Get in touch with us: Sales: (888) 337-0288    Support Center

Glossary

Healthcare compliance entails a cascade of technical terms, acronyms, and an array of official entities that can overwhelm even the most seasoned compliance professionals. Indeed, the complexities of the field can mystify concepts that actually need to be addressed and executed with precision. Getting familiar with the industry’s terminology coupled with deeper comprehension can help you stay abreast of regulatory standards and requirements.

Provided is a glossary of commonly used terms and acronyms you might come across as you encounter one or more of three major components in healthcare: compliance, credentialing, and staff training. While compliance is about following a particular set of protocols and policies in alignment with state and federal mandates, it is as much a priority when it comes to the credentialing process. Insurances need to know that healthcare professionals inside their network are appropriately educated, trained, and compliant. Hence, staff training is another important piece of the compliance puzzle. Concepts from all three areas are decoded below for your reference.


  • Accounting and Auditing Enforcement Releases (AAER) – Documentation that lists individuals or entities, identified by the U.S. Securities and Exchange Commission (SEC), who allegedly engaged in accounting misconduct, auditing misconduct, or both.

  • Accountable Care Organizations (ACO) – Groups of doctors, hospitals, and other healthcare providers who provide coordinated, high-quality, and affordable care to Medicare patients.

  • Affiliated Covered Entity (ACE) – Separate healthcare entities affiliated through shared ownership who designate themselves as a single covered entity in order to reduce the burden of HIPAA administration, requiring only one notice of privacy rights, one set of policies and procedures, one privacy official, one common training program, etc.

  • Agency for Healthcare Research and Quality (AHRQ)Operates within the U.S. Department of Health and Human Services (HHS) to ensure evidence-based data is produced and understood; mission is to make healthcare safer, higher quality, more accessible, equitable, and affordable; invests in health system research, creates tools and strategies for practice improvement, and disseminates data and analytics.

  • American Recovery and Reinvestment Act of 2009 (ARRA) – Stimulus package signed into law on February 17th, 2009 to modernize the United States infrastructure, enhance energy independence, expand educational opportunities, preserve and improve affordable health care, provide tax relief, and protect those in greatest need.

  • Americans with Disabilities Act (ADA) – A civil rights law that protects people with disabilities from discrimination.

  • Annual Contractor Evaluation Report (ACER) – A documented analysis of the relationship between contracted parties (such as a healthcare facility and Medicare/Medicaid) that measures standards of performance, adherence to certain tasks and schedules, ethics and integrity, workmanship, behavior among patient relationships, controlling of costs, etc.

  • Centers for Medicare & Medicaid Services (CMS)Part of the U.S. Department of Health and Human Services (HHS) that provides health coverage at a lower cost to millions of people through Medicare, Medicaid, the Children’s Health Insurance Program (CHIP), and the Health Insurance Marketplace.

  • Certified Compliance and Ethics Professional (CCEP) – A credentialed individual whose role is to help healthcare organizations understand their responsibilities in relation to the law and help healthcare organizations ensure compliance in their programs and services.

  • Certified Compliance and Ethics Professional-Fellow (CCEP-F) – A credentialed individual with knowledge and expertise in regulatory compliance processes who assists organizations in understanding and addressing legal obligations, and promotes integrity via effective compliance programs.

  • Certified Compliance and Ethics Professional-International (CCEP-I) – A credentialed individual with knowledge and international expertise in regulatory compliance processes who assists organizations in understanding and addressing legal obligations, and promotes integrity via effective compliance programs.

  • Certified Fraud Examiner (CFE) – A credentialed individual with special training in preventing, detecting, and investigating fraud; can work in a variety of positions and industries.

  • Certified Internal Auditor (CIA) – A credentialed individual who strives to increase defenses and minimize risk by ensuring compliance, performing audits on financial data, and protecting assets through the creation of systems that prevent fraud, loss, and theft.

  • Chief Audit Executive (CAE) – A professional who oversees and manages internal audit activity in accordance with the International Professional Practices Framework.

  • Chief Compliance Officer (CCO) – A professional leader who oversees organizational compliance by ensuring compliance with laws, regulatory requirements, policies, and procedures.

  • Chief Risk Officer (CRO) – A professional leader who identifies, examines, and minimizes external, internal, technical, regulatory, or competitive risks to a company; maintains compliance and protects investments.

  • Civil Monetary Penalty (CMP) – A fine issued by the U.S. Department of Health and Human Services (HHS) for committing fraud and abuse involving Medicare or Medicaid, in violation of Civil Monetary Penalties Law (CMPL).

  • Compliance Audit – A series of inspections and checks performed by objective individuals or governing bodies to ensure that the healthcare entity is conducting business in accordance with its policies and federal or state regulations.

  • Compliance Certification Board (CCB) – A credentialing agency that certifies individuals who demonstrate competence in compliance and ethics.

  • Compliance Checklist – A comprehensive list used to aid in the completion of a procedure or task, identify areas for improvement, and improve the safety and security of patients and healthcare workers.

  • Compliance Officer – A professional that ensures a company, organization, and its employees adhere and comply with outside contractual obligations, government regulations and laws, as well as internal obligations and bylaws.

  • Consolidated Omnibus Budget Reconciliation Act (COBRA) – A federal law that mandates employers provide employees and their families the option to retain group plan health benefits for a certain period of time given particular circumstances such as involuntary or voluntary unemployment, employee death, decreased work hours, or other important life events.

  • Designated Health Services (Stark Law) (DHS) – Specific services considered unlawful in relation to the Stark Law, which forbids physicians from referring patients to receive particular services from entities with which the physician or physician’s family member has a financial relationship.

  • Disaster Recovery Plan (DRP) – A detailed procedural document used to mitigate the impact of unplanned catastrophes that affect patient data and care.

  • Electronic Health Record (EHR) – An electronic version of a patient’s overall medical history, treatments, and clinical data extending beyond a given office location; shared amongst all providers involved in a patient’s care.

  • Electronic Medical Record (EMR) – An electronic version of a patient’s chart that is not shared outside a given office location; used to document diagnoses and treatments provided within a specific office location.

  • Electronic Protected Health Information (ePHI) – Personal health-related information federally protected by the HIPAA Privacy Rule, that is electronically created, stored, transmitted, or received.

  • Enterprise Risk Management (ERM) – A top-down process by which an organization, company, business, or firm identifies, analyzes, and prepares for risks that may harm finances, goals, or operations.

  • Family Medical Leave Act (FMLA) – A federal law that allows eligible employees to take unpaid, job-protected leave for up to 12-weeks per year for family and medical reasons; group health benefits are maintained during the leave.

  • Federally Qualified Health Center (FQHC) – A healthcare facility that qualifies for special funding and enhanced reimbursement from the Health Resources and Services Administration (HRSA) and Centers for Medicare and Medicaid Services (CMS) having met certain criteria; for example: serve an underserved population, provide comprehensive care, maintain a quality assurance program, and other qualifiers.

  • Financial Assistance Policy (FAP) – A written document established by tax-exempt hospitals that guarantees eligible patients who cannot pay for treatment receive free or discounted services; regulated by the Internal Revenue Service (IRS).

  • Health Care Fraud Prevention and Enforcement Action Team (HEAT) – An organization created by the U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG), and the U.S. Department of Justice (DOJ) to address healthcare fraud and its prevention.

  • Health Information Management (HIM) – The collection, evaluation, saving, and protection of patient health information, whether that information is maintained in an electronic health record or on paper.

  • Health Information Technology for Economic and Clinical Health Act (HITECH) – Signed into law on February 17, 2009 (as part of the American Recovery and Reinvestment Act of 2009 (ARRA)) to promote the adoption and meaningful use of health information technology; addresses privacy and security concerns associated with the electronic transmission of protected health information by strengthening the enforcement of the HIPAA Privacy and Security Rules.

  • Health Information Trust Alliance (HITRUST) – A non-profit company that assists healthcare organizations with maintaining compliance, processing data, and managing information risk.

  • Health Insurance Portability and Accountability Act (HIPAA) – A federal law intended to protect patient rights and privacy by prohibiting healthcare organizations and insurance companies from disclosing sensitive and protected health information (PHI) without the patient’s consent.

  • Health Maintenance Organization (HMO) – A health insurance plan that consists of a network of physicians, hospitals, and healthcare providers that provides insurance coverage to individuals for either a monthly or an annual fee.

  • Health Resources and Services Administration (HRSA) – A sub-agency of the U.S. Department of Health and Human Services (HHS) focused on equitable healthcare for people who are geographically isolated and economically or medically vulnerable.

  • Healthcare Compliance – The process by which healthcare organizations and professionals follow a set of rules and regulations established by the practice itself, local, state, or federal bodies that promote and govern the quality of healthcare provided and the safety of patients, workers, and the general public.

  • Healthcare Regulation – Pertains to laws created and enforced by private organizations and all levels of government, including local, state, or federal. Healthcare regulations are designed to ensure that safe, quality healthcare is provided to the public by maximizing the compliance of healthcare personnel and providers. Ultimately, healthcare regulation protects the public, healthcare personnel, and healthcare providers.

  • Immediate Corrective Action Required (ICAR) – A citation administered by the Centers for Medicare and Medicaid Services (CMS) as a result of uncovering a deficiency during an audit that resulted in lack of access to medications and/or services or posed an immediate threat to enrollee health and safety.

  • Incident Report – A form that documents the details of an event such as workplace injury, accident, near miss, property damage, safety issues, health issues, or security breaches.

  • Learning Management System (LMS) – A software application that facilitates professional education and training by organizing courses, providing access to the courses, monitoring the training progress of employees, and maintaining a record of each course completion.

  • Managed Care Organization (MCO) – A company, or healthcare plan, that strives to make services accessible and affordable; MCOs include Health Maintenance Organizations (HMOs), Point of Service (POS) Organizations, Preferred Provider Organizations (PPOs), and Exclusive Provider Organizations (EPOs).

  • National Labor Relations Act (NLRA) Legislation intended to protect employer and employee rights, protect workers, businesses, and the economy by preventing harmful practices and encouraging collective bargaining.

  • Office for Civil Rights (OCR) Part of the Department of Health and Human Services (HHS) that enforces federal civil rights laws, HIPAA, patient privacy and security, and policies and procedures for protected health information (PHI).

  • Organized Health Care Arrangements (OHCA) – Organized healthcare systems in which multiple HIPAA-covered entities publicly acknowledge their participation in a joint arrangement with joint activities outlined by the Privacy Rule.

  • Protected Health Information (PHI) – Personal health-related information federally protected by the HIPAA Privacy Rule.

  • Physician Quality Reporting System (PQRS) – A “pay for performance” program that ran from 2007-2016 whereby eligible healthcare professionals reported to the Centers for Medicare and Medicaid Services (CMS) on quality measures; in 2017 PQRS was replaced by the Merit-based Incentive Payment System (MIPS).