Skip to Content

Monitoring and auditing

The Ethics and Compliance Department, Internal Audit Department and responsible executives conduct monitoring and auditing in areas of compliance risk to ensure that established policies and procedures are being followed and are effective.

HCA Healthcare has developed compliance monitoring and auditing programs designed to assess the effectiveness of the Ethics and Compliance program.

Monitoring systems are designed to be incorporated into day-to-day processes. Auditing efforts typically use a retrospective approach. Responsible executives develop monitoring programs, and the Internal Audit Department develops compliance audit plans and conducts audits.

Compliance Process Reviews (CPRs)

In addition to the auditing efforts, the Program Assessment team of the Ethics and Compliance department conducts Compliance Process Reviews. This highlights HCA Healthcare’s strong commitment to operating with integrity across every part of our organization. Each year, we select a sample of facilities to participate in a streamlined review process that includes an assessment, giving us real‑time insight into how our ethics and compliance practices perform within the field.

These reviews help confirm that essential compliance procedures are in place and functioning as intended. For facilities, CPRs deliver practical insights and clear, actionable guidance that strengthen compliance practices and elevate overall program performance. At the enterprise level, CPRs surface emerging trends and opportunities that support a high standard of ethical behavior across HCA Healthcare. Our CPR methodology draws directly from the U.S. Department of Justice’s guidance on effective compliance programs, ensuring the approach aligns with leading industry expectations and best practices. This foundation helps maintain a proactive, forward‑looking compliance culture that supports our mission.

The Compliance Process Review was extremely beneficial as an ECO to go through this process. The information provided was instructional, non-biased and informative. Overall, it is an excellent process, there were no surprises, and the support and guidance both before and after the process was excellent.

Del Sol Medical Center, Emily Mclean, ECO

The CPR serves two objectives: to assess the performance and level of engagement of the facility’s ECO, and to provide the ECO with additional guidance, training and best practices to assist in the implementation and monitoring of required processes and procedures.

The CPR is conducted by reviewers from the HCA Healthcare ethics and compliance department. Before the on-site visit, the reviewer sends the ECO an extensive document request and a compliance process questionnaire (CPQ) covering more than 30 compliance topics. In addition to the ECO CPQ, key facility personnel must complete CPQs for several other specific compliance areas (e.g., privacy, security, pharmacy and records management).

After examining the CPQs and documents, the reviewer visits the facility to assess additional documents, conduct a tour and further discuss any questions from the desktop review. The on-site portion of the review includes meetings with key personnel involved in specific compliance areas to provide them with guidance and best practices as well.

Upon completion of this visit, the reviewer provides the facility with a comprehensive report of findings outlining the issues identified along with recommendations for appropriate corrective action for each issue. The findings are also provided to the facility CEO, the division ECO, the division president and the group president. The facility has three weeks to complete and submit a corrective action plan for approval. The plan must identify a root cause and provide corrective action planned to remedy each issue. Once approved, the reviewer follows up with the facility until all issues are properly resolved.

I appreciated the opportunity to speak candidly concerning specific issues the facility faces and brainstorming solutions that fit the facility needs and constraints.

Ethics and Compliance Officer

The aggregate findings of the CPRs are analyzed on an ongoing basis for indications of trends. As they are identified, trends and findings are reported to the senior vice president and chief ethics and compliance officer. Trends and findings are communicated to our facilities via the issuance of reports, email communications and annual presentations. An analysis of annual aggregate findings and identified trends is presented each year to the audit and compliance committee of the board of directors.

I was so impressed with how helpful the reviewer was and how helpful this review will be to our program as we strive to get it completely up and running as it should be… I now feel like I have someone I know in Nashville who I can reach out to with compliance questions. It is so helpful to spend time with the reviewer and to get to know them. Even though the review process requires so much time, I feel it was definitely a worthwhile exercise.

Ethics and Compliance Officer

If you would like to receive additional information regarding the compliance process review program, please email Rachel Mead, Director of Ethics and Compliance Program Assessment.