Healthcare compliance officials are arranging compliance with HIPAA Secrecy and Safety Rules, although the majority of Division of Justice and the HHS Office of Inspector General Implementation activities are not for violations of HIPAA or safety breaches, however unethical arrangements with referral sources and incorrect assertions. There are more fines issued by controllers for these two compliance failures than fines for HIPAA violations.
HIPAA implementation by the HHS’ OCR has enhanced, however, the liabilities to healthcare companies from unethical arrangements with referral sources and incorrect claims are much higher. Even so, these parts of compliance are comparatively low down the list of priorities, as per the latest survey of 388 healthcare experts carried out by SAI Global and Strategic Management Services.
The survey was carried out on compliance officers from healthcare companies of all sizes, from small doctor practices to big integrated hospital systems. The purpose of the study was to find the main problems tackled by compliance officers and decide how compliance divisions are reacting and prioritizing their resources.
When asked to rate their main priorities, coping with HIPAA data breaches was awesomely the top priority and the largest concerns were HIPAA secrecy and safety.
The list of HIPAA enforcement actions has grown significantly over the past two years however there are still fewer fines than for bogus claims and arrangements with referral sources. Nonetheless, making sure claims accuracy was only rated third in compliance officers’ priority list and arrangement with referral sources was rated fifth. The survey demonstrates there is a difference between what OIG and DOJ consider to be the maximum danger areas and where compliance officials see the greatest dangers.
“The query has to be inquired as to why, in the face the implementation organizations’ priorities, compliance officials are placing these high risk-areas in a lesser priority,” said ex HHS Inspector General and CEO of Strategic Management Services Richard Kusserow. “The takeaway from the analysis is that compliance officials must be ready to better arrange their priorities and plans with those set out by the controlling and implementation organizations.”
Part of the reason for the concentration on HIPAA compliance is the surge in implementation activity by OCR in the past two years, the mass media activity encircling healthcare data breaches, and the comparatively high penalties for protected units found not to have fully complied with HIPAA Laws. With OCR probing all breaches of over 500 files, and data breaches now happening with increasing occurrence, it is easy to see why HIPAA compliance is being prioritized.
Although HIPAA is the key priority for compliance officials and where most resources are concentrated, only one in five compliance officials feels their business is well organized for a HIPAA compliance check. Last year when the survey was carried out, 30% of compliance officials said they were extremely confident that they were well organized for a HIPAA check. The proportion of compliance officials who said they are moderately ready for a HIPAA compliance check has risen from 50% to 61%, demonstrating the concentration on HIPAA compliance is having a positive effect.
The study proposes the amount of work for compliance officers is rising, however, budgets are stagnant. Compliance officials are increasingly accountable for carrying out internal audits and providing legal advice in addition to supervising compliance with HIPAA Secrecy and Safety Laws. The high workload and restricted resources mean other parts of compliance are being ignored. As per the report, “Compliance offices are being stretched thin to meet their duties.”
While external compliance evaluations are extremely advantageous, just a quarter of respondents said they use impartial third parties to complete those evaluations, with three quarters carrying out self-assessments, internal surveys, and using compliance checklists to assess their compliance plans.
“The 2018 Healthcare Compliance Benchmark Survey provides us a better knowledge of compliance program development in the healthcare sector and proposes that efficiency is being determined in terms of output, instead of outcome,” said SAI Global CEO Peter Grana. “It is plentifully clear that there is a requirement for healthcare companies to get rid of obstacles and increased duties being laid on their compliance offices that sidetrack from the development of effective risk controls.”