When asked if your practice has a compliance program, the easy and honest answer is likely, “Yes, of course.” Yes, you probably adhere to most standards, applicable laws, and guidelines. But the real question is, do you have a meaningful compliance program that is designed and appropriate for you?
Historically, the same suggestions and solutions have been offered to outpatient therapists for the last 20-plus years, and compliance language and resources have continued to be difficult to interpret unless you are an attorney. So how are you supposed to truly maintain compliance in your clinic when technology advancements, a worldwide pandemic, and a rapidly shifting and consolidating healthcare environment have all required you to adapt?
Start with a personalized risk assessment
First, consider reviewing your company-wide areas of risk beginning with an assessment of the largest area of exposure when it comes to compliance and patient data. Determine how this information is being transmitted, who has access to it and how you are securing the patient data. This includes intake forms, documentation notes, flowsheets, home exercise programs, and anything else that includes protected health information. All of this information needs to be secure.
Put the right technology in place
A manageable solution to help healthcare providers oversee compliance is to implement an EMR that is forward-thinking while also providing real-time solutions to practicing clinicians. An industry-specific practice management software can help business owners and clinical staff manage and oversee this highly regulated environment of protected health information, which can go a long way in ensuring a meaningful compliance process. With many available EMR options to choose from, look for a modern and highly automated system that can assist with clinical operations, reporting features, business management tools, and internal audit features that allow for tracking and oversight of key performance indicators in a secure and efficient manner.
Build a framework suited to your business
A proper compliance program for healthcare providers should include a comprehensive framework designed to ensure that your practice adheres to applicable laws, regulations, and ethical standards while delivering excellent patient care and conducting business operations. And it has to be designed to scale and adjust as your business, and industry regulations, continue to evolve.
A thorough compliance program is essential in order to prevent fraud, abuse, and other violations, as well as to promote the highest standards of patient safety and evidence-based care. Each company needs to determine what is appropriate and reasonable when it comes to structuring, supporting, and paying for compliance operations within the organization. The size, scope, and type of practice will all impact the compliance program, but a typical outpatient therapy compliance program should include the following elements:
- Written policies and procedures: Includes clearly defined policies and procedures that outline the company’s commitment to compliance, code of conduct, and specific guidelines for various aspects of outpatient therapy business operations. A compliance consulting provider can assist with creating these documents for your office.
- Education and training: Regular role-based training and education for employees, management, and relevant stakeholders to ensure they are aware of their roles and responsibilities in maintaining compliance. Annual compliance, sexual harassment and discrimination, cybersecurity awareness, and other related content should be offered annually or as required by your state and payor contracts. You should research platforms that provide therapy-specific content for this training or ask a consultant for recommendations.
- Internal monitoring and auditing: Regular internal audits and monitoring to identify potential compliance issues, assess the effectiveness of policies, and detect deviations from established procedures. Documentation, coding, and billing audits should be performed on a routine basis as well as an annual IT risk assessment. A third party can assist with these tasks, or you can also try to utilize tools like this Security Risk Assessment Tool provided by HealthIT.gov.
- Risk assessment: Ongoing assessment of potential compliance risks associated with the company’s activities, allowing for proactive mitigation. This ongoing process includes constant communication with your compliance officer to ensure that all components of your practice are adhering to applicable laws and regulations. Every component of your practice should be assessed including state-specific HR rules, marketing strategies that adhere to stark and anti-kickback statutes, and even language interpretation options for patients who are not proficient in English.
- Documentation and recordkeeping: Comprehensive recordkeeping to document compliance efforts, training sessions, audits, investigations, and corrective actions taken. A learning management system is a good place to start with training sessions in order to track and record employment engagement. Internal tools and other privileged materials should be limited to authorized employees only.
Anyone can create a compliance program, but remember that outpatient therapy compliance programs – including software, security, and privacy measures – should be tailored to the specific areas of service that you provide. Staying up to date about regulatory changes, providing routine staff education, and offering robust operational content via a proactive game plan for managing compliance risk is the best way to avoid unnecessary exposure to your practice. Don’t forget to designate a compliance officer at your company who is responsible for overseeing the program’s implementation or keep it simple and outsource this function in order to receive guidance and oversight from an on-demand compliance team.
It’s time to leverage technology, offer practical solutions for workplace safety, and establish a standard of excellence that leads your practice into the next chapter of success. You should consider partnering with an EMR that understands how to prioritize compliance, adapt, and provide tools for success as well as a team of compliance experts who really understand your practice. Protecting your hard-earned degree in the event of an unforeseen circumstance is why you purchase liability insurance, so be proactive and prevent issues from becoming massive headaches.
About the author:
Daniel Hirsch is an experienced and licensed PT with over 15 years of risk management and compliance experience. He is CEO of Risk & Compliance Analytics LLC, a comprehensive compliance solution for outpatient therapy practices. He has experience in both Property & Casualty and Life & Health Insurance, has served as the Chief Compliance Officer for large multi-state therapy practices, is an educator on Therapy Ethics and the PT Profession, and maintains auditing and compliance certifications. You can find Daniel on LinkedIn and also follow his company page.