Health Care Provider Compliance Strategies with Eye on the Post-Pandemic Environment

The rise in COVID-19 vaccinations and the slowing of new cases in the U.S. offer hope that a sense of pre-pandemic normalcy may be on the horizon, but the way we live our lives will never be quite the same. While one’s personal wellbeing and productivity may be best-served by embracing the “new normal” as it emerges, health care providers can ill afford to operate under a wait-and-see strategy given the complex and ever-changing health care regulatory environment. Despite the uncertainty that looms, there are many actions providers can take now to strengthen compliance and position themselves for a smooth transition to the post-pandemic environment.

Taking Stock
Federal COVID-19 Blanket Waivers issued by the Centers for Medicare & Medicaid Services (CMS) have impacted health care administration oversight and hundreds of specific regulations.1 States have also updated numerous laws and regulations in relation to COVID-19 that affect health care providers. Identifying and tracking every change may not be realistic but providers should be attuned to changes that most squarely impacted their institutions and have a general sense of whether those changes are purely temporary or instead are destined to become permanent.

How have you changed your operations and procedures in response to the pandemic and the resulting regulatory changes?

As an initial step, providers should document the areas of operation that have changed as a result of the pandemic and in response to pandemic related regulatory change. These changes may touch on a broad array of operations and procedures, requiring an equally broad examination. Depending upon one’s provider type, changes may include areas as diverse as medical record documentation, staffing, training and supervision, reporting to government agencies, qualifications for reimbursement, and provider type classification. Many providers understandably have put a premium on being agile and responsive in the quickly shifting regulatory environment, leaving reflection for another day. Another day has arrived. The Department of Justice (DOJ) advises that providers make compliance a priority now in order to maintain the fundamental elements of an effective compliance program.2 The DOJ requires continuous monitoring of compliance programs, with risk assessments built on current and complete information and compliance leaders apprised of the most up-to-date data. Indeed, even the fundamental element of “conducting internal monitoring and auditing” cannot effectively be met without first understanding how you have changed your operations and procedures. A global analysis of how your organization has deviated from pre-pandemic operations and procedures will help train your focus, inform your response and maintain compliance into the post-pandemic environment.

Will your changes revert to pre-pandemic operations and procedures or will change be permanent?

Once you have documented how you have changed in response to the pandemic and related regulation, you should then assess the likelihood that new regulatory schemes will emerge that lead to permanent change. This assessment can help your organization identify regulatory spaces where the need for responsiveness will be at a premium. Although no provider (or their counsel) has a crystal ball, the experience gained under temporary rule changes have helped illuminate where and how regulations may evolve. For example, changes related to telehealth resulting from the waiver of certain requirements for Medicare reimbursement have already elicited robust discussion across the regulatory community and may well impact rules and reimbursement on a long-term basis. Close monitoring of this area is of paramount importance not only for compliance maintenance but also for recognizing emerging opportunities. Other temporary changes, such as those related to waivers of certain aspects of the Emergency Medical Treatment & Labor Act (EMTALA), are unlikely to produce permanent change of hospital emergency room operations. In such cases, a return to pre-pandemic operations can be anticipated and the need for close monitoring of the specific regulatory scheme is minimized.

Taking Action
Although uncertainty abounds concerning the course of the pandemic and its long-term regulatory impact, providers can act now. By drilling down to how you have specifically changed operations and procedures, certain compliance areas can be updated immediately. Key actions include:

Updating Written Policies and Procedures
Where procedures have changed, written policies should reflect those changes. Even where the permanency of particular changes remains uncertain, policies may be updated to consider situations previously overlooked. For instance, organizations may consider leveraging the knowledge gained during the pandemic by instituting a master emergency policy that lays out the procedures for responding to and managing regulatory waivers and emergency declarations in the future. A master emergency policy can inform an organization of the process for making operational or procedural changes, including who is responsible and for what areas of operation, how changes will be documented and disseminated, when and whether operations will revert to pre-emergency status, and the processes and responsibilities associated with monitoring the situation that gave rise to the regulatory change. The experience acquired in adapting operations when responding to the current pandemic can inform the writing of such a policy now, regardless of the extent to which individual regulatory changes persist.

In other cases, the permanency of procedural changes may be clear and necessitate immediate updates to the associated policies and procedures. This may occur as organizations embrace new procedures that were already legally permissible in certain contexts. For example, some organizations only began accepting the use of e-signatures in response to demands of a remote working environment. In such a case, the appropriate written policies and procedures can be identified and updated now.

Providers should consider the full scope of policies and procedures that may have changed in response to the pandemic and resulting regulatory change. These may include:

  • Clinical
  • Onboarding, including licensure and exam requirements
  • Data security
  • Staff ongoing training and education requirements
  • Signature requirements (institution of e-signature)
  • Document handling and destruction (considering remote production and use of documents)
  • How internal monitoring and auditing is handled (considering remote communication)
  • General standards of conduct

Updating Work Plans
Compliance work plans should be updated and adjusted as needed to reflect current realities. Many providers will find it difficult if not impossible to meet plan requirements as written pre-pandemic. Furthermore, the Office of the Inspector general has issued dozens of enforcement updates related to COVID-19 on a month-to-month basis and compliance officers should be incorporating such updates into the provider’s work plans as necessary3. For example, the aforementioned telehealth regulatory changes have been quite significant for many providers. These changes present new opportunities but also provide new and shifting risks. For those providers who have instituted policy and procedure changes related to telehealth, those new and shifting risks should be identified and the work plan updated accordingly.

Communicating Up to Organizational Level The current state of flux in the regulatory space may require additional channels and mechanisms of communication to keep management apprised of the evolving risks and opportunities that already have appeared or are likely to emerge. Developing such lines of communication is a fundamental element of an effective compliance program. Compliance leaders may find opportunities to more permanently integrate temporary modes and methods of communication that have become necessary as a result of the regulatory demands of the current pandemic environment.

Taking Control
Ongoing regulatory compliance for health care providers may be more forbidding than ever as pandemic pressures continue to force broad and rapid change. Despite the menace of uncertainty, providers must vigilantly move forward. The steps outlined here should help providers maintain a path that allows them to arrive in the post-pandemic regulatory environment ready and able to thrive.

1 See Centers for Medicare and Medicaid Services, Summary of COVID-19 Emergency Declaration Blanket Waivers for Health Care Providers, available at:>ers.pdf
2 See Office of the Inspector General, Health Care Compliance Program Tips, available at:
3 See U.S. Department of Health and Human Services, Office of the Inspector General, Active Work Plan Items, available at:

von Briesen & Roper Legal Update is a periodic publication of von Briesen & Roper, s.c. It is intended for general information purposes for the community and highlights recent changes and developments in the legal area. This publication does not constitute legal advice, and the reader should consult legal counsel to determine how this information applies to any specific situation.