Loading...
Loading...
FQHC regulations with CFR citations, practical implications, and primary sources.
The foundational statute authorizing FQHC grants. Defines required services, governance structure, sliding fee requirements, and eligible populations.
Every FQHC must comply with all Section 330 requirements to maintain grant funding. Non-compliance can result in conditions of award, restricted funding, or grant termination.
The definitive guide to FQHC compliance. 20 chapters covering every program requirement from governance to clinical services to financial management.
This is the primary reference HRSA reviewers use during OSVs. Every FQHC compliance officer should have this bookmarked and use it for self-assessment.
Detailed HRSA guidance on implementing sliding fee schedules. Requires nominal or no charges for patients at/below 100% FPL and discounts through 200% FPL.
Most common OSV finding: FQHCs charging nominal fees to patients below 100% FPL (must be zero). Second: not updating to current year FPL levels.
Annual reporting requirements for all Section 330 grantees. Covers patient demographics, services, staffing, clinical quality, financial data, and health outcomes.
UDS data determines HRSA Quality Recognition badges, influences grant funding, and is publicly available. Late or inaccurate submission can trigger HRSA review.
Establishes standards for protected health information (PHI). Defines patient rights to access, amend, and restrict use of their health records.
FQHCs must respond to patient access requests within 30 days. Must provide Notice of Privacy Practices. Cannot use/disclose PHI without authorization except for TPO (treatment, payment, operations).
Requires administrative, physical, and technical safeguards for electronic PHI (ePHI). Includes risk analysis, workforce training, access controls, and encryption.
Annual risk assessment is REQUIRED (45 CFR § 164.308(a)(1)). Most common HIPAA violation for FQHCs: failure to conduct risk assessment. Must encrypt all devices storing ePHI.
Requires notification to individuals, HHS, and media (if 500+ affected) within 60 days of discovering a PHI breach. Breaches affecting fewer than 500 must be logged and reported annually.
Cost of notification can exceed $100K for large breaches (postage, credit monitoring, legal). Small breaches (under 500) still must be logged on HHS portal by March 1 annually.
Any entity that creates, receives, maintains, or transmits PHI on behalf of an FQHC must sign a BAA. Includes EHR vendors, clearinghouses, cloud storage, billing services.
Missing BAA = automatic HIPAA violation if that vendor has a breach. FQHCs must inventory ALL vendors handling PHI and ensure current BAAs. Common gap: telehealth platform vendors.
California state privacy laws that may apply to FQHC operations beyond HIPAA. CCPA/CPRA covers employee data and non-patient data. More restrictive than HIPAA in some areas.
While HIPAA-covered patient data is largely exempt, employee data, volunteer data, and non-clinical research data may be subject to CCPA/CPRA. FQHCs with 50+ employees should assess applicability.
FQHCs receive a per-visit PPS rate from Medicaid (and cost-based from Medicare). Rate covers all services in a single encounter. Must understand same-day billing rules.
Key rules: (1) Same-day medical + BH with different providers = 2 encounters for Medicare, 1 for most Medi-Cal. (2) FQHCs cannot bill incident-to. (3) PPS rate is all-inclusive — no separate lab/supply charges.
Imposes civil penalties for knowingly submitting false claims to the government. Penalties: $13,946 to $27,894 per false claim plus treble damages. Whistleblower (qui tam) provisions.
FQHCs billing Medicaid/Medicare face FCA liability for: upcoding, billing without face-to-face encounter, incident-to billing (not allowed for FQHCs), and 340B duplicate discounts. Staff can report violations as qui tam relators.
Requires drug manufacturers to offer outpatient drugs at significantly reduced prices to eligible entities including FQHCs. Savings of 25-50% on drug costs.
Critical revenue source for FQHCs but heavily audited. Key compliance: (1) No duplicate discounts (340B + Medicaid rebate). (2) Only eligible patients. (3) Contract pharmacy arrangements must follow HRSA guidance. (4) HRSA can audit at any time.
Prohibits offering, paying, soliciting, or receiving anything of value to induce referrals for services covered by federal healthcare programs. Criminal penalties.
FQHCs must ensure referral relationships, physician recruitment agreements, and vendor contracts don't create kickback risk. Safe harbors exist for employment, space rental at FMV, and personal services contracts.
Prohibits physicians from referring Medicare/Medicaid patients to entities with which the physician has a financial relationship, unless an exception applies. Strict liability — no intent required.
Relevant for FQHCs with physician-owned labs, imaging centers, or specialty practices. In-office ancillary exception may apply. Key: document all physician financial relationships.
Phases in $25/hour healthcare minimum wage for FQHCs by June 1, 2027. Current FQHC rate: $21/hour (effective June 2025). Applies to all healthcare workers in qualifying facilities.
FQHCs must plan for wage compression (MAs at $25/hr approach LVN wages). Budget impact: 15-25% increase in labor costs for lowest-paid staff. Must also comply with pay equity requirements.