Effective management of healthcare compliance requires an office compliance plan that stays current with changing government regulations, payer requirements, office operations and technology. Many still wonder, why is a compliance program needed—if something isn’t broken, don’t fix it, right? This is not always the case; compliance is an essential part of practice operations, but providing annual HIPAA (Health Insurance Portability and Accountability Act of 1996) training to employees and keeping policies in a binder does not constitute a compliance plan. Creating an ongoing culture to guarantee you and your staff follow the laws, regulations, standards and ethical practices that apply to your organization is the best practice for compliance.
You Might Also Like
Explore This IssueSeptember 2018
Keep in mind, not all compliance programs look alike—there is not a one-size-fits-all program. Each practice is unique and must take this into consideration when developing or reevaluating its compliance program. So it is important to “know thyself,” as Socrates is purported to have said.
An effective compliance program requires ongoing oversight by a designated compliance officer, a practice manager working a dual role as compliance officer, or a committee. It is imperative to have regularly documented communication among the providers, administration, compliance officers/compliance committees, owners, boards and billing teams.
How does one know which policies and procedures to implement? Simple—perform risk assessment audits. A medical practice should conduct two kinds of audits: a standards and procedures audit, and a claims submissions audit.
Before developing or reassessing a practice’s compliance program, providers and staff must identify risks by conducting an assessment. Once any risk is identified, the task of updating policies and procedures or correcting these risks must be prioritized. The Department of Health and Human Services (HHS) Office of Inspector General (OIG) continues to provide resources on its website. Measuring Compliance Program Effectiveness—A Resource Guide can assist you with this process. As part of a roundtable discussion, participants discussed ways to measure the effectiveness of compliance programs and provided ideas to conduct risk assessments. Everything cannot be fixed at one time, so it is important to choose the risks that are a priority to the organization and go from there.
Next, prepare the practice for an audit. Conduct an internal audit to see how you’re doing based on your risk assessment and compliance program. Practices may also consider hiring an external auditor or compliance officer to obtain an unbiased opinion and to see if additional changes need to be considered. Compliance is not just more paperwork. It is actively ensuring that all staff are adhering to the various payer guidelines regulations and being proactive to changes in the healthcare arena.
Start with observation. Practice managers should observe the practice through the eyes of a patient. Every aspect—from making an appointment to checking out—should be observed and noted for any deficiencies or areas to improve. Look for the following in the waiting room or patient care areas:
- Notice of Privacy Practices posted in a prominent area and offered to all new patients;
- Front office staff who avoid using patient identifiers or having loud conversations;
- Adherence to new patient requirements (collection of photo identification; insurance information; emergency contact details; race, ethnicity or language information);
- Playing of a TV, radio or some sort of distraction to avoid incidental protected health information disclosures;
- Magazines that are not offensive;
- Adequate seating provided for patients with special needs;
- Doorways and walkways wide enough for disabled persons;
- Handrails in restrooms and handicap-accessible stalls; and
- Interpreters who can be made available for those who need them.
Other areas of risk to address include ensuring that everyone knows the structure of the building as well as the protocol for issues that arise, which can include the following questions:
- Does everyone know where all the exits are located?
- Are the exits well identified?
- Is there an office emergency management plan?
- Does everyone know what to do in case of fire?
- Are fire extinguishers visible and located in key areas?
- Are there clear steps to report when a patient has a complaint?
- Does everyone know what to do if a patient falls in the exam room?
- How often does the practice test emergency eye wash stations?
- Is there a reconciliation process for billing and appointments?
These are all part of the risk assessment process. Training and education should be mandatory at least once a quarter for staff to be knowledge and equipped to respond to any of the above.
The Importance of Ethics
There is a fine line between compliance and ethics. Compliance refers to conforming to applicable laws, regulations, policies, standards, procedures or contractual obligations, and could be in the form of external (local, state, federal or third-party) or internal obligations. Effective risk management relies on everyone understanding that compliance with external obligations is a critical component. This helps the practice to better prevent, detect, contain and correct any noncompliance issues that could damage its viability.
Ethics refers to the moral principles and values that guide a person or an organization. Ethical conduct shows that a person knows the difference between right and wrong and chooses to do what is right. It’s extremely important for practices to show employees that leadership, starting from the top, is on board with a compliance program. This will lay the foundation for building a culture of compliance within the organization.
Practices should perform due diligence prior to hiring or promoting a person to the role of compliance officer. It is important to ensure:
- Individuals with substantial authority have not engaged in any illegal activities or conducted themselves in a manner inconsistent with the practice’s Code of Ethics;
- Screening procedures are in place for all new hires, such as performing background, criminal and exclusions checks; and
- Previous employers are contacted prior to hiring or promoting individuals.
Additionally, policies and procedures should be in place that require the organization to review the office policies at least once a year. A Code of Conduct or Code of Ethics should be created to set expectations for employees’ behaviors and attitudes. Having employees who know what is expected of them and adhere to and promote ethical behavior based on shared organizational values will provide a safeguard for the practice. Also, whenever changes are made to practice’s policies and procedures, communication should be sent out or posted to alert staff to the updates. This should also be incorporated into office training.
More Than Compliance
Compliance programs provide benefits by helping prevent erroneous or fraudulent claims, and also by showing that the organization is making good faith efforts to keep the practice in line with federal and state regulations.
Providers should view compliance programs equivalent to clinical practice. Embracing an active application of compliance principles in the culture of the practice with continuous efforts toward compliance can help prevent future problems. Some added benefits of having an effective compliance program include:
- Increasing patient and employee safety;
- Increasing patient and employee satisfaction;
- Ensuring accountability;
- Reducing billing mistakes;
- Streamlining and improving business operations; and
- Creating a team environment.
With so many areas of the law expanded and additional dollars at risk, 2019 is critical for physician practices to reassess their HIPAA and practice compliance programs. Now is the time to begin compliance efforts by evaluating all HIPAA processes, including statements of privacy practices, patient attestation documents and release-of-information procedures. Practices that may have used manual logs and journals to document disclosures in the past should think about implementing technology that can track the process more efficiently.
Having a compliance program sends the important message that leadership recognizes the importance of making the practice efficient. For training on practice management compliance, don’t miss the ACR/ARHP Annual Meeting premeeting courses addressing the critical business, payer and regulatory issues that affect physician practice management. These interactive programs are designed to help you and your team be more aligned toward your practice goals and vision.
Discounted registration packages are available for the coding and practice management summit. For additional registration information, visit www.rheumatology.org/
Annual-Meeting/Registration, or contact the ACR Practice Management department at [email protected].
Anita Henderson-Sumpter, MHA, MBA, CHC, CPC, is a certified professional coder and certified in healthcare compliance. She is the senior compliance specialist at St. Vincent’s Healthcare, Jacksonville, Fla. She is responsible for coordinating activities of healthcare compliance where she works with employees, medical staff, residents, agents and contractors. She has dual master’s degrees in healthcare administration and business administration.