Compliance is an integral part of every healthcare organization and encompasses many different components and must be tailored to each organization.  In most non-healthcare businesses, “compliance” is not a concept applicable to business operations.  But in healthcare, it is everything.  Without compliance, a medical practice or healthcare business will run into problems or even fail.  But what does “compliance” entail?

A Georgia-Based Healthcare Compliance Law Firm

Little Health Law’s exclusive focus is helping medical providers. “Compliance,” generally described, is the label for what should be thought of as an essential requirement in our healthcare system for providers to maintain a proactive process, program or set of tasks designed to prevent fraud, waste or abuse and to avoid substandard healthcare services or over utilization of healthcare. Compliance involves following local, state and federal healthcare laws and regulations that are geared to the following categories of concerns: patient privacy, quality assurance, fraud prevention and data security. There are lots of such rules, and which rules are implicated by a specific set of factual circumstances as part of a business model is, of course, an important determination for compliance purposes. Unfortunately, compliance concepts can be less than clear and sometimes even counter intuitive.

To deal with this reality, ideally every healthcare enterprise, big or small, will develop and permanently maintain some sort of “compliance plan” in place to provide a compliance roadmap for the business.  What the details of such a compliance plan should be will be determined by you and your compliance advisor. Unfortunately, there is not a perfect form of compliance plan that will make a healthcare practice or business bullet proof.  Nevertheless, it is often crucial to have some form of compliance plan.

What Should Our Medical Practice’s Compliance Plan Cover?

Compliance plans vary widely in scope and details.  A good starting point for how a compliance plan should look is federal law, namely, the Patient Protection and Affordable Care Act: https://housedocs.house.gov/energycommerce/ppacacon.pdf. The PPACA actually mandates a compliance plan for many healthcare providers and suppliers.  Generally speaking, a viable compliance plan should include all (or at least most) of the following features: (a) it is in writing (usually by way of written policies procedures and standards of conduct); (b) it identifies a compliance officer (or compliance committee); (c) it provides for appropriate training; (d) it creates proper means of communication that facilitate questions answered/clarification for employees and contractors, promotes reporting concerns and avoids fear of retaliation; (e) it is enforced with clear standards; (f) it provides for self-auditing; and  (g) it provides procedures to facilitate a prompt response to infractions and corrective action.

In our Georgia-based health law practice, a few primary compliance concepts or steps we often determine should be included are these:

COMPLIANCE PROGRAM MANUAL

This is a very comprehensive document that will require tailoring by the healthcare practice’s attorney.  It will also require the identification of a named compliance officer.

COMPLIANCE PROGRAM POLICIES AND CODE OF ETHICS

These documents require special attention to detail as there are many placeholders where specific client information will need to be added.  This includes, but is not limited to, phone numbers, names, email addresses, etc.   

RECORDS RETENTION

Healthcare providers are required by applicable law to maintain and preserve medical records as well as corresponding billing documentation in the event of a patient request or third-party audit.  Providers are also required to have systems in place to ensure that email communications and other correspondence are equally preserved.  It is therefore often advisable to include in a compliance plan a policy that sets forth the expectation of the organization to maintain such data and the parameters under which such data may be destroyed in time.  The compliance plan must be cognizant of the client’s documentation system (paper vs. EMR) and other technologies.  Care must also be taken to adjust the applicable retention period based upon state law compliance requirements.

So, What Are the “Compliance” Laws Anyway?

“Compliance” in healthcare broadly refers to any law, statute or regulation, state or federal, that are designed to address the concerns noted above (patient privacy, quality assurance, fraud prevention and data security).  By way of example only, common federal compliance

  • Health Insurance Portability and Accountability Act (HIPAA).
  • Health Information Technology for Economic and Clinical Health (HITECH) Act
  • Emergency Medical Treatment & Labor Act (EMTALA):
  • Patient Safety and Quality Improvement Act (PSQIA):
  • Anti-Kickback Statute (AKS).
  • False Claims Act (FCA).

Each state will have many compliance laws, statutes and regulations.   A medical practice or other healthcare business enterprise must determine what compliance laws apply to its business model and how best to effectuate compliance and document efforts to ensure compliance.

Reach Out To Us Today

Little Health Law is committed to helping providers ensure they are compliant. We can design a compliance plan tailored to your medical practice or healthcare business and your budget. We are glad to schedule a consultation for you with one of our experienced compliance attorneys, to learn more about your circumstances and to allow you to learn more about our health law firm. Introductory consultations require no fee. To schedule a confidential consultation, email us at info@littlehealthlaw.com. Or call us at our Atlanta office 404.685.1662 or our Augusta office 706.722.7886.

We Look Forward to Working With You