Blog post image

What is healthcare compliance?

In this article, you’ll learn what healthcare compliance is, how to be compliant and where to access free resources to help you implement efficient compliance processes and procedures. 

What is healthcare compliance?

Healthcare compliance is the ongoing process a healthcare organization or provider uses to meet legal, ethical and professional standards. Healthcare providers and organizations must have effective processes, procedures and policies in place to outline appropriate conduct, train staff and oversee compliance adherence.  

Healthcare compliance was created to improve patient care by issuing laws, rules and regulations to ensure that patient care decisions are based on proper motives. 

The term healthcare compliance covers these areas, among others:

  • patient care
  • billing
  • reimbursement
  • managed care contracting
  • occupational safety
  • Joint Commission on Accreditation of Healthcare Organizations
  • and HIPAA privacy and security.

There are many government agencies with vested interest in healthcare compliance. Each of these government agencies regulates healthcare approaches applicable to its own area of control. 

The following are examples of government agencies that regulate healthcare approaches: 

  • The Drug Enforcement Administration (DEA) enforces laws regarding controlled substances. It’s no surprise that the DEA's healthcare compliance is directed toward ensuring that controlled substances are used appropriately. 
  • The HHS Office of Civil Rights (OCR) implements and enforces the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA). 
  • The Department of Health and Human Services (HHS) Office of Inspector General (OIG), is dedicated to protecting federal health care programs from fraud, abuse and waste of services. 

As you can imagine, there are so many different agencies that oversee specific areas of healthcare laws, rules and regulations. Healthcare compliance is a complex and often daunting undertaking by healthcare organizations and providers. 

“The laws and rules applicable to healthcare organizations and providers are far more numerous than the IRS code, and significantly more complicated,” said Michael L. Smith, R.R.T., J.D. in a Health Law Firm post.

What are common compliance issues in healthcare?

No one wants to be audited by a healthcare compliance-related agency such as OCR or OIG, so utilizing a well-developed compliance program will reduce the chances of experiencing an investigation in the future. 

There are many medical billing and coding issues that can trigger an audit and fault can land on the practitioner, biller or coder. 

Billers and coders should be aware of the following audit triggers:

  • using one level of evaluation and management coding (E/M) services consistently
  • using higher levels of E/M services that are not justified
  • ordering excessive tests
  • unbundling of procedures
  • waiving copayments, co-insurance and deductibles without financial hardship
  • changing codes to get paid or to appease an irate patient
  • coding based on reimbursement and not medical necessity
  • and a provider’s speciality profile (utilization pattern – bell curve) that does not meet industry standards.

Problems with HIPAA guidelines and privacy rules which defend electronic protected health information (PHI) are tricky to avoid since there are so many complexities to what PHI can be given to whom and how information is sent to patients and patients’ loved ones. 

The punishments for non-compliance can be severe. For example, breaking self-referrals and anti-kickback statutes can lead to pretty severe fines or even jail time. If one is found breaking anti-kickback rules, the penalties may include a fine of up to $25,000, imprisonment of up to five years and exclusion from participating in federal health care programs for up to one year. If an organization or provider is found guilty of Civil Monetary Penalties they are fined $50,000 per violation.

Just this past January (2021), athenahealth agreed to pay $18.25 million to “resolve allegations that it violated the False Claims Act (FCA) by paying illegal kickbacks to generate sales of its EHR [electronic health records] product athenaClinicals [and athenaOne].”

But technology can help.

PHI can actually be protected through automatic logoffs, logins and passwords and transmission security. Furthermore, good claims analysis software tools can make it simpler to drill down to code details within claims to see what’s going on in your practice. Through monitoring closely and establishing appropriate safeguards, health care providers can avoid civil and criminal penalties. 

How do you create and maintain an effective healthcare compliance program?

There are so many bad practices to avoid in healthcare compliance, but the truth is that there is also a lot that can be done to help your practice streamline processes and make healthcare compliance simpler. The OIG has published guidance materials for healthcare organizations on how to create an effective healthcare compliance program. According to the OIG, every effective healthcare compliance program must address these seven areas

  1. Standards, policies and procedures. Standards, Policies and Procedures. Develop, distribute and implement written standards of conduct as well as written policies and procedures devoted to exceeding legal and ethical standards.
  2. Compliance program administration. Designate a chief compliance officer and other appropriate committees or individuals (as needed) that are responsible for operating and monitoring the compliance program. 
  3. Screening and evaluation of employees, physicians, vendors and other agents. Develop and execute employee education and training programs, and check the OIG’s List of Excluded Individuals/Entities (LEIE) before hiring employees or entities.
  4. Communication, education and training on compliance issues. Develop and maintain communication processes that allow individuals to report compliance concerns without retaliation, e.g., the ability to anonymously report concerns and complaints.
  5. Monitoring, auditing and internal reporting systems. Measure compliance and address unknown deficiencies using internal monitoring and audits.
  6. Investigations and remedial measures. Develop and implement complaint response procedures, including appropriate corrective action of employees when required.
  7. Discipline for non-compliance. Respond quickly and appropriately to all detected compliance issues and implement corrective action.

Healthcare compliance is the ongoing process of meeting, or exceeding all the legal, ethical, and professional standards applicable to an organization or provider. As the regulations applicable to the healthcare organization change so must its compliance program. Each organization or provider should consistently analyze their organization to be sure they’re always following laws, rules and regulations regarding compliance. 


Healthcare Compliance Resource List

HIPAA Compliance Checklist

List of Excluded Individuals/Entities

Measuring Compliance Effectiveness

OIG Compliance Resource Portal

Toolkit Handout for Health Care Boards


What can technology do for you?

On top of readily available resources to create and implement healthcare compliance in your organization, you can use Rivet to enhance your patients’ experience and fully understand your claims without opening a new spreadsheet. 

Rivet is a modern revenue cycle product suite that gives you payer superpowers to unlock more revenue from patients and payers. You can see the big picture of what’s going on in your practice with payer contracts, fee schedules, denials and underpayments as well as drill down to understand claims and claims trends. You can also check eligibility and provide accurate up-front patient cost estimates before services are rendered and model your fee schedules all in one product. 

For more information about the tools Rivet provides, schedule a Rivet demo.