HIPAA Compliance for Medical Practices
59.2K views | +3 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

A To-Do List for Medical Practice Compliance Officers

A To-Do List for Medical Practice Compliance Officers | HIPAA Compliance for Medical Practices | Scoop.it

An effective compliance program should encompass all areas of regulation that are applicable to your practice. Many practices address billing and reimbursement and HIPAA compliance, but compliance programs also should cover employment, Occupational Safety and Health Administration (OSHA) requirements, Clinical Laboratory Improvement Amendments of 1998 (CLIA) regulations, the Employee Retirement Income Security Act requirements, and other healthcare regulatory areas, including self-referral/stark law and anti-kickback regulations. Every practice is unique, and so should be every compliance program. 

 

A principle element of a compliance program is an effective and empowered compliance officer or compliance committee. If the practice designates a compliance committee, the compliance officer will be the chairperson and will coordinate the responsibilities between the members. The compliance officer’s two main responsibilities are (1) to develop and (2) to implement the practice's compliance program.

 

The compliance officer should have knowledge in many areas, including business administration, clinical activities, coding, billing, reimbursement, risk management, and at least a general knowledge of the laws and regulations applicable to the medical practice environment. The compliance officer should have good judgment, the ability to prioritize, and — to create the necessary culture — he should be respected, and considered to be approachable, by the other members of the practice.

 

Below is a list of responsibilities of the compliance officer and/or committee. This list can help your practice to develop a job description and focus on key requirements when recruiting a compliance officer. AAPC and the Health Care Compliance Association are two organizations that offer certifications for individuals who have proven competency through rigorous study and examination. Hiring a certified individual provides additional assurances that the individual understands and can apply key areas of compliance required to development and implement an effective program.

 

List of Responsibilities


1. The compliance officer will be responsible for development of the corporate compliance program. After the performance of a baseline assessment, the compliance officer will draft the formal compliance program documents.

 

2. The compliance officer will review all relevant documents, perform, and coordinate an organization-wide audit, and review all areas of possible noncompliance within the organization.

 

3. The compliance officer will distribute the written documentation of the compliance program.

 

4. The compliance officer will be responsible for periodically reviewing and updating the compliance program, and for dissemination of any changes to the employees and agents of the organization.

 

5. The compliance officer is responsible for developing, coordinating, and/conducting the necessary training programs for all members of the healthcare organization. The initial training will include complete education regarding the corporate compliance program.

 

6. The compliance officer will be responsible for auditing the training records that are to be maintained by the organization as an element of compliance.

 

7. The compliance officer will review/or coordinate the review of independent contractor arrangements to ensure that all of the applicable laws and regulations have been followed.

 

8. The compliance officer is responsible for the coordinating and/or screening of employees, agents, and independent contractors. This will involve making inquiries to the cumulative sanction report, and the U.S. Government Accountability Office debarred contractors listing.

 

9. The compliance officer is responsible for conducting and/or coordinating internal and external compliance audits. This is to ensure that all areas of the corporate compliance program are being adhered to. The compliance officer will also coordinate and/or audit the training and reporting elements of all the regulatory compliance manuals.

 

10. The compliance officer will coordinate and/or develop policies and programs for reporting noncompliance issues. This will include developing a reporting system for all persons associated with the practice to utilize when necessary to inform the compliance officer of potential noncompliance issues.

 

11. The compliance officer will perform and/or coordinate all investigations of deficiencies resulting from the reporting system or identified through the periodic assessments.

 

12. The compliance officer will initiate and/or coordinate corrective and preventive action for areas of noncompliance as identified in the periodic audits and/or through the reporting system.

 

13. The compliance officer will be responsible for maintaining a file of all areas of the compliance plan. This will include documentation of the initial baseline audit, the periodic compliance audits, training of personnel and agents of the practice, results of screening of individuals, any reports of suspected or actual noncompliance, all reports of investigations, and all reports of corrective action taken after the investigation has been completed.

 

14. The compliance officer will report regularly to the owner(s), managing physician, and/or board of directors of the organization.

 

15. The compliance officer will develop a budget necessary to perform all of the compliance duties including items such as training for the staff, compliance officer, and compliance committee.

 

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.
Scoop.it!

HIPAA Compliance Audits Remain on Hold

HIPAA Compliance Audits Remain on Hold | HIPAA Compliance for Medical Practices | Scoop.it

After a three-year delay, federal regulators remain tight-lipped about when the next round of HIPAA compliance audits will begin. But a variety of new HIPAA-related guidance is in the works, a government official says.


During an April 15 session at the HIMSS 2015 Conference in Chicago, a regional official from the Department of Health and Human Services' Office for Civil Rights told attendees the next phase of the random HIPAA audit program "is under development." Attorney Alessandra Swanson, an OCR team leader from the agency's Chicago office, declined to say whether there's a potential timeline for when OCR expects to kick off the next round of HIPAA audits, or what the program might look like.


OCR, which enforces HIPAA, had hoped to kick off phase two of its compliance audit program last fall, but officials last September revealed the program was being delayed. The culprit blamed at the time: technology that the agency said was still being rolled out at the agency that will allow OCR to collect audit-related documentation from covered entities and business associate via a Web portal.


OCR also had a change in leadership last year. In July, Jocelyn Samuels was named the office's new director. Samuels, who was formerly acting assistant attorney general for the Civil Rights Division at the U.S. Department of Justice, replaced Leon Rodriguez, who was named director of U.S. Citizenship and Immigration Services, a unit of the Department of Homeland Security.


Privacy attorney Adam Greene, a partner at the law firm Davis Wright Tremaine, told Information Security Media Group in an interview at the HIMSS Conference that he believes the delay in various OCR enforcement activities, including the audit rollout, could be related to tight OCR resources, as well as the new leadership settling in.

But OCR appears to be staffing up for the audit program. In an announcement posted last week by HHS, the agency said it had open a "compliance specialist - auditing" position available within its Washington headquarters.


"This position serves as the senior auditing subject matter expert who provides leadership, oversight, coordination and advice necessary to design, plan and execute an audit program of covered entity and business associate compliance with the HIPAA privacy, security and breach notification rules," the job posting said.


OCR officials in recent months have said the agency also is working on updating its audit protocol for covered entities and creating a new audit protocol for business associates. BAs became directly liable for compliance under the HIPAA Omnibus Rule last year and are subject to OCR enforcement actions, including financial penalties that range up to $1.5 million per HIPAA violation.

Other Activities

In addition to preparing for resuming the random HIPAA compliance audit program, OCR is working on new guidance, including material relating to business associates; the breach notification rule as well as a breach assessment tool; the use of protected health information for marketing; the "minimum necessary" standard for data; and HIPAA Security Rule compliance updates, Swanson says.


In addition, OCR is continuing breach investigations and rule-making.

"Our goal is, and has always been to get entities into compliance," Swanson says. "I know that our enforcement cases get a lot of attention, but when you look at the number of enforcement cases versus those that are resolved with technical assistance and corrective actions, you'll see that we always try to go the compliance route first. "We're interested in getting everyone into compliance; we're not out there trolling for enforcement cases."


OCR is anticipating receiving 15,000 to 17,000 HIPAA complaints in 2015, she says. All health data breaches affecting more than 500 individuals are investigated by the agency, she says. Although there have been no enforcement actions involving monetary settlements with business associates, Swanson says the agency is current investigating a number of breaches involving BAs.


Greene, a former OCR official, says he expects the first HIPAA settlements between OCR and business associates to come later this year or in 2016.

Pending Rules

Among the rule-making activities that OCR has under way is an update to a proposal for an accounting of disclosures rule, which was mandated under the HITECH Act. OCR in May 2011 issued a notice of proposed rule-making for updating accounting of disclosures requirements under HIPAA. The proposal generated hundreds of complaints from healthcare providers and others. Many of the complaints were aimed at a controversial new "access report" provision.


Federal advisers have suggested that OCR and its sister HHS agency, the Office of the National Coordinator for Health IT, launch pilots to test technical capabilities supporting accounting of disclosures involving PHI from electronic health record systems before a final rule is issued.

OCR is also creating a way to share with victims a portion of the financial penalties it collects from HIPAA settlements, Swanson says. Also, a final rule from OCR for the National Instant Criminal Background Check System is being reviewed by the Office of Management and Budget.


more...
No comment yet.