Last updated: April 2026

Healthcare Compliance Services

Healthcare compliance does not stop when accreditation is achieved. Regulatory requirements shift continuously — CMS updates conditions of participation, states impose new health plan mandates, 340B audit enforcement intensifies, telehealth reimbursement rules evolve, and AI governance frameworks emerge faster than most organizations can track. IHS provides standalone compliance consulting that operates independently of accreditation cycles, helping healthcare organizations maintain continuous regulatory compliance between surveys and respond rapidly to regulatory changes.

IHS compliance engagements are overseen by Thomas G. Goddard, JD, PhD, former Chief Operating Officer and General Counsel of URAC. His dual legal and operational background gives IHS a perspective that pure legal firms and pure consulting firms cannot replicate — understanding both what the regulation requires and how to operationalize compliance in a healthcare delivery environment.

IHS compliance services are typically structured as retainers, event-response projects, or annual compliance program reviews. Many IHS clients engage compliance services in parallel with accreditation work — the compliance retainer ensures the organization stays accreditation-ready between survey cycles.

Compliance Service Lines

340B Drug Pricing Program Compliance

The 340B program requires covered entities to maintain auditable compliance across manufacturer pricing, contract pharmacy arrangements, patient eligibility, duplicate discount prohibition, and HRSA audit readiness. IHS provides 340B compliance assessments, policy development, contract pharmacy oversight frameworks, and HRSA audit preparation.

340B Program Compliance & Audit Preparation

NYSDOH CLEP & Laboratory-Developed Tests

New York State's Clinical Laboratory Evaluation Program (CLEP) and the evolving regulatory framework for laboratory-developed tests (LDTs) require specialized compliance expertise. IHS helps clinical laboratories, reference laboratories, and health systems navigate NYSDOH CLEP requirements and prepare for the FDA's phased LDT enforcement framework.

NYSDOH CLEP / Laboratory-Developed Tests Compliance

Remote Patient Monitoring Compliance & Billing

RPM programs generate revenue through CPT codes 99453, 99454, 99457, 99458, and the new 99445 (effective January 2026), but billing compliance requires documented device setup, transmission day counting, clinical time tracking, and state-specific telehealth practice authority verification. IHS builds compliant RPM programs from the ground up and audits existing programs for billing risk.

Remote Patient Monitoring Compliance & Billing

Additional Compliance Capabilities

Beyond the service lines with dedicated pages above, IHS provides compliance consulting across the following domains. These engagements are scoped through a discovery call based on your organization's specific regulatory environment.

State Health Plan Mandate Tracking

Health plans operating in multiple states face a shifting landscape of state-specific mandates — network adequacy requirements, surprise billing protections, prior authorization reform, mental health parity enforcement, and telehealth coverage mandates. IHS monitors state regulatory changes affecting health plan operations and helps clients maintain compliance across their operating jurisdictions.

CMS Regulatory Change Management

CMS issues final rules, proposed rules, and sub-regulatory guidance that affects Medicare Advantage plans, Medicaid managed care organizations, PBMs, pharmacies, home health agencies, and other Medicare-participating providers. IHS tracks CMS regulatory changes relevant to each client's operations and translates regulatory requirements into operational compliance plans.

HIPAA & Healthcare Cybersecurity Compliance

HIPAA compliance extends beyond privacy and security rule basics into breach notification preparedness, business associate agreement management, risk analysis methodology, and workforce training programs. IHS helps organizations build and maintain HIPAA compliance programs that satisfy both federal requirements and state-specific privacy laws.

Telehealth & Virtual Care Regulatory Compliance

Telehealth regulation varies by state, payer, and modality — synchronous video, asynchronous store-and-forward, remote patient monitoring, and audio-only services each have distinct coverage, reimbursement, and practice authority rules. IHS helps organizations navigate multi-state telehealth compliance for both clinical and billing operations.

AI Governance in Healthcare

Healthcare organizations deploying clinical decision support, predictive analytics, natural language processing, and other AI/ML tools face emerging governance requirements from CMS, state regulators, and accrediting bodies. IHS helps organizations develop AI governance frameworks that satisfy current regulatory expectations and position for anticipated requirements.

AI Governance Program Development

Ongoing Compliance Monitoring & Program Oversight

IHS provides ongoing compliance monitoring retainers for organizations that need continuous regulatory oversight without maintaining a full-time compliance department. Retainer services include regulatory change alerts, quarterly compliance reviews, annual program assessments, and on-call consultation for regulatory questions.

IHS's Other Practice Lines

Compliance services are one of three IHS practice lines. Many clients engage across multiple practice lines — for example, maintaining a compliance retainer while pursuing accreditation renewal and building a new credentialing program.

Accreditation & Certification Consulting — URAC, NCQA, NABP, ACHC, HITRUST, CARF, and 20+ additional bodies: gap analysis, documentation development, mock surveys, on-site support
Program Development & Standards Development — building healthcare programs from the ground up: CVO design, credentialing architecture, compliance programs, CON applications, QMS design
Complete Service Catalog — all 65+ IHS services in a single searchable list

How Compliance Engagements Differ from Accreditation Consulting

Accreditation consulting is project-based: it has a defined start (engagement kickoff), middle (documentation development and mock survey), and end (successful accreditation). Compliance consulting is ongoing: it addresses the continuous regulatory environment that exists between accreditation cycles, during organizational changes, and in response to new regulatory requirements.

Many IHS clients engage both services simultaneously. A health plan pursuing URAC accreditation, for example, may also retain IHS for state mandate tracking and CMS regulatory change management — ensuring the organization remains compliant with requirements that fall outside the accreditation standards.

Compliance engagements are typically scoped as:

Retainers — monthly or quarterly ongoing compliance monitoring and advisory
Event-response projects — scoped response to a specific regulatory change, audit finding, or compliance incident
Annual compliance program reviews — comprehensive assessment of an organization's compliance program against OIG guidance and regulatory requirements

Last Updated: April 2026

Our Compliance Services

AI Governance in Healthcare — FAQ | Case Study

Compliance Program Development — FAQ | Case Study

Regulatory Readiness Gap Analysis — FAQ | Case Study

RPM Compliance — FAQ | Comparison | Case Study

Telehealth & Digital Health Compliance — FAQ | Comparison | Case Study

340B Program Compliance — FAQ | Case Study

Schedule a Discovery Call

All IHS compliance engagements begin with a complimentary discovery call. During the call, Thomas Goddard will assess your regulatory environment, compliance program maturity, and specific needs, and provide a scoped proposal.

Schedule a Free Discovery Session