Manage: Involve colleagues to ensure your organization complies with regulatory changes

Managing healthcare regulatory changes is a balancing act. Oftentimes, the Compliance department is responsible for regulatory oversight, project management, and support with individual departments handling the day-to-day management of regulatory requirements. This approach makes it difficult to involve the right people in a regulatory change process and to keep track of the steps they take to comply.

YouCompli helps you manage the whole process of responding to regulatory changes. With our simple tools you can easily plan your response, involve the right people, and track progress. (Read how YouCompli empowered the Compliance department to better manage regulatory change and deliver greater value to the hospital system.)

In this Clip Scott Borsuk explains how YouCompli helps manage regulatory changes by offering tools to assist in preparing and responding to new regulations.

Watch more videos on this topic here and see how YouCompli can help your organization

Jumpstart your response to regulatory changes

Once you’ve decided a regulation applies to your organization, use YouCompli to manage your response. YouCompli provides:

  • Clear business requirements and tasks: For every regulation you take on, YouCompli generates a complete set of legally validated business requirements, tasks, and deadlines
  • Sample documents: Our analysts write model procedures and tools to simplify your completion of the required task.  Download these legally validated expert tools and model procedures and customize them for your own organization.  
  • Specific roles for your colleagues: build a team for each regulatory change based on your actual needs. You can assign tasks to colleagues based on their functional area, their physical location, their role in the compliance initiative, and the nature of the regulation.

Involve the right people

  • Assignments and deadlines: Assign ownership and oversight of tasks to different department heads, functional leaders, or specialists. YouCompli prompts these users to accept, reject, or reassign the task by a stated deadline. All actions are logged in the system and the assigning party receives progress updates.
  • Task instructions: if a new regulation will require your organization to submit a form to a regulator and/or modify a procedure, YouCompli lays out the specific tasks to fulfill the requirement. Users simply follow the on-screen prompts to complete the tasks.
  • Accountability: If no action is taken by the deadline, YouCompli automatically follows up with the assigned parties. The task cannot be marked as complete until all required actions have been recorded in the system.

Manage and track the entire process

  • Real-time updates: YouCompli clearly displays the open, in progress, and completed tasks for the regulation as well as the responsible parties. Simply click into any task to review what’s been done and who still has work to do.
  • Email notifications: you can review the task to ensure it has been completed to your satisfaction. Complete audit trail of all the steps taken, including any uploaded files.
  • Status reports: Use standard and customizable reports to quickly show your progress toward complying with relevant regulations.

A complete regulatory change management solution

YouCompli is the only healthcare compliance solution that addresses all stages of regulatory change management. It helps you know what regulations are coming out from agencies you care about. It helps you decide whether those regulations and changes apply to you. It gives you the tools to manage your response to regulatory changes, and it makes it easy for you to verify that your organization put forth best efforts to stay in compliance.

Want a real-life example of regulatory change management supported by YouCompli? Read the case study of one West-Coast health system adapting to the public health emergency.

Decide: YouCompli helps your organization make easy regulatory decisions

Before YouCompli, Compliance Officer Scott Borsuk said he “probably spent six to eight hours a week reading regulations, then copying and pasting them” to share with colleagues. Read the Western Maryland Health System case study.

“It’s not enjoyable reading,” Borsuk noted.

But he had to read closely to be sure he properly analyzed the regulation to see if it applied to him.

Simplify decision-making

“We were not confident that we were catching everything, we had the documents but didn’t know if we missed anything. At the end of the day, we didn’t know if we were making the right changes or not.” – Scott Borsuk, Chief Compliance Officer

Borsuk knew he needed a better system and a stronger approach to managing regulatory change. That’s where YouCompli came in. With YouCompli, Borsuk can easily decide if a regulation applies to his hospital system and how to comply.

YouCompli makes it easy for you to decide which regulatory changes apply to your organization and which tasks need to be performed in order to comply.

In this clip Scott Borsuk explains what regulatory change management is, and how YouCompli assisted his hospital system in achieving desired results.

Watch more videos on this topic here and see how YouCompli can help your organization

Regulatory analysis to help you decide

  • For each requirement associated with a regulation, YouCompli creates a few relevance questions. Users may be asked, for instance, “Is your organization a Medicare provider?” These relevance questions are followed by tips generated by YouCompli to help make your decisions easier.
  • We can do this because our analysts read entire regulations, flag relevant changes, and translate technical legal documents into easy-to-understand business requirements.
  • If you decide the regulation is not relevant, YouCompli marks it “complete” and removes it from your active tasks.
  • All our analysis is checked by Horty Springer, the nation’s leading health care law firm.
YouCompli’s simple interface makes it easy to decide if a regulation is relevant to your organization.

Get expertise from colleagues

Sometimes the relevance questions stretch beyond your expertise as a Compliance leader. In those cases, use YouCompli to get the answer from colleague with the right expertise.

  • Use the workflow tool to assign a complex relevance question to a subject matter expert
  • YouCompli allows you to maintain a directory of subject matter experts who provide compliance leadership within their departments
  • The workflow tool also tracks responses and lets your colleague decline or answer the question right in the tool.

A complete audit trail for your relevance decisions

YouCompli tracks all of your relevance decisions over time, so you can see which regulations and changes applied to your organization and why (or why not!)

  • All responses to decision criteria, including usernames and date stamps, are recorded in YouCompli to become part of the official record and the compliance audit trail
  • The log also captures the reasons for rejecting the requirement or proceeding to the next phase of the workflow.
  • YouCompli clients can access the complete audit trail at any time to review previous decisions and the reason for making that decision.

Great decisions help you manage regulatory changes

Once you know about a regulatory change and you’ve used YouCompli’s decision criteria to decide that a regulation applies to you, you’re ready to respond. YouCompli helps you manage the tasks necessary for compliance. And it helps you verify that your organization has put forth best efforts to stay in compliance.

Interested in how a healthcare system used YouCompli to decide which regulatory changes apply? Check out this case study from the Western Maryland Health System.

Five tips to help providers comply with Stark

The Stark Law creates a whole set of antikickback rules that providers must understand and actively work to comply with. And with all its good intentions, the Stark Law is incredibly restrictive. In fact, even the U.S. Court of Appeals for the 4th Circuit noted that “even for the well-intentioned healthcare provider, the Stark law has become a booby trap rigged with strict liability and potentially ruinous exposure.”

The Centers for Medicare and Medicaid (CMS) and Congress have taken steps to clear up confusion and loosen the rules in some cases (See our article on exceptions for value-based care). Still, your Compliance team has a tremendous responsibility to make sure that policies match the rules and that providers understand and follow the policies.

Policies match the Stark rules

Changes to the Stark Law have been coming out practically since the law was enacted. The law, which aims to protect against kickbacks and self-referrals, has gotten complicated in the details. Congress issues amendments to help  the law catch up to changing business practices. Healthcare organizations may have written policies that facilitated compliance originally. However, those may be completely out-of-date if they weren’t keeping up with the changes in the law.

For example, CMS has introduced modifications that addressed challenges with value-based care and resolve issues restricting coordinated care and health data exchange. Another modification to the law was allowing healthcare providers to accept cybersecurity tech donations from stakeholders.

While the compliance officer enforces the policies, he or she doesn’t have to live them the way those in operations do. Getting input from key stakeholders such as providers, Risk Management, and others in the C-suite can help ensure that final policies are clear. This early feedback and engagement can also help identify how the policy or regulatory changes will affect the individuals who must operate under them. Lastly, they can help identify potential operational conflicts with new policies or regulatory changes.

(See how YouCompli delivers model policies and procedures that help your organization comply.)

Providers following the Stark policies

With compliant policies in place, it’s time to help providers understand how to follow them. This is where communicating what certain key terms in a policy or regulation means in the context of the provider’s particular work becomes critically important.

Compliance officers know that “the road to success is going to run through quality of care,” says Harry Nelson, health care attorney at Nelson Hardiman. “Compliance isn’t the internal police that slows things down, but a strategic part of growth.” When it comes to making sure providers understand how to follow policies, the compliance officer has to look at the language of the policy from the providers’ perspective, not that of the compliance officer.

Here are five steps to help providers understand and follow Stark-compliant policies:

  1. Engage your operational leaders. Make sure the president and CEO understand the nature and intent behind Stark limitations so they can help explain and reinforce them. Give situational examples they can relate to so they understand what the key terminology means.
  2. Invest in training and communication. One email won’t do it with changes to Stark-related policies. Engage providers in small groups, in writing, and in person to explain nuances and answer questions about tricky scenarios. Whenever possible, use real-world scenarios to help illustrate how the regulations and policies impact them. Education and training should also be routine and ongoing with key stakeholders.
  3. Get feedback. Regularly check in to gather feedback from your leaders. Find out if the implemented tools and procedures are working for them, as well as to identify challenges they face. This step will help you see areas where the  words on paper mean something the compliance officer had not thought of. Adapt procedures and tools if necessary.
  4. Encourage people to ask questions. Make sure providers and your operational leaders alike know they can use you as a sounding board for grey areas or possible violations. It’s much better if they proactively ask if a proposed arrangement is compliant. Otherwise, they may have to unwind a relationship if they find out it is not compliant.
  5. Promote awareness to prevent future mistakes. Once an error is made, chances are it will reoccur and lead to additional violations. As you are addressing errors, promote awareness to prevent future mistakes. For example, when you are communicating the fact that a mistake was made, go the extra step to what caused it. This will be an opportunity to find out where their confusion was and use that insight to update policies or training.

Stark compliance starts with knowing about changes to the regulations and continues with crafting policies that providers can understand and follow. Involving stakeholders in policy creation and training, and engaging tech systems to reinforce the lessons will support the long-term success of Stark-compliant policies.

Do you have the tools you need to recognize and manage regulatory change across your organization? Find out how YouCompli can help you manage and coordinate your response to regulatory change or schedule a demo.

Subscribe for blog updates

Communicating Compliance Terms in Plain English…

communicate compliance terms in plain english

If you have ever been new to a particular field of the workforce, such as healthcare compliance, you know all too well that the language used by coworkers can sound foreign, like gibberish, or “alphabet soup.”  As we continue to work in the field though, we too, start speaking the language.  However, while that may be ok for conversing in the compliance department, it still be confusing if we are trying to communicate with, or to educate, other functional areas of the healthcare organization.  Without knowing the terminology, the message we are trying to convey is unlikely to be understood when received.

Alphabet Soup

Take a look at an example of terminology just starting with the letter “A” from the Office of the Inspector General Work Plan (reference below):

  • ADAP AIDS Drug Assistance Program (note this one includes an abbreviation in the definition);
  • AI/AN American Indians and Alaska Natives (I, for one, was unfamiliar with this abbreviation);
  • AIDS acquired immunodeficiency syndrome;
  • ALF assisted living facility;
  • ALJ administrative law judge;
  • AMD age‐related macular degeneration (while I have heard of macular degeneration, I did not know this was a standard abbreviation);
  • AMP average manufacturer price;
  • ASC ambulatory surgical center;
  • ASP average sales price; and
  • AWP average wholesale price.

Say I am talking to another seasoned compliance professional in front of a new employee.  Using the above “A” acronyms only, the conversation may sound something like this,

“Based on the billing audit, I see we are not receiving contracted AWP reimbursement under our AI/AN contract for ALF patients with AMD.”

As you can imagine, a new employee might be confused by the acronyms and terms communicated instead of using common business English.  Sometimes just saying the entire word instead of the abbreviation is a good place to start, so instead of saying AWP say average wholesale price.

Repetitive Communication

In order to improve communication between seasoned compliance professionals and other members of the organization, it is important to use repetitive teaching strategies.  In addition to saying the entire compliance term and the abbreviation, be repetitive and write out the compliance term in addition to the abbreviation in written communications.  That way staff become more familiar with compliance terminology and it becomes a part of their daily vocabulary.

Knowledge in Practice

When it comes to any industry, including healthcare, it is easy to throw around acronyms and jargon that is familiar and efficient.  However, it is important to be aware of who you are talking to, and therefore make sure they clearly understand whatever it is you are communicating.  Translate and reword industry terminology in emails, policies and teaching materials where necessary in order to improve communication and understanding.  Better compliance will ultimately be the result.

PRACTICE TIP:

  1. Regularly evaluate training and orientation materials to ensure industry specific terminology is defined and understandable.
  2. Utilize the youCompli system as a centralized hub for new and existing compliance processes and utilize the included model procedures throughout the various areas of your organization.

RESOURCES:

Health Care Compliance Association (HCCA) Compliance Dictionary found at https://www.hcca-info.org/publications/compliance-dictionary

Health and Human Services (HHS), Office of the Inspector General  (OIG), Work Plan Appendix B: Acronyms and Abbreviations found at   https://oig.hhs.gov/publications/workplan/2011/wp09-appx_b_acronyms.pdf

Denise Atwood, RN, JD, CPHRM

District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC

Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.

Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

Collaboration Between Compliance and Risk: What is Permissible?

Compliance departments, generally speaking, guide staff and boards of directors to comply with the requirements, laws and regulations that govern the organization’s business. They also monitor for compliance via internal audits.  Risk departments, on the other hand, address ways to mitigate risk to an organization through such activities as the evaluation and purchase of insurance policies.  Given the broad nature of the scope of these two departments within the organization, when is compliance and risk collaboration permissible?

Possible collaborations

  1. Strategic planning: Collaboration here should include not only compliance and risk but the entire organization and the board of directors, if applicable.
  2. Disaster response and business continuity: As with strategic planning, disaster response and business continuity planning should also involve input and collaboration from all departments in the organization.
  3. General security and privacy : Here the compliance/privacy officer, information technology/security officer, and risk management director should all be included in the planning.
  4. Known security threat and/or breach incident: Compliance, information technology (IT), and risk management would all participate in mitigating a security threat or breach incident on the organization. Each would provide input and guidance on their respective areas of knowledge.
  5. Risk assessments, gap analysis and mitigation plans: Again, the development of these plans should include leaders from the entire organization; moreover, compliance and risk would specifically collaborate on the assessment, analysis and mitigation activities.
  6. General policy development: Compliance and risk staff can collaborate and provide feedback and input for all organization policies.
  7. Record and document retention schedule: Here compliance and risk can collaborate with legal counsel to ensure record and document retention policies comply with state and federal laws.
  8. Staff education: This is an area where compliance and risk can collaborate to provide training, whether it is done in person, virtually, by email or via online course.

Collaborations to vet and evaluate permissibility

  1. Security breach: As noted above, compliance, IT, and risk will work together once a security breach has been identified. It is important to ensure compliance addresses HIPAA related information and potential reporting requirements; IT evaluates the technical aspects of the breach; and risk focuses on reporting to the insurance carrier and mitigation strategies in conjunction with compliance and IT. These collaborative activities will usually take place under a breach coach or law firm to protect the confidential nature of the breach.
  2. Shared work areas: Depending on the confidential nature of discussions, say a lawsuit against the organization, it may or may not be appropriate for compliance staff to be privy to such information. So shared work areas should be closely evaluated.
  3. Shared staff: As with shared work areas, if a staff member such as a registered nurse (RN) is shared between the compliance and risk department, both leaders and the RN must remain in the scope of the job role in which they are working at the time.
  4. Reporting to the board: Typically, compliance reports to the organization’s leader (such as a CEO) but also has direct or dotted line reporting to the board of directors. Make sure any collaborations with other departments do not create potential conflicts of interest with reporting up this chain of command.
  5. Committee membership: As with the analysis discussed above, make sure to vet compliance staff member membership on the risk committee and vice versa to avoid any actual or potential conflicts of interest.

Goal

All organizations should work to develop a culture where permissible collaborations between compliance and risk occur. They should also make certain that staff feel comfortable calling the compliance or risk department with potential concerns while ensuring the staff not crossing any lines when it comes to compliance or risk department confidential matters or conflicts of interest.

PRACTICE TIP:

  1. Evaluate opportunities for the compliance department to collaborate with the risk management team, as noted above.
  2. Access youCompli to find resources which address required document and record retention requirements.

Denise Atwood, RN, JD, CPHRM

District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC

Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.

Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  

Sign-up to never miss a compliance related article!

Manage your healthcare regulatory change process effectively and efficiently

YouCompli enables the compliance officers to assign ownership and oversight of tasks to different department heads, functional leaders, or specialists. The solution prompts users to accept, reject, or reassign the task by a stated deadline. Manage the rollout and accountability of new requirements with the best workflow in the business.