What is Compliance-Image

What Is Healthcare Compliance?

September 30, 2021
September 30, 2021

Healthcare Compliance – Definition and Scope

Healthcare compliance is an ongoing process for meeting the legal, ethical and professional standards that are applicable to healthcare organizations and providers. The scope of compliance for healthcare organizations is extremely broad and includes an array of areas covering patient care, patient confidentiality, reimbursement, Joint Commission standards, Health Insurance Portability and Accountability Act (HIPAA), research standards and managed care contracting. The requirements of federal, state and local regulatory agencies as well as business and ethical standards are also covered by compliance.   

Why It Matters

Providing healthcare comes with enormous risks – to both providers and patients. Healthcare organizations that have established robust compliance programs can reduce their exposure to these risks. However, it is not an easy job. The rules tend to be very complex; there are a huge number of them; and they change frequently. Compliance can be difficult to achieve, but is essential to the creation of a high-performing, safe, reliable and low-risk environment. 

The cost of non-compliance can be enormous – literally. Protected Health Information (PHI) and the requirements of HIPAA are areas of significant vulnerability for healthcare organizations and insurers. In 2015, the Office of Civil Rights (OCR) fined a health insurance provider $16 million for a data breach that exposed the PHI and other personal information of nearly 79 million subscribers. In 2018, the Centers for Medicare and Medicaid Services (CMS) fined a healthcare organization $2.5 million when a provider’s laptop was stolen which resulted in the PHI of approximately 1,400 patients being exposed. Post-incident investigations revealed that these organizations had not properly assessed their risk, lacked procedures to notify patients who had their PHI compromised and obviously both had failed to keep PHI secure. 

Establishing a Culture of Compliance

The Office of the Inspector General (OIG) has helped to define compliance for healthcare organizations. Their guidance includes a recommendation that organizations strive to build a culture of compliance. The OIG provides resources that help hospitals, physicians and other healthcare providers remain in compliance with current federal regulations. While the OIG recognizes that there is not a one-size-fits-all compliance program that will work for every organization, there are some essential elements. 

  • Written Policies and Procedures:  The OIG recommends that they be written clearly and specifically for the organization, be shared freely and that the organization have a regular means of monitoring compliance with and understanding of policies and procedures. 
  • Designate a Compliance Officer and Committee: This serves as the backbone for the organization’s compliance program and should be run by a well-qualified compliance officer that is well-resourced with a regular responsibility to report to senior leaders and the organization’s board. 
  • Develop Open Lines of Communication: Open communication without fear of retaliation should be established including hotlines for anonymous reporting of compliance violations. 
  • Internal Monitoring and Auditing: Effective monitoring and audits help insure accurate claims and the identification of risks, particularly in high-volume services. 
  • Compliance Education: Avoid risk by conducting annual, job-specific training for employees with regular reviews of the content to insure that it is still relevant. 
  • Respond To Deficiencies: Develop action plans to correct any deficiencies that are identified and conduct periodic reviews to insure ongoing compliance. 
  • Enforce Disciplinary Standards: Well publicized, consistently-applied standards are essential to any compliance program. 

Quality and compliance in healthcare is possible. Be sure that your organization is working to establish a culture of compliance.