The healthcare industry is a beast. It generates billions of dollars, but costs continue to skyrocket. With the passage of the Affordable Care Act, millions of previously uninsured Americans gained access to healthcare, and that expansion meant even more rules and regulations for hospitals and healthcare institutions to understand and follow. Healthcare compliance has always been a bit complicated, and this massive revision to the law has added to that. Here are some of the major healthcare compliance concerns and ways for companies to address them:
There have always been various federal and state agencies involved in healthcare regulation, and with the recent expansion, there are even more agencies at the federal, state, and local level that must be involved in implementation and oversight. This can be confusing for companies involved in any aspect of the healthcare sector, as they may need to report to some agencies but not others. For example, biotechnology and pharmaceuticals may fall under the purview of multiple agencies depending on where in the process a company participates.
To deal with the complex web of agencies involved in the regulatory process, it may be necessary for companies to hire an internal compliance team. Of course, this may be cost prohibitive for smaller operations, and external consultants are not exactly a bargain deal. Nonetheless, for any company engaged in business that even remotely relates to healthcare, someone within the company will need to become proficient with the relevant agencies and determine whether complying with their particular mandates is necessary. But, the most important thing a company can do is keep company documents, records, and contracts meticulously organized in the event that there is an issue or perhaps even an audit.
Numerous Rules and Regulations
In addition to keeping up with the various agencies, it can be an absolute nightmare trying to stay abreast of the many rules and regulations, especially since these have a tendency to change, have a lot of exceptions and exclusions, and often conflict with state laws, which can be incredibly confusing. Unfortunately, pleading ignorance to a rule’s existence will not excuse a company that is not in compliance with its contents.
Ideally, companies should seek legal advice and/or retain legal counsel to ascertain compliance. Startups and smaller firms may think that they cannot afford the hourly rates of most attorneys, but the legal market has changed quite a bit since the economy crashed. These days, more law firms are eschewing traditional billing and are willing to entertain alternative fee structures, such as monthly or per project rates. In light of the complexity of the system, it is wise to do the research and make the investment to avoid hefty fines and citations down the road.
Privacy and security are as important in healthcare as they are in any other data-driven industry, and in some ways actually more so. The Health Insurance Portability and Accountability Act (HIPAA) imposes substantial requirements with respect to protected health information, and covered entities as well as their business associates must uphold these requirements or face serious consequences. This can be particularly tricky for healthcare companies that engage in high volume contracting with external companies, the business associates, who are also expected to take the appropriate data security precautions.
To ensure that a company’s contracting partners comply with HIPAA, it is important to have conversations regarding contract security and ensure that both teams will utilize highly secure systems for the negotiation, drafting, signing, storing, and sharing of any such documents. Companies should avoid sharing confidential client data as much as possible, but there are obviously scenarios where that simply is not feasible. Hospitals and insurance companies, in particular, have records that contain a ton of sensitive information, and thus they must take extreme caution when contracting with external vendors to ensure HIPAA compliance.