What Agency Audits for Healthcare Comprehensive Compliance?

Sarah Jones
Surveyor with a clipboard on her lap

The top dog in healthcare auditing is the Department of Health and Human Services (HHS). But with 629 different rules and regulations to administer, HHS as a single entity can’t do it alone. That’s why there are three agencies within HHS that oversee some aspects of patient and worker safety, financial fraud, waste, patient rights, and funding.

The question healthcare organizations may ask instead of “What agency audits for healthcare comprehensive compliance?” is how agencies administer compliance audits and for whom.

What is Healthcare Compliance?

Healthcare compliance is the process of following the laws, regulations, and ethical standards that govern the healthcare industry. It ensures that healthcare organizations and professionals adhere to guidelines that protect patient safety, maintain data privacy, and uphold the integrity of medical practices. Compliance is essential for operating within the legal framework, providing high-quality care, and maintaining the trust of patients and the community​.

Agencies Who Audit for Healthcare Compliance

Four agencies within the Department of Health and Human Services (HHS) work together to regulate, oversee, and ensure compliance with various aspects of healthcare in the United States, including access to care, quality of care, privacy protections, and program integrity for federal healthcare programs like Medicare and Medicaid. They include:

HRSA (Health Resources and Services Administration)

  • HRSA is an agency within HHS that focuses on improving access to healthcare services for underserved and vulnerable populations.
  • HRSA administers programs and funding to support healthcare providers and facilities that serve medically underserved areas and populations.
  • It also oversees the FQHC (Federally Qualified Health Centers) program and ensures that these centers comply with federal regulations to maintain their FQHC status for federal funding to provide primary care services to underserved communities.

Download the Ultimate List of Required Training for Community Health Centers.

OCR (Office for Civil Rights)

  • OCR is responsible for enforcing federal laws that protect the privacy and civil rights of individuals in healthcare settings.
  • OCR enforces the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which governs the protection of patient health information.
  • It also enforces anti-discrimination laws in healthcare, ensuring equal access to healthcare services for all individuals.

Get tips for surviving an OCR inspection.

CMS (Centers for Medicare & Medicaid Services)

  • CMS is the division responsible for administering the Medicare and Medicaid programs, which provide healthcare coverage for eligible individuals, including seniors, low-income individuals, and people with disabilities.
  • CMS sets standards for healthcare providers participating in Medicare and Medicaid programs, conducts audits, and ensures compliance with program requirements.
  • It also oversees the implementation of the Affordable Care Act (ACA) and manages the Health Insurance Marketplace.

Get tips for surviving a CMS inspection.

OIG (Office of the Inspector General)

  • OIG is the division responsible for preventing fraud, waste, and abuse within HHS initiatives.
  • One of OIG’s top priorities is to safeguard funding and protect the country’s most vulnerable citizens.
  • It also ensures adhereance with the five most important federal fraud and abuse laws that apply to physicians. These  include the False Claims Act (FCA), the Anti-Kickback Statute (AKS), the Physician Self-Referral Law (Stark law), the Exclusion Authorities, and the Civil Monetary Penalties Law (CMPL).

Get tips for surviving an OIG inspection.

Be Ready for Comprehensive Healthcare Compliance Audits

Being survey-ready requires thorough planning, diligent adherence to regulations, and a collaborative effort from your entire healthcare facility. By understanding the requirements, conducting regular internal audits, and implementing robust preparation strategies, you can work towards a successful inspection that demonstrates your commitment to patient safety and high-quality care. 


Get everything you need to know about the 9 compliance reports you can't live without.

An easy-to-use, cloud-based platform like MedTrainer can support your compliance strategy and help you to maintain survey readiness. A robust course library, automated training reminders, customizable reporting features, credentialing services with primary source verification and exclusions monitoring, safety plan templates, incident report forms, and more, are all options within the nation’s leading all-in-one healthcare compliance software solution. Learn more about MedTrainer’s tools for preparing for an inspection.