Regulatory compliance in Healthcare is all about a healthcare organization’s adherence to laws, regulations, guidelines, and specifications relevant to its business processes. Violations of regulatory compliance regulations often result in legal punishment including federal fines. It is the ongoing process of meeting or exceeding the legal, ethical, and professional standards applicable to a particular healthcare organization or provider.
It requires healthcare organizations and providers to develop effective processes, policies, and procedures to define appropriate conduct, train the organization’s staff, and then monitor the adherence to the processes, policies, and procedures. Healthcare regulatory compliance covers numerous areas including, but not limited to, patient care, billing, reimbursement, managed care contracting, OSHA, Joint Commission on Accreditation of Healthcare Organizations, and HIPAA privacy and security.
Healthcare regulatory compliance isn’t anything new. One of its earliest forms was the establishment of minimum standards for surgery facilities by the American College of Surgeons in 1918. At present, healthcare organizations and providers have dedicated team members who particularly focused on regulatory compliance. The purpose and primary benefit of healthcare compliance are to improve patient care. Patient care is improved when healthcare decisions are based on appropriate and current clinical standards. Patient care decisions based on improper motives rarely results in the delivery of quality care.
Healthcare compliance also aids healthcare organizations and providers in avoiding trouble with government authorities. An effective healthcare compliance program can identify problems and find solutions to those problems before a government agency finds the problem. An effective healthcare compliance program can also mitigate against the imposition of sanctions, or financial penalties that might otherwise be imposed on the healthcare organization or provider. An effective compliance program can also help a healthcare organization or provider avoid liability for malpractice. A consistent theme in healthcare compliance is documentation that the organization or provider is following current clinical standards. A healthcare organization or provider that is following best clinical practices is less likely to be the subject of a malpractice claim.
The Department of Health and Human Services (HHS) Office of Inspector General (OIG) is focused on protecting the federal healthcare programs from fraud, abuse and waste. The OIG has published some of the most comprehensive guidance for healthcare organizations on the elements of an effective healthcare compliance program. According to the OIG, an effective healthcare compliance program must, at the very least, address the following seven areas:
- The development, distribution, and implementation of written standards of conduct and written policies and procedures that describe and further the organization’s commitment to meeting and exceeding the legal and ethical standards applicable to the organization
- The designation of a chief compliance officer and other appropriate committees and individuals that are responsible for operating and monitoring the compliance program and who report directly to the organization’s chief executive officer and the governing body
- The development and delivery of effective employee education and training programs
- The development and maintenance of effective lines of communication that allow individuals to report compliance concerns without retaliation, including the ability to anonymously report concerns and complaints
- The development and implementation of a process to respond to complaints that include the imposition of appropriate corrective action including the discipline of employees when required
- The use of internal monitoring and audits to measure compliance and address known deficiencies
- Responding appropriately and quickly to detected offenses and implementing corrective action.
Healthcare organizations and providers deal with confidential health information. Consequently, every healthcare organization and provider will also need to include compliance with the Health Insurance Portability and Accountability Act (HIPAA) as part of its compliance program. The HHS Office of Civil Rights (OCR) is charged with implementing and enforcing the HIPAA privacy and security rules, and it has provided volumes of guidance on compliance with those rules. So healthcare compliance is the ongoing process of meeting or exceeding all the legal, ethical, and professional standards applicable to an organization or provider. As the regulations applicable to the healthcare organization change so must its compliance program.
Federal and state healthcare laws and regulations change constantly and the interpretation of those laws and regulations changes just as frequently. Effective healthcare compliance must be an ongoing process of continually reviewing and updating the processes, policies, and procedures of the organization. The organization also must continually update the training provided to its employees based upon changes in the regulations.
Healthcare organizations need to identify all the laws and regulations that apply to their specific organization. The federal laws applicable to healthcare are extensive and are implemented by multiple federal agencies. HHS is also responsible for the Medicare, Medicaid, and the other federal healthcare programs, as well as, the HIPAA privacy and security rules. Most healthcare organizations and providers are also subject to the regulatory framework of the Food and Drug Administration, the DEA, and numerous other state and federal agencies. Each of these governmental agencies issues rules and regulations that interpret the laws those agencies are charged with implementing.
Due to the volume and complexity of this regulatory framework, most healthcare organizations and providers must rely upon specialists in healthcare compliance to develop, implement and update their compliance programs. A large healthcare organization can have hundreds of people working under its chief compliance officer.
The complexity of compliance poses many challenges to today’s healthcare organizations. In attempting to maintain compliance, providers must make provision for:
- Ongoing, pertinent and accurate training and education for all employees
- Maintaining compliance and accreditation with the increased use of cloud providers in accordance with HIPAA
- Keeping up with changes in technology and the associated regulations
- The effects of patient involvement via online portals providing access to records
- Developing, maintaining and updating policies without creating conflicts or overlap
- Routine audits of existing security and privacy policies
- Changes relating to patient privacy imposed by the recent implementation of the General Data Protection Regulation (GDPR)
- Maintaining accountability at all levels
- Applying the appropriate disciplinary measures when regulations are violated
It can be difficult to handle these aspects of compliance without help from an individual or group with an understanding of the rules and regulations involved, which is why a chief compliance officer is essential for every healthcare organization.
Effective management of healthcare compliance needs a compliance plan that stays current with changing government regulations, payer requirements, office operations, and technology. The organizations have to strictly adhere to regulations and laws governing HIPAA Security and Privacy Rules, the False Claims Act, Emergency Medical Treatment and Active Labor Act (EMTALA), Clinical Laboratory Improvement Amendments (CLIA) regulations, Anti-kickback Statute, Stark Law, Occupational Safety and Health Administration (OSHA) standards, etc.
Compliance management is all about handling investigations, including self-disclosure protocols requirements under Corporate Integrity Agreements (CIAs) and Certificate of Compliance Agreements (CCAs). It means being up-to-date on the investigative activities of recovery audit contractors, zone program integrity contractors, Medicaid fraud control units. It requires knowledge for managing risk and auditing areas of risk concern when reporting physician services that require Advance Beneficiary Notices, teaching physicians’ guidelines, incident-to services, evaluation and management (E/M), date of service, modifiers, etc.
Per AAPC, the following Seven Steps should be taken Towards Compliance
- Conduct internal monitoring and auditing
- Implement compliance and practice standards
- Designate a compliance officer or contact
- Conduct appropriate training and education
- Respond appropriately to detected offenses and developing corrective action
- Develop open lines of communication
- Enforce disciplinary standards through well-publicized guidelines
Regulatory Compliance in Healthcare: What’s Ahead?
In the coming decade, effective compliance programs will be an essential element of all healthcare businesses. But they will not be essential because they are mandatory. They will be essential because they are worth the investment. Here are a few predictions:
Compliance programs of the future will flow from the healthcare organization’s mission and values rather than flowing from the minimum standards set by laws and regulations. “Rules-based” compliance programs do not resonate with employees over the long term. Values-based compliance programs weave themselves into the fabric of the organization and become part of its culture.
The ability to honestly evaluate weaknesses is critical to achieving excellence. Organizations that welcome this self-analysis will have high degrees of independence on their boards and in their compliance programs. Independence provides a fresh perspective and promotes the frank discussions that are necessary to create leaps in improvement.
Compliance programs will heavily invest in identifying the top risks to the organization and will let go of the small risks. Healthcare organizations will develop extensive internal tracking systems, measurements, audits, and reports to help easily spot trends and address them.
Compliance programs will operate more like a business unit and less like a response team. They will set targets, gather objective data, measure performance, tie compensation to the achievement of targets and be more accountable to the organization. Compliance programs that establish compliance targets and demonstrate their performance will succeed over those that focus only on prevention and response.
An organization’s compliance program can be a very effective recruitment and retention tool if it focuses on values rather than rules. Effective compliance programs will connect policies to their values rather than teaching employees to follow them because it is mandatory.
Compliance programs of the future will be more collaborative. They will be accountable to the organization for solving problems that cross multiple areas and will work collaboratively with others—inside and outside their organization—to get it done.
There will be good compliance officers who will know when big changes will be needed and will dedicate the time and energy to move the culture. They will identify the need for change before receiving a subpoena from the government, and they will effectively engage other leaders in making that change.
Sources: https://www.thehealthlawfirm.com/resources/health-law-articles-and-documents/Healthcare-Compliance.html https://www.aapc.com/healthcare-compliance/compliance-management.aspx https://www.modernhealthcare.com/article/20110725/SUPPLEMENT/110729994/the-future-of-healthcare-regulation-and-compliance https://www.g2.com/categories/healthcare-compliance