investigate whistleblower claims. Instituting a methodology that includes evaluation and audits of your top 10-20 DRGs, with the ability to document the review and audit process, is critical to identifying where inappropriate behaviors or training may have occurred. The ability for assessments to be distributed and scored, helping to determine your degree of compliance with proper coding and charging requirements, is a basic tenet of any audit process. You can survey staff to determine if there are incidents of potential fraud and ferret out the potential causes enabling you to work within the SDP guidelines. By integrating your whistleblower hotline with the system’s ability to manage incidents and investigations, you can establish a consistent and documentable process. The system enables your ability to demonstrate evidence of compliance and determine where fraud might occur to help you avoid, or if necessary, manage a Corporate Integrity Agreement.

Physician Contract Management

Assuring that physician contracts do not violate Stark III or The Medicare and Medicaid Patient Protection Act of 1987 (Anti-kickback Statute) is now a critical imperative for healthcare provider organizations. Hospitals can no longer hope that physician contracts are within compliance requirements, they must aggressively and proactively manage these contracts. What was once thought of as contractual add-on (lab coats, specialty equipment leases, vendor inducements) can now jeopardize the compliance of the healthcare organization if improperly managed.

How can Compliance 360 help?

Compliance 360 can manage your physician contracts while enabling your organization to track the status of the laws that affect your contracts and notify the appropriate parties when provisions in those statutes change. Compliance 360 can not only manage your physician contracts but also demonstrate a comprehensive methodology to manage contracts such that physicians are not receiving undue benefit which falls outside of the provisions of the regulations. In addition, contract renewals, cost of living increases for facilities leases and general terms and conditions can be managed proactively throughout the organization. Contracts can undergo a complete compliance assessment documenting the process, questions and results on a routine or renewal basis. Furthermore, all future contracts can be designed and executed in a manner that ensures compliance with federal, state and local laws and regulations.

Stark III

The new Stark III regulations went into effect on December 4, 2007. As a result of the Stark III regulations, healthcare organizations must review their physicians’ contracts and professional arrangements to make sure they comply with the new self-referral rules. The Stark law prohibits physicians from referring Medicare patients to hospitals or other entities in which they have a financial relationship, unless the arrangement falls under one of several specific exceptions.

One of the law’s most controversial provisions states that a physician “stands in the shoes” of his or her group practice for the purpose of determining whether Stark covers the doctor’s relationship with another entity. Unlike other regulations, such as those for the anti-kickback statute, the Stark regulations are not simply agency guidance – they have the force of law. CMS has clearly signaled that more enforcement is likely and physicians and health care providers should be prepared.

How can Compliance 360 help?

Compliance 360 can organize all your contracts and specifically identify physician contracts and all the parties related to the contract. You can also establish specific review points in time to validate compliance with respect to certain high risk areas. Additionally, you can establish new physician contracts with a defined legal review process that provides assurance of being in compliance with Stark. As an ongoing audit procedure, you can establish a controls monitoring process of selected financial (Accounts Payable) transactions and be fully prepared for any audit that may arise in the future. View On-Demand Demonstration


The Emergency Medical Treatment and Active Labor Act (EMTALA) is a statute that obligates hospitals to provide screening and institute treatment for patients regardless of their ability to pay. Essentially an anti-discrimination law, EMTALA is given teeth by monetary penalties, liable claims against attending physicians and possible revocation of the CMS provider agreement. Although the law has seen many revisions since its 1986 adoption, its legal and medical interpretation by hospital administration, physicians and General Counsel can be subjective.

How can Compliance 360 help?

Compliance 360 provides a comprehensive tool for managing and staying in compliance with EMTALA requirements. You can store and maintain the various regulations and provisions and create and enforce policies and procedures to ensure compliance through all levels of your organization. You can automate proactive assessments of transferred patients to or from the hospital and then demonstrate proof of compliance in our Virtual Evidence Room. You can also track and mitigate risk using our audit and incidents management tools.

Adverse Events

There are few other compliance activities that can be as laborious and cumbersome as establishing an effective incident management and reporting process. Whether it is an adverse incident, concern, event, or investigation, a healthcare provider’s ability to create a consistent and effective intake and resolution process is imperative for proper risk management and proof of compliance. Incidents, in many cases, can be managed across multiple departments, with different approaches, and most certainly arrive from multiple sources (hotline calls, emails, verbal communication, hand-written notes, etc.) This creates a burden as organizations try to secure sensitive material, create a consistent process and manage the potential masses of data associated with each item.

How can Compliance 360 help?

Compliance 360 Incident Management enables healthcare providers to collect, store, manage and collaborate on incidents, events, cases, issues, and activities. The system includes an exceptional enterprise security configuration, robust reporting platform, and the capability to track progress on investigations and gather input from all parties. Organizations can configure field labels and selection options and organize incidents by departments, units, teams, and other categories to ensure that only the appropriate people are viewing the necessary information. Compliance 360 includes built-in document management capabilities to store key evidence documents, emails, and logs. Key features include team collaboration tools, task management, auto-messaging, audit trails, email integration, document storage and status updating. Users can also use the Virtual Evidence Room to link incidents to regulations as proof of compliance.

Limited Information Technology (IT) Resources

In most hospitals, the vast majority of Information Technology (IT) resources are dedicated to the core business functions tied to patient records, accounting and billing. As a result, it is often difficult for non-core business functions to compete successfully for limited IT resources. Many compliance teams are limited to the options of surviving without needed resources or they are forced to hire expensive consultants to build what they want. The end result is usually increased risk of regulatory sanctions and a mode of operations in compliance that is more reactive than proactive.

How can Compliance 360 help?

Owing to the design of Compliance 360, which is very well suited to the needs of healthcare providers, compliance teams can manage the system directly. Business professionals who are charged with ensuring regulatory and legal compliance are enabled to do so without solely relying on support from their internal IT departments. This has been proven in the initial system configuration and deployment as well as subsequent changes and enhancements over the life of the implementation.

Learn More

To learn how leading financial services organizations are using Compliance 360 to minimize their compliance overhead and risks, and how you can be doing the same, contact us today.

grc community

Learn & NetworkSAI Global GRC Community

News, insights, opinions, events, and resources of value to compliance, legal, risk, ethics and audit professionals in healthcare.

Compliance Management for Health Insurance

On-Demand demonstration of Compliance 360Compliance 360 Compliance
Management for Health Insurance

Learn how Compliance 360 is used to manage regulatory compliance requirements in health insurance.

Preparing for Proactive HIPAA Audits

On-Demand demonstration of Compliance 360Compliance 360 HIPAA Audits

Learn how Compliance 360 is used to manage Stark regulations and physician compliance.

Compliance Management for Healthcare

On-Demand demonstration of Compliance 360Compliance 360 Compliance
Management for Healthcare

Learn how Compliance 360 is used to manage regulatory compliance requirements in healthcare provider organizations.

Stark Compliance-A Web Demo for Healthcare Providers

On-Demand demonstration of Compliance 360Compliance 360 Stark

Learn how Compliance 360 is used to manage Stark regulations and physician compliance.

Managing Vendor Compliance and Third Party Risk

On-Demand demonstration of Compliance 360Compliance 360 Vendor Compliance and Third Party Risk

Learn how Compliance 360 is used to ensure vendor compliance and third party risk.


Complex and Evolving Privacy LawPrivacy Whitepaper

Rebecca Herold makes the case for global Privacy education and gives tips on how to do it right.

free trial

Privacy KnowledgebasePrivacy Database Free trial

Our online searchable Privacy database includes 70 country profiles and industry sector guidance for the US, UK and Australia.