Are You Beyond the Red Line? Mastering Your FQHC’s Scope of Project to Avoid Noncompliance

Ensuring compliance with Scope of Project requirements is one of the most critical—and frequently misunderstood—obligations for Federally Qualified Health Centers (FQHCs).

The approved scope defines the legal and operational boundaries of a health center’s federal award, directly governing eligibility for Section 330 grant funding, official FQHC designation, Prospective Payment System (PPS) reimbursement, and Federal Tort Claims Act (FTCA) malpractice coverage.

When health centers misstep, the consequences can be severe, including recoupment of funds, loss of deemed status, imposition of corrective action plans, heightened oversight, and, in extreme cases, termination of federal funding.

Defining Your FQHC’s Scope of Project

“Scope of Project” is a formal legal and regulatory framework that governs FQHC operations under Section 330 of the Public Health Service Act (42 U.S.C. § 254b; and 42 C.F.R. Part 51), defined and enforced by the Health Resources and Services Administration (HRSA).

It constitutes the legally approved set of activities an FQHC is authorized to perform using federal grant funds, and encompasses specific service sites, services, provider types, geographic service areas, and target populations. HRSA's Bureau of Primary Health Care (BPHC) identifies five key components that collectively define this scope:

1. 1. Target Population: The specific medically underserved population or population group the project is approved to serve.
   2. Service Area: The geographic area from which the health center draws its patients.
   3. Services: The required (e.g., primary medical, behavioral health) and additional (e.g., dental, vision) services the center is approved to provide, which may vary by grant type.
   4. Service Sites: The physical locations where the health center delivers services.
   5. Providers: The types of clinical professionals (e.g., physicians, nurse practitioners, dentists) who deliver the services.

This framework is further detailed in the HRSA Health Center Compliance Manual, Chapter 4 (Required and Additional Health Services), which provides the operative compliance standards and should be consulted alongside statutory and regulatory authorities when interpreting scope requirements.

Generally, only activities and locations documented in HRSA’s approved forms—including Form 5A (services), Form 5B (sites), and Form 5C (other activities/locations) — are considered “in-scope.”

This distinction carries significant practical and financial consequences: activities conducted within the approved scope qualify for Prospective Payment System (PPS) reimbursement, Federal Tort Claims Act (FTCA) medical malpractice coverage, and participation in the 340B Drug Pricing Program. Activities outside the approved scope do not.

The Right Way vs. The Risk: Change-in-Scope (CIS) or Scope Creep?

Change In Scope

A “change in scope” (CIS) is a formal regulatory process through which an FQHC must seek and obtain HRSA approval before implementing certain operational changes.

HRSA recognizes that not all changes to a health center's operations are equal: some changes are significant enough to alter the nature, location, or reach of the federally funded project, while others are routine operational adjustments that fall within the existing approved scope.

Changes that affect any of the five key Scope of Project components—target population, service area, services, service sites, or providers—generally require advance CIS approval before implementation.

Scope Creep

“Scope creep” occurs when operational changes that require HRSA approval are implemented without it—often not through a single deliberate decision, but through incremental choices that accumulate over time. Common examples include:

• • gradually expanding the range of services offered
  • adding hours or locations
  • piloting new programs, or
  • shifting the target population served

Because these changes can appear routine from an operational standpoint, they are frequently made without a threshold determination of whether CIS approval is required.

The consequences are significant. Activities that fall outside the federally approved Scope of Project do not qualify for Prospective Payment System (PPS) reimbursement or Federal Tort Claims Act (FTCA) coverage, or participation in the 340B Drug Pricing Program.

Unauthorized changes may also constitute findings of noncompliance during HRSA reviews, and in serious cases can trigger grant conditions, corrective action requirements, or recoupment of funds. Scope creep is therefore not merely an administrative irregularity—it is a legal and financial exposure that requires active monitoring and prevention.

The Change in Scope Compass: A Compliance Checklist

Not every operational change requires a formal CIS submission, but every proposed change should trigger a threshold review to determine whether HRSA approval is needed. For changes that do require formal CIS approval, the following process applies:

Charting Your Territory: Properly Documenting Off-Site and Outreach Care

Not all health center activities occur at a formal service site. HRSA provides a mechanism—Form 5C—to document certain off-site activities within the approved Scope of Project without requiring a full-service site designation. This documentation matters: activities not reflected in the approved scope fall outside FTCA coverage and may create scope creep exposure.

Top HRSA Audit Findings: Where FQHCs Trip Up

Based on HRSA's FQHC compliance reports, audit guidance, and OIG reports, the most commonly cited CIS violations fall into the following categories:

• • Undocumented or Unapproved Service Sites: Satellite offices, co-location arrangements, or mobile unit stops are opened and begin seeing patients before—or instead of—obtaining Form 5B approval.
  • Services Provided Outside Approved Scope: Clinical services—most commonly behavioral health, dental, or specialty services—are added before obtaining the required Form 5A amendment.
  • Target Population Drift: Expansion of FQHC patient base to include populations not reflected in the approved scope without obtaining CIS approval.
  • Telehealth Service Area Violations: Providing telehealth services to patients located outside the approved geographic service area without CIS approval.
  • Unapproved Contractual Arrangements: Contracts or arrangements with outside providers, hospitals, or community organizations that expand services or shift clinical control are entered into without CIS approval.
  • Form 5C Locations Operating as De Facto Service Sites: Off-site activities that began as occasional outreach gradually become regularly scheduled, staffed locations without the required upgrade to Form 5B status.
  • PPS Billing for Non-Qualifying Sites: Billing at the PPS rate for services delivered at locations not approved as Form 5B service sites—including Form 5C locations, provider offices, and contracted sites.
  • Board Approval Deficiencies: CIS submissions submitted to HRSA without a prior formal board resolution, or with only generic board authorization not specific to the proposed change.
  • Outdated or Inaccurate Form 5A/5B Information: Approved scope documentation is not updated to reflect operational changes—including site relocations, hour changes, or service reconfigurations.

The Cost of Getting It Wrong: Regulatory, Financial and Legal Risks

Non-compliance with CIS requirements carries cumulative regulatory, financial, and legal consequences that can escalate significantly if not promptly remediated. Taken together, these consequences reflect that scope compliance is not an administrative formality—it is a governance and compliance obligation with material legal, financial, and operational stakes.

Operational Integrity: Managing Your Scope as a Strategic Asset

The Scope of Project, when viewed through both a project management and regulatory lens, defines the boundaries within which an FQHC is authorized to operate. FQHCs should treat their scope of project as a controlled and actively managed asset. This includes maintaining a centralized, up-to-date inventory of all approved sites, services, providers, and populations, and ensuring it is consistently referenced in operational decision-making.

Governance plays a critical role in CIS compliance. Boards must have control and authority over all in-scope services, regardless of location or delivery method. They should actively oversee scope-related decisions, approve all CIS submissions, approve contracts and formal referral agreements that affect scope, and ensure leadership is accountable for maintaining compliance. By aligning operational growth with formal CIS processes, FQHCs can meet community needs while preserving their funding, compliance status, and legal protections.

We are Here to Help

Hinshaw’s healthcare law attorneys have extensive experience advising FQHCs, FQHC Look-Alikes, and other licensed community clinics on regulatory and compliance matters. For further information, please contact Michael Dowell, Hinshaw’s healthcare law team, or your Hinshaw attorney.