(a) Definitions. For purposes of this section, the following definitions apply:

Compliance and ethics program means, with respect to a facility, a program of the operating organization that—

(1) Has been reasonably designed, implemented, and enforced so that it is likely to be effective in preventing and detecting criminal, civil, and administrative violations under the Act and in promoting quality of care; and

(2) Includes, at a minimum, the required components specified in paragraph (c) of this section.

High-level personnel means individual(s) who have substantial control over the operating organization or who have a substantial role in the making of policy within the operating organization.

Operating organization means the individual(s) or entity that operates a facility.

(b) General rule. Beginning November 28, 2019, the operating organization for each facility must have in operation a compliance and ethics program (as defined in paragraph (a) of this section) that meets the requirements of this section.

(c) Required components for all facilities. The operating organization for each facility must develop, implement, and maintain an effective compliance and ethics program that contains, at a minimum, the following components:

(1) Established written compliance and ethics standards, policies, and procedures to follow that are reasonably capable of reducing the prospect of criminal, civil, and administrative violations under the Act and promote quality of care, which include, but are not limited to, the designation of an appropriate compliance and ethics program contact to which individuals may report suspected violations, as well as an alternate method of reporting suspected violations anonymously without fear of retribution; and disciplinary standards that set out the consequences for committing violations for the operating organization's entire staff; individuals providing services under a contractual arrangement; and volunteers, consistent with the volunteers' expected roles.

(2) Assignment of specific individuals within the high-level personnel of the operating organization with the overall responsibility to oversee compliance with the operating organization's compliance and ethics program's standards, policies, and procedures, such as, but not limited to, the chief executive officer (CEO), members of the board of directors, or directors of major divisions in the operating organization.

(3) Sufficient resources and authority to the specific individuals designated in paragraph (c)(2) of this section to reasonably assure compliance with such standards, policies, and procedures.

(4) Due care not to delegate substantial discretionary authority to individuals who the operating organization knew, or should have known through the exercise of due diligence, had a propensity to engage in criminal, civil, and administrative violations under the Social Security Act.

(5) The facility takes steps to effectively communicate the standards, policies, and procedures in the operating organization's compliance and ethics program to the operating organization's entire staff; individuals providing services under a contractual arrangement; and volunteers, consistent with the volunteers' expected roles. Requirements include, but are not limited to, mandatory participation in training as set forth at §483.95(f) or orientation programs, or disseminating information that explains in a practical manner what is required under the program.

(6) The facility takes reasonable steps to achieve compliance with the program's standards, policies, and procedures. Such steps include, but are not limited to, utilizing monitoring and auditing systems reasonably designed to detect criminal, civil, and administrative violations under the Act by any of the operating organization's staff, individuals providing services under a contractual arrangement, or volunteers, having in place and publicizing a reporting system whereby any of these individuals could report violations by others anonymously within the operating organization without fear of retribution, and having a process for ensuring the integrity of any reported data.

(7) Consistent enforcement of the operating organization's standards, policies, and procedures through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for the failure to detect and report a violation to the compliance and ethics program contact identified in the operating organization's compliance and ethics program.

(8) After a violation is detected, the operating organization must ensure that all reasonable steps identified in its program are taken to respond appropriately to the violation and to prevent further similar violations, including any necessary modification to the operating organization's program to prevent and detect criminal, civil, and administrative violations under the Act.

(d) Additional required components for operating organizations with five or more facilities. In addition to all of the other requirements in paragraphs (a), (b), (c), and (e) of this section, operating organizations that operate five or more facilities must also include, at a minimum, the following components in their compliance and ethics program:

(1) A mandatory annual training program on the operating organization's compliance and ethics program that meets the requirements set forth in §483.95(f).

(2) A designated compliance officer for whom the operating organization's compliance and ethics program is a major responsibility. This individual must report directly to the operating organization's governing body and not be subordinate to the general counsel, chief financial officer or chief operating officer.

(3) Designated compliance liaisons located at each of the operating organization's facilities.

(e) Annual review. The operating organization for each facility must review its compliance and ethics program annually and revise its program as needed to reflect changes in all applicable laws or regulations and within the operating organization and its facilities to improve its performance in deterring, reducing, and detecting violations under the Act and in promoting quality of care.

[81 FR 68869, Oct. 4, 2016, as amended at 82 FR 32259, July 13, 2017]


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.