Nearly one in four Medicare-certified home health agencies have an active Plan of Correction on file right now. According to CMS data, 24.7% of agencies are working through a PoC at this moment — correcting deficiencies identified during a survey and hoping the next review goes differently. A Plan of Correction is one of the most common outcomes of a CMS survey, yet most agency owners have never been taught how to write one that passes on the first submission.
This guide covers what CMS requires in a Plan of Correction under 42 CFR § 488.28, how to structure each response so it addresses the cited deficiency directly, the most common reasons PoCs get rejected, and how to build realistic timelines that hold up during the follow-up survey.
What a Plan of Correction Actually Is
A Plan of Correction is a written document your agency submits to CMS or the state survey agency after receiving a Statement of Deficiencies. It describes the specific actions your agency will take to correct each cited deficiency and specifies the date by which those corrections will be complete.
Under 42 CFR § 488.28, CMS can only continue certifying a provider with deficiencies at the standard or condition level if the agency has submitted an acceptable PoC and achieves compliance within a reasonable timeframe. If the PoC is not accepted — or if the agency fails to submit one — CMS can move toward termination of the provider agreement.
The stakes are not abstract. CMS can terminate a home health agency within six months of the survey date if compliance isn't achieved and the terms of the PoC haven't been met.
The Four Components CMS Expects in Every Response
Each deficiency citation in your Statement of Deficiencies requires its own PoC response. Every response needs to address four specific areas. Miss one and the PoC gets sent back.
1. How You Corrected the Specific Deficiency
This is the most straightforward part — and where most agencies actually do fine. Describe what you did to fix the cited problem for the specific patients, staff, or records involved in the finding.
If the surveyor cited an expired license in a personnel file, the corrective action is: "The license was renewed and the current credential was placed in the employee's file on [date]." If the citation was a missing physician signature on a plan of care, the action is: "The physician signed the plan of care on [date] and the signed document was placed in the clinical record."
Be specific. Name the action, the date, and who completed it.
2. How You Identified Others Who Might Be Affected
This is where PoCs start getting rejected. CMS doesn't just want you to fix the one instance the surveyor found. They want evidence that you looked across your entire operation to find other instances of the same problem.
If one personnel file had an expired license, did you audit all personnel files? If one clinical record was missing a physician signature, did you pull a sample of records to check for the same gap?
Describe the scope of your review: how many records or files you checked, who conducted the review, when it was completed, and what you found. If you found additional instances, document what you did about each one.
3. What Systemic Changes You Made to Prevent Recurrence
This is the section that separates a PoC that passes from one that gets rejected — and it's the section most agencies write too vaguely.
CMS wants to see that you changed something in your system, not just that you fixed the immediate problem. That means policy updates, new procedures, training, revised workflows, or new monitoring processes.
A weak systemic fix: "Staff were reminded of the importance of timely credential renewal." This tells CMS nothing changed.
A strong systemic fix: "The agency implemented a three-tier credential alert system — automated notifications at 90, 60, and 30 days before expiration. The Compliance Manager was assigned as the owner of a monthly credential audit. Staff with expired credentials are flagged as 'do not schedule' in the scheduling system until the credential is renewed and verified. The policy was updated on [date] and all staff were trained on the new process on [date]."
The second version describes a new process, assigns ownership, creates a verification mechanism, and documents when the change took effect. That's what CMS is looking for.
4. How You Will Monitor to Ensure the Fix Holds
The final component is your ongoing monitoring plan. CMS wants to know how you'll verify that the corrective actions are actually working — not just that you implemented them once.
Define what you'll monitor, how often, who is responsible, and for how long. A common approach is a 90-day monitoring period with weekly or monthly checks, followed by quarterly reviews after the initial period ends.
Example: "The Compliance Manager will conduct a monthly audit of all personnel credential files for 90 days following implementation. Results will be reported to the Administrator and documented in the QAPI meeting minutes. After the 90-day period, audits will transition to quarterly reviews as part of the ongoing QAPI program."
Why Plans of Correction Get Rejected
Most PoC rejections fall into a handful of recurring patterns.
The response doesn't match the deficiency. The surveyor cited a documentation gap in clinical records, but the PoC response addresses a training issue. Read the citation language carefully — your response must address exactly what was cited, not what you think the underlying problem was.
Vague corrective actions with no specifics. "Staff will be retrained" is not a corrective action. Who will be trained? On what, specifically? By when? Who is responsible for conducting the training? Where is the evidence documented? If the surveyor can't verify it happened, it didn't happen.
No systemic change. Fixing the individual instance without changing the process that allowed it to happen is the single most common reason PoCs get sent back. CMS assumes that if the process didn't change, the same deficiency will recur.
Unrealistic timelines. Promising to complete a facility-wide audit, rewrite three policies, retrain all staff, and implement a new monitoring system in 10 days isn't credible. CMS reviewers know what's realistic. A PoC with a 30 to 60-day correction timeline is far more credible than one that claims everything will be fixed by next week.
No monitoring plan. Even if the corrective actions and systemic changes are strong, a PoC without a monitoring component tells CMS you don't have a way to verify the fix is holding. The monitoring plan is what gives CMS confidence that the next survey will show sustained compliance, not a temporary patch.
Building a Timeline That Holds Up
A credible PoC timeline typically runs 30 to 60 days for most standard-level deficiencies. Condition-level citations may require faster initial action with a longer monitoring tail.
Structure the timeline in phases. Immediate corrections — fixing the specific instances cited — should be completed within the first week. The systemic changes (policy updates, training, new workflows) should follow within 30 days. The monitoring plan kicks in once the systemic changes are in place and runs for at least 90 days.
Every milestone in the timeline should have a date, an owner, and a deliverable. "Complete credential audit" is a task. "Compliance Manager completes audit of all 47 personnel files by May 15 and documents results in the QAPI report" is a plan.
How Ordo Helps
Ordo Compliance connects incident findings to corrective action plans within the same platform. When a deficiency is identified — whether during an internal audit or a CMS survey — the incident management module lets you document the finding, assign corrective actions with due dates and owners, attach evidence of completion, and track the monitoring plan through to closure. Every step is logged in the audit trail, so when the follow-up survey arrives, the evidence is already organized and exportable with one click.
Start your free trial at ordocompliance.com.
This content is for informational purposes only and does not constitute legal, medical, or regulatory advice. Consult your agency's compliance officer or legal counsel for guidance specific to your situation.
