sponsored by hcca


Medical compliance image of gavel and stethoscope

Transforming Governance

2025 Enforcement Trends

Why They Matter and How to Keep Up

The health care industry operates in one of the most heavily regulated environments in the United States. For compliance professionals, legal advisors and executives alike, enforcement is more than a downstream concern — it’s a central pillar of a sound compliance strategy. Understanding how enforcement priorities shift, how regulations are applied in practice and what the latest cases reveal about government scrutiny is essential for reducing risk, responding effectively to investigations and building resilient compliance programs.

As enforcement continues to evolve in both scope and complexity, health care organizations can take proactive steps and start compliance efforts now, rather than waiting to respond when an audit finds they are not following regulations. Enforcement activity impacts everything from reimbursement to reputational risk, and professionals who stay ahead of the curve are best positioned to protect their organizations and support a culture of accountability.

Enforcement as a Barometer of Risk

Enforcement actions offer a valuable window into what regulators care most about. Each False Claims Act settlement, whistleblower lawsuit or corporate integrity agreement is more than a headline — it’s a signal. It shows how existing laws are being interpreted, what behavior crosses the line and what standards health care organizations will be held to.

For example, recent enforcement activity around telehealth fraud has highlighted the need for closer oversight of virtual care models and third-party billing arrangements. Meanwhile, the Department of Justice (DOJ) and the Office of Inspector General (OIG) continue to pursue cases related to kickbacks, improper billing for medically unnecessary services and failure to meet quality-of-care standards.

By tracking these developments, compliance professionals can identify emerging vulnerabilities and adapt their internal processes accordingly. Enforcement is not just about reacting to problems; it’s also about using real-world outcomes to strengthen prevention.

Key Areas of Scrutiny

Several areas of health care enforcement are seeing heightened scrutiny today, requiring focused attention from compliance leaders:

  • Stark Law, Anti-Kickback Statute and Eliminating Kickbacks in Recovery Act. These longstanding fraud and abuse laws continue to trip up providers and organizations that fail to manage financial relationships and referral arrangements appropriately. Compliance professionals need a firm grasp of safe harbors, exceptions and recent regulatory clarifications.
  • • False Claims Act (FCA). The FCA remains a powerful tool for the government and whistleblowers alike. Understanding how the DOJ evaluates intent, materiality and cooperation can help compliance teams better assess risk and document good-faith efforts to comply.
  • Privacy, Cybersecurity and AI. As health care organizations adopt new technologies and generate vast amounts of sensitive data, enforcement related to HIPAA violations, data breaches and emerging concerns like algorithmic bias are becoming more common. Compliance professionals must bridge the gap between innovation and regulation.
  • Medical Necessity and Quality of Care. Enforcement is no longer limited to financial fraud. Increasingly, regulators are focusing on clinical decision-making, documentation of necessity and the quality outcomes of care provided — areas that intersect directly with patient safety and organizational ethics.
  • Managed Care and Clinical Research. These complex, high-dollar environments are under increased scrutiny for billing practices, data integrity and conflicts of interest. In both sectors, compliance programs must be tailored to address nuanced risks.
  • Whistleblowers and Self-disclosure. Internal reporting mechanisms are a critical line of defense. Knowing how to evaluate concerns, escalate appropriately and — when needed — self-disclose to the government can greatly reduce exposure and demonstrate program effectiveness.

Shifting Regulatory Expectations

In recent years, the OIG and DOJ have emphasized that compliance is not a one-size-fits-all exercise — it must be dynamic, risk-based and continuously improved. Updated guidance from both agencies reinforces that regulators are looking not only at whether a compliance program exists, but also whether it works in practice.

This includes evaluating whether the organization’s leadership supports compliance, risk assessments are current and meaningful, policies are routinely updated and followed, and staff are trained to recognize and report concerns. In short, enforcement readiness is a measure of compliance program maturity.

Recent OIG compliance guidance updates also call for greater alignment between legal, clinical and operational functions to ensure compliance is integrated throughout the organization. This reinforces the need for collaboration, transparency and accountability at every level.

Proactive Engagement

One of the greatest challenges for health care organizations is staying ahead of enforcement trends while maintaining day-to-day operations. To do this, compliance professionals must take an active role in both monitoring the landscape and applying lessons learned from enforcement actions.

Here are steps to take to fulfill both responsibilities:

  • Regularly review enforcement bulletins, case summaries and government settlements.
  • Conduct internal audits that mirror common enforcement themes.
  • Enhance training to reflect real-world risks and scenarios.
  • Evaluate how well compliance resources are allocated across high-risk areas.
  • Maintain open lines of communication with legal counsel and leadership.
  • Participate in ongoing education and peer learning.

Understanding enforcement trends isn’t just about knowing the rules; it’s also about understanding how the rules are applied, challenged and changed in practice. The Healthcare Enforcement Compliance Conference, a two-day virtual learning opportunity from Health Care Compliance Association® (HCCA)®, offers valuable insights into the current enforcement landscape.

Navigating Complexity with Confidence

Enforcement challenges are rarely straightforward. They often involve multiple regulatory bodies, intersecting legal theories, and a mix of civil, criminal, and administrative concerns. For health care organizations, a single investigation can lead to years of operational disruption and reputational damage.

That’s why enforcement awareness must go beyond surface-level knowledge. Compliance professionals need tools, frameworks and peer-tested strategies to navigate investigations, build defensible programs and communicate effectively with regulators. They also must be equipped to work alongside internal stakeholders to foster a culture of ethical decision-making and continuous improvement.

Whether responding to a whistleblower complaint or preparing for a government audit, the most effective compliance leaders are those who understand the broader enforcement context and can connect the dots between legal standards, clinical practice and organizational policy.

A Timely Opportunity to Deepen Expertise

Understanding enforcement is no longer optional for compliance professionals; it is core to the role. As the health care industry adapts to new technologies, care models and regulatory expectations, enforcement risks will only grow more complex.

For those seeking to deepen their understanding and stay informed, participating in events focused specifically on enforcement can be a valuable investment. These forums provide a unique opportunity to hear directly from those who are navigating these challenges in real time. The insights shared can help leaders sharpen their strategies, avoid common pitfalls and elevate their compliance programs.

Enforcement is not simply about what happens when something goes wrong; it’s also about understanding what regulators expect when everything goes right. By staying engaged, informed and prepared, compliance professionals can help their organizations not just survive the current enforcement landscape but thrive in it.

This article is presented in support of HCCA’s 2025 Healthcare Enforcement Compliance Conference, a two-day virtual event that offers in-depth education on enforcement priorities, regulatory developments, and practical strategies for managing risk. Learn more.

Please note that the views of authors do not always reflect the views of AHA.

Key Resources