Health care compliance is an ever-evolving field, driven by regulatory changes, technological advancements, and advancing challenges. In recent years, several hot topics have emerged that are reshaping health care compliance landscape, including:
Keeping abreast of these topics allows health care organizations to successfully navigate the complex regulatory landscape and deliver high-quality compliance care to their patients.
Learn more about these key areas, their impact on health care compliance, and how your organization can proactively plan for change and increase its responsiveness.
In 2023, the Federal Trade Commission (FTC) and Health and Human Services’ (HHS) Office for Civil Rights (OCR) sent a warning letter to more than 100 hospitals alerting them of the privacy and security risks of their online tracking technology disclosing personal health information. The letter, combined with the recent string of fines levied against telehealth companies by the FTC, show a growing concern with the use and sharing of health data.
In addition to increased oversight by the FTC and OCR, the Office of Inspector General (OIG) has been closely monitoring telehealth billing practices.
The 2025 Centers for Medicare and Medicaid Services (CMS) proposed physician fee schedule, includes new payments and coverages for digital health services, telehealth, behavioral health, remote monitoring and more. As coverage expands, expect to see oversight from agencies increase.
Organizations can take proactive steps by performing a deep dive review of data structure to identify areas of potential risk for health information disclosure.
Perform regular coding and documentation reviews for telehealth services. Use the OIG toolkit to evaluate billing practices and identify outliers for review.
The Health Insurance Portability and Accountability Act (HIPAA) remains the source of health care data privacy. With the increasing use of electronic health records (EHR) and digital health tools, ensuring HIPAA compliance has become more difficult.
Health care organizations must focus on safeguarding patient data from breaches and unauthorized access. Regular risk assessments, employee training, and strong cybersecurity measures are essential to maintaining HIPAA compliance.
Cybersecurity threats are evolving, with health care organizations frequently targeted by ransomware attacks and data breaches. Compliance teams must stay vigilant and proactive in implementing security measures to protect sensitive information.
Collaboration with IT departments and continuous monitoring of cybersecurity trends are important for mitigating risks.
Value-based care models, which emphasize quality and patient outcomes over volume of services, are transforming health care delivery. Compliance with value-based care regulations requires a thorough understanding of programs like the Medicare Shared Savings Program (MSSP) and the Quality Payment Program (QPP).
Organizations must facilitate accurate reporting of performance metrics and adherence to program requirements to avoid penalties and maximize incentives.
As health care providers shift toward value-based care, ethical considerations regarding patient care and resource allocation become more prominent. Compliance departments must verify that incentive structures don’t compromise patient care quality or lead to discriminatory practices.
Developing ethical guidelines and training programs can help address these concerns.
Health care private equity investors face unique clinical compliance challenges, particularly in navigating the rigorous regulations under the US False Claims Act (FCA).
Private equity companies who contract with or are reimbursed by the government are particularly vulnerable to the FCA liability. In 2023 alone, nearly $1.9 billion of the Department of Justice’s nearly $2.7 billion in FCA recoveries were related to health care fraud schemes.
Private equity investors need to consider effective due diligence pre-investment.
As organizations shift to using AI to support clinical and operational functions, it will be important for organizations to assess potential vendors for compliant practices.
AI vendors may be new to the healthcare industry and may not have established or effective compliance programs. Compliance professionals can play a critical role during the vendor evaluation process in assessing potential areas of risks.
Ongoing vendor oversight and monitoring should be embedded into risk management program. Compliance should regularly assess the findings of risk assessments to address deficiencies internally and with vendors as required.
For more information on health care hot topics and mitigating risk under regulatory changes, contact your Moss Adams professional.