The healthcare industry operates within a complex web of regulations, which we refer to as regulatory compliance. These regulations, established by entities called medical regulatory bodies, dictate standards that ensure the quality, safety, and efficiency of health services and products.
These regulatory bodies, guardians of healthcare integrity, define and enforce benchmarks for products and services in the sector. These include various categories from pharmaceuticals, devices, and biologics, to cosmetics, food, and radiation-emitting products. They also supervise the proceedings of clinical research involving humans, animals, or biological substances. With the power to approve or deny healthcare products, audit healthcare facilities, issue or revoke licenses, and impose sanctions, these entities hold a significant place in the healthcare industry
In this article, we'll guide you through the role of medical regulatory bodies in shaping the US healthcare industry and the stakeholders' responsibility towards regulatory compliance.
What are the nine domains of regulatory compliance
The American Hospital Association (AHA) and Manatt Health conducted a study in 2017 that identified nine crucial sectors of regulatory compliance impacting health systems, hospitals, and post-acute care providers. These areas include:
- Quality reporting: the need to report quality measures and outcomes to CMS and other organizations. This includes programs like the Hospital Inpatient Quality Reporting Program, the Hospital Outpatient Quality Reporting Program, the Hospital Consumer Assessment of Healthcare Providers and Systems Survey, and the Hospital Value-Based Purchasing Program.
- Innovative care/value-based payment models: This sector deals with the requirements for participating in unique payment models that value quality over quantity. Examples include the Medicare Shared Savings Program, the Bundled Payments for Care Improvement Initiative, and the Comprehensive Care for Joint Replacement Model.
- Purposeful use of electronic health records: This domain requires demonstrating significant use of certified electronic health record technology and procuring incentive payments under the Medicare and Medicaid EHR Incentive Programs.
- Hospital conditions of participation: This sector outlines the standards hospitals must meet to partake in Medicare and Medicaid, including patient rights, quality assessment, performance improvement, infection control, emergency services, and the physical environment.
- Program integrity: This domain involves preventing, identifying, and reporting fraud, waste, and abuse in federal healthcare programs. Compliance with audits, investigations, and corrective action plans by CMS contractors and OIG agents is part of this domain.
- Fraud and abuse: Here, it is about adhering to laws and regulations that combat fraud and abuse in federal healthcare programs. This includes legislation such as the Anti-Kickback Statute, the Stark Law, the False Claims Act, and the Civil Monetary Penalties Law.
- Privacy and security: This domain enforces the protection of patient's health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH)
- Post-acute care: This sector outlines the requirements for post-acute care providers (long-term care hospitals, inpatient rehabilitation facilities, skilled nursing facilities, and home health agencies) to partake in Medicare and Medicaid and report quality measures and outcomes to CMS
- Billing and coverage verification processes: This domain involves the correct billing of Medicare and Medicaid and the verification of patients’ eligibility and coverage status.
Now that we better understand the domains of compliance, let’s get a deeper understanding of the bodies, imposing the regulations.
What Is the Role of the Food and Drug Administration?
The Food and Drug Administration plays a crucial role in regulating firms involved in the manufacturing, repackaging, relabeling, and importing of medical devices sold in the United States. In addition, the FDA also oversees the regulation of radiation-emitting electronic products, both medical and non-medical, such as lasers, x-ray systems, ultrasound equipment, microwave ovens, and color televisions.
Classifying and approving medical devices
To ensure safety and effectiveness, the FDA uses a risk-based classification system to categorize medical devices into Class I, II, and III based on their level of risk.
- Class I devices, considered low risk, are typically exempt from premarket notification 510(k), which is a submission demonstrating that the device is equivalent to a legally marketed one.
- Class II devices, classified as moderate-risk, usually require premarket notification 510(k) before they can be marketed.
- Class III devices, classified as high-risk, are subject to general controls and require premarket approval (PMA), involving a comprehensive scientific and regulatory review by the FDA to evaluate their safety and effectiveness
The FDA reviews and approves medical devices based on their classification and the type of submission.
Setting and enforcing regulatory requirements
The FDA sets and enforces various regulatory requirements that manufacturers of medical devices distributed in the US must comply with. These include:
- Establishment registration
- Medical device listing
- Quality system regulation
- Labeling requirements
- Medical device reporting
What Is the Role of the Office for Human Research Protections?
The Office for Human Research Protection (OHRP) is responsible for providing leadership in the protection of human research subjects for studies conducted or supported by the Department of Health & Human Services (HHS). The OHRP also implements subpart A of 45 CFR 46 (the Common Rule), which is the federal policy for the protection of human subjects in research.
The role and functions of the OHRP include:
Implementing and enforcing the Common Rule
An institutional review board reviews and approves research involving human subjects to ensure that it is ethical and complies with the regulations. An IRB must review and approve a research protocol before it can begin and monitor its progress and any changes or problems.
- Informed consent: Informed consent is the process of obtaining voluntary agreement from a potential or actual research subject to participate in a research study after providing adequate information about the study’s purpose, procedures, risks, benefits, alternatives, etc. Informed consent must be documented in writing or electronically unless waived or altered by an IRB.
- Assurances of compliance: Assurances of compliance are written agreements between institutions and OHRP that state that the institutions will comply with the regulations and follow ethical principles for human subjects research. Institutions must have an assurance of compliance before they can conduct or support human subjects research covered by the Common Rule.
The OHRP oversees and enforces compliance with the Common Rule by conducting evaluations, investigations, audits, and educational activities. The OHRP also has the authority to suspend or terminate funding or support for non-compliant research or institutions.
Providing clarification and guidance
The OHRP provides clarification and guidance on various aspects of human subjects research regulation and ethics, such as:
- Guidance documents: The OHRP publishes a variety of guidance documents to assist the research community in conducting ethical research that is in compliance with the regulations. The guidance documents cover topics such as informed consent, vulnerable populations, protocol review, biological materials, data, etc.
- Frequently asked questions (FAQs): The OHRP provides answers to common questions about human subjects' research protections and OHRP’s policies and procedures. The FAQs cover topics such as COVID-19, elimination of IRB review of grant applications and protocols, maintaining consistency regarding the applicability of the 2018 or pre-2018 requirements, etc.
- Correspondence: The OHRP provides correspondence with IRBs, researchers, institutions, or federal agencies that may assist in understanding the applicability and interpretation of 45 CFR part 46. The correspondence may include letters, memos, opinions, determinations, etc.
Developing educational programs and materials
The OHRP develops educational programs and materials to enhance knowledge and awareness of human subjects research regulation and ethics among researchers, IRBs, institutions, and other stakeholders. These include:
- Online tools: The OHRP provides online tools such as databases, calculators, checklists, templates, etc. that help researchers find information or complete tasks related to human subjects research regulation.
- Reviews: The OHRP provides reviews of various aspects of human subjects research regulation such as classification, submission types, review processes, etc. that help researchers understand the expectations and requirements of the OHRP.
- Referrals: The OHRP provides referrals to other sources or organizations that can provide assistance or support for human subjects research regulation such as consultants, testing laboratories, accreditation bodies, etc.
Providing advice on ethical and regulatory issues
The OHRP provides advice on ethical and regulatory issues in biomedical and social-behavioral research involving human subjects. These include:
- Secretary’s Advisory Committee on Human Research Protections (SACHRP): SACHRP is a federal advisory committee that advises the Secretary of HHS on matters pertaining to the protection of human subjects in research. SACHRP provides recommendations on topics such as harmonization of regulations, informed consent, vulnerable populations, etc.
- International activities: OHRP engages in international activities to promote ethical standards and best practices for human subjects research globally. OHRP participates in international conferences, workshops, trainings, collaborations, etc.
By providing advice on ethical and regulatory issues, OHRP helps foster a culture of respect and responsibility for human subjects' research.
What Is the Role of the State Offices of Healthcare Quality?
The State Offices of Healthcare Quality (SOHCQs) are state agencies that are responsible for certifying and licensing all healthcare facilities in each state. The SOHCQs also ensure compliance with state and federal regulations, investigate complaints and incidents, and protect the health and safety of patients and residents in healthcare facilities.
The role and functions of the SOHCQs include:
Certifying and licensing healthcare facilities
The SOHCQs certify and license all types of healthcare facilities in each state, such as hospitals, nursing homes, home health agencies, ambulatory surgical centers, dialysis centers, hospices, etc. The SOHCQs review and approve applications for certification and licensure, conduct on-site surveys and inspections, issue certificates and licenses, and monitor compliance with certification and licensure standards.
Ensuring compliance with state and federal regulations
The SOHCQs ensure compliance with state and federal regulations that govern healthcare facilities, such as the Centers for Medicare & Medicaid Services (CMS) Conditions of Participation (CoPs), the Occupational Safety and Health Administration (OSHA) standards, the Americans with Disabilities Act (ADA) requirements, etc. The SOHCQs enforce compliance with these regulations by conducting regular or complaint-based surveys and inspections, issuing citations or deficiencies, imposing sanctions or penalties, and providing technical assistance or education.
Investigating complaints and incidents
The SOHCQs investigate complaints and incidents that involve healthcare facilities, such as allegations of abuse, neglect, exploitation, fraud, etc. The SOHCQs receive complaints and incidents from various sources, such as patients, residents, families, staff, advocates, etc. The SOHCQs conduct investigations by interviewing witnesses, reviewing records, observing practices, etc. The SOHCQs determine the validity and severity of the complaints and incidents and take appropriate actions, such as issuing citations or deficiencies, imposing sanctions or penalties, referring cases to other authorities, etc.
Providing information and assistance
The SOHCQs provide information and assistance to healthcare consumers and providers on various topics related to healthcare facilities. These include:
- Publishing reports on facility performance: The SOHCQs publish reports on facility performance based on their surveys and inspections. These reports provide information on facility characteristics, services, quality measures, deficiencies, etc. These reports help consumers compare and choose healthcare facilities that meet their needs and preferences. These reports also help providers benchmark and improve their performance
- Offering educational resources: The SOHCQs offer educational resources on various topics related to healthcare facilities such as infection control, emergency preparedness, patient rights, etc. These resources include brochures, fact sheets, webinars, workshops, etc. These resources help consumers understand and navigate the healthcare system and make informed decisions. These resources also help providers comply with the regulations and guidance for healthcare facilities.
- Responding to inquiries: The SOHCQs respond to inquiries from consumers and providers on various topics related to healthcare facilities such as certification and licensure requirements, complaint procedures, survey processes, etc. These inquiries can be made by phone, email, mail, or online. These inquiries help consumers access information or assistance that they need or want. These inquiries also help providers clarify or resolve issues or concerns that they have.
By providing information and assistance, the SOHCQs help promote transparency, accountability, and improvement in the healthcare system.
Other medical regulatory bodies
Other Regulatory Bodies Besides the federal and state agencies that regulate healthcare facilities, there are other regulatory bodies that play a role in the healthcare industry.
Professional associations and boards
These are organizations that represent and regulate various healthcare professions, such as physicians, nurses, pharmacists, etc. They set and enforce standards for education, training, certification, licensure, ethics, and practice. They also provide guidance and resources for their members and the public. Some examples are the American Medical Association (AMA), the American Nurses Association (ANA), the American Pharmacists Association (APhA), etc.
Accreditation and certification organizations
These are organizations that evaluate and recognize healthcare organizations and programs that meet certain criteria for quality and performance. They conduct surveys and audits to assess compliance with their standards and requirements. They also provide feedback and recommendations for improvement. Some examples are the Joint Commission, the National Committee for Quality Assurance (NCQA), the Commission on Accreditation of Rehabilitation Facilities (CARF), etc.
Patient advocacy and consumer protection groups
These are organizations that advocate for and protect the rights and interests of healthcare consumers and patients. They provide information and education on various healthcare topics and issues. They also monitor and report on the quality and safety of healthcare services and products. They also lobby and campaign for policy changes or reforms that benefit healthcare consumers and patients. Some examples are the Consumers Union, the National Patient Safety Foundation (NPSF), the Patient Advocate Foundation (PAF), etc.
These regulatory bodies work in collaboration or coordination with each other and with federal and state agencies to ensure that healthcare consumers receive safe, effective, and ethical care and services. They also help healthcare providers comply with the regulations and guidance for healthcare facilities.
|Regulatory Body or Program||Level of Regulation||Role or Function||Relationship or Interaction with Other Regulatory Bodies or Programs|
|FDA||Federal||Regulates the safety and effectiveness of drugs, devices, biologics, etc.||Works with CMS to ensure that approved products are covered and reimbursed by federal healthcare programs. Works with OHRP to ensure that human subjects research involving regulated products complies with ethical standards. Works with state agencies to coordinate inspections and enforcement actions.|
|CMS||Federal||Administers Medicare, Medicaid, CHIP, and the Health Insurance Marketplace. Oversees the regulations for healthcare facilities that participate in these programs.||Works with FDA to ensure that approved products are covered and reimbursed by federal healthcare programs. Works with OIG to prevent, detect, and report fraud, waste, and abuse in these programs. Works with state agencies to certify and license healthcare facilities.|
|OIG||Federal||Protects the integrity of federal healthcare programs and combats fraud, waste, and abuse. Conducts audits, investigations, evaluations, and enforcement actions.||Works with CMS to prevent, detect, and report fraud, waste, and abuse in federal healthcare programs. Works with OCR to enforce civil rights laws and health information privacy and security laws in these programs. Works with state agencies to coordinate inspections and enforcement actions.|
|OCR||Federal||Enforces civil rights laws and health information privacy and security laws in healthcare settings. Investigates complaints and violations of HIPAA and HITECH.||Works with OIG to enforce civil rights laws and health information privacy and security laws in federal healthcare programs. Works with ONC to coordinate policies and standards for health information exchange and interoperability. Works with state agencies to coordinate inspections and enforcement actions.|
|ONC||Federal||Coordinates national efforts to implement and use health information technology and electronic health records. Establishes standards, certification criteria, and policies for health information exchange and interoperability.||Works with OCR to coordinate policies and standards for health information exchange and interoperability. Works with state agencies to provide technical assistance and support for health information technology initiatives.|
|OHRP||Federal||Provides leadership in the protection of human research subjects for studies conducted or supported by HHS. Implements the Common Rule for human subjects research regulation. Oversees compliance with the Common Rule by conducting evaluations, investigations, audits, and educational activities.||Works with FDA to ensure that human subjects research involving regulated products complies with ethical standards. Works with SACHRP to advise the Secretary of HHS on matters pertaining to the protection of human subjects in research. Works with international organizations to promote ethical standards and best practices for human subjects research globally.|
|SACHRP||Federal Advisory Committee||Advises the Secretary of HHS on matters pertaining to the protection of human subjects in research. Provides recommendations on topics such as harmonization of regulations, informed consent, vulnerable populations, etc.||Works with OHRP to advise the Secretary of HHS on matters pertaining to the protection of human subjects in research. Represents various perspectives and stakeholders in human subjects research regulation and ethics.|
|SOHCQs||State||Certify and license all healthcare facilities in each state. Ensure compliance with state and federal regulations. Investigate complaints and incidents involving healthcare facilities. Provide information and assistance to healthcare consumers and providers.||Work with federal agencies such as FDA, CMS, OIG, OCR, ONC, etc. to certify and license healthcare facilities, ensure compliance with state and federal regulations, investigate complaints and incidents involving healthcare facilities, coordinate inspections and enforcement actions, provide technical assistance or support for healthcare initiatives, etc.|
|The Joint Commission||Private Accreditation Organization||Accredits and certifies more than 22,000 healthcare organizations and programs in the US based on quality and safety standards. Conducts surveys and audits to assess compliance with its standards and requirements. Provides feedback and recommendations for improvement.||Works with CMS to ensure that accredited or certified organizations meet the CoPs for Medicare or Medicaid participation.Works with other accreditation or certification organizations such as NCQA or CARF to harmonize standards or collaborate on surveys.Works with state agencies to provide information or assistance on accreditation or certification matters.|
|NCQA||Private Accreditation Organization||Accredits and certifies health plans, providers, organizations, and programs based on quality measures and standards.Develops and maintains quality indicators such as HEDIS and CAHPS.Conducts surveys and audits to assess compliance with its standards and requirements.Provides feedback and recommendations for improvement.||Works with CMS to ensure that accredited or certified health plans or providers meet the quality requirements for Medicare or Medicaid participation.Works with other accreditation or certification organizations such as the Joint Commission or CARF to harmonize standards or collaborate on surveys.Works with state agencies to provide information or assistance on accreditation or certification matters.|
|Patient advocacy and consumer protection groups||Private Nonprofit Organizations||Advocate for and protect the rights and interests of healthcare consumers and patients. Provide information and education on various healthcare topics and issues. Monitor and report on the quality and safety of healthcare services and products. Lobby and campaign for policy changes or reforms that benefit healthcare consumers and patients.||Work with federal and state agencies to provide feedback or input on healthcare regulation and policy.Work with other patient advocacy or consumer protection groups to form coalitions or alliances on common goals or causes.Work with healthcare providers or organizations to promote best practices or improvement in healthcare quality and safety.|
The Centers for Medicare & Medicaid Services (CMS), the Centers for Disease Control and Prevention (CDC), the National Institutes of Health (NIH), the Joint Commission (TJC), the Accreditation Council for Continuing Medical Education (ACCME).