Skip to content Accessibility tools

What’s Needed for A Compliance and Ethics Program?

Not so long ago, in November of 2019, Phase 3 of the Requirements of Participation became effective. Part of those requirements expanded the expectations for skilled nursing facilities related to having and implementing a Compliance and Ethics Program.
Medicare and Medicaid participating nursing facilities have been required to have a compliance and ethics program (“Compliance Program”) since March 23, 2013, under Section 6102 of the Affordable Care Act, but historically there was no regulatory mechanism for the government to enforce this requirement. Starting November 28, 2019, CMS and state survey agencies were authorized to issue survey deficiencies under federal F-tag F895 to facilities that do not have effective Compliance Programs.
The Guidance to Surveyors was issued and revised in 2023 related to the regulations at 42 C.F.R. § 483.85, F895, to determine whether a SNF’s Compliance Program is in substantial compliance with the regulations. Facilities that have implemented Compliance Programs should review the requirements against their existing programs and revise, as necessary. AHCA has been at the forefront of encouraging facilities to implement Compliance Programs and many years ago developed a Compliance Manual and Sample Policies and Procedures for members that is available on its website here.
CMS has defined an effective compliance and ethics program as a program that is established by an operating organization that includes the minimum components of the regulations and “has been reasonably designed, implemented, and enforced so that it is likely to be effective in preventing and detecting criminal, civil, and administrative violations under the Act and in promoting quality of care.”
There are eight primary elements of the regulations, and three supplemental ones, plus an annual Compliance Program review. Facilities must establish if they are part of an operating organization with five or more facilities to determine which elements are required. Operating organizations with five or more facilities will be required to meet three supplemental components.
Every facility’s Compliance Program must contain the following eight primary components, each of which will be discussed more fully in the AHCA Resource.
  1. Written compliance and ethics standards, policies, and procedures “likely to be effective” to reduce the prospect of criminal, civil and administrative violations and promote quality of care.
  2. Assignment of “high level” individual(s) (e.g., Chief Executive Officer (“CEO”), Board Member, Division Director, etc.) with the overall responsibility to oversee compliance with the Compliance Program’s standards, policies, and procedures.
  3. Sufficient resources and authority to individual(s) overseeing the program to “reasonably assure compliance” with standards, policies, and procedures.
  4. Documentation of due diligence to ensure individual(s) overseeing the program do not have the “propensity” to engage in criminal, or improper civil or regulatory behavior.
  5. Effective communication of program standards, policies and procedures to staff, contractors, and volunteers.
  6. Reasonable steps to achieve compliance with the program’s standards, policies, and procedures, including auditing and monitoring systems, as well as reporting mechanisms and a non-retaliation policy.
  7. Consistent enforcement of the program standards, policies and procedures through appropriate disciplinary mechanisms including as appropriate, discipline for individual’(s) failure to detect and report a violation to the program contact.
  8. Ensuring all “reasonable steps” are taken to “respond appropriately” to a violation and to “prevent further similar violations” including any necessary modification to the program.
  9. Operating organizations with five or more facilities have to meet three supplemental components.
  10. Conducting annual and mandatory program training as explained in 42 CFR § 483.95(f).
  11. Designating a compliance officer whose “major responsibility” is to oversee the program, and who reports to the “governing body.” Note: The compliance officer cannot be “subordinate to the general counsel, chief financial officer (“CFO”) or chief operating officer (“COO”).”
  12. Designating a compliance liaison at each of the organization’s facilities.
If you have questions, please call Elena Madrid at (360) 352-3304, extension 105, or email.
Back to Top