Compliance Starts with Workflows

The U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG) recently released its Fall 2025 Semiannual Report to Congress. HHS-OIG provides independent oversight of HHS operating divisions and more than 100 federal healthcare, public health, research, grant, and benefit programs, including Medicare, Medicaid, FDA regulation, NIH research, CDC public health funding, and HRSA’s 340B program.

 From April 1 to September 30, 2025, HHS-OIG issued 94 reports, made 195 recommendations, completed 909 investigations, and initiated almost 500 civil and criminal enforcement actions. Interestingly, the findings reflect failures to take required operational steps, implement effective controls, or fully document and report activities. These failures primarily resulted from missed, incorrect, or undocumented workflow steps, issues healthcare organizations continue to struggle with when balancing compliance and operational efficiency

 Workflow Gaps

Workflows consist of discrete, task steps. When a workflow task step is missed, completed incorrectly, or undocumented, a workflow gap occurs.

 In some cases, gaps stem from incomplete or outdated policies and procedures. In others, individual negligence or intentional shortcuts may play a role. However, these are the exception and not the norm. Instead, most gaps occur because well-intentioned team members do not always know what, who, where, when, how, and why. For example, staff can be distracted, rushed, unaware of their assignment, confused about a due date, unfamiliar or untrained on how to correctly complete detailed or complex steps (especially when performed ad hoc or infrequently), or fail to comprehensively document every step.

Compliance is Not Getting Easier

Regardless of the cause, the truth is humans are not perfect, and errors from workflows gaps are inevitable. Traditional healthcare compliance approaches primarily focused on human fallibility as the cause have not been successful. A recent December 2025 PwC analysis found that 76% of healthcare providers still cite regulatory complexity as their top challenge.[i] This challenge will only continue to grow due to rising costs and declining reimbursement. PwC found that 38% of the providers report increased compliance spending in the past three years and 85% expect further increases in the next three years. With reduced healthcare funding in the One Big Beautiful Bill Act (OBBBA), uncompensated care is expected to increase by over $200 billion dollars. Maybe it is time to relook at the traditional approach in healthcare of focusing on human fallibility as the cause and consider other approaches instead.

Person Approach vs. System Approach

In a particularly relevant article focused on understanding human error models and management in healthcare, the author James Reason describes two fundamental types of approaches to understanding compliance and organizational errors: a person approach and a system approach.[ii] Reason explains that the premise of the person approach traditionally taken in healthcare is that failures are caused by individuals that are forgetful, lack motivation, careless, or negligent. So-called countermeasures such as more policies, reminders/warnings, and discipline/punishment are flawed because they do not prevent recurrences by others, demoralize team members, ignore the fact that mistakes are inevitable, discourage reporting and transparency, and ignore the conditions that make errors more likely.

 By contrast, high-reliability organizations such as those responsible for nuclear aircraft carriers, nuclear power plants, and air traffic control centers that must ensure continuous safety rely on system-based approaches. These organizations have achieved and sustained remarkably low catastrophic failure rates over many years using systems deliberately designed and implemented to anticipate, manage, and learn from errors, with the goal of preventing their recurrence whenever possible. For these organizations, the pursuit of safety is less about eliminating isolated failures and more about building systems that are robust, resilient, and adaptable. The so-called countermeasures they employ rest on the assumption that while human fallibility cannot be eliminated, the conditions under which people perform their work can be changed.

Workflow Orchestration

If the system approach has led to sustained success with other high-reliability organizations, why not in healthcare? The answer is that system approaches require a common platform dedicated to orchestrating individual workflow steps across team members and functional domains so that errors can be anticipated, managed, and prevented. Healthcare delivery, however, is inherently multidisciplinary, with operational responsibility distributed across a wide variety of disparate specialized clinical and business/support domains (e.g., housekeeping, human resources, surgery, lab, privacy/security, revenue cycle, pharmacy, supply chain). Over time, this has resulted in a fragmented technology landscape with domain-specific tools focused on individual specialized functions rather than on coordinating inter-departmental and inter-disciplinary workflows.

 The news is not all bad, however. Despite these challenges, some healthcare networks have been able to achieve measurable and transformative results by integrating regulatory expectations into workflows, decision points, and performance measures across their different domains.

 For example, in their December 2025 analysis, PwC observed that many complex healthcare networks struggle with recurring compliance gaps due to fragmented compliance models, the absence of enterprise-wide standards, and limited transparency. To address these issues, some have shifted towards compliance readiness and found success by collaborating across business operations to embed regulatory expectations into workflows, decision points, and performance measures across domains such as billing and coding, 340B, privacy, safety and quality, and research program compliance.

AI, a Force Multiplier

We all know that organizations including healthcare will continue to integrate agentic AI systems into their workflows, automating some steps traditionally performed by humans. A recent May 2025 PwC survey found that 88% of senior healthcare executives plan to increase AI budgets in the next 12 months due to agentic AI.[iii] Of those adopting AI, 66% confirmed that measurable value was being delivered through increased productivity.

 However, like humans, AI systems are also fallible, especially when performing various workflow tasks in coordination with human team members. Therefore, shouldn’t the same system-focus principles discussed above apply? In their December 2025 analysis, PwC recommends first establishing a robust governance model and streamlining operations. Once these are in place, systems can then shift compliance from a reactive requirement to a proactive advantage with agentic AI acting as force multiplier: automating processes, interpreting complex data, and driving real-time action across the compliance spectrum.

Important Takeaways

• Compliance starts at the workflow level; errors most often result from workflow gaps.

• Most gaps occur because well-intentioned team members do not always know what, who, where, when, how, and why.

• Compliance is only getting harder, and traditional approaches focused solely on people (person approach) as the cause continue to be ineffective.

• High-reliability organizations continue to find success by recognizing humans as fallible and by treating errors as consequences, not causes (system-approach). This approach allows them to anticipate, manage, and learn/adapt from errors to prevent them from recurring.

• A system approach needs some kind of organizational workflow platform dedicated to orchestrating workflows in order to track and document individual workflow steps.

• Healthcare organizations continue to struggle to coordinate and manage workflows in siloed and fragmented landscapes. However, success has come from embedding regulatory expectations directly into workflows across different specialized healthcare domains.

• Agentic AI is also fallible, especially when performing various workflow tasks in coordination with humas. Therefore, the same system-focus principles apply. However, by first establishing a robust governance model and streamlining operations, AI can function as a force multiplier.

  
  

 References

[i] The future of compliance in successful health systems: Beyond checklists: The future of compliance in successful health systems (PwC, December 10, 2025) https://www.pwc.com/us/en/industries/health-industries/health-policy-and-intelligence-institute/transforming-provider-compliance.html (Last accessed February 2, 2026).

 [ii] Reason J. Human error: models and management. West J Med. 2000 Jun;172(6):393-6. doi: 10.1136/ewjm.172.6.393. PMID: 10854390; PMCID: PMC1070929.

 [iii] PwC’s AI Agent Survey: Key trends about AI agents in the enterprise (May 16, 2025) https://www.pwc.com/us/en/tech-effect/ai-analytics/ai-agent-survey.html (Last accessed February 2, 2026).