If you are a provider of healthcare services, you need a compliance plan. A compliance plan is a written document that details your practice’s policies, procedures, and operations. While many providers are aware of the importance of having an established compliance plan, many do not routinely review or update their compliance documents to reflect changes in their practice and operations. Changes in scope of services, new management, introduction of new technology, or changes in relevant law all necessitate a review and update of your existing compliance plan.
A compliance plan provides detailed guidance to practice personnel and works to ensure their actions are in accordance with relevant laws and best practices. Failing to maintain a comprehensive compliance plan may put a practice at risk of violating laws or contractual arrangements. For example:
1. The Health Insurance Portability and Accountability Act (“HIPAA”) requires healthcare providers to maintain specific policies and procedures related to the use and disclosure of protected health information, including specifically enumerated physical, technical, and administrative safeguards. In addition, HIPAA requires policies related to risk assessments and breach notifications. Failing to have an appropriate HIPAA compliance plan in place can lead to unintended HIPAA violations and financial penalties. Having an appropriate compliance plan in place, however, may work to minimize potential adverse consequences.
2. Contracts practices enter into with insurance providers, for example, may contain a representation that the practice maintains a compliance program to ensure it meets the standards and obligations of the insurer. Even if the agreement specifically does not require the practice to establish a compliance plan, such a plan should set forth the standards for compliance with an insurer’s particular requirements, thereby minimizing risk that the practice will violate the terms of any agreement.
3. State and federal laws dictate many business operations of a practice, including employee non-discrimination laws, hiring and firing of employees, maintenance of personnel files, and record retention. It is important that a practice ensure its compliance plan meets all relevant legal requirements. Failing to follow certain personnel requirements, for example, can place a practice at risk of violating relevant employment laws.
4. Billing and coding procedures are a fundamental part of any effective compliance plan. An effective compliance plan addresses billing processes, routine audits, specific policies regarding how to address potential overpayments, corrective action procedures, and responding to billing inquiries. Failing to monitor billing and payments can lead to costly errors and potential violations of the law or payor agreements.
5. The complexities of federal and state fraud and abuse laws place many practices at risk of legal violations, however unintended. A compliance plan should govern policies and procedures related to topics such as illegal remunerations, payment of kickbacks, self-referral prohibitions, gift-giving and receiving, and conflicts of interest. Well-documented procedures can minimize the risk that practice employees will violate these laws, as well as document a practice’s intent to comply with such laws.
These are just some of the reasons that establishing a compliance plan, and evaluating the plan on an on-going basis, is an important component of operating a medical practice. If you do not maintain an active compliance plan, or have not updated your plan recently, we encourage you to contact one of the listed Roetzel attorneys.View PDF