Conducting a compliance program assessment for an MSSP accountable care organization

A functioning compliance program is the first line of defense for a Medicare shared savings program (MSSP) accountable care organization (ACO) to prevent, detect and correct noncompliance.

When effective, an ACO’s Compliance Program sets compliance standards and assists in identifying risk, ensuring open lines of communication on compliance issues, implementing compliance training to enforce standards through well-publicized disciplinary guidelines, preventing the ACO and participants from employing individuals sanctioned by the government, conducting internal monitoring and auditing and, when offenses are reported or detected, promptly responding to threats through corrective action and required reporting. 

Utilizing Centers for Medicare and Medicaid Services (CMS) guidelines, the Regulatory Compliance team of the Mazars Healthcare Consulting Group (Mazars) can evaluate whether the ACO has developed an effective Compliance Program as required in 42 CFR Part 425, as well as other applicable state and federal regulatory standards. Specifically, Mazars will work with the ACO to develop a compliance work plan and audit tools that verify whether the ACO has a compliance foundation or a “culture of compliance” upon which to build. In order to verify whether the ACO has implemented a “culture of compliance,” Mazars will document assurances that ACO participants, providers, suppliers and other downstream contractors are: (1) maintaining compliance standards, (2) educated about compliance issues, (3) in possession of resources to adequately and quickly identify, communicate and correct operational/compliance vulnerabilities and (4) meeting professional standards applicable to the ACO and its core values. 

The Assessment: Required Elements Of An Effective ACO Compliance Program 

According to 42 CFR § 425.300, five (5) distinctive elements are required to constitute an effective ACO compliance program under applicable Federal ACO compliance regulations. 

ELEMENT # 1 - The appointment of a “designated compliance official or individual who is not legal counsel to the ACO and reports directly to the ACO governing body.”  

ELEMENT # 2 - The development and implementation of “mechanisms for identifying and addressing compliance problems related to the ACO’s operations and performance.”  

ELEMENT # 3 - “A method for employees or contractors of the ACO, ACO participants, ACO providers/suppliers, and other individuals or entities performing functions or services related to ACO activities to anonymously report suspected problems related to the ACO to the compliance officer.” 

ELEMENT # 4 - The provision of “compliance training for the ACO, the ACO participants, and the ACO providers/suppliers”  

ELEMENT #5 - A requirement for the ACO to report “probable violations of law to an appropriate law enforcement agency.” 


The Compliance Plan, Code of Conduct, Policies and Procedures as well as compliance training for all employees and participants can demonstrate an ACO’s commitment to meeting its compliance requirements. The ACO is governed by the numerous requirements for the MSSP, as stated in 42 CFR Part 425, as well as other applicable state and federal regulatory standards. All contracts or arrangements between the ACO and its participants require compliance with the ACO’s MSSP participation agreement, as well as all applicable laws and regulations. For example, as the ACO continues to enter into strategic partnerships with diverse payers, clearly identified and properly resourced staff member or members will be required to ensure that participants, per their contractual requirements, are taking actionable steps on the health data being disseminated by the ACO. If the ACO is unable to verify whether participants are addressing gaps in care, achieving CMS quality performance benchmarks or providing costeffective care as per their contract with the ACO, the ACO will ultimately be non-compliant with CMS and its strategic payers. Mazars has developed tools to conduct an ACO assessment to ensure that: 

  1. Detailed policies and procedures are being distributed to appropriate personnel  
  2. Identified issues are reported through regular, documented meetings to the Compliance Committee on a timely basis for consideration and as necessary
  3. Identified issues are reported to the CEO or Board of Directors by the Chief CO
  4. There is follow-up training and education of staff involved with the compliance issue 
  5. There is necessary communication between the CO and staff and management
  6. The ACO is able to make consistent, timely, and appropriate disciplinary action, if any,  
  7. Risk Assessments are being completed,  
  8. Participant monitoring and auditing are being completed to ascertain possible Fraud, Waste or Abuse,  
  9. Root Cause analysis is being completed and documented and,  
  10. Timely and effective corrective actions are being implemented. 

Having an effective compliance program is an ongoing process that requires buy-in from all ACO Personnel. An effective compliance plan is not a static document, but rather it is proactive, responsive, and changes according to the needs of the organization .For more information about their timely, valuable information and insights into policies, best practices and industry developments, visit 

Published on January 28, 2021