Key Compliance Insights from the HCCA Regional Conference in San Juan: What Healthcare Organizations Need to Know Now

The recent HCCA Regional Healthcare Compliance Conference in San Juan brought together compliance leaders, regulators, and industry experts for two days of high‑impact discussions. With Puerto Rico’s unique healthcare ecosystem as the backdrop, the sessions offered a rare blend of national regulatory updates and island‑specific insights that every healthcare organization operating in Puerto Rico should understand.

At Ali Healthcare Consulting, we focus on helping organizations navigate complex regulatory environments, and this year’s conference reinforced just how quickly the landscape is shifting.

Puerto Rico’s Distinct Compliance Environment

Puerto Rico’s healthcare system operates under a regulatory structure that differs significantly from the mainland healthcare industry. Several themes emerged as particularly important for organizations delivering care or managing risk on the island:

1. A Unique False Claims Act Framework

Puerto Rico maintains its own version of the False Claims Act. With Medicare Advantage and Managed Care representing 95% of the market, compliance oversight for Part C plans is not optional, it is foundational. The island’s large senior population amplifies the importance of accurate billing, documentation, and risk adjustment practices.

2. The Affordable Care Act Does Not Apply

Instead of adopting the ACA, Puerto Rico received funding to build its own model. This has resulted in uneven modernization across the system, including the continued use of paper medical records in many clinical settings.

3. Distinct Physician Ownership and Referral Rules

Regulatory differences that mainland organizations may take for granted do not apply here:

• Physicians can own hospitals

• Physicians cannot direct patients to a specific laboratory

• In‑office dispensaries are prohibited

Understanding these nuances is essential for structuring compliant operations.

4. A Tight‑Knit Professional Community Shapes Reporting Culture

Whistleblower activity remains limited due to the island’s close professional networks. This reality makes internal compliance culture, reporting pathways, and leadership tone even more critical.

Emerging Themes: Cyber, AI, and the Future of Compliance

Perhaps the most forward‑looking discussions centered on technology, risk, and the evolving expectations of insurers and regulators.

Cyber Risk Insurance Is Changing

Carriers are now asking organizations to demonstrate AI governance and AI compliance before issuing or renewing cyber liability coverage. This marks a significant shift in how insurers evaluate organizational risk.

AI, Analytics, and Compliance Program Effectiveness Are Now Interconnected

Data‑driven monitoring, predictive analytics, and automated controls are no longer “nice to have.” They are becoming essential components of an effective compliance program.

NIST AI RMF Is Emerging as the Leading Standard

For AI‑enabled healthcare organizations, the NIST AI Risk Management Framework offers a more comprehensive governance structure than traditional ISO certifications. It provides a practical, operational approach to responsible AI deployment, aligning closely with regulatory expectations.  This is exactly what we have already been advising our clients.