In October 2025, the Health Resources and Services Administration (HRSA) released a revised Health Center Program Compliance Manual, marking the first major update since 2018. This comprehensive manual is the primary guide for Federally Qualified Health Centers (FQHCs) to understand and meet program requirements. For health center executives and compliance leaders, staying abreast of these changes is crucial. In this article, RegLantern summarizes the most significant updates across the manual’s chapters and appendices, discuss practical implications for health center leadership, and recommend action steps to ensure ongoing compliance under the updated guidance.

Every year, I see it happen. By November, health center quality and risk management leaders suddenly realize they’re behind: the quarter’s risk assessments are incomplete, trainings lag far behind schedule, and end-of-year reports are looming. Panic sets in. They drop everything else to scramble through what’s overdue, all while the season fills up with holidays and vacations. Despite the celebrations, there’s hardly a moment to relax—they’re just trying to keep their heads above water. Then, almost overnight, it’s January. UDS reports are due, FTCA applications open, and the whole cycle starts again with new requirements for the first quarter.

If this sounds familiar, I understand—I've been there too. But here’s the truth: it doesn’t have to be this way, and the solution is well within reach.

Federally Qualified Health Centers (FQHCs) are required under the HIPAA Security Rule to conduct regular Security Risk Assessments (SRAs) to safeguard electronic protected health information (e-PHI). This blog explains what an SRA is, why it’s essential for compliance, and how community health centers can complete one effectively. Learn how to identify where e-PHI is stored, assess risks and vulnerabilities, evaluate current safeguards, and document findings using best-practice frameworks such as NIST SP 800-30 and SP 800-66. The post also offers practical steps to turn assessment results into actionable security improvements. Conducting an annual SRA not only helps maintain compliance with the U.S. Office for Civil Rights (OCR) but also strengthens data protection and patient trust.

With each year’s fourth quarter, health center teams begin to prepare comprehensive risk management training plans to meet evolving HRSA/FTCA requirements. It’s important to use this time to plan out the coming year’s training to ensure all HRSA and FTCA requirements are met and that training is completed promptly.

Discover how FQHC and community health center leaders can streamline quarterly quality and risk management tasks with RegLantern’s proven strategies. This article breaks down the essential activities every health center must complete each quarter: Clinician Care (Peer) Reviews, QI/QA Assessments, and FTCA Risk Management Assessments. Learn how to use a Quality Work Plan Calendar for efficient planning, assign responsibilities, and set up regular checkpoints to ensure nothing falls through the cracks. RegLantern offers expert guidance and detailed resources to help your team meet compliance requirements and stay on track all year. Need support putting your plan into action? Contact RegLantern for tailored operational assistance.

For most patients, urgent health concerns rarely happen Monday through Friday, between 9 AM and 5 PM. That’s why providing reliable and culturally appropriate after-hours services is so important for Federally Qualified Health Centers (FQHCs). It’s not just about meeting patient needs—it’s also a key requirement under HRSA program requirements. But how can health centers ensure their after-hours care is effective, accessible, and compliant? Let’s dive into what HRSA requires, how to meet those expectations, and how secret-shopper calls can elevate your after-hours services.

HRSA updated language in the Health Center Site Visit Protocol to align with the Administration’s Executive Order around “Gender Ideology”. It is recommended that health centers review their bylaws or other corporate or governing documentation and consider changing any language around “gender” to align with the changes in the HRSA Site Visit Protocol, replacing the word “gender” with “sex”.

Health centers participating in the Federal Tort Claims Act (FTCA) program are required to implement a comprehensive risk management strategy to reduce the likelihood of adverse outcomes that could result in medical malpractice or other health-related litigation. A key component of this strategy is the completion of quarterly risk assessments.

In February 2025, in response to the Trump Administration’s Executive Orders (EOs), HRSA and BPHC made some minor updates to the HRSA Service Descriptors for Form 5A: Services Provided document.

So, you’re done with submitting your UDS data for the year and you are now turning your focus to this year’s Federal Tort Claims Act (FTCA) application…you may be asking yourself, “What do I need to do first?”.

Health centers are commonly confused about what it means to “monitor contract performance” for the contracts the health center enters into to provide health center services or to acquire other goods and services in support of the HRSA-approved scope of project. This is a requirement in HRSA’s Program Requirements and can be found in the HRSA Site Visit Protocol, Chapter 12, Element f.

Health centers seeking Federal Tort Claims Act (FTCA) coverage must adhere to specific requirements regarding their Annual Board Risk Management Reports. This blog post will delve into the essential components of these reports and provide guidance on how to meet HRSA's expectations.

In today's complex healthcare environment, robust tracking systems are crucial for ensuring patient safety and maintaining continuity of care for health centers’ most vulnerable patients. The potential consequences of health centers not maintaining an effective tracking program are poor patient outcomes, dissatisfied patients, ineffective communication, and potential medical malpractice lawsuits. Not only do tracking programs lower risk and improve care, but community health centers must implement comprehensive tracking systems for referrals, hospitalizations, and diagnostics to meet HRSA and Federal Tort Claims Act (FTCA) requirements.

Updating your service area is a crucial step for community health centers aiming to align services with community needs. It’s also required. Chapter 3 of HRSA’s Site Visit Protocol asks if the health center uses the most recent Uniform Data System (UDS) to update the zip codes on HRSA’s Form 5B-Service Sites annually. Here's a quick guide on what to consider and how to make this happen.

More than almost any other nonprofit, health centers have a tremendous burden to ensure that board minutes are readable and clearly indicate compliance with HRSA requirements. Future board members might read these minutes to understand what was decided, but a HRSA reviewer certainly will read them to determine if your organization is still worthy of receiving significant taxpayer funding to fulfill the mission of providing high-quality healthcare to communities that otherwise lack access.

During the Health Center Operational Site Visit (OSV) process, there are a number of patient record samples that are requested by the HRSA review team. These requests for documentation cover chapters 4, 7, 8, and 10 in the HRSA Site Visit Protocol. This is a part of the preparation process that can take a great deal of time and it's important to understand what the HRSA reviewers are looking for.

In the ever-evolving landscape of healthcare, the integration of artificial intelligence (AI) has emerged as a transformative force, promising to revolutionize patient care, streamline processes, and drive efficiency. However, to fully harness the potential of AI and ensure it aligns with the Quintuple Aim, a structured framework is essential.

Federally Qualified Health Centers (FQHCs) play a critical role in providing access to healthcare for underserved populations. To ensure that care is delivered in a manner that respects the diverse needs of these communities, FQHCs must adhere to specific requirements and guidelines related to culturally competent care.

In April of 2024, The Department of Health and Human Services (HHS) issued a Final Rule modifying the Standards for Privacy of Individually Identifiable Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The final rule was effective June 25, 2024, and health centers must be in compliance after December 23, 2024.

This new rule has raised questions with community health centers as to how it applies to Federally Qualified Health Centers (FQHCs) and their privacy practices.

If you are like most health centers this year, you may have been overwhelmed with the changes in the FTCA (Federal Tort Claims Act) requirements. You may have felt the changes were unclear and you were confused about how to meet the requirements. Or maybe you had significant turnover in your staff and some of your quarterly Risk Management Assessments or risk management trainings fell through the cracks. The submission deadline may have crept up on you amidst summer vacations, EMR “go-lives”, and budgetary struggles. If any of this describes your experience, you’re not alone.

But the silver lining in all of this is that you made it through and now is the time to put the systems in place so next year’s application is much less stressful! In the following article, we will share strategies for moving toward continuous FTCA compliance.