Compliance is daunting enough in a year without a pandemic. This year we’ve faced constant change: telehealth privacy issues, entire departments working from home, redesigned processes, and worldwide phishing attacks that take advantage of confusion and change. Through it all, our regulatory and reporting deadlines are knocking at the door.
It can be hard to stay focused on both the urgent and the important. Your compliance team can help you prioritize and manage your regulatory and contractual to-do lists.
As a compliance officer and compliance advisor, I work with our internal team and with healthcare practice clients to help prioritize obligations and to balance operational improvements with financial realities.
Many healthcare practices have seen a significant financial impact from Covid-19. Resources and time are in short supply. So this to-do list focuses on some fundamental compliance work. You can also download a more detailed checklist here.
5 Ways to Protect Your Healthcare Practice
1. Update your risk assessment and business continuity/ disaster recovery plans.
Heavyweight champ Mike Tyson famously said, “everyone has a plan until they get punched in the mouth.” No matter how good your plans were before Covid-19, chances are that things haven’t gone as planned. Update your plan with what you learned. What went well? What were the unexpected challenges? For example, prevention is much less expensive than remediation, so make sure your plan includes security patches are up to date.
2. Revisit your monitoring and auditing standards.
Given all the changes in 2020, it’s easy to overlook your regular checks and balances, even something as routine as reviewing your bank statements. Keeping an eye on your billing and collections is critical. So is making sure you continue to meet payor and regulatory standards, whether it’s commercial insurance, state filings, or Medicare. Your compliance team can help you prioritize and perform your internal controls.
3. Update your policies and procedures.
Many practices didn’t have formal standards for teleworking or telehealth sessions before Covid-19. Maybe your information systems usage policy doesn’t prohibit unsecured wireless networks, or maybe your annual risk assessment didn’t include employees working at home. Standards that made sense before the pandemic will still need to be reviewed. Again, use what you learned over the past few months. Many policies need revisiting considering a more robust work-from-home and telehealth arrangement for physicians and staff.
4. Catch up on due diligence for new vendors.
Have you added a new telehealth vendor, or did you outsource billing or printing services? Have your existing vendors kept up with training, background checks, and other compliance requirements? Keep in mind that CMS and other payors—as well as your cybersecurity insurance policy—may require proof that you kept up on your due diligence.
5. Don’t sleep on (or during) HIPAA and compliance training.
HHS did not address mandatory compliance training in its Covid-19 guidance. We have to assume that training deadlines haven’t changed. If you added new staff during the past few months, the clock is ticking for HIPAA and CMS training. Don’t forget that insurers and states may require additional training, too. Training will only get harder to schedule as we get closer to December 31.
Anticipate the Next 3 Steps
While it’s not clear yet whether recent changes to compliance requirements are going to become permanent, it’s important to prepare for them as though they will. Enforcement of security measures will adapt to meet changes in technology, and we know telehealth is here to stay in one capacity or another. Temporary HIPAA allowances for Covid-19 disclosures have spurred discussions on how we share information on other threats to public health.
Investing time now to evaluate your compliance plan will pay dividends and keep the important from becoming urgent. If you need guidance, please reach out to me. We offer free compliance consultations to help healthcare practices sort out what needs to be done to #comebackstronger.