Compliance is a crucial part of healthcare. Your healthcare organization’s compliance plan is critical in keeping both patients and workers safe. Governmental regulations can act as a guide, but healthcare organizations must be proactive. Mishandling these processes can result in severe penalties, malpractice suits, and poor patient outcomes.
The Office of Inspector General (OIG), a division of the U.S. Department of Health and Human Services, has oversight over reducing fraud in Medicare, Medicaid, and other government programs. They have a list of seven essential elements to implement a comprehensive compliance plan. We will use these keys from OIG to provide a blueprint for an effective compliance plan for healthcare organizations.
Your healthcare organization should have its own internal compliance plan. These 10 steps will help your organization to check all the boxes.
1. Align written standards, procedures, and policies of conduct
You likely already have practice standards regarding patient care, personnel matters, and compliance with Federal and state law.
Everyone needs to be on the same page to create an effective healthcare compliance plan. Your internal code of conduct and policies and procedures bring everyone together to stay compliant. Your standards and procedures help reduce possible claims by identifying risk areas for your practice. Subsequently, you can establish tighter internal controls to counter those risks.
2. Incorporate a compliance liaison/committee into your team
A compliance officer/committee gives your team a reference point to use when they are unsure about compliance.
Ideally, one member of your staff is accountable for developing the compliance plan. That compliance officer is responsible for overseeing the implementation of the plan and day-to-day operations of the compliance program.
You can also designate more than one employee with compliance monitoring responsibility. You could describe in your standards and procedures the compliance functions for each designated employee and how to contact them. For example, one employee could be responsible for preparing written standards and procedures, while another could be responsible for conducting or arranging for periodic audits.
3. Execute risk management assessments
According to the National Center for Biotechnology Information, “the objective of a risk management assessment is a complex set of clinical and administrative systems, processes, procedures, and reporting structures designed to detect, monitor, assess, mitigate, and prevent risks to patients.” Identify major risks and ensure that key personnel in your practice are aware of the types of problems identified.
Potential risk areas for risk management assessments:
- Accreditation compliance
- Patient Safety & Quality (Infection control, Safe medication practices, etc.)
- Emergency and disaster readiness
- Vendor risk management
The assessments can help you sniff out these risks before they occur. Then, incorporate them into your work plan for your healthcare organization’s compliance plan.
4. Develop a work plan
A compliance work plan is how your organization is going to work these standards into your day-to-day functions. A work plan incorporates policies and procedures, education, communication and your response to detected offenses into one document. This will not only help your current crop of team members, but you can also incorporate new members.
Use technological tools like the features of your billing software, links to official compliance documentation, and digital checklists to seamlessly integrate the work plan.
5. Educate and train your organization
Education is an important part of your compliance program. You want your education programs to be tailored to your practice’s needs, specialty and size and to include both compliance and specific training.
There are three basic steps for setting up educational objectives:
- Determine who needs training
- Determine the type of training that best suits your needs (e.g., seminars, in-service training, self-study, or other programs)
- Determining when and how often education is needed and how much each person should receive
You have many options for training, including in-person training sessions (i.e., either on-site or at outside seminars) and digital self-guided learning platforms. You should always make sure that the necessary education is communicated throughout your organization.
6. Implement effective lines of communication
Your healthcare organization needs to have open lines of communication to prevent problems from occurring and to have an honest discussion about noncompliance.
Your compliance program’s system for meaningful and open communication should include:
- Team members reporting on potential mishaps
- Create a user-friendly process (such as an anonymous dropbox for larger practices) for reporting with confidence
- Make it known in the standards and procedures that reporting suspected non-compliance is part of the system
- Develop a simple and readily accessible procedure to process reports of fraud
- Maintain anonymity of your team members involved in the reported fraud as well as the person reporting the concern
- Make it clear to all team members that reporting will be respected and valued
7. Create internal monitoring and audits
Your compliance program’s success is reliant on an ongoing evaluation process. Is your organization’s compliance plan up to date? Are your team members following their responsibilities laid out in the plan? Is your compliance plan working?
We can look at 3 options for how to conduct your healthcare facility’s internal audits;
Traditional Internal Audit
Healthcare facilities can choose whether or not they want to handle the audit process themselves. Training for employees to do this is key and can be a challenge on its own. Keeping up with changes in Internet security, regulations, and “new code sets” is also essential.
Co-source Internal Audit
Leverage offloading some audit functions.to an organization specialized in internal auditing. One of the challenges is that your facility has a reduced opportunity to develop audit knowledge and skills in-house. You also need to calculate the amount of time and resources that it will take to constantly be in contact with this outside organization.
Shared Services Internal Audit
A fully external operation for conducting risk assessments and ensuring compliance with a company’s established best practices. This can be the most expensive type of audit, but it eliminates the need for more extensive investments in people which might include hiring, training, career development etc.
8. Enforce principals through well-understood guidelines
You should have a clear ‘‘open door’’ policy between the physicians and compliance personnel and staff. This policy can be implemented with less formal communication techniques, such as conspicuous notices posted in common areas and/or the development and placement of compliance bulletin boards where everyone in the practice can receive up-to-date compliance information.
9. Respond appropriately to detected offenses
Incorporate measures into your practice to ensure that team members understand the consequences of non-compliance. You want to have procedures for enforcing and disciplining individuals who violate your standards. Enforcement and disciplinary provisions are necessary to add credibility and integrity to your healthcare compliance program.
Your enforcement and disciplinary mechanisms should make sure that violations of your compliance policies will result in consistent and appropriate sanctions, including the possibility of termination. At the same time, you want your practice’s enforcement and disciplinary procedures to be flexible enough to account for mitigating or aggravating circumstances.
10. Stay up to date with regulatory changes
Keep in mind that laws, administrative stipulations, and governmental regulations constantly change. Stay up to date and implement necessary updates to your compliance plan with your internal audits and effective communication with your compliance committee.
Your healthcare compliance plan will always evolve with the rules and regulations. Compliance is a long road for any healthcare organization.