Which entity defines the essential elements of a comprehensive compliance program?

The essential elements of a comprehensive compliance program in health care are defined by the Office of Inspector General (OIG). The OIG provides Compliance Program Guidance for Health Care Providers and outlines the required components organizations should implement to promote integrity, detect problems, and take corrective action. These elements typically include written policies and procedures, a designated compliance officer and compliance committee, ongoing training and education, effective lines of communication for reporting concerns, internal monitoring and auditing, consistent enforcement and discipline, and mechanisms to respond to and correct detected offenses. Centers for Medicare & Medicaid Services (CMS) administers Medicare/Medicaid and sets payment and program integrity policies, but does not define the universal elements of a compliance program. The HIPAA Privacy Officer is a role within the HIPAA Privacy Rule rather than the body that defines the core components of a compliance program. The National Committee for Quality Assurance (NCQA) sets quality accreditation standards, not the framework for a comprehensive compliance program.