Despite not being as heavily regulated as other industries, healthcare compliance is extraordinarily complex and high-stakes. The emphasis on the importance of compliance in healthcare may be due to the fact that lives are in the hands of the practitioners providing the service.
When healthcare providers or organizations act out of compliance, the lives of patients can be negatively affected to the point of medical bankruptcy or death. In addition, the systems that support healthcare can also be negatively impacted if healthcare providers aren’t following carefully cultivated guidelines. When healthcare providers act within compliance, a patient has a sense of safety and security that their care will be delivered based on contemporary and appropriate standards.
Keep reading to learn more about where compliance standards come from, how healthcare organizations manage compliance, and how healthcare professionals can become healthcare compliance professionals.
Major Laws and Agencies That Determine US Compliance in Healthcare
To attempt to demonstrate the complexity of healthcare compliance, the following section will go over major players in the compliance arena, including laws and agencies that mediate healthcare compliance and examples of the compliance burdens these laws/agencies represent.
Because compliance is determined by factors including services rendered, insurances accepted, and more, this list is non-exhaustive.
The Health Portability and Accountability Act (HIPAA)
Passed in 1996, HIPAA legislation protects patient privacy and creates a patient agency regarding how their health information is used and disclosed. Compliance with HIPAA means that individuals must give authorization to release medical records in all but certain functional or exceptional cases.
The Health Information Technology for Economic and Clinical Health Act (HITECH)
As a part of the American Recovery and Reinvestment Act of 2009 (ARRA), HITCH provides incentives for healthcare organizations to accelerate their transitions to electronic health record (EHR) systems. Compliance concerns related to the incentives provided by HITECH include auditing EHR systems, data breaches, patient access to electronic records, and the use of personal health information (PHI) by business associates.
The False Claims Act (FCA)
The False Claims Act is a federal law designed to protect federally funded healthcare systems from false claims such as billing for the same service more than once or making fraudulent statements to obtain payment for services not rendered. In regard to compliance, the law allows for the federal government, protection for employees who act as whistleblowers and incentives for individuals to report fraud.
The Patient Protection and Affordable Care Act (ACA)
The main purpose of ACA is to make health insurance more affordable and accessible to Americans through private insurance market reform, the expansion of Medicaid, and support for cost-lowering care delivery methods.
The major compliance concern of ACA is the mandate that all healthcare providers who accept Medicare and Medicaid must have compliance programs, with the intent being that all healthcare professionals implement a program for compliance. In addition to the compliance program mandate, compliance issues raised by ACA include free preventive care, the elimination of dollar limits for essential health benefits, the freedom to choose providers, and free contraception.
The Centers for Medicare and Medicaid Services (CMS)
The Social Security Act, first passed in 1935, is a law designed to protect citizens in the US from the struggles and dangers associated with aging, poverty, disability and unemployment. Notably, this act resulted in the creation of Medicare and Medicaid in 1965 under Lyndon Johson.
Housed within the US Department of Health and Human Services, CMS—the antecedent to Health Care Financing Administration (HCFA)—is the federal agency that oversees the two insurance programs, the Children’s’ Health Insurance Program (CHiP), portions of the Health Insurance Portability and Accountability Act (HIPAA), some provisions of the Patient Protection and Affordable Act (ACA), the meaningful use program for the Health Information Technology for Economic and Clinical Health Act (HITECH), and more.
In addition to being the arbiter of the regulations for the aforestated acts and programs, CMS engages in compliance by working to eliminate fraud and abuse of Medicare and Medicaid through investigations and oversight.
The Drug Enforcement Administration (DEA)
The mission of the DEA is to enforce the laws and regulations related to the growing, manufacture, and distribution of controlled substances. Compliance issues that intersect with DEA operations include prescribing only necessary amounts of controlled substances, drug diversion prevention, and the timely reporting of loss or theft of controlled substances.
The Food and Drug Administration (FDA)
Although the FDA is responsible for protecting public health in many areas, its purview in the realm of healthcare regulations includes drugs, biological products, medical devices, and radiation-emitting products. In addition to these regulations, regulations from the FDA heavily impact clinical trials.
The Occupational Safety and Health Administration (OSHA)
On top of all the regulations for care provision, healthcare providers must also ensure compliance with OSHA standards for the workplace.
A part of the US Department of Labor, OSHA is responsible for the standards that ensure employees have safe and healthy working conditions. Compliance for healthcare in relation to OSHA standards includes creating a culture of safety and dealing with infectious diseases, workplace violence, chemicals, hazardous drugs, emergency response hazards, radiation, personal protective equipment, and more.
Joint Commission
Although not required to operate, healthcare facilities can voluntarily choose to enter into an accreditation process by which they choose to comply with standards set by the Joint Commission.
As the mission of the Joint Commission is to improve healthcare by leading organizations to a goal of zero harm, these standards often require organizations to surpass the bare minimum required by federal and state regulations. Compliance issues for healthcare organizations raised by the Joint Commission comprehensively encompass all aspects of healthcare delivery.
State and Local Regulations
In addition to all of the federal laws and regulations, healthcare organizations must also comply with the regulations as set forth by the state in which the organizations operate. Compliance issues will often overlap with federal compliance, putting the burden on healthcare organizations to understand all the unique conditions under which either federal or state law is preemptive.
Compliance Programs in Healthcare Organizations
At the most basic level, compliance in healthcare rests on everyone: practitioners, support staff, administrators, and patients. Because of the complexity of regulations and the vast number of human actors, compliance often requires a targeted, herculean effort to implement correctly. As a result of the ACA mandate, and because compliance is becoming a more highly specialized field, many healthcare organizations place the responsibility for compliance onto a compliance department or compliance officer. These teams of people create the processes, protocols, and programs for operating in alignment with the complexity of healthcare compliance.
Although the best compliance programs will be cultivated with the unique healthcare organization in mind, the Office of Inspector General (OIG) of the US Department of Health and Human Services provides extensive guidance on how to cultivate compliance programs in a wide variety of healthcare settings. The seven standard elements of a compliance program include the following:
A Written Compliance Guide
This will include the development, distribution, and implementation of any codes of conduct and/or compliance-related policies or procedures directly related to compliance. The intent of these written documents is to help amplify and move forward the organization’s commitment to either meeting or exceeding standards for ethics and lawfulness.
Clear Role Delineation for Compliance Officers, and/or Compliance Committees
To help organizations understand the parties responsible for a high-level understanding of compliance, compliance programs must have a clear role delineation for their compliance staff. The OIG recommends the individuals and/or committees report directly to the CEO and/or organizational governing body.
Education and Training
To ensure that all stakeholders in healthcare are participating in compliance, an effective compliance program will require the development and delivery of education and training programs for employees.
Communication Mechanisms
Because breaches in compliance happen within healthcare communities, it is important to have reporting protocols that allow for employees and healthcare community members to report breaches in compliance. These communication mechanisms can be anonymous and should foster a system that eliminates or prevents retaliation.
Investigative and Disciplinary Measures
To ensure all complaints are reality-based and to make clear what will happen should a complaint prove legitimate, compliance programs should develop and implement a clear process for complaint response, appropriate corrective action, and reasonable employee discipline.
Internal Monitoring and Audits
Effective compliance programs include internal monitoring and audits to measure deficiencies in compliance so that they may be addressed.
Prompt Violation Management
When breaches in compliance are detected, compliance programs have systems in place whereby investigation, corrective action, and reporting are done in a timely manner.
Careers in Healthcare Compliance
Because healthcare compliance is vast and becoming increasingly complex to manage, there is a decent amount of earning potential.
According to the Bureau for Labor Statistics (May 2019), the 317,600 compliance officers in the US earned an average of $72,850 per year. As a result of the increasing need for this job, many universities are responding by offering degree and certificate programs in compliance at several levels and in several disciplines.
For example, Arizona State University offers an online bachelor of science in healthcare compliance and regulations for those new to career seeking interested in joining compliance teams or becoming compliance officers. Additionally, ASU provides an online master of science in corporate and healthcare compliance. There are also higher-level programs available as well.
As a final note, healthcare and healthcare support professionals can also move into compliance work through professional certification. Professional certification is the voluntary process by which specialists in certain arenas sit for a test to prove they understand the profession at a high level of quality. Certification organizations for compliance officers in healthcare include the Healthcare Compliance Association (HCCA) and the American Academy of Professional Coders (AAPC).
Becca Brewer, MEd
WriterBecca Brewer is building a better future on a thriving earth by healing herself into wholeness, divesting from separation, and walking the path of the loving heart. Previously to her journey as an adventurer for a just, meaningful, and regenerative world, Becca was a formally trained sexuality educator with a master of education.