In this article, you’ll learn what healthcare compliance is, how to be compliant and where to access free resources to help you implement efficient compliance processes and procedures.
Healthcare compliance is the ongoing process a healthcare organization or provider uses to meet legal, ethical and professional standards. Healthcare providers and organizations must have effective processes, procedures and policies in place to outline appropriate conduct, train staff and oversee compliance adherence.
Healthcare compliance was created to improve patient care. These laws, rules and regulations ensure patient safety and high-quality care that’s based on the proper motives.
The term healthcare compliance covers these areas, among others:
Patient care
Billing
Reimbursement
Managed care contracting
Occupational safety
Joint Commission on Accreditation of Healthcare Organizations
and HIPAA privacy and security.
There are many federal government agencies with vested interest in healthcare compliance. Each of these government agencies regulates healthcare approaches applicable to its own area of control.
The following are examples of government agencies that handle federal regulations:
The Drug Enforcement Administration (DEA) enforces laws regarding controlled substances. It’s no surprise that the DEA's healthcare compliance is directed toward ensuring that controlled substances are used appropriately.
The HHS Office of Civil Rights (OCR) implements and enforces the patient privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA).
The Occupational Safety and Health Administration (OSHA) makes sure that employers “provide a place that is free from recognized hazards which could result in physical harm or death.”
The Department of Health and Human Services (HHS) Office of Inspector General ( OIG), is dedicated to protecting federal healthcare programs from fraud, abuse and waste of services. HHS also contains the Centers for Medicare & Medicaid Services.
As you can imagine, there are so many different agencies that oversee specific areas of healthcare laws, rules and regulations. Healthcare compliance is a complex and often daunting undertaking by healthcare organizations and providers.
“The laws and rules applicable to healthcare organizations and providers are far more numerous than the IRS code, and significantly more complicated,” said Michael L. Smith, R.R.T., J.D. in a Health Law Firm post.
No one wants to be audited by a healthcare compliance-related agency such as OCR or OIG. Unfortunately, it’s something that many healthcare providers face. By understanding the most common issues when it comes to compliance in healthcare, it can be easier to plan and implement a well-developed and effective compliance program. This can reduce the chances of experiencing an investigation in the future.
Numerous types of problems can present themselves when it comes to compliance in healthcare. From medical coding that is based on reimbursement more than patient need to ordering excessive tests, a variety of issues can trigger an audit and fault can land on the practitioner, biller or coder.
Billers and coders should be aware of the following audit triggers:
Using one level of evaluation and management coding (E/M) services consistently
Using higher levels of E/M services (Evaluation and Management) that are not justified
Ordering excessive tests
Unbundling of procedures
Waiving copayments, co-insurance and deductibles without financial hardship
Changing codes to get paid or to appease an irate patient
Medical coding based on reimbursement and not medical necessity
A provider’s specialty profile (utilization pattern – bell curve) that does not meet healthcare industry standards.
Problems with HIPAA guidelines and privacy rules which defend electronic protected health information (PHI) are tricky to avoid since there are so many complexities to what PHI can be given to whom and how information is sent to patients and patients’ loved ones.
The punishments for non-compliance can be severe. For example, breaking self-referrals and anti-kickback statutes can lead to pretty severe fines or even jail time. If one is found breaking anti-kickback rules, the penalties may include a fine of up to $25,000, imprisonment of up to five years and exclusion from participating in federal health care programs for up to one year. If an organization or provider is found guilty of Civil Monetary Penalties they are fined $50,000 per violation.
At the start of 2021, athenahealth agreed to pay $18.25 million in response to allegations that it had paid illegal kickbacks to boost sales of its electronic health records product, called athenaClinicals and athenaOne.
The provider faced charges of violating the False Claims Act (FCA), which forbids companies from submitting false records, claims or statements to the government to receive payments.
But technology can help.
PHI can actually be protected through automatic logoffs, logins and passwords and transmission security. Furthermore, good claims analysis software tools can make it simpler to drill down to code details within claims to see what’s going on in your practice. Through monitoring closely and establishing appropriate safeguards, health care providers can avoid civil and criminal penalties.
There are so many bad practices to avoid in healthcare compliance, but the truth is that there is also a lot that can be done to help your practice streamline processes and make healthcare compliance simpler. The OIG has published guidance materials for healthcare organizations on how to create an effective healthcare compliance program. According to the OIG, every effective healthcare compliance program must address these seven areas:
Healthcare compliance is the ongoing process of meeting, or exceeding all the legal, ethical, and professional standards applicable to an organization or provider. As the regulations applicable to the healthcare organization change so must its compliance program. Each organization or provider should consistently analyze their organization to be sure they’re always following laws, rules and regulations regarding compliance.
An important step in beginning a compliance program is to create clear standards, policies and procedures that every team member can follow. The policies need to be specific to each area, from billing to patient data protection. These policies and standards must be regularly assessed for functionality.
If there are regulatory changes, updating the current policies will mean triggering further training for employees.
Healthcare compliance requirements also include having a strong administrative team behind the program, including a compliance officer and a committee to monitor and enforce the written policies.
Taking time to choose the most appropriate personnel for these positions can improve outcomes. The team must have clear directions on their responsibilities and what steps they can take to enforce rules.
Each agent, employee, healthcare professional and vendor must be carefully vetted via the OIG’s List of Excluded Individuals/Entities (LEIE). The evaluation and screening process you develop must be consistent to ensure that each member of the team is qualified.
What is healthcare compliance training? It’s a vital piece of your overall compliance strategy that should involve your staff at every level.
You will need to implement regular training for all employees, and the training must be consistently updated to meet new regulatory demands. Any changes in compliance strategies or regulations need to be efficiently communicated to employees to avoid risks.
Compliance in healthcare requires careful monitoring and auditing of high-risk areas such as billing, medical necessity and coding. Regular monitoring can help catch non-compliance as early as possible.
An internal reporting system must also be in place to make it easier for personnel to speak up about non-compliance without fearing any type of retaliation. In some instances, anonymous reporting may be something to consider.
When there are reports of compliance risks, an investigation must immediately begin. There should be clear guidelines regarding remedial measures to ensure that protocol is always followed
Having clear action plans and fully documenting the issue can be invaluable for preventing the same risk in the future, while also avoiding potential legal problems.
Non-compliance needs to be disciplined consistently by following the written guidelines. Ensuring that employees are aware of the actions that can be taken if there is an issue can help create a culture of compliance throughout the company.
On top of readily available resources to create and implement healthcare compliance in your organization, you can use Rivet to enhance your patients’ experience and fully understand your claims without opening a new spreadsheet.
Rivet is a modern revenue cycle product suite that gives you the powers to unlock more revenue from patients and payers. You can see the big picture of what’s going on in your practice with payer contracts, fee schedules, claim payment resolution, as well as drill down to understand claims and claims trends. You can also check eligibility and provide accurate up-front patient cost estimates before services are rendered and model your fee schedules all in one product.
For more information about the tools Rivet provides, schedule a Rivet demo .
It’s the practice of adhering to state and federal laws, ethical standards and regulations within the healthcare industry. Compliance helps to prevent fraud and abuse.
The primary healthcare compliance law is HIPAA, which addresses the privacy of patient information. There is also the False Claims Act, which makes it illegal for companies to submit false documents to the government in order to receive payment.
The Stark Law prohibits physicians from referring patients to other providers of healthcare services if the physician has a financial interest in those services, while the Anti-Kickback Statute is a criminal law that forbids getting payments for patient referrals.
Additionally, there is the Patient Safety and Quality Improvement Act, which encourages the voluntary reporting of medical errors.
To protect patient safety and adhere to federal, state and local laws, you need regulatory compliance standards. It’s necessary to implement policies, offer employee education and maintain rigorous documentation of your compliance strategies.
Healthcare organizations implement compliance programs to oversee regulation adherence. They establish reporting portals and ensure that corrective actions are taken to prevent the problem in the future.
Non-compliance puts patient safety at risk. It could mean failures in infection control or medication distribution, for example. Patients could face ineffective treatment, as well as privacy violations.
