The Role of Compliance Professionals During a Pandemic

COVID-19 has had a significant impact on every industry in almost every country. Healthcare is, obviously, one of the most affected sectors, as the number of  ill patients is always rising, and the stock of key medical supplies and equipment is depleting daily.

In these times, it can seem like compliance is not that important. After all, this is a crisis, and lives are being saved and lost. Is compliance with rules and proper procedure really what we should be focusing on?

The answer, of course, is “yes”. In times of crisis, compliance can get lost in the shuffle, but it does not undermine the value or necessity of compliance and compliance professionals both during and after the crisis.  And when the time of crisis subsides, the challenges which remain will require skilled compliance professionals who are able to identify non-compliance and move the organization towards positive change.

To help support you in this time, we’ve put together some important information on the role compliance has to play during a pandemic. Please fill in the form below to download.

Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and owner of Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.


Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  


Privacy vs. Transparency: You’re in the Middle

Since 1996, HIPAA has required hospitals and other providers to strictly maintain the privacy and security of patient and clinical records.

In 2010, the Affordable Care Act (Obamacare) required them to digitize those records for greater transparency.

Today, some 96% of hospitals and 78% of doctors’ offices use electronic health records.

As a result, patients can instantly access the notes from their doctor visits, review their prescriptions, see their lab results, and email questions to the doctor(s) they’ve been seeing. And doctors, whether primary care providers or specialists, can have a patient’s personal information and medical history right at their fingertips.

Unfortunately, so can others.

In 2018, a total of 18 million patient records were hacked and phished. In just the first half of 2019, almost twice as many – 32 million – were.

Clearly, there’s a tug of war between privacy and transparency, and hospitals are the rope.

In 2018, the last year for which complete figures are available, hospitals paid out an average of more than $2.5 million in settlements and civil monetary penalties. That year, the HHS Office of Civil Rights conducted a total of 25,520 complaint and compliance review investigations. And even if the vast majority don’t lead to cash penalties, even the mildest OCR action – resolution after intake and review – can still cost you staff hours and money.

That’s one reason it pays to keep on top of all the latest HIPAA and ePHI changes.

Another is on the horizon for this year. Throughout 2019, OCR has been considering HIPAA regulation changes, and at least some of those should become final this year. Some of those could include easing “aspects of HIPAA Rules that are proving unnecessarily burdensome for HIPAA covered entities and provide little benefit to patients and health plan members.”

Others involve making it easier for hospitals and doctors to coordinate, and requiring instead of just allowing hospitals to share ePHI data with other providers.

That’s why alerts to changes practically as they occur, determining how they apply to you, then implementing and documenting compliance with no wasted time or money makes for good self-defense.

In the battle between privacy and transparency, see how we can keep you out of the crossfire.

Who Needs an “Easy” Button? Regulatory Compliance for Teaching Hospitals and Academic Medical Centers

Nobody chooses to pursue a career in healthcare at a teaching hospital or academic medical center (AMC) so they could process regulatory compliance paperwork. Right?! Nevertheless, health systems spend $39 billion on admin duties to comply with no fewer than 600 regulatory requirements. Most of the time they are juggling these requirements (and a whole lot more) without an effective compliance management system. It’s anybody’s guess what is truly being done to comply.

The regulatory landscape continues to change. It’s even more complex for teaching hospitals and AMCs that have specialized facilities such as children’s hospitals and cancer centers. And it’s nearly impossible to know for sure what is being done to comply with the regs when students and researchers are added to the mix. Compliance oversight is already challenging enough when it includes only clinical and hospital staff, business associates and contractors.

Ever-increasing regulation ushers in more documentation requirements. Satisfying the reporting requirements steals time away from patient care and contributes to burnout. Plus, more regs and more people equals a big compliance headache.

These healthcare systems not only have the pressure to comply with regulations, improve care and cut costs as other hospitals do, but they have the critical mandate to educate future medical professionals and dedicate resources to research.

According to the Association of American Medical Colleges, academic medical centers in the United States contribute $562 billion in annual economic impact. But, what’s even more significant is the impact these facilities have on the health of our society. Medicine moves forward in teaching hospitals and academic medical centers. When people are faced with a health crisis and grasping for innovative treatment and cures, they flock to these systems. Oftentimes this is their last shot at a healthy future. Teaching hospitals and academic medical centers are the epicenter of first breakthroughs. They are also the last resort for patients who have tried everything else. As a result, teaching hospitals have more costly cases and often bear the brunt of safety-net and charity care.

Shouldn’t there be an “easy” button for them?

Academic medical centers and teaching hospitals have a great need for an effective compliance management system. These systems save valuable time and money. But they also make it easy to see what is being done by whom to comply with regs. No more ad-hoc spreadsheets. Thoughtfully applied technology can make regulatory oversight a piece of cake.

The more effective the compliance management system, the more time is freed up for medical professionals to do what they are passionate about—provide the best patient care and focus on their mission of treatment, research and education. And who couldn’t use an “easy” button for compliance regulation?

Are you ready to explore a compliance management system that is easy to use and effective? If you’re ready to transform your regulatory compliance process, schedule a call today!

Chief Compliance Officers Can Be in the Cross hairs

Chief compliance officers should take note of two recent enforcement actions in the financial sector.

In these cases, the regulators have gone after the compliance officers (in addition to others).

In the 1st case, the SEC alleges that the chief compliance officer was “carrying out his compliance responsibilities in an extremely reckless manner.” It further alleges that the cco “was required to review and monitor” trading practices “to make sure they were fair and equitable”.   It says, other than occasionally “spot checking” trade paperwork the CCO “essentially did nothing” to ensure the firm’s trading policies and procedures were being followed.

Attorney Brian Daly, a partner in the regulatory and compliance and investment management groups of Schulte Roth & Zabel in New York, called the SEC action “pretty extreme.” (Reisnger, 2019) Daly spent a decade as a general counsel and chief compliance officer at several investment firms before joining Schulte, including at Kepos Capital, Raptor Capital Management and The Carlyle Group.

“It’s unusual,” Daly told Corporate Counsel. “It’s one thing to say he [compliance officer] could be sanctioned or censured, but they are accusing him of recklessly not carrying out his duties because of inaction, and of aiding and abetting bad actions.” (Reisnger, 2019)

The 2nd enforcement case accused the chief compliance officer of allegedly engaging in fraud and then making false statements to the National Futures Association.

In May of this year, the CEO of the firm was charged with allegedly misappropriation, fraud and making false statements.  This led to the CFTC ordering the firms cco to pay $150,000 ($125,000 in restitution and $25,000 civil penalty) for fraud and false statements.

Philadelphia attorney Mary Hansen, the co-chair of the white-collar defense and corporate investigations practice at Drinker Biddle & Reath, said (about the 2nd case), the case should serve as a warning to chief compliance officers. “In the last couple years, we’ve seen more compliance officers charged,” adding, “and that’s not going away.” (Resinger, 2019)

While not in the healthcare field these cases and others reinforce the on-going need to create effective compliance programs.

youCompli’s regulatory change management software ensures your program is effectively managing ALL regulatory changes. To see a 2-minute video to learn how and hear from one of our customers click below.

See the Video

Reisinger, S. (2019, Sept. 25) Regulators Put Chief Compliance Officers in Their Sights in 2 Financial Fraud Cases Retrieved from http://www.law.com

How to Align Physician Satisfaction and Compliance

  Fraud is still a very real issue across the relationships between physicians and hospitals Is it possible to align physician satisfaction and compliance? According to Gail Peace, President of Ludi Inc., “Regardless of the physician being independent or employed by a hospital, there are a myriad of regulations to navigate in these relationships.” She […]

Continue reading