Blog Post

Most Health Care Organizations Report Having Recent Encounters With Regulatory Or Enforcement Agencies

Richard P. Kusserow | May 2022

Key Points:

  • 2022 SAI360 – Strategic Management Compliance Benchmark Survey Results
  • It is not a question of if there will be an encounter, but when and where
  • Less than a third of respondents reported no recent encounters
  • Most often cited encounter is with OCR over HIPAA Breaches
  • Many reported settlements with DOJ and OIG
  • Increase in self-disclosures reported

It is widely recognized that regulatory and legal enforcement activities have increased over the last few years. Evidence from the 2022 Compliance Benchmark Survey cautions Compliance Officers to not think in terms of whether there might be encounters with regulatory and enforcement agencies, but when it will occur and where. More than two-thirds of respondents reported having a compliance-related encounter in the last couple of years. This is a warning bell to all Compliance Officers that regulators and enforcement officials are right around the corner, necessitating increased efforts on ongoing monitoring and auditing to mitigate exposure of compliance-related risk areas. The most likely encounter with regulatory agencies involve HIPAA Privacy breach disclosures to, or investigations by, the Department of Health and Human Services (HHS) Office of Civil Rights. 

Survey results found:

  • About one-third of respondents cited being the subject of a government audit or investigation. 
  • Four out of ten respondents reported having made self-disclosure of overpayments. 
  • About one in five had a “Demand Letter” from a government agency or contractor.
  • Sixteen percent of respondents stated their organization made self-disclosures of potential violation of law or regulation to the Centers for Medicare and Medicaid Services (CMS), the Department of Justice (DOJ), or the HHS Office of Inspector General (OIG). 
  • Seven percent reported involvement in a settlement with DOJ and six percent with the OIG.   

It is advisable for Compliance Officers to educate, warn, and prepare their executive leadership about these statistics and what may likely occur at any time, along with the need to take steps to reduce exposure to these events and incidents.

The Survey results will be presented at a complimentary webinar hosted by SAI360 on May 25, 2022.  Click here to register. The details of the results will become available at For more information on this subject, contact Richard Kusserow at [email protected].

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog