HCAC Compliance Timelines and Deadlines

Compliance timelines and deadlines govern when entities subject to health care accreditation and compliance (HCAC) frameworks must complete specific obligations — from initial program registration through ongoing reporting cycles, corrective action windows, and renewal submissions. Missing a mandated deadline can trigger enforcement escalation, loss of accreditation status, or civil monetary penalties under applicable federal and state statutes. This page maps the major deadline categories, the mechanisms that drive them, and the decision points that determine which schedule applies to a given organization.

Definition and scope

HCAC compliance timelines refer to the structured calendar obligations imposed on regulated health care entities by federal agencies, state health departments, and recognized accreditation bodies. These timelines are not uniform across entity types — a critical access hospital operating under the Centers for Medicare & Medicaid Services (CMS) Conditions of Participation (42 CFR Part 482) faces a different deadline architecture than a Medicare Advantage plan subject to CMS Star Ratings reporting cycles or a federally qualified health center (FQHC) subject to Health Resources & Services Administration (HRSA) reporting requirements.

The scope of applicable timelines depends on three primary variables: entity type (hospital, health plan, clinic, supplier), the regulatory program or accreditation standard under which the entity operates, and whether a triggering event — such as a survey finding, complaint, or ownership change — has activated a non-routine deadline. Understanding which compliance obligations apply by entity type is a prerequisite for accurate deadline mapping.

Accreditation bodies recognized by CMS under the deeming authority framework — including The Joint Commission (TJC), DNV GL Healthcare, and the Accreditation Commission for Health Care (ACHC) — each publish their own survey cycle schedules, which then interact with CMS's independent oversight timelines. The HCAC regulatory authority page addresses how these overlapping authorities are structured.

How it works

HCAC compliance timelines operate through three distinct deadline classes: recurring regulatory deadlines, event-triggered deadlines, and corrective action deadlines.

1. Recurring regulatory deadlines are fixed by statute, regulation, or accreditation standard and repeat on a predictable schedule regardless of survey findings. Examples include:

  1. Annual cost report submission to CMS (Medicare-certified providers, per 42 CFR §413.20)
  2. Triennial full accreditation surveys under TJC's unannounced survey model
  3. HRSA Uniform Data System (UDS) annual reporting, due February 15 of each calendar year for FQHC grantees (HRSA UDS Program)
  4. OSHA injury and illness electronic submission, due March 2 annually for facilities meeting the employee-count threshold (OSHA 300A E-Recordkeeping)

2. Event-triggered deadlines activate upon a specific occurrence — a complaint investigation opening, a sentinel event, a change of ownership (CHOW), or a failed survey. CMS imposes a 90-day window for hospitals to submit a Plan of Correction (PoC) following issuance of a Statement of Deficiencies (Form CMS-2567). State survey agencies may impose shorter interim deadlines within that window.

3. Corrective action deadlines are assigned based on deficiency severity. CMS's Immediate Jeopardy (IJ) classification requires removal of IJ within a timeframe measured in hours to days, not weeks. Lower-severity findings may carry 30-, 60-, or 90-day correction windows. Detailed mechanics of these processes appear on the HCAC corrective action planning page.

Common scenarios

Scenario A — Post-survey Plan of Correction (PoC): Following a standard survey, the facility receives CMS-2567 citing condition-level deficiencies. The facility has 10 calendar days to submit an acceptable PoC to the state survey agency. The PoC must specify the corrective action, the responsible party, the completion date for each cited deficiency, and the monitoring mechanism. Failure to submit within 10 days can accelerate termination proceedings.

Scenario B — Accreditation renewal: A hospital accredited by The Joint Commission undergoes an unannounced triennial survey. If the survey generates a Requirements for Improvement (RFI), the organization must submit a Measure of Success (MOS) within 45 or 60 days depending on the standard involved (TJC Comprehensive Accreditation Manual for Hospitals, current edition). Continuous compliance monitoring through TJC's Periodic Performance Review (PPR) runs on a separate annual cycle.

Scenario C — CHOW notification: Medicare-certified facilities undergoing a change of ownership must notify CMS and the state survey agency at least 30 days prior to the effective date of transfer (42 CFR §489.18). Failure to provide timely CHOW notification can result in the new owner inheriting a gap in Medicare certification, interrupting billing authority.

Scenario D — IJ finding: An Immediate Jeopardy citation during a survey triggers an on-site correction requirement. The facility must abate the IJ condition before the surveyor team leaves the building or within an explicitly negotiated timeframe, typically not to exceed 24 hours unless CMS grants a specific extension. Unresolved IJ leads directly to termination proceedings.

Decision boundaries

Selecting the correct timeline framework requires resolving four classification questions:

  1. Federal vs. state primary jurisdiction: Federal CMS timelines apply to Medicare- and Medicaid-certified entities; state licensure agencies may impose shorter deadlines that supersede CMS minimums. The federal vs. state requirements analysis governs this boundary.
  2. Deemed vs. state-surveyed status: Entities holding deemed status through a CMS-approved accreditation body follow that body's internal deadline schedule for most compliance activities, while retaining CMS-direct timelines for cost reports, CHOW, and IJ resolution.
  3. Deficiency severity classification: IJ versus condition-level versus standard-level findings each carry distinct correction windows. Organizations should map each cited deficiency to the applicable severity tier before constructing a PoC calendar.
  4. Triggering event type: Routine survey cycles, complaint investigations, and self-reported incidents each initiate different deadline chains. A complaint-driven investigation under 42 CFR §488.335 carries its own response timelines independent of the triennial survey schedule.

Entities managing intersecting timelines across accreditation bodies and federal and state regulators benefit from a consolidated compliance calendar that maps each obligation to its authoritative source, responsible role, and due date. The HCAC compliance documentation framework provides structural guidance for maintaining that calendar across audit cycles.

References

Read Next

HCAC Compliance Obligations by Entity Type This page maps those obligations across the principal entity types subject to HCAC frameworks — including hospitals,... HCAC Regulatory Authority and Jurisdiction Understanding which authority governs a specific obligation — and under what jurisdictional conditions — determines how... HCAC Corrective Action Planning Within HCAC-governed environments, corrective action plans (CAPs) are a formal compliance instrument — not an optional...