What makes a successful healthcare compliance program? This question is something that healthcare employers have been seeking the answer to as part of their effort to become HIPAA compliant and to ensure a quality experience for their patients. There are several components to a successful healthcare compliance program but the best way to understand it is to look at real-world examples and case studies.
Best Examples of Healthcare Compliance Programs
This guide will take you through some of the best examples of healthcare compliance programs so you can get insights into how you can develop your own. Do take note, however, that your healthcare policies and procedures must be customized to your unique organizational needs and the type of clients you serve. Use these examples as guidelines only and it is important to tailor your policies and programs.
Case Study 1: Hospital Compliance Plan for MD Anderson Cancer Center
The MD Anderson Cancer Center has the mission of eliminating cancer in Texas through outstanding patient care, research, and education. The institution outlined its hospital compliance plan to ensure the health and safety of its patients and the strict compliance by its staff.
MD Anderson's Code of Conduct is one of the best examples of healthcare compliance programs for covered entities. The Hospital Compliance Plan details how the employees should conduct themselves with integrity according to their ten principles of conduct. They advocate strict adherence to maintaining confidentiality in patient information and commit to research with integrity following legal, ethical, and professional requirements. Gifts, favors, benefits, and other services are highly discouraged, especially in exchange for preferential treatment.
The organization has also devised the Institutional Compliance Program which covers seven compliance plans. These compliance plans must work together to ensure that services are delivered to the highest business and ethical standards.
Case Study 2: Hospital Issues Policies on Telephone Messages at the Workplace
A hospital implements a detailed policy regarding the use of telephones at work, specifically when communicating with patients or their relatives. The policy clearly states that confidential information about the patient's medical condition and treatment plan must only be disclosed to the patient using the agreed contact details. Therefore, not even relatives of the patient can have access to this information unless otherwise permitted by the patient.
This policy also requires that employees should divulge minimum necessary information in telephone communication. Furthermore, the hospital must provide adequate and regular training to employees about all forms of communication about PHI to avoid violating the HIPAA Privacy Rule.
Case Study 3: HMO Provider Authorization Process Revision
HMOs or healthcare plan providers are among the most common entities involved in healthcare compliance issues. The exchange of information between a hospital or healthcare facility and the insurance company is considered a breach of HIPAA law without proper authorization from the patient.
Therefore, an HMO company issued revisions on its processes of providing authorization for such transactions. Now an authorization form must be duly completed and signed by the patient before disclosure of confidential information and any previous patient authorization form will not be honored for this purpose.
Case Study 4: Improve Billing Issues for Filing Workers' Compensation Claims
A patient sought the help of a third-party radiology practice to provide supporting details to their workers' compensation claims. However, the radiology practice forwarded the results of the test to the patient's employer to file for workers' compensation reimbursement. However, the patient did not authorize this, especially since the test is not paid for by the workers' compensation.
Incorrect billing practices are a common source of HIPAA violations in healthcare organizations and private practices. This incident can be avoided with regular training of employees about compliant billing practices, especially when it involves insurance submissions. No record or information about a patient's health information must be provided without a specific request from the workers' compensation insurance carrier.
Case Study 5: Privacy Procedure for Outpatient Facilities Involved in Research Recruitment
Research recruitment often targets outpatient facilities because they can provide a medical background using patient health information. However, this is a direct violation of the HIPAA Privacy Rule when the patients did not previously authorize the facility to release their information for the research recruitment process.
The correct compliance policy for this scenario is to obtain legal authorization from the patient, or a duly accomplished authorization form. This authorization will not only limit access to confidential patient health information but also ensures the agreement of the client in the participation in the research.
The outpatient facility must have written policies and procedures about the disclosure of patient health information. The staff must undergo training about how to handle and manage patient information. If the information is disclosed, it should be logged for accountability and monitoring.
Steps to Improve Your Healthcare Compliance Programs
Based on the examples of healthcare compliance programs discussed above, you can use the following pointers to ensure the success of your program:
All policies, procedures, and codes of conduct must be written and displayed in an area easily visible to all employees.
There should be a dedicated compliance committee responsible for the monitoring and tracking of compliance activities. The committee will also be tasked with devising policies that ensure compliance, as well as handling reports of a breach or violation.
There should be effective and efficient communication with the compliance committee and other members of the organization. When there are new policies or revisions to the existing ones, those members will be responsible for disseminating such information.
You must form a team of internal auditors with the responsibility of assessing the performance of existing compliance measures. They will also recommend the appropriate remediation plans, should gaps be identified.
You must devise a set of disciplinary guidelines for any violations or non-compliant actions.
You must provide continuous learning and educational tools for all employees.
You can learn from the examples of healthcare compliance programs to know the proper steps to take in certain situations. Proper training and education of the healthcare staff have a vital role to play in this. You should make sure that they understand the ins and outs of the HIPAA law to avoid impermissible disclosure of PHI and other confidential medical records.