February 4, 2026

OIG Compliance for Telehealth, RPM, and Virtual Care: New Rules of the Road for 2025 to 2026

Table of Contents
  1. Introduction: The New Era of Virtual Care Oversight
  2. Understanding the Telehealth Compliance Landscape in 2025 and 2026
    1. The Evolution of Federal Telehealth Policy
    2. OIG Enforcement Priorities for Virtual Care
    3. Key Regulatory Frameworks Affecting Telehealth
  3. OIG Work Plan Items Targeting Telehealth and Remote Patient Monitoring
    1. Medicare Telehealth Services Audit Focus Areas
    2. Remote Patient Monitoring Program Integrity Reviews
    3. Behavioral Health Telehealth Oversight
  4. Key Fraud and Abuse Risks in Telehealth Services
    1. Billing for Services Not Rendered
    2. Upcoding and Unbundling
    3. Medical Necessity Concerns
    4. Kickback Arrangements in Telehealth Referral Networks
    5. Patient Recruitment and Marketing Concerns
  5. Remote Patient Monitoring Compliance Considerations
    1. Device Distribution and Management
    2. Data Transmission and Monitoring Requirements
    3. Clinical Response and Documentation
    4. Vendor Relationships and Kickback Risks
  6. Telehealth MSO Model Compliance
    1. Structure and Documentation Requirements
    2. Fair Market Value and Commercial Reasonableness
    3. Corporate Practice of Medicine Considerations
    4. Anti-Kickback Statute Analysis for MSO Arrangements
  7. OIG Advisory Opinions on Telehealth Arrangements
    1. Key Advisory Opinions Addressing Telehealth Compliance
    2. Applying Advisory Opinion Guidance to Practice Operations
  8. Building a Comprehensive Telehealth Compliance Program
    1. The Seven Essential Elements of Compliance Programs
    2. Risk Assessment and Mitigation Strategies
    3. Training and Education Requirements
    4. Technology and Infrastructure Considerations
  9. Auditing and Monitoring Controls for Telehealth Services
    1. Internal Audit Program Development
    2. Real-Time Monitoring Systems
    3. External Audit Preparation
  10. Responding to Identified Compliance Violations
    1. Investigation and Root Cause Analysis
    2. Voluntary Disclosure and Refund Obligations
    3. Corrective Action Planning and Implementation
  11. Best Practices and Recommendations for Telehealth Compliance Success
    1. Leadership Commitment and Accountability
    2. Documentation Excellence
    3. Vendor Due Diligence
    4. Continuous Learning and Adaptation
  12. Working with Professional Compliance Partners
  13. Frequently Asked Questions About OIG Telehealth Compliance
  14. Conclusion: Positioning for Compliant Telehealth Growth
  15. External Resources and References

Introduction: The New Era of Virtual Care Oversight

The healthcare industry has witnessed an unprecedented transformation in service delivery over the past several years, with telehealth, remote patient monitoring (RPM), and virtual care services evolving from supplementary offerings into core components of modern medical practice. This shift, accelerated by public health emergencies and sustained by patient demand and regulatory flexibility, has fundamentally altered how healthcare organizations approach care delivery. However, this rapid expansion has also attracted heightened scrutiny from federal oversight agencies, particularly the Office of Inspector General (OIG), which has signaled clear intentions to prioritize OIG telehealth compliance enforcement activities throughout 2025 and 2026.

For healthcare practices navigating this evolving landscape, understanding the intersection of telehealth innovation and regulatory compliance has become essential to sustainable growth. The OIG has methodically expanded its focus on virtual care services, incorporating multiple OIG telehealth audits and investigative priorities into its Work Plan while issuing advisory opinions that provide critical guidance on permissible arrangements. Practices that fail to proactively address these enforcement priorities risk significant financial penalties, exclusion from federal healthcare programs, and reputational damage that can undermine years of operational success.

This comprehensive guide examines the current state of OIG enforcement activity targeting telehealth and virtual care services, analyzing Work Plan priorities, advisory opinions, and enforcement trends that define the compliance landscape for 2025 and beyond. Healthcare administrators, compliance officers, and practice leaders will gain actionable insights into the specific telehealth fraud and abuse risks that trigger OIG attention, along with practical frameworks for building robust compliance programs that support virtual care growth while mitigating regulatory exposure.

The stakes for getting telehealth compliance right have never been higher. With billions of dollars flowing through virtual care channels and enforcement agencies armed with sophisticated data analytics capabilities, practices must approach compliance as a strategic imperative rather than an administrative afterthought. This guide provides the roadmap for achieving that objective, offering detailed analysis of regulatory requirements, enforcement trends, and best practices that position healthcare organizations for compliant growth in the virtual care era.

Understanding the Telehealth Compliance Landscape in 2025 and 2026

The Evolution of Federal Telehealth Policy

Federal telehealth policy has undergone dramatic transformation since 2020, with regulatory flexibilities initially implemented as emergency measures gradually becoming permanent fixtures of the healthcare payment landscape. The Centers for Medicare and Medicaid Services (CMS) has codified numerous telehealth expansions through rulemaking, while Congress has extended key waivers that maintain access to virtual care services for Medicare beneficiaries. These policy changes have created substantial opportunities for healthcare practices to expand service offerings and improve patient access, but they have also created new compliance considerations that require careful attention.

The regulatory framework governing telehealth services intersects multiple federal statutes and regulations, including the Anti-Kickback Statute (AKS), the physician self-referral law (Stark Law), the False Claims Act (FCA), and state-specific requirements that add additional layers of complexity. Healthcare organizations must navigate this multi-dimensional regulatory environment while simultaneously meeting clinical quality standards, maintaining appropriate documentation practices, and ensuring that billing practices accurately reflect services rendered. The compliance burden associated with telehealth services extends well beyond simple coding and billing considerations, encompassing organizational structure, referral relationships, technology infrastructure, and workforce management.

OIG Enforcement Priorities for Virtual Care

The OIG has consistently signaled that telehealth and virtual care services represent a significant enforcement priority. In recent years, the agency has incorporated multiple telehealth-related items into its annual Work Plan, initiated investigations targeting telehealth fraud schemes, and issued advisory opinions that clarify the boundaries of permissible arrangements. Understanding these enforcement priorities is essential for healthcare organizations seeking to develop compliance programs that effectively address regulatory risks.

The OIG’s approach to telehealth oversight reflects broader concerns about program integrity in rapidly expanding service categories. When new payment mechanisms emerge or existing payment rules are substantially modified, the potential for fraud, waste, and abuse increases correspondingly. The agency has observed patterns of problematic behavior in telehealth billing that mirror historical fraud schemes in other service categories, including upcoding, billing for services not rendered, provision of medically unnecessary services, and improper relationships between telehealth providers and referring entities.

Healthcare practices should approach OIG telehealth compliance with the understanding that enforcement activity will likely intensify in coming years. The agency has built substantial analytical capabilities that enable identification of billing anomalies and suspicious patterns across large claims datasets. Practices with billing patterns that deviate significantly from established norms, or that maintain relationships with entities flagged for suspicious activity, face elevated risk of audit selection and enforcement action.

Key Regulatory Frameworks Affecting Telehealth

Several federal laws and regulations form the foundation of telehealth compliance requirements. The Anti-Kickback Statute prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals for items or services reimbursable by federal healthcare programs. In the telehealth context, this statute has particular relevance to arrangements involving free or discounted technology, referral relationships between telehealth platforms and healthcare providers, and compensation arrangements that may incentivize increased utilization of virtual care services.

The Stark Law prohibits physicians from referring Medicare patients for designated health services to entities with which the physician or an immediate family member has a financial relationship, unless a specific exception applies. While the Stark Law’s application to telehealth services depends on whether those services qualify as designated health services, the financial relationships underlying telehealth arrangements frequently implicate Stark Law analysis. Practices must carefully structure ownership interests, compensation arrangements, and referral relationships to ensure compliance with applicable exceptions.

The False Claims Act creates liability for knowingly submitting false or fraudulent claims to federal healthcare programs. In telehealth, FCA exposure can arise from billing for services not actually rendered, misrepresenting the qualifications of practitioners delivering services, failing to satisfy applicable supervision or licensure requirements, or submitting claims for services that do not meet medical necessity standards. The FCA’s qui tam provisions, which allow private individuals to bring enforcement actions on behalf of the government, create additional exposure for practices with compliance deficiencies.

OIG Work Plan Items Targeting Telehealth and Remote Patient Monitoring

The OIG Work Plan serves as a roadmap for the agency’s audit and investigative priorities, providing healthcare organizations with valuable insight into areas of heightened enforcement focus. Understanding current Work Plan items related to telehealth and remote patient monitoring OIG work plan priorities enables practices to proactively assess their compliance posture and implement corrective measures before regulatory scrutiny arrives.

Medicare Telehealth Services Audit Focus Areas

The OIG has incorporated several telehealth-specific audit initiatives into its Work Plan, reflecting the agency’s commitment to ensuring appropriate utilization and billing of virtual care services. These audit initiatives examine various aspects of telehealth service delivery, from basic billing accuracy to complex questions about medical necessity and quality of care.

Current Work Plan items addressing telehealth services include reviews of telehealth billing patterns to identify potential fraud and abuse, examinations of compliance with geographic and originating site requirements that remain applicable to certain telehealth services, assessments of medical necessity documentation for telehealth encounters, and evaluations of whether telehealth services meet applicable quality standards. The OIG has indicated particular interest in comparing telehealth utilization patterns across providers and geographic regions to identify statistical outliers that may warrant further investigation.

Healthcare practices should recognize that OIG telehealth audits may examine both the technical requirements for telehealth billing and the substantive quality of services rendered. Auditors may request documentation demonstrating that telehealth encounters met applicable standards for synchronous audiovisual communication, that practitioners were appropriately licensed and credentialed, that services were medically necessary and appropriately documented, and that billing codes accurately reflected the level of service provided.

Remote Patient Monitoring Program Integrity Reviews

Remote patient monitoring has emerged as a significant focus area within the OIG’s oversight portfolio, driven by substantial growth in RPM utilization and concerns about potential program integrity vulnerabilities. The remote patient monitoring OIG work plan priorities address multiple dimensions of RPM service delivery, including device management, data transmission and monitoring, clinical interpretation and intervention, and billing accuracy.

The OIG has expressed concern about RPM arrangements that may not deliver genuine clinical value to patients while generating substantial billing for healthcare providers. Specific areas of scrutiny include: the appropriateness of RPM device selection for individual patient conditions, the frequency and quality of data monitoring and clinical response, documentation practices supporting RPM billing, and the relationship between RPM service costs and clinical outcomes. Practices operating RPM programs should ensure that their services deliver measurable clinical benefits and that billing practices accurately reflect services provided.

Work Plan items also address potential kickback concerns in RPM arrangements, particularly those involving device vendors, technology platforms, or management service organizations that may provide items or services of value to practices in exchange for RPM patient referrals. The intersection of RPM services with the Anti-Kickback Statute creates compliance considerations that practices must carefully navigate, particularly when structuring relationships with third-party vendors and service providers.

Behavioral Health Telehealth Oversight

Behavioral health services delivered via telehealth have expanded dramatically, creating both access improvements and compliance challenges that the OIG has flagged for attention. The agency’s Work Plan includes items examining behavioral health telehealth utilization patterns, prescribing practices for controlled substances in telehealth settings, and compliance with Ryan Haight Act requirements governing the delivery of controlled substances via telehealth.

Practices providing behavioral health services via telehealth should pay particular attention to documentation requirements, prescribing protocols, and state-specific licensing requirements that may differ from those applicable to in-person services. The OIG has noted that behavioral health telehealth services present unique fraud and abuse risks, including potential for ghost patients, inadequate clinical assessment prior to prescribing, and inappropriate utilization patterns that may indicate fraudulent billing.

Key Fraud and Abuse Risks in Telehealth Services

Understanding the specific telehealth fraud and abuse risks that attract OIG attention enables healthcare organizations to implement targeted controls and monitoring mechanisms. The agency has identified recurring patterns of problematic behavior in telehealth that practices should recognize and actively work to prevent within their own operations.

Billing for Services Not Rendered

The most fundamental fraud risk in telehealth involves billing for services that were not actually provided. This can manifest in various ways, including: billing for telehealth encounters that never occurred, billing for practitioners who did not participate in the encounter, billing for services beyond those actually rendered during the encounter, and billing for phantom patients who did not receive any services. The remote nature of telehealth service delivery can create opportunities for bad actors to generate fraudulent billing that would be more difficult to execute in traditional in-person settings.

Practices should implement robust controls to prevent billing for services not rendered, including independent verification of encounter completion, timestamp validation for telehealth sessions, patient attestation processes, and regular auditing of telehealth billing against session logs and clinical documentation. Technology platforms used for telehealth service delivery should include features that facilitate audit trail maintenance and support verification of service delivery.

Upcoding and Unbundling

Upcoding involves billing for a higher level of service than was actually provided, while unbundling involves separately billing for services that should be combined under a single code. Both practices constitute false claims and can result in significant liability under the False Claims Act. In telehealth settings, upcoding risks may be elevated due to the relative novelty of telehealth coding rules and the complexity of determining appropriate service levels for virtual encounters.

Common upcoding scenarios in telehealth include: billing office visit codes at higher complexity levels than documentation supports, billing for comprehensive telehealth consultations when only brief check-ins occurred, using inappropriate place of service codes to inflate reimbursement, and billing for telehealth services that should have been categorized as telephone-only services at lower reimbursement rates. Practices should ensure that coding personnel receive specific training on telehealth billing requirements and that audit processes include review of telehealth claims for coding accuracy.

Medical Necessity Concerns

Federal healthcare programs only reimburse for services that are medically necessary. The OIG has expressed concern that some telehealth arrangements may incentivize provision of services that patients do not need, particularly in contexts involving aggressive marketing, high-volume telehealth mills, or arrangements where financial incentives favor increased service utilization regardless of clinical appropriateness.

Practices should ensure that clinical decision-making for telehealth services follows the same medical necessity standards applicable to in-person services. Documentation should clearly articulate the clinical rationale supporting each telehealth encounter, including the patient’s presenting concerns, clinical assessment, and the appropriateness of telehealth as the modality for addressing those concerns. Practices should be particularly cautious about arrangements that create pressure to meet volume targets or that may compromise independent clinical judgment regarding service necessity.

Kickback Arrangements in Telehealth Referral Networks

The Anti-Kickback Statute’s prohibitions on inducements for referrals apply with full force to telehealth arrangements. The OIG has identified concerning patterns in telehealth networks where improper financial relationships may influence patient referrals. Examples include: telehealth platforms paying referring providers for each patient directed to the platform’s telehealth practitioners, laboratories or durable medical equipment suppliers providing free telehealth technology or services in exchange for referrals, and compensation arrangements between telehealth providers and marketing entities that tie payment to patient volume.

Practices participating in telehealth networks should carefully evaluate the compliance of referral relationships and compensation arrangements. Any arrangement where payment flows to or from referring sources should be analyzed for Anti-Kickback Statute compliance, including assessment of whether applicable safe harbors may provide protection. Practices should be particularly cautious about arrangements offering free or subsidized technology, marketing services, or administrative support, as these benefits may constitute prohibited remuneration depending on the circumstances.

Patient Recruitment and Marketing Concerns

The OIG has expressed particular concern about patient recruitment practices in telehealth that may violate the Anti-Kickback Statute or constitute fraudulent inducement. Problematic practices include: providing excessive inducements to patients to encourage participation in telehealth programs, aggressive marketing that overstates benefits or minimizes costs of telehealth services, and use of lead generation services that pay for patient referrals. The Civil Monetary Penalty statute’s prohibition on inducements to beneficiaries adds another layer of compliance consideration for patient-facing incentive programs.

Practices should ensure that patient recruitment and marketing activities comply with applicable legal requirements and reflect accurate representations about telehealth services. Patient incentives should be evaluated for compliance with both the Anti-Kickback Statute beneficiary inducement exception and the Civil Monetary Penalty statute’s nominal value limitations. Marketing materials should be reviewed for accuracy and appropriateness, with particular attention to claims about service quality, cost savings, or health outcomes.

Remote Patient Monitoring Compliance Considerations

Remote patient monitoring programs present distinctive compliance challenges that warrant focused attention from healthcare organizations. The remote patient monitoring OIG work plan priorities reflect concerns about the rapid growth of RPM utilization and the potential for program integrity vulnerabilities in this service category. Practices operating RPM programs should develop comprehensive compliance frameworks that address the unique characteristics of remote monitoring services.

Device Distribution and Management

RPM programs involve distribution of monitoring devices to patients, creating compliance considerations related to device procurement, ownership, and management. The Anti-Kickback Statute’s implications for free or subsidized device provision must be carefully evaluated, particularly when devices are provided by third-party vendors or when device costs exceed nominal value thresholds. Practices should ensure that device distribution practices do not create improper inducements for patient participation or referral generation.

Documentation requirements for RPM device distribution include verification that devices are medically appropriate for the patient’s condition, patient education regarding proper device use, and tracking of device assignment and return. Practices should maintain systems for monitoring device utilization to ensure that patients are actively using assigned devices and that billing for RPM services accurately reflects actual monitoring activity.

Data Transmission and Monitoring Requirements

Medicare billing requirements for RPM services include specific data transmission thresholds that must be satisfied before claims can be submitted. Practices must ensure that monitoring systems accurately track data transmission to support billing compliance and that clinical staff actually review transmitted data within required timeframes. The OIG has expressed concern about RPM arrangements where data collection occurs but meaningful clinical monitoring does not, potentially resulting in billing for services that provide limited actual patient benefit.

Practices should implement workflows that ensure timely clinical review of RPM data, appropriate escalation protocols when data indicates clinical concerns, and documentation of monitoring activities that supports billing for RPM services. Audit processes should verify that data transmission logs align with billing records and that clinical documentation reflects meaningful engagement with patient monitoring data.

Clinical Response and Documentation

The clinical value of RPM services depends on appropriate clinical response to monitoring data. Practices should develop protocols that define clinical response expectations for various data parameters, including thresholds for intervention, escalation pathways, and documentation requirements. The OIG has indicated interest in whether RPM programs generate meaningful clinical interventions or simply collect data without corresponding patient care activities.

Documentation for RPM services should demonstrate: regular review of patient monitoring data by qualified clinical personnel, clinical interpretation of monitoring results, patient communication regarding monitoring findings, care plan modifications based on monitoring data, and coordination with treating physicians when RPM data indicates clinical concerns. Practices billing for RPM treatment management services should ensure that documentation reflects substantial clinical activity beyond passive data collection.

Vendor Relationships and Kickback Risks

Many healthcare practices rely on third-party vendors for RPM technology platforms, device procurement, and operational support. These vendor relationships create potential Anti-Kickback Statute exposure when vendors provide items or services of value that may influence referral decisions. Common areas of concern include: free or subsidized RPM platforms, device provision at below-market costs, marketing support services, and revenue-sharing arrangements tied to patient enrollment or billing volume.

Practices should conduct Anti-Kickback Statute analysis of RPM vendor arrangements before entering into contractual relationships. Key considerations include whether arrangements reflect fair market value for legitimate services, whether payment terms create incentives for increased utilization or referrals, and whether applicable safe harbors provide protection for the arrangement structure. Practices should be particularly cautious about arrangements where vendor compensation varies based on patient volume or where vendors provide benefits that extend beyond legitimate service delivery.

Telehealth MSO Model Compliance

Management Service Organizations (MSOs) play an increasingly prominent role in telehealth service delivery, providing administrative, operational, and technology support that enables healthcare practices to offer virtual care services. However, MSO arrangements create significant compliance considerations that practices must carefully evaluate. Understanding telehealth MSO model compliance requirements is essential for practices utilizing these arrangements to support telehealth operations.

Structure and Documentation Requirements

MSO arrangements must be structured to ensure that healthcare practices maintain appropriate control over clinical operations while the MSO provides legitimate administrative services. The distinction between clinical and administrative functions has significant legal implications, as MSOs cannot practice medicine or exercise control over clinical decision-making without potentially violating state corporate practice of medicine doctrines and federal fraud and abuse laws.

Documentation requirements for compliant MSO arrangements include written agreements that clearly define service responsibilities, compensation terms based on fair market value for legitimate services, provisions ensuring clinical independence of healthcare providers, and compliance program requirements that address the unique risks of MSO relationships. Practices should ensure that MSO agreements are reviewed by qualified legal counsel and that arrangements reflect arm’s length transactions between independent parties.

Fair Market Value and Commercial Reasonableness

MSO compensation arrangements must satisfy fair market value and commercial reasonableness standards to comply with the Anti-Kickback Statute and Stark Law. Fair market value analysis should consider the specific services provided by the MSO, comparable market rates for similar services, and the overall reasonableness of payment terms in relation to services rendered. Commercial reasonableness requires that the arrangement makes business sense independent of any referral relationship between the parties.

Practices should obtain fair market value opinions for significant MSO arrangements, particularly those involving entities with potential referral relationships. Compensation structures based on percentage of revenue or collections create elevated compliance risk and should be carefully evaluated for Anti-Kickback Statute implications. Fixed fee arrangements for defined services generally present lower compliance risk than variable compensation tied to practice revenue or patient volume.

Corporate Practice of Medicine Considerations

Many states prohibit corporations from practicing medicine or employing physicians to provide medical services except through specifically authorized structures such as professional corporations. MSO arrangements in telehealth must be structured to comply with applicable corporate practice of medicine restrictions, ensuring that clinical decision-making remains with licensed practitioners rather than corporate entities. Violations of corporate practice of medicine laws can result in loss of licensure, voiding of contracts, and potential fraud liability.

Compliance with corporate practice of medicine requirements in telehealth MSO arrangements requires attention to: the legal structure of relationships between MSOs and professional entities, the scope of services provided by the MSO versus the professional practice, compensation arrangements that do not effectively transfer practice revenue to non-professional entities, and operational protocols that preserve clinical independence. Practices should consult state-specific legal requirements when structuring MSO relationships for telehealth services.

Anti-Kickback Statute Analysis for MSO Arrangements

MSO arrangements in telehealth must be analyzed for Anti-Kickback Statute compliance, particularly when the MSO has relationships with entities that refer patients to or receive referrals from the healthcare practice. The management services safe harbor provides protection for arrangements meeting specific requirements, including written agreements, specific descriptions of services, compensation set in advance at fair market value, and compensation not determined in a manner that takes into account the volume or value of referrals.

Practices should document the Anti-Kickback Statute analysis for MSO arrangements and implement safeguards to ensure ongoing compliance. Key areas of focus include: verification that compensation reflects fair market value for specific services, documentation that payment terms were set in advance and are not tied to referral volume, confirmation that the MSO provides legitimate services that the practice needs and would purchase regardless of referral relationships, and monitoring of arrangement performance to identify changes that may affect compliance status.

OIG Advisory Opinions on Telehealth Arrangements

The OIG issues advisory opinions that provide guidance on the application of fraud and abuse laws to specific proposed arrangements. While advisory opinions are legally binding only for the requesting party, they provide valuable insight into the OIG’s analytical framework and enforcement priorities. Healthcare organizations can learn from advisory opinions addressing telehealth arrangements to better understand how the agency evaluates compliance risks in virtual care contexts.

Key Advisory Opinions Addressing Telehealth Compliance

Several advisory opinions have addressed telehealth-related arrangements, providing guidance on issues such as: provision of free or discounted telehealth technology to patients or providers, compensation arrangements between telehealth platforms and participating practitioners, marketing arrangements involving telehealth services, and relationships between telehealth providers and entities ordering items or services based on telehealth encounters. These opinions illuminate the factors the OIG considers when evaluating telehealth arrangements for potential Anti-Kickback Statute violations.

Common themes in telehealth advisory opinions include concerns about: arrangements that may channel patients to specific providers or services based on financial rather than clinical considerations, compensation structures that create incentives for increased utilization regardless of medical necessity, provision of benefits that may constitute inducements to beneficiaries or referral sources, and relationships that blur the distinction between legitimate telehealth service delivery and marketing or referral generation activities.

Applying Advisory Opinion Guidance to Practice Operations

While advisory opinions address specific arrangements and cannot be directly applied to different fact patterns, they provide valuable guidance for structuring telehealth arrangements to minimize compliance risk. Practices should review relevant advisory opinions when developing new telehealth arrangements and use the OIG’s analytical framework to evaluate their own compliance posture. Key elements to consider include: the presence of safeguards that minimize risk of program abuse, the absence of factors that increase fraud and abuse risk, and alignment with applicable safe harbor requirements.

Practices considering novel telehealth arrangements may also consider requesting their own advisory opinions from the OIG. The advisory opinion process provides an opportunity to obtain binding guidance on proposed arrangements before implementation, reducing uncertainty about compliance status. However, practices should be aware that the advisory opinion process takes significant time and that unfavorable opinions may create additional exposure if the practice proceeds with the arrangement.

Building a Comprehensive Telehealth Compliance Program

Effective OIG telehealth compliance requires a structured program that addresses the unique characteristics of virtual care service delivery while incorporating the essential elements of healthcare compliance programs generally. The OIG has published compliance program guidance for various healthcare industry segments, and practices should adapt this guidance to their specific telehealth operations. A well-designed telehealth compliance program positions the organization to identify and address risks proactively while demonstrating good faith efforts to comply with applicable requirements.

The Seven Essential Elements of Compliance Programs

The OIG has consistently emphasized seven essential elements for effective compliance programs: written policies and procedures, designation of a compliance officer and compliance committee, effective training and education, effective communication channels, internal monitoring and auditing, enforcement of standards through disciplinary guidelines, and prompt response to detected offenses with corrective action. Each of these elements should be adapted to address telehealth-specific risks and operational requirements.

Written policies and procedures for telehealth should address: practitioner eligibility and credentialing for telehealth services, technology requirements and patient identification verification, documentation standards for telehealth encounters, billing and coding requirements specific to telehealth services, and compliance with state licensing and practice requirements. Policies should be regularly reviewed and updated to reflect changes in regulatory requirements and operational practices.

Risk Assessment and Mitigation Strategies

Telehealth compliance programs should be grounded in comprehensive risk assessment that identifies the specific compliance vulnerabilities associated with the organization’s telehealth operations. Risk assessment should consider: the types of telehealth services offered and their associated billing requirements, relationships with telehealth platforms, technology vendors, and referral sources, state licensing and corporate practice requirements applicable to the organization’s service area, and historical compliance issues or enforcement trends relevant to the organization’s telehealth services.

Based on risk assessment findings, practices should develop mitigation strategies that address identified vulnerabilities. Effective mitigation strategies combine preventive controls that reduce the likelihood of compliance violations with detective controls that identify problems when they occur. The relative emphasis on different control types should reflect the organization’s specific risk profile and operational characteristics.

Training and Education Requirements

Comprehensive training is essential for telehealth compliance, addressing both the general compliance principles applicable to all healthcare services and the specific requirements unique to virtual care delivery. Training should be tailored to the roles and responsibilities of different workforce members, with practitioners receiving clinical and documentation training while administrative staff receive billing and coding training. Training should be conducted at onboarding and on an ongoing basis to address regulatory changes and identified compliance issues.

Key training topics for telehealth compliance include: proper use of telehealth technology platforms and documentation systems, coding and billing requirements for telehealth services, state licensing and practice requirements for telehealth, documentation standards for telehealth encounters, privacy and security requirements for telehealth communications, and recognition and reporting of potential compliance issues. Training effectiveness should be assessed through testing and observation, with additional training provided when deficiencies are identified.

Technology and Infrastructure Considerations

Technology infrastructure supporting telehealth services should incorporate compliance features that facilitate appropriate documentation, billing, and monitoring. Key technology considerations include: audit trail capabilities that document encounter timing and participant verification, integration between telehealth platforms and electronic health record systems, automated compliance checks for billing accuracy, and reporting capabilities that support internal monitoring and audit activities.

HIPAA compliance requirements apply to telehealth technology platforms, requiring appropriate security measures for protected health information transmitted or stored through these systems. Practices should ensure that telehealth platforms are covered by business associate agreements and that technical safeguards meet HIPAA Security Rule requirements. Regular security assessments should be conducted to identify and address vulnerabilities in telehealth technology infrastructure.

Auditing and Monitoring Controls for Telehealth Services

Ongoing monitoring and auditing are essential components of effective telehealth compliance programs. These activities enable practices to identify compliance issues before they result in significant liability exposure, demonstrate good faith compliance efforts to regulators, and continuously improve compliance operations. The OIG has emphasized that proactive monitoring and auditing distinguish organizations with genuine compliance commitments from those treating compliance as a superficial exercise.

Internal Audit Program Development

Telehealth audit programs should address the specific compliance risks associated with virtual care service delivery. Key audit focus areas include: verification that billed telehealth encounters actually occurred as documented, assessment of coding accuracy for telehealth services, evaluation of medical necessity documentation for telehealth encounters, review of practitioner credentials and licensing compliance, and assessment of compliance with applicable state and federal telehealth requirements. Audit frequency and scope should be calibrated to the organization’s risk profile and volume of telehealth services.

Audit sampling methodologies should ensure representative coverage of telehealth services across practitioners, service types, and time periods. Statistical sampling approaches enable practices to draw valid conclusions about overall compliance rates from manageable sample sizes. Audit findings should be documented and tracked, with corrective action implemented promptly when deficiencies are identified. Trend analysis of audit results over time provides insight into compliance program effectiveness and emerging risk areas.

Real-Time Monitoring Systems

In addition to periodic auditing, practices should implement real-time monitoring systems that identify potential compliance issues as they occur. Technology-enabled monitoring can flag billing anomalies, unusual utilization patterns, documentation deficiencies, and other indicators of potential compliance problems for prompt investigation. Real-time monitoring enables practices to address issues before they compound into significant liability exposure and demonstrates active compliance program engagement.

Effective monitoring indicators for telehealth compliance include: comparison of telehealth utilization patterns to established benchmarks, analysis of billing denial patterns for telehealth services, monitoring of documentation completion rates and quality metrics, tracking of practitioner licensing and credentialing status, and surveillance of relationships with vendors and referral sources. Monitoring results should be regularly reported to compliance leadership and governing bodies, with appropriate escalation of significant findings.

External Audit Preparation

Healthcare practices should maintain readiness for external audits conducted by Medicare Administrative Contractors, the OIG, state agencies, or commercial payors. Preparation activities include: maintenance of complete and accurate documentation for telehealth encounters, organization of policies, procedures, and training records demonstrating compliance program operations, documentation of vendor relationships and compliance assessments, and preservation of technology platform audit trails and system configurations.

When external audits occur, practices should respond promptly and professionally while protecting legal privileges and confidential information. Engagement of legal counsel at the outset of significant audits helps ensure appropriate handling of requests and preservation of applicable privileges. Practices should conduct post-audit reviews to identify compliance improvements suggested by audit findings and implement appropriate corrective actions.

Responding to Identified Compliance Violations

When compliance monitoring or auditing identifies potential violations, practices must respond promptly and appropriately to minimize liability exposure and demonstrate good faith compliance efforts. The OIG evaluates an organization’s response to identified problems as a key indicator of compliance program effectiveness, and appropriate response can significantly affect enforcement outcomes when violations come to the attention of regulatory authorities.

Investigation and Root Cause Analysis

Identified compliance concerns should be promptly investigated to determine the scope and severity of the issue. Investigations should examine: whether the identified problem represents an isolated incident or a systemic pattern, the root causes contributing to the compliance failure, the financial impact of the violation if improper billing occurred, and the individuals or processes involved in the problematic conduct. Investigation findings should be documented and reported to appropriate compliance leadership.

Root cause analysis enables practices to address underlying factors that contributed to compliance failures rather than simply correcting surface-level symptoms. Common root causes for telehealth compliance violations include: inadequate training on telehealth-specific requirements, technology system limitations or configuration errors, insufficient documentation standards or templates, unclear accountability for compliance responsibilities, and inadequate supervision or review processes. Effective corrective action must address identified root causes to prevent recurrence.

Voluntary Disclosure and Refund Obligations

When investigations reveal overpayments resulting from billing errors or compliance violations, practices face refund obligations under federal and state law. The 60-day rule requires refund of identified overpayments within 60 days of identification, and failure to make timely refunds can result in False Claims Act liability. Practices should maintain processes for promptly processing refunds when overpayments are identified through internal monitoring or audit activities.

In cases involving potential fraud or significant compliance violations, practices should consider voluntary disclosure to the OIG through the Self-Disclosure Protocol. Voluntary disclosure can result in reduced penalties compared to enforcement action initiated by the government, and it demonstrates good faith compliance efforts. The decision to self-disclose involves complex legal considerations and should be made in consultation with qualified healthcare regulatory counsel. Practices should evaluate the potential benefits of disclosure against litigation risks and work with counsel to prepare appropriate disclosure submissions.

Corrective Action Planning and Implementation

Comprehensive corrective action plans should address all factors contributing to identified compliance failures. Corrective action elements may include: policy and procedure revisions, training and education initiatives, technology system modifications, personnel actions including discipline when appropriate, enhanced monitoring and oversight, and structural changes to prevent recurrence. Corrective action implementation should be monitored and documented to demonstrate organizational commitment to compliance improvement.

Effective corrective action plans are specific, measurable, and time-bound, with clear accountability for implementation activities. Regular progress reporting to compliance leadership and governing bodies ensures appropriate oversight of corrective action implementation. Follow-up auditing should verify that corrective actions achieve intended compliance improvements and that identified problems do not recur.

Best Practices and Recommendations for Telehealth Compliance Success

Healthcare practices that achieve sustainable telehealth compliance success share common characteristics in their approach to program design and operational execution. Drawing from regulatory guidance, enforcement experience, and industry best practices, the following recommendations support effective telehealth compliance program development and operation.

Leadership Commitment and Accountability

Effective telehealth compliance requires visible commitment from organizational leadership, including allocation of appropriate resources, integration of compliance considerations into strategic planning, and accountability structures that reinforce compliance priorities. Governing bodies should receive regular reports on telehealth compliance status and should engage meaningfully with compliance leadership on significant issues. Leadership tone-setting establishes organizational culture that supports compliance throughout the organization.

Documentation Excellence

Documentation serves as the foundation for telehealth compliance, providing the evidentiary basis for billing, demonstrating medical necessity, and supporting regulatory defense when questions arise. Practices should establish documentation standards that ensure complete, accurate, and timely recording of telehealth encounters. Documentation templates should facilitate capture of required elements while accommodating clinical workflow. Regular documentation audits should assess compliance with established standards and identify improvement opportunities.

Vendor Due Diligence

Telehealth operations frequently involve relationships with technology vendors, platform providers, and management service organizations. Comprehensive due diligence should be conducted before entering vendor relationships, including assessment of compliance capabilities, review of proposed contractual terms, and evaluation of potential fraud and abuse implications. Ongoing monitoring of vendor relationships should identify changes that may affect compliance status and enable prompt intervention when concerns arise.

Continuous Learning and Adaptation

The telehealth regulatory environment continues to evolve rapidly, with ongoing changes to payment policies, enforcement priorities, and compliance expectations. Practices should maintain systems for monitoring regulatory developments and adapting compliance programs accordingly. Participation in industry associations and continuing education programs provides valuable insight into emerging trends and best practices. Regular assessment of compliance program effectiveness enables continuous improvement aligned with changing requirements.

Working with Professional Compliance Partners

The complexity of telehealth compliance requirements often exceeds the internal capabilities of healthcare practices, particularly smaller organizations with limited compliance resources. Engaging professional compliance partners can provide the specialized expertise needed to develop and maintain effective telehealth compliance programs. These partnerships enable practices to access current regulatory knowledge, proven compliance frameworks, and experienced guidance that would be difficult to develop internally.

Professional compliance partners like DoctorsManagement offer comprehensive services addressing the full spectrum of telehealth compliance requirements. These services may include: compliance program assessment and development, policy and procedure creation, training program design and delivery, internal audit services, mock audit preparation, and ongoing compliance monitoring and support. Engaging experienced compliance professionals helps practices achieve compliance objectives while allowing clinical and administrative staff to focus on their primary responsibilities.

When selecting compliance partners for telehealth programs, practices should evaluate: demonstrated expertise in healthcare regulatory compliance, specific experience with telehealth and virtual care compliance requirements, understanding of the practice’s specialty and operational context, capability to provide comprehensive services addressing identified compliance needs, and track record of successful client engagements. The right compliance partner becomes an extension of the practice’s compliance function, providing expertise and support that enhances organizational compliance capabilities.

Frequently Asked Questions About OIG Telehealth Compliance

What are the most common triggers for OIG telehealth audits?
OIG telehealth audits are typically triggered by statistical anomalies in billing patterns, complaints from patients or whistleblowers, referrals from other enforcement agencies, and data analytics identifying practices with utilization patterns that deviate significantly from established norms. Common red flags include billing volumes that substantially exceed peer practices, unusual patterns in service type distribution, high rates of certain procedure codes, and relationships with entities previously flagged for suspicious activity. Practices should monitor their own billing patterns and investigate any significant deviations from expected norms before external auditors identify concerns.
How should practices document telehealth encounters to satisfy compliance requirements?
Telehealth documentation should include all elements required for the billed service plus telehealth-specific information including: the technology platform used for the encounter, verification of patient identity and location, confirmation that audiovisual communication occurred (for services requiring real-time interaction), clinical assessment and medical necessity rationale, and verification that the practitioner was licensed and credentialed to provide services to patients in the relevant jurisdiction. Documentation templates should facilitate capture of these elements while maintaining clinical workflow efficiency. Regular documentation audits should verify compliance with established standards.
What Anti-Kickback Statute safe harbors apply to telehealth arrangements?
Several Anti-Kickback Statute safe harbors may apply to telehealth arrangements, depending on the specific structure and circumstances. The personal services and management contracts safe harbor may protect arrangements involving telehealth technology or management services when specified requirements are met. The equipment rental safe harbor may apply to arrangements involving use of telehealth equipment. The electronic health records safe harbor provides protection for donation of certain technology items. Additionally, the value-based arrangements safe harbors may protect telehealth arrangements structured as part of qualifying value-based programs. Practices should work with qualified legal counsel to analyze specific arrangements and identify applicable safe harbor protection.
What are the key compliance risks in remote patient monitoring programs?
Key compliance risks in RPM programs include: billing for services when data transmission thresholds are not satisfied, providing devices to patients who may not clinically benefit from monitoring, failing to conduct meaningful clinical review of monitoring data, improper relationships with device vendors that may implicate Anti-Kickback Statute concerns, and documentation deficiencies that do not adequately support billing. Practices should implement comprehensive policies and monitoring systems to address each of these risk areas. Regular auditing of RPM services should verify that billing aligns with actual service delivery and that clinical documentation supports medical necessity for monitoring services.
How do state licensing requirements affect telehealth compliance?
Healthcare practitioners providing telehealth services must generally be licensed in the state where the patient is located at the time of the telehealth encounter. While some states have adopted licensure compacts or special telehealth licensure provisions that facilitate cross-border practice, practitioners must verify their eligibility to provide services in each jurisdiction where patients are located. Failure to maintain appropriate licensure creates significant compliance risk, as services provided without proper licensure may not be billable and may expose practitioners to professional discipline. Practices should implement systems for verifying patient location and practitioner licensure eligibility before each telehealth encounter.
What steps should practices take when they identify potential telehealth billing errors?
When potential billing errors are identified, practices should: promptly investigate the scope and magnitude of the issue, document investigation findings thoroughly, calculate any resulting overpayment, process refunds within 60 days of identification as required by law, implement corrective actions to prevent recurrence, and consider whether voluntary disclosure to the OIG may be appropriate depending on the nature and severity of the issue. Practices should engage legal counsel when significant billing issues are identified to ensure appropriate handling and protection of applicable privileges. Proactive response to identified issues demonstrates good faith compliance efforts that may mitigate penalties if enforcement action occurs.
How can practices evaluate whether telehealth MSO arrangements comply with applicable requirements?
Evaluation of telehealth MSO compliance should address: the legal structure of the arrangement and its compliance with applicable corporate practice of medicine restrictions, compensation terms and their consistency with fair market value and Anti-Kickback Statute safe harbor requirements, the scope of services provided and whether clinical functions are appropriately retained by the professional practice, documentation requirements and their adequacy for supporting billing and demonstrating service delivery, and ongoing monitoring mechanisms for identifying compliance issues. Practices should obtain fair market value opinions for significant MSO arrangements and engage qualified healthcare regulatory counsel to review arrangement structure and documentation.
What are the penalties for telehealth fraud and abuse violations?
Penalties for telehealth fraud and abuse violations can be substantial. Anti-Kickback Statute violations can result in criminal penalties including fines up to $100,000 per violation and imprisonment up to 10 years, civil monetary penalties up to $100,000 per violation, and exclusion from federal healthcare programs. False Claims Act violations can result in civil penalties of over $27,000 per false claim plus treble damages. Stark Law violations can result in denial of payment, refund obligations, civil monetary penalties up to $26,000 per service, and potential False Claims Act liability. Additionally, violations can result in loss of professional licensure, reputational damage, and exclusion from participation in federal healthcare programs that effectively ends a healthcare practice’s ability to serve Medicare and Medicaid patients.
How frequently should practices audit their telehealth services?
Audit frequency should be calibrated to the organization’s risk profile and volume of telehealth services. Most practices should conduct formal telehealth audits at least quarterly, with more frequent auditing for high-volume programs or services with elevated compliance risk. Continuous monitoring of key compliance indicators should supplement periodic formal audits. Practices should also conduct audits whenever significant changes occur in telehealth operations, including introduction of new services, changes in technology platforms, or modifications to compensation arrangements. Audit scope should cover all significant telehealth service lines and should be adjusted based on previous audit findings to focus resources on areas of elevated risk.
What resources does the OIG provide for telehealth compliance guidance?
The OIG provides various resources supporting telehealth compliance, including: the OIG Work Plan identifying current audit and enforcement priorities, advisory opinions addressing specific telehealth arrangements, compliance program guidance documents applicable to various healthcare industry segments, fraud alerts highlighting problematic arrangements or practices, and reports analyzing telehealth-related program integrity issues. Healthcare organizations should regularly review OIG publications to stay current on enforcement priorities and compliance expectations. The OIG website at oig.hhs.gov provides access to these resources along with information about the Self-Disclosure Protocol for organizations that identify potential violations requiring voluntary disclosure.
How do audio-only telehealth services differ in compliance requirements from audiovisual services?
Audio-only telehealth services have distinct billing codes and requirements compared to audiovisual services. Medicare allows audio-only telehealth for certain services, particularly behavioral health, but many telehealth services require real-time audiovisual interaction. Practices must ensure that billing codes accurately reflect the modality used for each encounter, as billing for audiovisual telehealth when only audio communication occurred constitutes false claims. Documentation should clearly indicate the communication modality used and should support the appropriateness of the modality for the services rendered. Some payors may have different coverage policies for audio-only services, requiring careful attention to payor-specific requirements.
What should practices include in telehealth compliance training for staff?
Comprehensive telehealth compliance training should address: general compliance program requirements and fraud and abuse laws, proper use of telehealth technology platforms, patient identity verification and encounter documentation, coding and billing requirements specific to telehealth services, state licensing and practice requirements, HIPAA privacy and security requirements for telehealth, recognition and reporting of potential compliance issues, and consequences of compliance violations. Training should be role-specific, with clinical staff receiving emphasis on documentation and clinical requirements while billing staff receive detailed coding training. Training effectiveness should be assessed through testing and competency verification, with additional training provided when deficiencies are identified.
How can practices distinguish legitimate telehealth vendor arrangements from potentially problematic kickback schemes?
Legitimate telehealth vendor arrangements generally have the following characteristics: written agreements clearly defining services and compensation, compensation set at fair market value for legitimate services, payment terms established in advance and not tied to referral volume, legitimate business purpose for the services independent of any referral relationship, and compliance with applicable safe harbor requirements. Warning signs of potentially problematic arrangements include: compensation tied to patient volume or referral generation, provision of free or significantly discounted services without legitimate justification, arrangements where the primary benefit appears to be referral generation rather than legitimate service delivery, and lack of written documentation supporting arrangement terms. Practices should conduct thorough due diligence before entering vendor relationships and should seek legal counsel review for significant arrangements.
What role do compliance committees play in telehealth compliance programs?
Compliance committees provide oversight and strategic direction for telehealth compliance activities. Committee responsibilities typically include: reviewing and approving telehealth compliance policies and procedures, monitoring compliance program effectiveness, evaluating significant compliance risks and mitigation strategies, reviewing audit findings and corrective action plans, and reporting compliance status to governing bodies. Committee membership should include representatives from clinical leadership, administration, legal or compliance, and other relevant functions. Regular meeting schedules ensure consistent oversight, with additional meetings convened when significant compliance issues arise. Effective compliance committees demonstrate organizational commitment to compliance and provide accountability structures that reinforce compliance priorities.
How should practices prepare for potential changes to telehealth reimbursement and compliance requirements?
Practices should maintain awareness of proposed and finalized regulatory changes affecting telehealth through monitoring of CMS rulemaking, OIG publications, and relevant professional associations. When significant changes are announced, practices should assess impacts on current operations and develop implementation plans addressing necessary modifications to policies, procedures, technology, training, and billing processes. Building flexibility into telehealth operations enables more efficient adaptation when requirements change. Practices should also engage with professional associations and regulatory bodies during comment periods for proposed rules, contributing to the development of workable telehealth policies. Maintaining relationships with compliance advisors who monitor regulatory developments helps ensure timely awareness of changes requiring operational response.

Conclusion: Positioning for Compliant Telehealth Growth

The telehealth revolution in healthcare has created extraordinary opportunities for practices to expand access, improve patient engagement, and develop new service lines that address evolving patient needs and preferences. However, realizing these opportunities requires careful attention to the compliance requirements that govern virtual care service delivery. The OIG has made clear through its Work Plan priorities, advisory opinions, and enforcement activities that OIG telehealth compliance represents a significant focus area that will only intensify as telehealth utilization continues to grow.

Healthcare practices that invest in comprehensive telehealth compliance programs position themselves for sustainable growth while minimizing regulatory risk. The fundamental elements of effective compliance, including written policies, training, monitoring, and prompt corrective action, provide the foundation for telehealth compliance just as they do for traditional healthcare services. What distinguishes telehealth compliance is the need to address unique risks associated with remote service delivery, technology platforms, vendor relationships, and multi-jurisdictional practice.

The telehealth fraud and abuse risks identified in this guide, including billing for services not rendered, upcoding, medical necessity concerns, and kickback arrangements, require specific controls and monitoring mechanisms tailored to telehealth operations. The remote patient monitoring OIG work plan priorities signal particular attention to RPM services, which have grown rapidly and present distinctive compliance challenges related to device management, data monitoring, and vendor relationships. Practices operating RPM programs should ensure robust compliance frameworks that address these specific concerns.

For practices utilizing management service organizations to support telehealth operations, telehealth MSO model compliance requires careful attention to corporate practice of medicine restrictions, fair market value compensation, and Anti-Kickback Statute analysis. These arrangements can provide valuable operational support when properly structured, but they also create potential compliance exposure when arrangements do not satisfy applicable requirements.

Preparation for potential OIG telehealth audits should be an ongoing priority, with practices maintaining documentation practices, audit trails, and compliance records that support regulatory defense. The practices that fare best in audit situations are those that have invested in compliance before scrutiny arrives, demonstrating through their policies, training, and monitoring activities that compliance is a genuine organizational priority rather than an afterthought.

As the regulatory landscape continues to evolve, practices should remain vigilant for changes in telehealth policy that may affect compliance requirements. Engaging professional compliance partners with deep expertise in healthcare regulatory requirements can provide valuable support for practices navigating this complex environment. Organizations like DoctorsManagement offer the specialized knowledge and proven frameworks needed to build and maintain effective telehealth compliance programs.

The path forward for healthcare practices committed to telehealth excellence is clear: embrace the opportunities presented by virtual care innovation while maintaining unwavering commitment to compliance with applicable regulatory requirements. This balanced approach enables practices to serve their patients through convenient, accessible telehealth services while protecting the organization from the significant financial, operational, and reputational consequences of compliance failures. In the new era of virtual care oversight, compliance is not merely a legal requirement but a strategic imperative that distinguishes successful practices from those that struggle to sustain their telehealth operations.

External Resources and References

The following authoritative resources provide additional guidance on telehealth compliance requirements and enforcement priorities:

Office of Inspector General (OIG) provides the Work Plan, advisory opinions, fraud alerts, and compliance program guidance at oig.hhs.gov.

Centers for Medicare and Medicaid Services (CMS) publishes telehealth billing and coverage policies at cms.gov/Medicare/Medicare-General-Information/Telehealth.

OIG Self-Disclosure Protocol information for practices considering voluntary disclosure is available at oig.hhs.gov/compliance/self-disclosure-info.

American Health Information Management Association (AHIMA) provides coding and documentation resources at ahima.org.

American Academy of Professional Coders (AAPC) offers telehealth coding guidance and education at aapc.com.

Health Care Compliance Association (HCCA) provides compliance program resources and education at hcca-info.org.

DoctorsManagement offers comprehensive compliance consulting services for healthcare practices at doctorsmanagement.com.

 

Contact Us

  • Categories
  • This field is for validation purposes and should be left unchanged.
    How Can DoctorsManagement Help You?(Required)
    DoctorsManagement does not work with patients. We offer support to practices.
    I agree
    By checking this box, you agree to allow us to store the data from this form and agree to receive further email communication. Privacy Policy

Related Posts

February 4, 2026

From OIG Work Plan to Practice Level Audit Roadmap: Building a Risk Based OIG Compliance Strategy
by Scott Kraft, Senior Compliance Consultant

January 15, 2026

How Medical Practices Should Respond to Breach Notifications from Third-Party Clearinghouses
by Shanon Moore, Director, OSHA/HIPAA Compliance

December 23, 2025

When Things Go Wrong: A Practical Guide to the OIG Self-Disclosure Protocol for Medical Practices
by Gene Good, JD, CEO

December 23, 2025

OIG Exclusion Screening 101: How to Build a Bulletproof LEIE Program for Your Practice
by Gene Good, JD, CEO

November 19, 2025

Healthcare Compliance Training in 2025: New Standards and Effective Programs
by Gene Good, JD, CEO

November 19, 2025

Building a Bulletproof Chart Audit Program: Frameworks and Tools for 2025
by Gene Good, JD, CEO

October 24, 2025

Choosing the Right Instrument for Your Laboratory
by Bridget Smudrick, BS, MLS (ASCP), Director of CLIA Compliance

September 16, 2025

OIG Compliance in 2025: What’s Changing and How Your Practice Should Prepare
by Gene Good, JD, CEO

September 16, 2025

The Role of the Healthcare Compliance Officer in Modern Medical Practices
by Gene Good, JD, CEO

September 10, 2025

Understanding HIPAA Encryption Requirements: What You Need to Know
by Shanon Moore, Director, OSHA/HIPAA Compliance

August 20, 2025

Benefits of the In-House Laboratory
by Bridget Smudrick, BS, MLS (ASCP), Director of CLIA Compliance

July 16, 2025

Your Care Is Personal, Your Note Should Be Too
by Shannon DeConda, Partner, Founder and President of NAMAS

June 17, 2025

The Hidden Burden of HIPAA: Why Security Risk Analysis Remains a Major Challenge for Small Medical Practices in 2025
by Shanon Moore, Director, OSHA/HIPAA Compliance
United States Supreme Court

April 9, 2025

A New Chapter in Statutory Interpretation: What It Means for Healthcare
by Sean Weiss, Partner, Vice President of Compliance
CLIA Compliance

March 26, 2025

Laboratory: Always At The Ready
by Bridget Smudrick, BS, MLS (ASCP), Director of CLIA Compliance
Maintaining OSHA Compliance

March 19, 2025

Maintaining OSHA Compliance and Employee Safety in Radiology
by Shanon Moore, Director, OSHA/HIPAA Compliance
Doctors Having a Meeting About Compliance Goals

February 14, 2025

How to Write Healthcare Compliance Goals
by DoctorsManagement
OSHA and HIPAA Compliance

February 5, 2025

HIPAA Compliance in 2025: What Your Practice Needs to Know
by Shanon Moore, Director, OSHA/HIPAA Compliance
Medical Data

January 22, 2025

Strengthening HIPAA Policies and Conducting Security Risk Analysis
by Shanon Moore, Director, OSHA/HIPAA Compliance
Importance of Healthcare Compliance Training

January 13, 2025

The Importance of Healthcare Compliance Training For Employees
by DoctorsManagement
Navigating Tax Due Diligence in Healthcare

January 10, 2025

Navigating Tax Due Diligence in Healthcare Mergers and Acquisitions
by DoctorsManagement
Physical Therapy

January 8, 2025

Medicare Rule Changes for Physical Therapists Effective January 1, 2025
by Shannon DeConda, Partner, Founder and President of NAMAS
Exclamation point in an orange circle over an orange background.

December 2, 2024

The Critical Importance of Self-Audits
by Sean Weiss, Partner, Vice President of Compliance
Why HR Compliance Is Crucial for Your Medical Practice

November 20, 2024

Why HR Compliance Is Crucial for Your Medical Practice
by DoctorsManagement
Call Us (800) 635-4040