Effective management of healthcare compliance requires an office compliance plan that stays current with changing government regulations, payer requirements, office operations and technology. Many still wonder, why is a compliance program needed—if something isn’t broken, don’t fix it, right? This is not always the case; compliance is an essential part of practice operations, but providing annual HIPAA (Health Insurance Portability and Accountability Act of 1996) training to employees and keeping policies in a binder does not constitute a compliance plan. Creating an ongoing culture to guarantee you and your staff follow the laws, regulations, standards and ethical practices that apply to your organization is the best practice for compliance.
Keep in mind, not all compliance programs look alike—there is not a one-size-fits-all program. Each practice is unique and must take this into consideration when developing or reevaluating its compliance program. So it is important to “know thyself,” as Socrates is purported to have said.
An effective compliance program requires ongoing oversight by a designated compliance officer, a practice manager working a dual role as compliance officer, or a committee. It is imperative to have regularly documented communication among the providers, administration, compliance officers/compliance committees, owners, boards and billing teams.
How does one know which policies and procedures to implement? Simple—perform risk assessment audits. A medical practice should conduct two kinds of audits: a standards and procedures audit, and a claims submissions audit.
Before developing or reassessing a practice’s compliance program, providers and staff must identify risks by conducting an assessment. Once any risk is identified, the task of updating policies and procedures or correcting these risks must be prioritized. The Department of Health and Human Services (HHS) Office of Inspector General (OIG) continues to provide resources on its website. Measuring Compliance Program Effectiveness—A Resource Guide can assist you with this process. As part of a roundtable discussion, participants discussed ways to measure the effectiveness of compliance programs and provided ideas to conduct risk assessments. Everything cannot be fixed at one time, so it is important to choose the risks that are a priority to the organization and go from there.
Next, prepare the practice for an audit. Conduct an internal audit to see how you’re doing based on your risk assessment and compliance program. Practices may also consider hiring an external auditor or compliance officer to obtain an unbiased opinion and to see if additional changes need to be considered. Compliance is not just more paperwork. It is actively ensuring that all staff are adhering to the various payer guidelines regulations and being proactive to changes in the healthcare arena.