Recap of the Top Healthcare Compliance Risks in 2020
What Is Healthcare Compliance?
Healthcare compliance is the process of following rules, regulations, laws, and professional standards that relate to healthcare practices for an organization or provider. To follow these guidelines, organizations must establish an effective culture of compliance, including practices, policies, and procedures that follow the law and facilitate the implementation of industry best practices.
Why Is Healthcare Compliance Important?
The most important goal of healthcare compliance is to provide high-quality care that promotes the safety and well-being of patients. By following regulatory standards and best practices, healthcare organizations can make decisions that will improve patient outcomes and mitigate risk.
Maintaining compliance helps organizations run efficiently and effectively. This not only helps patients, but it also helps the organization. If organizations remain compliant, they can avoid stiff legal and financial penalties, such as litigation, civil monetary penalties, or sanctions.
Who Governs Healthcare Compliance?
Healthcare compliance can be complex since it is governed by several different standard-setting bodies, laws, and regulations. Frequent changes and temporary modifications to laws and regulations can complicate healthcare compliance. Healthcare organizations should stay current with changing regulations to stay compliant.
- The Social Security Act governs funding and requirements for Medicare, Medicaid, CHIP, and more. Title XVIII is administered by the Centers for Medicare and Medicaid Services (CMS) and includes hospital and supplemental medical insurance, the Medicare+ Choice Program, and the prescription drug program. Title XIX covers grants to states for medical insurance programs.
- The Health Insurance Portability and Accountability Act (HIPAA), originally signed into law in 1996, has since been updated with the HIPAA Privacy Rule and the HIPAA Security Rule. HIPAA protects patient privacy, requiring healthcare organizations to implement measures to keep patient records secure. HITECH encourages healthcare organizations to adopt electronic records and further protects patient safety. Healthcare entities should have physical and technological safeguards in place to protect patient health information to comply with HIPAA and HITECH law.
- The False Claims Act, originally signed in 1863 makes it illegal to file a false claim for funds from a federal program. This includes any plan or program that provides benefits, including Medicare and Medicaid. Penalties for violations include fines up to three times the amount of the claim, plus additional penalties of up to $11,000 for each claim. Fraud does not need to be intentional under the FCA. If an organization acts in deliberate ignorance or reckless disregard of the truth, FCA penalties may still apply. Physicians can also be charged and imprisoned under the criminal FCA.
- The Patient Protection and Affordable Care Act (also known as ACA or Obamacare) implemented new requirements for insurance, Medicaid, and other programs. These new regulations made compliance increasingly complex, requiring entities to develop their own effective compliance programs and return overpayments within 60 days. The ACA also imposes fines for neglecting to implement compliance programs. The urgency of the ACA’s compliance requirements elevated the importance of compliance staff within organizations.
- The Drug Enforcement Administration (DEA) and the Food and Drug Administration (FDA) impose regulations for the creation and distribution of medication to help keep patients safe. These regulations govern the drug supply chain, pharmaceutical waste management, and the prescription and dispensing of controlled substances.
- The Department of Health and Human Services (HHS) and the Office of the Inspector General (OIG) help protect against fraud. OIG investigates fraud, imposes program exclusions and monetary penalties for fraud convictions, develops compliance program guidance, and negotiates civil FCA settlements.
Top Healthcare Compliance Issues in 2020
- Regulatory Landscape: Laws, rules, and regulations that govern healthcare compliance are complex and constantly changing. They currently include the Federal Anti-Kickback Statute (AKS), the Civil Monetary Penalties (CMP) Law, Stark Law, the False Claims Act, antitrust laws, the Eliminating Kickbacks in Recovery Act of 2018 (EKRA), and state laws. Healthcare entities should be aware of all applicable laws and regulations.
- Compliance Due Diligence: Organizations are expected to develop and follow up-to-date compliance work plans, including annual risk assessments. They are expected to perform exclusion checks and conflict of interest reviews on each provider upon hire and on a regular basis. Regular reviews of vendor contracts and revenue cycles are also necessary to stay in compliance.
- Telemedicine Provider Qualification, Licensing, and Operations Compliance: The COVID-19 pandemic has led to an increase in telemedicine services, especially in multi-state practice. Healthcare organizations that practice in multiple states should be aware of regulations for corporate and clinical practices in all states where they provide services to patients. They should also be licensed and compliant as required in each of those states.
- OCR Enforcement Actions: The Office of Civil Rights initiated their first enforcement actions relating to Health and Human Services late in 2019. To avoid being charged with violations, healthcare organizations should respond quickly to patient requests for medical records access. Entities should provide the records in the same format as requested and charge reasonable fees for access.
- Ransomware: Ransomware can threaten the security of patient health information. The two common types of ransomware, data and crypto, are a persistent problem. A third type, DataKeeper, is a growing threat. Healthcare organizations should be aware of all types of ransomware and take appropriate action to safeguard patient information.
Who Is Responsible for Healthcare Compliance?
Most healthcare organizations have a compliance officer or department dedicated to maintaining compliance. If your healthcare organization receives payment from Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP), developing and maintaining a compliance program is a condition of enrollment. Whether your organization receives public or private reimbursements, building a culture of compliance will safeguard your patients, improve your level of care, and protect your organization.
The size and function of compliance programs and staff may vary by organization, but in a healthcare setting, everyone has a role in maintaining compliance. Healthcare organizations can only maintain compliance when every staff member takes responsibility for following established policies, procedures, and regulations.
Maintaining strict compliance standards is necessary for patient safety and risk management. As laws and regulations governing healthcare compliance expand and compliance violation penalties increase, it’s more important than ever for healthcare organizations to develop and maintain a culture of compliance.
Verisys can help reduce risks to your patients and your organization. With its continuous license monitoring and screening for sanctions and exclusions, Verisys provides up-to-date information on your entire population and will alert you to potential concerns soon after the information is published, saving you time while helping you maintain full compliance.
|Written by Juliette Willard
Healthcare Communications Specialist
Connect with Juliette on LinkedIn