Comprehensive compliance programs are essential for all hospitals, health systems, physician practices, Medicare Advantage plans, Medicaid health plans, Medicare prescription drug plans, drug manufacturers, medical device makers, long-term care providers, and others doing business with Medicare, Medicaid, or other government health programs.

To help prevent fraud, waste, and abuse in Medicare and Medicaid, the HHS Office of Inspector General (OIG) and joint HHS and DOJ Health Care Fraud Prevention and Enforcement Action Team (HEAT) offer Provider Compliance Trainings, including seminars, training materials, and webcasts.

As part of recent compliance training, the OIG offered tips for operating an effective Medicare and Medicaid compliance program:

Policies and Procedures:

  • Regularly review and update with department managers and Compliance Committee.
  • Assess whether they are tailored to the intended audience and their job functions.
  • Ensure they are written clearly.
  • Include “real-life” examples.

Measuring Effectiveness:

  • Develop compliance program with benchmarks and measurable goals.
  • Set up a system to measure how well you are meeting those goals.
  • Involve the Board in creating the program and regularly update the Board regarding compliance risks, audits, and investigations.
  • If one or more goals are not met, investigate why and how to improve in the future.
  • Assess whether the compliance program has sufficient funding and support.


  • Regularly review and update training programs.  Try different approaches.  Use “real-life” examples.
  • Make training completion a job requirement.
  • Test employees’ understanding of training topics.
  • Maintain documentation to show which employees received training.
  • Train the Board.
  • Train yourself and your compliance staff. Attend conferences and webinars, subscribe to publications and OIG’s email list, monitor OIG’s website, and network with peers to stay up-to-date and get ideas.

Lines of Communication:

  • Have open lines of communication between you and employees.
  • Maintain an anonymous “hotline” to report issues to you.
  • Enforce a non-retaliation policy for employees who report potential problems.
  • Establish a direct line of communication between you and the Board.
  • Use surveys or other tools to get feedback on training and on the compliance program.
  • Use newsletters or internal websites to maintain visibility with employees.
  • Regularly meet with the Board and brief them on the compliance program.

Internal Auditing:

  • Perform proactive reviews in coding, contracts, and quality of care.
  • Create an audit plan and re-evaluate it regularly.
  • Identify your organization’s risk areas. Use your networking and compliance resources to get ideas and see what others are doing.
  • Don’t only focus on the money – also evaluate what caused the problem.
  • Create corrective action plans to fix the problem.
  • Refer to sampling techniques in OIG’s Self Disclosure Protocol and in Corporate Integrity Agreements (CIAs) to get ideas.

Enforcement of Policies and Procedures and Prompt Response to Compliance Issues:

  • Delegate and empower teams closest to the issues to perform reviews, but be careful of possible conflicts or personal relationships that may interfere with getting an objective review.
  • Act promptly, and take appropriate corrective action.
  • Create a system or process to track resolution of complaints.
  • Enforce your policies consistently through appropriate disciplinary action.

The OIG offers many other resources on fraud prevention and detection.  The National Health Care Anti-Fraud Association (NHCAA) also offers helpful training and resources.