Complete Healthcare Compliance Manual

2025 Complete Healthcare Compliance Manual | Learn more

Purchasing Options Include

Print and Digital Subscription Bundle  
Print only
Digital Subscription only

Educator Publication Review Program

 

The essential resource for managing healthcare compliance risks

 

Get ready-to-use tools, templates, and expert guidance to help you assess risk, manage vendors, and stay compliant with healthcare regulations.

Newly updated for 2025, this two-volume manual provides hands-on guidance for compliance practitioners at every level. Written by experienced healthcare professionals and newly updated for 2025, the manual’s comprehensive coverage of compliance fundamentals includes topics such as program management, risk assessment, compliance training, auditing and monitoring, and much more.

In addition to the latest information, users will benefit from timesaving, program-ready resources such as sample board reports, checklists, forms, surveys, and policy templates that can be downloaded and customized for immediate use.

Complete Healthcare Compliance Manual is written with a focus on compliance professionals and their day-to-day efforts. With this essential manual on hand, you’ll have the support and guidance you need to tackle your next compliance program project with confidence.

 

This manual is designed for healthcare compliance, HR, and risk management teams and provides: 

  • Risk assessment tools: Identify, evaluate, and prioritize risks using sample questions and templates.

  • Vendor oversight checklists: Ensure third-party compliance and monitor performance.

  • Regulatory guidance: Understand what agencies like OIG, CMS, and OCR require.

 

 

Solve your compliance challenges with practical, proven tools

If you’re searching for guidance on risk assessment, vendor management, or HIPAA compliance, the Complete Healthcare Compliance Manual provides:

  • Step-by-step frameworks for conducting risk assessments across departments

  • Customizable checklists and templates for vendor oversight and third-party risk management (with an online subscription or bundle purchase)

  • Clear explanations of how regulatory agencies like OIG, CMS, and OCR influence compliance programs

  • Practical examples and case studies for applying compliance best practices

Sample Risk Assessment Template

Feature Benefit
Earn 12 non-live CCB CEUs

Demonstrate your continued professional education easily (Achieve a score of 75% or better on the Complete Healthcare Compliance Manual quiz
Downloadable forms & checklists with a digital or bundle purchase Save hours building templates from scratch
Chapter 3 Running an Effective Compliance Program
  • New article: Enterprise risk management
    • New tools:
      • Example Questions for Department-Specific Risk Identification
      • Ten Examples of Risk Appetite Statements
Chapter 5 Key Laws in Healthcare Compliance
  • Evaluation of Corporate Compliance Programs
Chapter 6 Healthcare Compliance Risk Areas
  • Health Information Management: Compliance and Non traditional Third Parties
Updated content highlights include:
  • EKRA
  • Artificial Intelligence and Compliance Programs
Learn how to: 
  • Raise awareness of your organization’s compliance program
  • Use best practices during internal investigations and in response to government investigations
  • Create policies and procedures for managing high-risk areas
  • Develop and improve educational and compliance training materials
  • Successfully navigate a CIA or IA
  • Create impactful board reports and communicate effectively with the board
  • Understand and plan for developing risk areas
  • Maintain, monitor, and evaluate program effectiveness

Chapter 1: Healthcare Compliance Programs: From Murky Beginnings to Established Expectation

  • Healthcare Compliance Programs: From Murky Beginnings to Established Expectation
  • Resource: Healthcare Compliance History Timeline
  • Resource: Code of Ethics for Health Care Compliance Professionals

Chapter 2: Healthcare Compliance Program Fundamentals

  • Introduction to Healthcare Compliance Program Fundamentals
  • Essential Elements of an Effective Healthcare Compliance Program
  • Infrastructure of a Compliance Program
  • Role of a Compliance Officer
  • Board of Directors
  • Compliance Committee
  • Government Guidance
  • Standards-Setting Organizations

Chapter 3: Running an Effective Compliance Program

  • Introduction to Running an Effective Compliance Program
  • Developing Core Departmental Relationships
  • Conducting an Organizational Compliance Assessment
  • Hiring Compliance Staff
  • Resource: Job Description, Compliance Officer
  • Resource: Job Description, Vice President of Corporate Compliance
  • Mentoring for Compliance Professionals
  • Building Trust with Senior Management and the Board
  • Educating Management and Physicians on Accountability
  • Educating the Board and Defining Its Role
  • Resource: Sample Board Report 1, Audit Status Update
  • Resource: Sample Board Report 2, Quarterly Report
  • Resource: Sample Board Report 3, Compliance Work Plan
  • Resource: Sample Board Report 4, Annual Compliance Risk Assessment
  • Risk Assessment and Management
  • Resource: Sample Heat Map
  • Resource: Sample Risk Assessment Summary
  • Resource: Sample Risk Committee Charter
  • Resource: Sample Risk Rating Survey
  • Compliance Policies, Procedures, and Codes of Conduct
  • Resource: Sample Policy Template
  • Resource: Sample Policy Implementation Master Tracker
  • Resource: Sample Written Standards Matrix
  • Communication and Education
  • Resource: Sample Communication Plan
  • Compliance Training
  • Resource: Designing Your Annual Compliance Education
  • Resource: Sample Attestation Form
  • Internal Reporting Systems
  • Resource: Sample Non-Retaliation Policy
  • Resource: Sample Corporate Compliance HelpLine Policy
  • Resource: Reporting Poster
  • Enterprise Risk Management in Healthcare
  • Resource: Example Questions for Department-Specific Risk Identification
  • Resource: Ten Examples of Risk Appetite Statements

Chapter 4: Evaluation Processes, Investigations, and Noncompliance Response

  • Introduction to Evaluation Processes, Investigations, and Noncompliance Response
  • Government and Professional Resources
  • Monitoring
  • Auditing
  • Resource: Sample Compliance Program Audit Plan
  • Program Self-Assessment
  • Internal Investigations
  • Resource: Sample Checklist for Assessing Investigation Capabilities
  • Resource: Sample Internal Investigations Policy
  • Resource: Sample Upjohn Warning
  • Resource: Sample Instructions to Witnesses
  • Resource: Sample Evidence Collection Worksheet
  • Resource: Sample Key Allegations Worksheet
  • Resource: Sample Key Facts Worksheet
  • Resource: Sample Investigation Report Form 1
  • Resource: Sample Investigation Report Form 2
  • Resource: Sample Policy Against Retaliation
  • Discipline and Incentives
  • Resource: Sample Evaluation Form
  • Resource: Sample Recognition Letter
  • Corrective Action Plans
  • Root Cause Analysis
  • Self-Disclosure and Return of Overpayments
  • External Investigations
  • Government Settlements: Corporate Integrity Agreements and Integrity Agreements
  • Resources
  • Auditing
    • Resource: Sample Internal Audit Plan
  • Board and Committee Reports and Documents
    • Resource: Sample Compliance Committee Charter
    • Resource: Sample Compliance Committee Meeting Agenda
    • Resource: Sample Compliance Committee Meeting Minutes
    • Resource: Sample Compliance Committee Work Plan
    • Resource: Sample Corporate Compliance Report
    • Resource: Sample Governance, Compliance, and Ethics Committee Charter
    • Resource: Sample Quality Committee Charter
  • CMS Conditions of Participation
    • Resource: Sample Customer Grievances Policies and Procedures
  • General Compliance Program
    • Resource: Compliance Calendar
    • Resource: Compliance Work Plan
    • Resource: List of Compliance Policies
    • Resource: Sample Compliance Program Policy
  • Human Research
    • Resource: Sample Deferral Checklist
    • Resource: Sample Exempt Research Guidance Summary
    • Resource: Sample Flexible Guidance Summary
    • Resource: Sample Project Transition Form
    • Resource: Sample IRB Review Worksheet/Checklist
    • Resource: Sample Limited IRB Review Guidance Summary
    • Resource: Sample Minimal Risk Research Guidance Summary
    • Resource: Sample Human Research Transition Chart
    • Resource: Sample Single IRB Review Guidance Summary
  • Institutional Research
    • Resource: Sample Institutional Research Policy
    • Resource: Sample Request to Conduct Research Form
    • Resource: Sample Research Compliance Assessment Form
  • Internal Investigation
    • Resource: Sample Internal Investigation Checklist
    • Resource: Sample Interview Notes Template
    • Resource: Sample Interview Tips
    • Resource: Sample Investigation Checklist
    • Resource: Sample Privacy Incident Questionnaire
    • Resource: Excluded Individual Investigation Worksheet
  • Measuring Program Effectiveness
    • Resource: Compliance Program Evaluation OIG Tool
    • Resource: Sample Compliance Elements Measurement Chart
    • Resource: Sample Evaluation of Corporate Compliance Program Checklist
  • Monitoring
    • Resource: Sample Compliance Monitoring Plan
  • Post-Acute Care
    • Resource: Rehabilitation Documentation Checklist
  • Provider-Based Rules and Regulations
    • Provider-Based Rules and Regulations
    • Resource: Provider-Based Compliance Audit Checklist
  • Risk Assessment
    • Resource: Compliance Program Structural Risk Assessment
    • Resource: Privacy, Risk, and Discipline Assessment
    • Resource: Sample Risk Assessment Policy and Process
    • Resource: Sample Compliance Risk Assessment Questionnaire
    • Resource: Sample Risk Assessment Template

Chapter 5: Key Laws in Healthcare Compliance

  • Anti-Kickback Statute
  • Civil Monetary Penalties Law
  • Eliminating Kickbacks in Recovery Act
  • Emergency Medical Treatment and Labor Act
  • Evaluation of Corporate Compliance Programs
  • Exclusion from Federal Healthcare Programs
  • False Claims Act
  • Foreign Corrupt Practices Act
  • Health Information Technology for Economic and Clinical Health Act
  • Health Insurance Portability and Accountability Act of 1996
  • Physician Payments Sunshine Act (Affordable Care Act)
  • Physician Self-Referral Law (Stark Law)
  • Resource: Stark Law Compliance Checklist for Commercial Reasonableness Review
  • Resource: Sample Stark Law Compliance Checklist for Employee Arrangement Exception
  • Resource: Sample Stark Law Compliance Checklist for Fair Market Value Arrangement Exception
  • Resource: Sample Stark Law Compliance Checklist for Personal Services Arrangement Exception

Chapter 6: Healthcare Compliance Risk Areas

  • Artificial Intelligence
    • Artificial Intelligence and Compliance Programs
  • Clinical Research
    • Clinical Research: Financial Conflicts of Interest
    • Clinical Research: Human Research Protections
    • Clinical Research: Medicare Clinical Trial Policy
    • Clinical Research: Research Misconduct
  • Conflicts of Interest
    • Conflicts of Interest: CMS Open Payments
    • Conflicts of Interest: Relationships with Industry-Medical Device Manufacturers and Pharmaceutical Companies
    • Resource: Conflict Management Plan
  • Contracts with Referral Sources
    • Contracts with Referral Sources: Entering into a Proper Physician Arrangement
    • Contracts with Referral Sources: Importance of Monitoring These Arrangements
    • Contracts with Referral Sources: Real Estate Compliance
  • EMTALA
    • Emergency Medical Treatment and Labor Act (EMTALA) 
  • Health Information Management
    • Health Information Management: Coding Compliance Audits and Third-Party Reviews
    • Health Information Management: Compliance with Nontraditional Third Parties
    • Health Information Management: Coding with ICD-10 Clinical Modification (ICD-10-CM)
    • Health Information Management: Coding with ICD-10 Current Procedural Terminology/Healthcare Common Procedure Coding System (ICD-10-CPT/HCPCS)
    • Health Information Management: Coding with ICD-10 Procedure Coding System (ICD-10-PCS)
    • Health Information Management: Effects of Complex Coding Guidelines and Increased Workloads
    • Health Information Management: Electronic Health Record Systems
    • Health Information Management: Patient Access, Information Blocking, and the 21st Century Cures Act
  • Patient Care
    • Patient Care: Medical Necessity and Patient Status
    • Patient Care: Rehab
    • Patient Care: Telehealth and Telemedicine
  • Patient Privacy and Security
    • Patient Privacy and Security: Business Associates
    • Resource: Business Associate Agreement Checklist and Considerations
    • Patient Privacy and Security: Cyberattacks
    • Patient Privacy and Security: Hybrid Work Environment
    • Resource: Sample Temporary Work from Home Agreement
    • Patient Privacy and Security: Identity Theft
    • Patient Privacy and Security: Protected Health Information
    • Patient Privacy and Security: Right of Access
    • Patient Privacy and Security: Social Media
  • Pharmacy
    • Pharmacy: 340B Drug Pricing Program
    • Pharmacy: Drug Diversion
    • Pharmacy: The Opioid Crisis and the Risk of Diversion
    • Pharmacy: Drug Diversion and Prescribing Practices
  • Physician Compensation
    • Physician Compensation: Contracts and Compensation Models
    • Physician Compensation: Managing Relationships and Conflicts of Interest
  • Post-Acute Care
    • Post-Acute Care: Home Health
    • Post-Acute Care: Hospices
    • Post-Acute Care: Skilled Nursing Facilities
  • Provider-Based Rules and Regulations
    • Resource: Sample Provider-based Requirements Compliance Assessment Tool
  • Revenue Cycle
    • Revenue Cycle: 3-Day Payment Rule
    • Revenue Cycle: The 60-Day Rule—Medicare and Medicaid Overpayments
    • Revenue Cycle: Advance Beneficiary Notice of Noncoverage
    • Revenue Cycle: CARES Act Relief Funds
    • Revenue Cycle: Credit Balances
    • Revenue Cycle: Denials Management
    • Revenue Cycle: Government Audits
    • Revenue Cycle: Hospital Discharge Appeal Notices
    • Resource 1: Detailed Notice of Discharge
    • Resource 2: Notice of Denial of Medical Coverage
    • Revenue Cycle: Incident-to Billing
    • Revenue Cycle: Implantable Medical Device Credit Reporting
    • Revenue Cycle: Surprise Billing and the No Surprises Act
  • Vendor Management
    • Vendor Management: Monitoring Contractor Performance and Proactive Risk Management
    • Resource: Contract Approval Checklist
  • Whistleblowers
    • Whistleblowers: Federal and State False Claims Acts
The Complete Healthcare Compliance Manual - Online subscription | Learn more
One-year online subscription*

$285 Member
$380 Non-member

*Please review purchasing terms below
Purchase
Complete Healthcare Compliance Manual 2025 Edition Now Available | Buy now
Softcover book

$355 Member
$455 Non-member
Purchase
Get the two-manual softcovers and digital subscription for the best value!
Softcover book + one-year online subscription*

$470 Member
$605 Non-member
Purchase

*Online subscription is a one-year subscription, starting one year beyond the date payment is received..

  To learn more about this book, check out the following podcasts on the Compliance  Perspectives Podcast with Adam Turteltaub
Listen                                

Robert Stratton on Healthcare Enterprise Risk Management
Author of Enterprise Risk Management in Healthcare 
About the authors

Written by more than 130 authors, this manual has insights and best practices from professionals working in diverse areas of healthcare compliance     

Copyright © 2025 Health Care Compliance Association (HCCA). All rights reserved. All information provided through this site, including without limitation all information such as the "look and feel" of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms of Use and Privacy Statement.