1. Home
  2. Compliance
  3. Health Center Program Compliance Manual
  4. Chapter 10: Quality Improvement/Assurance

Chapter 10: Quality Improvement/Assurance

In this chapter:


Section 330(k)(3)(C) of the PHS Act; and 42 CFR 51c.110, 42 CFR 51c.303(b), 42 CFR 51c.303(c), 42 CFR 51c.304(d)(3)(iv-vi), 42 CFR 56.111, 42 CFR 56.303(b), 42 CFR 56.303(c), and 42 CFR 56.304(d)(4)(v-vii)


  • The health center must have an ongoing quality improvement/assurance (QI/QA) system that includes clinical services and [clinical] management and maintains the confidentiality of patient records.
  • The health center’s ongoing QI/QA system must provide for all of the following:
    • Organizational arrangements, including a focus of responsibility, to support the quality assurance program and the provision of high quality patient care; and
    • Periodic assessment of the appropriateness of the utilization of services and the quality of services provided or proposed to be provided to individuals served by the center. Such assessments must:
      • Be conducted by physicians or by other licensed health professionals under the supervision of physicians;
      • Be based on the systematic collection and evaluation of patient records;
      • Assess patient satisfaction, achievement of project objectives, and include a process for hearing and resolving patient grievances; and
      • Identify and document the necessity for change in the provision of services by the center and result in the institution of such change, where indicated.
  • The health center must maintain the confidentiality of patient records, including all information as to personal facts and circumstances obtained by the health center staff about recipients of services. Specifically, the health center must not divulge such information without the individual's consent except as may be required by law or as may be necessary to provide service to the individual or to provide for medical audits by the Secretary of HHS or his/her designee with appropriate safeguards for confidentiality of patient records.

Demonstrating Compliance

A health center would demonstrate compliance with these requirements by fulfilling all of the following:

  1. The health center has a board-approved policy(ies) that establishes a QI/QA program.1 This QI/QA program addresses the following:
    • The quality and utilization of health center services;
    • Patient satisfaction and patient grievance processes; and
    • Patient safety, including adverse events.
  2. The health center designates an individual(s) to oversee the QI/QA program established by board-approved policy(ies). This individual’s responsibilities would include, but would not be limited to, ensuring the implementation of QI/QA operating procedures and related assessments, monitoring QI/QA outcomes, and updating QI/QA operating procedures.
  3. The health center has operating procedures or processes that address all of the following:
    • Adhering to current evidence-based clinical guidelines, standards of care, and standards of practice in the provision of health center services, as applicable;
    • Identifying, analyzing, and addressing patient safety and adverse events and implementing follow-up actions, as necessary;
    • Assessing patient satisfaction;
    • Hearing and resolving patient grievances;
    • Completing periodic QI/QA assessments on at least a quarterly basis to inform the modification of the provision of health center services, as appropriate; and
    • Producing and sharing reports on QI/QA to support decision-making and oversight by key management staff and by the governing board regarding the provision of health center services.
  4. The health center’s physicians or other licensed health care professionals conduct QI/QA assessments on at least a quarterly basis, using data systematically collected from patient records, to ensure:
    • Provider adherence to current evidence-based clinical guidelines, standards of care, and standards of practice in the provision of health center services, as applicable; and
    • The identification of any patient safety and adverse events and the implementation of related follow-up actions, as necessary.
  5. The health center maintains a retrievable health record (for example, the health center has implemented a certified Electronic Health Record (EHR))2 for each patient, the format and content of which is consistent with both Federal and state laws and requirements.
  6. The health center has implemented systems (for example, certified EHRs and corresponding standard operating procedures) for protecting the confidentiality of patient information and safeguarding this information against loss, destruction, or unauthorized use, consistent with Federal and state requirements.

The following points describe areas where health centers have discretion with respect to decision-making or that may be useful for health centers to consider when implementing these requirements:

  • The health center determines whether the position designated with responsibility for the QI/QA program (for example, Clinical Director, QI Director) is full-time, part-time, or combined with another position, and whether it is filled by an employee or via contract.
  • The health center determines whether the position designated with responsibility for the QI/QA program is filled by a physician, other licensed health care professional (for example, registered nurse, nurse practitioner), or other qualified individual (for example, an individual with a Master of Public Health or a Master of Healthcare Administration).
  • The health center determines which QI/QA methodology(ies) to use.
  • The health center determines the type of patient health record system that it will use.
  • The health center determines the format, content, and focus of QI/QA reports.


1. See Chapter 19: Board Authority for more information on the health center governing board’s role in approving policies.

2. For health centers that participate in these CMS incentive programs, further information is available at CMS Promoting Interoperability Program Regulations and Guidance for Certified EHR Technology.

Date Last Reviewed: