If eternal vigilance is the price of freedom, it’s also the burden hospitals and physician practices must bear when dealing with compliance issues. Healthcare Finance News Editor Richard Pizzi spoke recently with two experts in healthcare compliance, John Brooke and Scot McLeod of Compliance 360, to glean a few tips for readers.
What are some of the burdens that compliance professionals face?
John Brooke: First you have to understand that the compliance requirements for healthcare facilities are voluminous, with more coming everyday. There’s HIPAA, requirements associated with the HITECH Act, state and local regulations. Approaches to compliance differ sometimes on the size of the institution, sometimes according to complexity. The healthcare compliance officer is often responsible for many, very different things. Suffice it to say we’ve never walked into an overstaffed compliance department. The compliance officers that we run into have one of two backgrounds. They are either attorneys, or have health information management backgrounds. I’ve also seen lab directors in the role.
How do they determine a compliance program’s effectiveness?
Scot McLeod: We see a lot of different approaches. The U.S. Sentencing Commission has created 7 elements of an effective compliance program. The New York State Office of the Medicaid Inspector General has outlined the expectations for compliance professionals, creating a Compliance Program Assessment Tool. Hospital boards of directors are often charged with determining effectiveness. But the biggest change we have seen over the past few years is that it’s not enough for a healthcare facility to have good intentions. You need to be able to prove definitively that your compliance program works.
What are some compliance trends that you’re seeing?
Brooke: The major categories are the same across the industry, but the focus is different depending on the type of provider you’re talking about. Privacy is a big issue and is getting even bigger. It’s related to HIPAA, but the privacy breach requirements in many states are tougher than the federal requirements. We’re also seeing increasing focus on compliance with many of the Affordable Care Act requirements.
What are some tips or best practices you can offer to providers?
McLeod: One of the keys is to be thorough and practical in building up your body of compliance evidence. One example of the need for thoroughness could be incident management. Providers must log and understand an incident, follow-up on it, track the results and determine trends. You have to do this every time and do it thoroughly. Transparency is also very important. If federal and state regulators see that your compliance program is serious and comprehensive, they may be more willing to work with you. You have to approach this like any other business process. You’re assessing your risk, identifying what controls you have in place to mitigate that risk, determining what gaps you have in controls and what policies and procedures you have or need to close those gaps. It’s a constant process that requires vigilance.