Archives     Advertise     Editorial Calendar     Subscribe     Contact Us    


A New Year's Resolution: Updating Your Compliance Plans


 

As January gets underway, it is common for us to reflect back on the prior year and set goals for the coming 12 months.

Whether it's losing weight or maintaining better relationships with loved ones, New Year's resolutions are on everyone's minds this time of year. Healthcare providers should also consider setting a New Year's resolution: updating your compliance plans.

To be effective and beneficial, compliance policies and procedures should periodically be revised and updated, and the beginning of the year is as good a time as any to undertake such revision. Among the key compliance policies and procedures that you might want to consider updating are your corporate compliance plan, your HIPAA privacy and security plan, and your business associate agreements.

Compliance plans are written strategies, adopted by a healthcare provider, to assist in day-to-day compliance with applicable laws and business policies. A compliance plan that is drafted without further review, revision, or implementation, however, carries the same effect as having no compliance plan at all. Thus, to be effective and beneficial, all compliance plans should be periodically reviewed and revised to address changes in the law, operational changes, and past experiences.

As you revise your corporate compliance plan, or implement one for the first time, keep in mind that among other things, the plan should include a review of the applicable laws and regulations (e.g., Stark, Anti-Kickback, False Claims Act, Civil Monetary Penalties, etc.), what is expected in terms of complying with such laws and regulations, the consequences of noncompliance, and ways to report noncompliance to the appointed compliance officer or compliance committee. Policies should be written in a manner that is easy for the employee and contractor to understand.

Compliance plans should address the risks that are associated with a particular provider, contain monitoring and auditing systems that detect compliance violations, and discuss ways to address such violations. Compliance plans should include a training component, pursuant to which employees and contractors are periodically educated and trained on the elements of the plan. Training should occur both when an employee or contractor is hired and periodically thereafter (e.g., every year or every six months). The compliance plan should be made available to all employees and contractors to which it applies and should be formally adopted by the board of directors or similar governing body.

Similarly, based on changes in the law and increased enforcement activities, having an up-to-date HIPAA plan is extremely important. As you revise your HIPAA policies and procedures, make sure that your employees are adequately informed of your commitment to following the HIPAA plan and are properly trained regarding the HIPAA policies and procedures. If there have been any changes in applicable privacy and security laws since the last revision of your HIPAA plan, revise your plan accordingly. Also review whether your Privacy Officer and/or Security Officer is still the appropriate person(s) for the job.

On a related note, Business Associate Agreements (BAAs) are a necessary tool for ensuring HIPAA compliance, but healthcare providers oftentimes overlook this area of compliance. However, given the recent focus on business associate relationships by the Office of Civil Rights, the government agency overseeing HIPAA compliance, healthcare providers should not only ensure that a BAA is in place when one is necessary but also that the BAA reflects the intentions of the parties.

BAAs contain numerous provisions that could require review and negotiation, but our top several provisions to look for when reviewing a BAA include: indemnity provision; breach reporting; timely access to patient information (or related accounting information) to help facilitate a patient's request for access, request for amendment, or request for an accounting in accordance with HIPAA; de-identification of data; and choice of law.

Although you might waiver on your other New Year's resolutions (we assure you that ours will be broken before the end of the month!), updating your compliance policies and procedures, especially your corporate compliance plan, your HIPAA policies, and your BAAs, is one resolution that should be... and can be ... kept.


Matthew Kroplin is a partner in Burr & Forman's Nashville office, practicing in the firm's healthcare and business litigation sections. Kelli Fleming is a partner in Burr & Forman's Birmingham office, practicing exclusively within the firm's healthcare section. For more information, go online to burr.com.

WEB:

Burr & Forman, LLP

 
Share:

Related Articles:


Recent Articles

Spectrum Solutions Collaborates with UCLA on Saliva-Based Next-Gen Sequencing (NGS) Liquid Biopsy Research for the Early Detection of Lung Cancer

Study to focus on using saliva in the analysis of cell-free circulating tumor DNA (ctDNA) to accurately and non-invasively detect non-small cell lung cancer (NSCLC).

Read More

DRUG COMPANIES URGED TO PROVIDE DISCOUNTS TO 340B COMMUNITY PHARMACIES

Yesterday, counsel for the American Hospital Association and the five other national groups and three individual hospital systems that sued the Department of Health and Human Services (HHS) over its failure to halt drug company actions that undermine the 340B drug pricing program sent letters demanding that the offending drug companies immediately halt their illegal activities.

Read More

Study Shows Drastic Increases in Opioid-Affected Births

The rate of mothers who had an opioid-related diagnosis when delivering their baby increased by 131% from 2010-2017, as the incidence of babies diagnosed with drug withdrawal, known as neonatal abstinence syndrome (NAS), increased by 82% nationally during that same time period.

Read More

Case Management: Enhancing Revenue, Care Transitions and Patient Outcomes throughout the Hospital System

The importance of hospital and health system case management has grown exponentially over the past 10 years and is now getting attention from leaders throughout the healthcare industry.

Read More

TennCare Block Grant Waiver Approved

More than a year after submitting Amendment 42 to the Centers for Medicare and Medicaid Services (CMS) requesting a waiver to increase flexibility in the administration of the state's Medicaid program, Tennessee has received an affirmative nod to move forward.

Read More

OptumInsight and Change Healthcare Combine to Advance a More Modern, Information and Technology-Enabled Health Care Platform

Accelerates work to improve outcomes and experiences and lower the cost of health care

Read More

AHA Statement On Dc Circuit Court Of Appeals Decision On Mandated Disclosure Of Negotiated Rates

Read More

AHA STATEMENT ON COURT DELAY OF MOST FAVORED NATION MODEL INTERIM FINAL RULE

Read More

Sen. Alexander's Farewell Address

Read More

Alexander: Congress Set to End Surprise Medical Billing

Proposal to protect patients from surprise medical bills and resolve payment disputes between providers and insurers included in government funding legislation that the Congress will vote on this week

Read More

Email Print
 
 

 

 


Tags:
BAA, Burr & Forman, Business Associate Agreement, Compliance, HIPAA, Kelli Fleming, Matthew Kroplin, Office of Civil Rights, OIG, Privacy and Security Plan, Regulatory Compliance
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: