Today, we are going to talk about compliance. This is going to be a general look at developing compliance programs instead of an in depth look at compliance of certain regulations (because, no matter what your industry, there are many).
Compliance Program Defined
A compliance program is a plan you put in place to help your organization comply with the law. An effective plan can help you reduce overall costs and provide better care. It can also go a long way in limiting the liability of the business. When you create a compliance plan, you are putting a plan into place that indicates how your business operates. You also have a written document that you use to educate your employees and everyone else who works with you to make sure they know how your business works.
That plan, can help you if there is a question about how your business did something or an issue with someone from your staff who goes completely away from the plan in violation of what happens. It makes sure everyone involved in your business whether they are the janitor or the head nurse has an expectation of how a variety of issues will be handled.
In any business, you have many different places where compliance plans make sense. If we take the healthcare field as an example, you need to think about employment, HIPAA, Anti-Kickback standards, and many others.
Making A Compliance Plan Work for Your Business
For a compliance plan to work for your business, you want to make sure you document everything. Documentation gives you plenty of information to help you limit your liability, it makes sure your program is working the way it should, it also limits any potential claims of fraud or other issues you may run into. Not to mention, lawyers love documents. It helps us protect you.
Employee Handbooks are always a good place to start with any kind of business working on building a compliance program. Sometimes, these are not enough in healthcare, some things that are normal in other industries are a crime in healthcare (antikickback statute). Also, some things do not apply to all employees. Have you considered something to go along with your employee handbook? An anti-kickback guidelines and policies for your sales people, a driver policy manual for your drivers?
It is possible to cover some of your compliance in your employee handbook, but the point is to make the compliance plan clear. Sometimes having these plans separated out by who is subject to them ca be helpful.
To develop a compliance plan for HIPAA, you need to consider how you release patient information, what your privacy notices look like, how you use information, what your relationship with Business Associates is, what are patient rights with regard to their records.
Consider these questions with your HIPAA Policy:
- How will you protect patient privacy?
- How will you let them know you are protecting their privacy?
Let’s focus for a second on business associates. Chances are you will deal in some way with the storing of electronic records. How they are stored and used is becoming more and more important. Unless you are really planning on building a large infrastructure, chances are you will use a third-party for this. Have you considered how you will deal with those Business Associates? Do you need a model Business Associate Agreement? What is important for your business? What areas do you need to make sure are in your business associate agreement.
- Individually identifiable information, which means it identifies the patient or could be used to identify the patient.
- Paper or electronic patient medical or health records.
- Patient information exchanged verbally.
- Information relating to the past, present, or future physical or mental condition of an individual.
- Research data that identifies individual patients.
Making Your Program Work
You need to come up with a plan for how you will document and manage all of those elements in your program. A standard program may not be right for your business. A compliance plan is only as effective as its implementation. If you do not actually follow the plan, you should either create a process to ensure you do or CHANGE YOUR PLAN. The plan cannot protect you if there are holes in it where you regularly ignore part of it.
There is not a model compliance program. You will not find one. There are compliance program guidances. The key is to know what areas you should watch out for in your industry.
Limiting Your Liability Exposure
These are the basics to help you limit the liability of your business:
- Written Policies and Procedures – standards of conducts and other policies. Share them with everyone. Update your policies periodically
- Have a compliance professional – Designate a compliance officer with independence and authority
- Effective Training – Educate your employees
- Effective Communication – Between Compliance Officer and employees – comment boxes, anonymous hotlines etc. Ways for employees to report misconduct
- Internal Monitoring – Conduct audits regularly to make sure your program is working. Your program should help you detect problems
- Enforce Your Standards – This is the only way to make sure they follow them
- Promptly respond to complaints or issues.