Operational compliance: Are you a best practice?

Once a solid compliance plan has been created, education and guidance should be continually provided.

Over many years working as an administrator for a bustling practice, I learned the significance of taking a thoughtful approach to compliance. Our management team’s goal was to incorporate and embrace compliance into daily operations.

Now that I’m a consultant, I realize we weren’t alone. I’ve seen first-hand how often practices struggling with compliance lack an intentional and planned approach. While rules and regulations may be understood, often no processes or training are in place to set the standard for team members.

Meanwhile, exemplary practices are distinguished by their comprehensive compliance measures and astute management. As a result, these “best practices” are at a lower risk of being penalized or fined by the Office of the Inspector General, Centers for Medicare and Medicaid Services, and others.

Take a comprehensive approach

From front desk staff to physicians, compliance must be the basic building block for daily duties. Compliant practices facilitate this by folding appropriate protocols and habits into day-to-day operations, regardless of the task.

For example, with HIPAA compliance, the best practices incorporate HIPAA training into their onboarding process to ensure employees understand what is expected of them and decrease the chance of being found noncompliant.

Taking that further, in a compliant practice, individuals are trained to clearly understand how HIPAA rules apply to their specific job functions. For example, front desk staff members have clearly written policies and procedures on how to appropriately share with new patients the Notice of Privacy Practices (NPP) and can comfortably answer patient questions regarding privacy. The NPP is also posted in a visible location, with copies available for new patients who have not yet reviewed and signed the form with the practice.

In addition to providing employee training and education, exemplary practices customize their forms and plan. For instance, if a template was used when creating the NPP form, the final form will be customized to describe the practice’s specific methods for different tasks (e.g., the type of appointment reminder patients can expect, the sign-in process, and the procedure for calling patients from the reception area). When finalized, the practice should review these plans and rules periodically to evaluate, modify, and update as needed.

Finally, best practices require staff members to conduct themselves in a professional manner and respect the privacy of individual patient information. Inappropriate discussions or disclosures of protected data are considered unacceptable, and patient information should be divulged strictly on a need-to-know basis. Additional safeguards to protect data include unique passwords and screen protectors. Meanwhile, all staff members are made to understand they should never access patient information without a valid reason. There is accountability for “bad actors” who do not follow practice policies.

Build a solid foundation

While compliance statutes may be complex, their intent is to aid practices. They were created to simplify regulations, make laws more understandable, and provide processes that are conducive to each task. For this reason, compliance regulations should serve as the framework on which a practice’s policies and procedures are built.

Once a solid compliance plan has been created, education and guidance should be continually provided. This creates a practice environment where compliance is a palpable, ongoing commitment, and ensures that staff members complete each task with an air of confidence that sets patients at ease.

Do you work in a best practice? OP