Changing Yourself with the Changing Regulations

You must have noticed the compliance guidelines and regulations that have been laid down for you as a physician are downright confusing– what’s with its numerous and varied listed practices. Most small physician practices cannot afford to employ a full-time compliance officer; hence if you are handling compliance duties, you are left flummoxed and overwhelmed with all the responsibilities. Inevitably, a lot of things simply ‘slip through cracks’ even if you understand them. This leads to various compliance mistakes. We would try to help you with an overview with which you may try cutting down various compliance mistakes that you make.

Effective Compliance Program

There are seven components in the compliance program guideline for individual and small group physician practices that provide a solid basis for a voluntary compliance program. These are:

• Conducting internal monitoring and auditing
• Implementing compliance and practice standards
• Designating a compliance officer or contact
• Conducting appropriate training and education
• Responding appropriately to detected offenses and developing corrective action
• Developing open lines of communication; and
• Enforcing disciplinary standards through well-publicized guidelines

Unlike other guidelines issued by OIG, this set of guidelines doesn’t suggest you to strictly implement all these points into your compliance program. Instead, it emphasizes on a step-by-step approach for implementing a voluntary compliance program.

Now that you have a vague understanding on what an effective compliance program inculcates, let us ponder on the most common compliance mistakes that are committed by Physician Practices. Invariable to the size of your organization, you would definitely be held accountable for overstepping the HIPAA regulations. In addition to paying penalties for non-compliance, law suits, bad publicity etc. can really tarnish your overall image.

Some of the most common mistakes include:

• Sending wrong medical records: Administration shoots a mail or fax containing unencrypted medical records to an unintended recipient, exposing your health records.
• Unsecured records: Sometimes, physicians may not take proper care of the paper records or downloaded records, and keep them unsafe or unencrypted in someplace unsafe or in external drives. This places records at risk.
• Improper disposition of records: Second copies of crucial records are, sometimes, thrown simply in a bin without shredding them.
• Unmonitored computer or medical device: It is important as per HIPAA regulations to regularly review system activity through access and security-incident reports. In cases which patient information is stored in medical devices, employers have to have data wiping programs.
• Data Access Limit: Not providing ‘minimally necessary’ releasing patient information to requesting parties. 
• Contingent plans: There is no contingent plan in case of data loss, emergency or system error.

Best Healthcare Compliance Training Practices

Now let’s have a look at how to try reversing the catastrophe. Practices are useful as the simple guidelines go down well. Some of them are:

• Train personnel: Training employees handling or having access to patient data is mandatory. Educate them about proper procedures for maintaining HIPAA compliance as well as penalties for violation.
• Encrypt sensitive information: While transmitting PHI, make sure it is encrypted according to HIPAA standards and transmitted over a secure connection. It is critical for laptops and all mobile devices.
• Laptops and other portable devices: Your portable device policies should clearly explain where devices are to be transported and what to do if device is lost/ stolen.
• Protect your paper: Documents containing PHI data should be secured and only given to print when explicitly required. This includes no papers lying around.
• Teaming up with an expert: Partnering with an expert (such as a data management provider) that provides imaging, storage and shredding services helps protect your PHI data throughout its lifecycle.

Establishing best set of Healthcare Compliance Training Practices, you can easily lay down the steps people in your organization should follow. Clarifying how patient information is handled and documents are managed and / or contacting a third party vendor helps you maintain the standards of compliance.