How to Get Help for HCAC Compliance

Navigating HCAC compliance obligations is not a task most entities can manage through general internet searches alone. The regulatory landscape governing health care-adjacent compliance standards involves layered federal and state authority, accreditation requirements, and documentation demands that vary significantly by entity type, service scope, and jurisdiction. This page explains how to identify appropriate sources of guidance, what questions to ask before relying on any source, and what barriers typically prevent entities from getting the help they actually need.

Understanding What Kind of Help You Actually Need

Before seeking any external guidance, it is worth being precise about the nature of your compliance question. HCAC compliance issues generally fall into one of several categories: understanding baseline obligations, responding to a deficiency finding or enforcement action, preparing for an accreditation survey, maintaining documentation requirements, or tracking regulatory changes.

Each category calls for a different type of expertise. A consultant who specializes in survey preparation may not be the right resource for an entity contesting an enforcement action — that situation typically requires legal counsel with administrative law or health regulatory experience. Conversely, an attorney who handles enforcement defense may not be the best guide for day-to-day documentation practices.

Start by reviewing what HCAC compliance obligations apply to your entity type and consulting the compliance roles and responsibilities framework to understand which function within your organization should be taking ownership of each compliance domain. Misidentifying the responsible party is one of the most common reasons compliance efforts stall.

When to Seek Professional Guidance

Not every compliance question requires paid professional assistance, but certain situations warrant it without delay.

Seek qualified professional guidance immediately if:

• You have received a notice of deficiency, corrective action plan request, or civil monetary penalty from a regulatory body
• You are preparing for an initial accreditation survey or re-accreditation
• Your organization has undergone a material change in ownership, structure, or service scope that may trigger re-enrollment or re-licensure obligations
• You are operating across multiple states and are uncertain whether state-specific requirements supersede or supplement federal standards
• You have identified a potential self-disclosure situation involving a federal health care program

The HCAC enforcement actions page outlines the consequences of non-compliance at various levels of severity. Reviewing that material before engaging a professional can help you ask more focused questions and reduce the time — and cost — of an initial consultation.

For lower-stakes questions, such as understanding a specific regulatory citation or verifying a documentation requirement, the HCAC self-assessment tools on this site and official agency guidance documents are often sufficient.

Qualified Sources of Compliance Information and Assistance

The quality of compliance guidance varies enormously. These are the authoritative sources that regulated entities should rely on, and the credentials or authority that distinguish them.

Federal Regulatory Agencies

The Centers for Medicare & Medicaid Services (CMS) publishes interpretive guidelines, State Operations Manual provisions, and survey protocols that are the primary reference documents for entities participating in federal health care programs. CMS guidance is publicly available at cms.gov and should be treated as the baseline standard. The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services publishes compliance program guidance documents — most recently updated through 2023 — that are directly applicable to a wide range of health care entities.

Accreditation Organizations

The Joint Commission, DNV GL Healthcare, the Accreditation Commission for Health Care (ACHC), and URAC are among the CMS-approved accreditation organizations with deeming authority for specific provider types. Each publishes standards manuals and, in some cases, provides direct technical assistance to accredited organizations. Understanding the accreditation relationship to HCAC compliance is essential before engaging any accreditation body for compliance guidance.

Legal Counsel

For matters involving enforcement, self-disclosure, or contested regulatory interpretations, an attorney with experience in health care regulatory law — not general business law — is the appropriate resource. The American Health Law Association (AHLA) maintains a member directory and publishes extensively on health care compliance topics. State bar associations can verify licensure and specialization claims.

Compliance Professionals

The Health Care Compliance Association (HCCA) is the principal credentialing and professional development organization for health care compliance officers. The Certified in Healthcare Compliance (CHC) credential, administered through the Compliance Certification Board (CCB), is a recognized standard for individual compliance professionals. When evaluating a consultant or internal hire, CHC or CHC-F (Fellow) designation is a meaningful indicator of structured compliance knowledge.

Common Barriers to Getting Effective Help

Several patterns consistently prevent organizations from obtaining timely and effective compliance assistance.

Waiting until a survey or investigation is underway. Compliance support is most effective when it is proactive. By the time a deficiency is cited or an investigation opens, the entity's options narrow significantly. The frequently cited deficiencies reference on this site documents the areas where entities most commonly fall short — reviewing that material before a survey is far more useful than reviewing it after.

Relying on informal peer networks for authoritative guidance. Industry associations and professional forums can be useful for general awareness, but guidance passed informally between organizations is not reliable for regulatory compliance purposes. Regulatory text, agency guidance, and accreditation standards are the authoritative sources — not what another provider reportedly does.

Conflating federal and state requirements. Federal baseline standards and state-specific requirements frequently diverge, and the more protective standard governs. The federal vs. state requirements page addresses this directly. A compliance consultant or attorney who operates only in your state may not have adequate visibility into federal requirements, and vice versa.

Underestimating documentation obligations. Many compliance failures are not failures of practice but failures of documentation. The HCAC compliance documentation reference covers what must be maintained, for how long, and in what format across various regulatory frameworks. Getting documentation right is a precondition to getting credit for compliant behavior.

How to Evaluate a Source of Compliance Information

Whether evaluating a consultant, a training program, a publication, or an online resource, apply consistent criteria:

Authority: Is the source directly connected to the regulatory or accreditation body whose standards govern you, or is it an interpretation of those standards? Primary sources always take precedence over secondary commentary.

Currency: Compliance standards change. The HCAC compliance updates and amendments page tracks material changes to applicable standards. Any guidance document, training module, or consultant deliverable should be dated, and you should verify it reflects current requirements.

Specificity: Generic compliance guidance that does not account for your entity type, service scope, or jurisdictional context is of limited value. A home health agency, a durable medical equipment supplier, and a critical access hospital operate under substantially different compliance frameworks even where the same federal statute applies.

Accountability: Professional consultants and attorneys are subject to licensure and credentialing oversight. Anonymous or unattributed online content is not. The credentialing organizations referenced above — HCCA, CCB, AHLA — provide public verification mechanisms for the professionals they credential.

Where to Start If You Are New to HCAC Compliance

If this is your organization's first serious engagement with HCAC compliance requirements, the most efficient starting point is understanding the regulatory authority structure that governs your entity type, followed by a review of the process framework for compliance to establish operational procedures. The compliance standards overview provides the definitional foundation necessary to interpret regulatory language accurately.

From there, the path forward depends on your specific situation. For most entities, building internal compliance infrastructure — clear role assignments, documented policies, and a tracking system for regulatory changes — is more sustainable than recurring reliance on external consultants for routine compliance functions.

Professional guidance is valuable and sometimes essential. The goal of this reference is to help you seek it in the right circumstances, from the right sources, and with the right questions already formed.