The $7.6M compliance burden: where it goes

The American Hospital Association puts the number at $7.6 million and 59 full-time equivalent staff per hospital, per year, spent on regulatory compliance. That figure has been climbing steadily. And in an environment where 96% of CFOs cite higher labor costs as their top margin driver and nearly 40% of hospitals operate with negative margins, every dollar spent on compliance labor is a dollar not spent on patient care, staffing, or infrastructure.

But the question most health system leaders have not asked is: where does that $7.6 million actually go? Because the answer reveals why the number keeps growing and what can be done about it.

The Anatomy of $7.6 Million in Compliance Spending

When you break down how those 59 FTEs spend their time, a pattern emerges. The majority of compliance labor is not spent on compliance itself. It is spent on data.

Data Collection and Extraction

The clinical evidence for most compliance requirements already exists inside the EHR. For hospitals on Epic, the timestamps, quality measures, documentation rates, and clinical indicators are being captured in Clarity and Caboodle as part of normal clinical workflows.

But getting that data out of the EHR and into a format compliance teams can use is a manual process in most organizations. Someone submits a request to IT or the analytics team. A query gets written or an existing report gets pulled. The data arrives days or weeks later in a spreadsheet. The compliance team formats it, interprets it, and prepares it for review.

This cycle repeats for every compliance domain, every reporting period, across every regulatory program the hospital participates in.

Report Preparation and Formatting

Once the data arrives, it needs to be transformed into the specific formats each program requires. IQR has its submission specifications. eCQMs have their measure definitions. MIPS has its scoring methodology. Leapfrog has its survey sections. TJC has its standards. Each program defines metrics differently, measures them differently, and reports them differently.

Most organizations handle this through spreadsheets. Over 90% of operational spreadsheets contain errors. When those errors appear in compliance reporting, they create audit risk, rework, and in some cases penalty exposure.

Audit Response and Remediation

When a survey finding or audit gap is identified, the remediation process consumes additional labor. The compliance team must gather evidence (often the same data that should have been monitored continuously), document corrective actions, implement changes, and demonstrate improvement. Under Joint Commission's Accreditation 360 model, these touchpoints are more frequent, which means the audit response workload is increasing.

Redundant Data Collection Across Departments

This is the hidden multiplier. When 47% of healthcare organizations lack centralized compliance oversight, multiple departments often collect the same data independently. The quality team pulls data for TJC readiness. The finance team pulls overlapping data for VBP performance. The HIM team pulls related data for IQR reporting. The clinical departments pull their own data for operational dashboards.

The data sources are the same. The extraction is redundant. The results may not even match, creating reconciliation work on top of the duplication.

Data silos increase administrative costs by as much as 25%. Applied to the compliance budget alone, that is nearly $2 million per year in avoidable cost driven by organizational fragmentation.

Why the Cost Keeps Growing

Three structural forces are pushing compliance costs upward, and none of them are slowing down:

Regulatory expansion. CMS is expanding ACO quality measures from 4 to 11 between 2025 and 2028. The proposed HIPAA Security Rule overhaul carries an estimated $34 billion industry compliance cost. Price transparency enforcement is intensifying. 42 CFR Part 2 has a February 2026 compliance deadline. Each new requirement adds data collection, reporting, and monitoring obligations.

Accreditation model change. Joint Commission's Accreditation 360 shifts from cyclical surveys to continuous readiness. This means more frequent data submissions, more regular touchpoints, and a higher baseline level of monitoring required at all times. The staffing model that worked for periodic survey prep does not work for continuous readiness.

Labor cost inflation. Healthcare labor costs are at historic highs. 96% of CFOs cite it as their top margin driver. Compliance analysts who understand both regulatory frameworks and healthcare data systems command premium salaries. SimplyHired currently lists nearly 5,000 healthcare compliance analyst positions nationally, indicating sustained demand and competitive compensation.

The Math That Changes Everything: Automation vs. Labor

The core insight is this: most of the $7.6 million goes to manual data work, not to compliance expertise. Data collection, spreadsheet formatting, report preparation, and redundant extraction are labor-intensive tasks that consume compliance FTEs but do not require compliance judgment.

Compliance judgment is valuable. It is the expertise that interprets findings, prioritizes risks, designs improvements, and navigates regulatory complexity. That expertise cannot be automated and should not be reduced.

But the data layer underneath it can be automated. And when it is, the economics shift fundamentally.

Where the Savings Come From

Organizations that build compliance analytics directly on EHR data see cost reduction in four specific areas:

1. Elimination of redundant data collection. When compliance, quality, finance, and clinical teams all pull from the same analytics layer, the duplication disappears. One infrastructure serves all stakeholders. The 25% administrative cost premium from data silos is directly addressable.

2. Reduction in manual report preparation. When program reporting (IQR, eCQM, MIPS, VBP, HCAHPS, HACRP, ORYX) is automated from EHR data, the analyst hours spent on manual abstraction and spreadsheet formatting are reclaimed. These hours can be redirected to improvement initiatives that affect quality scores and reimbursement.

3. Fewer audit findings and faster remediation. Continuous monitoring catches gaps before they become survey findings. Organizations that see compliance data daily rather than quarterly have more time to intervene, which means fewer findings, faster remediation, and lower risk of the penalties and payment impacts that follow.

4. Reduced dependency on tribal knowledge. When metric definitions, regulatory mappings, and reporting logic are embedded in an analytics system rather than in individual staff members' heads, the organization's compliance capability survives turnover. This reduces the institutional risk and the recruiting cost of replacing specialized compliance analysts.

The Question for CFOs and VPs of Quality

The $7.6 million compliance burden is not going to shrink on its own. Regulatory requirements are expanding. Accreditation 360 demands more continuous monitoring. Labor costs are climbing. The trajectory is clear.

The question is whether your organization continues to address growing compliance requirements by adding manual labor, or whether it invests in the analytics infrastructure that changes the cost curve.

The data is already inside your EHR. The regulatory requirements are defined. The gap is the analytics layer that connects one to the other. That layer is what transforms compliance from a cost center into an intelligence function.