Six key steps to reduce the impact of telehealth audits

Telehealth is almost as old as the telephone itself. In 1879 – just three years after Bell patented the telephone – an article in Lancet described the concept and advocated its adoption. 

A law that’s even older can trigger many telehealth audits today. The 1863 False Claims Act (FCA) was enacted to keep profiteering contractors from defrauding the Union army. It can trigger serious problems for hospitals that don’t take proactive steps to make sure their telehealth practices are audit-proof.  

That’s because the 2010 Affordable Care Act updated the FCA to make healthcare providers liable for “retention of any overpayments” from Medicare and Medicaid. This even includes overpayments resulting from accident or error. Indexing penalties for inflation each year, a requirement added in 2015, increased hospital liabilities. This puts liabilities at three times the amount of the overpayment(s) plus $11,803 to $23,607 for each instance. (Some 29 states and the District of Columbia have additional False Claim laws.) 

These laws’ implications and requirements touch every part of the hospital. Keeping the whole organization in compliance means that all departments have to work together. 

New laws, new regs, new worries for telehealth 

Even before COVID, the government audited claims from what was then a smaller, rural telehealth system. Regulators found a trend of incorrect payments to doctors outside rural areas, who were therefore ineligible to receive them. 

Telehealth is on the latest Office of the Inspector General (OIG) work plan, too. The OIG will be addressing remote patient monitoring by telehealth as an area of concern. 

The public health emergency, with its series of 90-day waivers, made it possible for telehealth to grow so fast. Now, as the COVID emergency ebbs, Congress is considering making its current, expanded status permanent. (Two bills were introduced in May. One would enable audio-only telehealth services for Medicare enrollee. The other would expand telehealth for Medicaid and Children’s Health Insurance Programs.) 

That’s good. But with laws come regulations covering acceptable types, locations and forms of delivery of telehealth services. And with regulations come scrutiny and audits. That can create challenges, especially with the specter of FCA liability in the background. 

The best way to cope with audits is to prevent the need for them in the first place. Here are six steps to follow: 

  1. Know what you’re up against. Keep up to date with all the developing federal and state regulations, waivers, and other requirements. That in itself can take up most, if not all, of your personal and your compliance team’s time.  
     
    Related: Find out how a team of expert compliance professionals and a nationally respected law firm track and analyze the latest regulatory changes, keep you updated, and give you actionable ways to adapt your process.  
     
  1. Inventory your waivers. Which waivers do you rely on, in which departments and facilities? Do the providers and staff that they apply to know about them? And who makes sure the requirements are met and documents it? 
  1. Check your records. One of the biggest causes of noncompliance isn’t malice. It’s error. Did an accidental typo in Coding result in an incorrect claim? Does everyone in Billing know which states require what reimbursement levels for telehealth services? Are certain telehealth records missing? Who’s responsible for keeping the signed doctors’ orders and documents that establish medical necessity? Do patients and services meet billing guidelines? Do you have a telehealth compliance policy? Does it need changing? Start conducting spot-checks to find out. 

    Related: Find out about state requirements for telehealth billing.  
     
  2. Audit your process. Another big cause of noncompliance is miscommunication – particularly the assumption that someone else is taking care of something. So put together an internal audit team, with each department represented. That way, each can learn from the other. Hold an entrance conference to highlight what you learned from your spot checks, define the internal audit’s scope, set expectations, and assign specific tasks and timelines. 
  1. Fix whatever’s broken. Reconvene the internal audit team and communicate the findings. Together, use that input to find opportunities to correct or cure what’s wrong in your process. Then, create a Corrective Action Plan (CAP) that will include needed education, training, policy, and process changes. Monitor your CAP over time, to see how it’s working and to spot anything else that needs fixing. 
  1. Rebill and repay. If your internal audit and CAP were successful, you’ll have discovered missing or insufficient documentation. Report it. You may have also have found instances of incorrect payments. Rebill and repay. Yes, it will cost your hospital money. But not nearly as much as a full-blown government audit. A Department of Justice investigation could end up costing you time, legal fees, and FCA triple damages. 

Patient demand for telehealth isn’t going away. Neither are the costs of noncompliance with telehealth regulations. As the public health emergency expires, fines from regulators and denial of claims from payers are sure to add up. The best way for your healthcare organization to solve these potentially massive financial problems is to work together to prevent them. Proactively partnering with colleagues in all relevant departments, your compliance team can lead the efforts to identify and fix issues before they become major problems. That way, you’ll be able to provide the telehealth services patients want in compliance with what the regulations demand. 

It’s a big effort to keep your compliance champions connected and communicating. See how YouCompli can help you manage the rollout of new regulations and verify best efforts to regulators and your board. YouCompli is the only healthcare compliance software combining actionable regulatory analysis with a simple SaaS workflow. 

Differing state regulations make telehealth compliance more complex

The beauty of telehealth is that it connects patients and providers through technology that transcends boundaries. But when that connection crosses state lines, your healthcare organization could find itself responsible for complying with regulations from jurisdictions hundreds, maybe thousands, of miles away.  

Or from states just down the road. 

Many of those are stricter than the federal regulations, and many cover issues that the federal government doesn’t. Here are some of the key issues to look out for. 

Related: Growth in telemedicine could mean trouble if you are not careful   

Differing reimbursement structures and rates 

Reimbursement structure and rates vary by state and form of telehealth. For instance, all states pay Medicaid reimbursement for some form of live telehealth, but in different ways, and all states reimburse for interactive, real-time telehealth. However, only 14 reimburse for sessions where the patient records a call for later physician review (store-and-forward), and only 22 reimburse for remote patient monitoring of recently discharged hospital patients. There are eight states that reimburse for all three telehealth methods. 

There are two opposite views about reimbursement rates. One view is that a service is a service, so being virtual or in person shouldn’t affect reimbursement. 

The other penalizes telehealth for its efficiencies. In face-to-face visits, “there are built-in inefficiencies that isn’t time spending with the person,” says Dr. Katherine Dallow, vice president of Clinical Programs at Blue Shield Blue Cross of Massachusetts. “I probably spend somewhere between two to five minutes per patient moving from one room to another or pausing to document or checking something on their file or handing something off.” With less provider time and less pro rata overhead, some states reason, there should be less reimbursement. 

Forty states have their own private payer telehealth reimbursement policies, and six have private payer parity laws requiring the same reimbursement for in-person and telehealth care. 

Stricter privacy protections 

The Health Insurance Portability and Accountability Act (HIPAA) is the federal umbrella protecting privacy and confidentiality of patient records, but states are allowed to go beyond it. Many do. 

For example, if there’s a breach of privacy, HIPAA requires that the patient be notified within 60 days. Some states shorten that to 30 days, and California shortens it to ten. Some states also require hospitals to notify the state attorney general and the three major credit reporting companies: Equifax, Experian, and TransUnion. If there’s a breach of an out-of-state telehealth patient’s confidentiality, do you know what the originating state requires? 

Multi-state provider licensure 

Almost all states require physician licensure where the patient is (also known as the originating location). Same for nurses, nurse practitioners, physicians’ assistants, clinical psychologists, registered dieticians, and physical therapists. Different states have different licensing procedures, and there’s no federal umbrella. That’s something you’ll need to look out for, not only with faraway states, but also in New York, New York; Chicago/Hammond, Ind.; Texahoma, Texas/Okla.; or any of 84 other communities that straddle state lines. 

(Speaking of licensure, is your hospital licensed to provide telehealth services? In how many states?) 

Can doctors prescribe online? 

State regulations for phone-in prescriptions from the late 1990s adapt pretty well to online prescriptions today. The problem is, they differ from one state to the next. Different states have different regulations on just what a valid prescription is. About whether the doctor can prescribe without seeing the patient first, and whether seeing a patient on a computer screen is really “seeing.” About whether there has to be a previous doctor/patient relationship, and whether that relationship can be remote or has to be face-to-face. 

Related: Interstate regulations aren’t the only telehealth complexity. Check out this blog post for more: Telehealth compliance considerations: looking ahead

Two ways to keep up; one is practical. 

Complying with more than 50 sets of regulations takes a lot of attention to detail and a lot of reading. One way to keep up is with sheer effort: health organizations designate one or more people to read and track all the regulations that affect them.  

A better, more practical way is to rely on expert compliance professionals and nationally respected law firms to keep you up to date on interstate issues in telehealth regulation. YouCompli users select the agencies that matter to their organizations and receive updates and resources to help them know about new regulations, decide their applicability, manage policy changes, and verify compliance.  

Are you looking for ways to track telehealth regulations in all the states your patients receive treatment? Take a look at YouCompli, the only healthcare compliance software combining actionable, regulatory analysis with a simple SaaS workflow.  

Jerry Shafran is the founder of YouCompli. 

Telehealth compliance considerations: looking ahead

Telehealth seems to be here to stay, even as the Coronavirus pandemic begins to recede in the United States. It’s a good time for healthcare institutions to make sure their telehealth practices hold up outside of emergency circumstances. 

From a compliance perspective, that means  patient privacy and technology, valid consent for treatment, visits with minors, and interstate care.    

 

Patient privacy in telehealth

Patient privacy is just as important in telehealth as it is for in-person visits. This includes ensuring the provider conducts visits in a private space and documenting the visit in a secure medical record.   

During the Coronavirus national public health emergency, the federal government has some enforcement discretion with telehealth. Regulators can choose not to impose penalties for Health Insurance Portability and Accountability Act (HIPAA) violations if they see that a provider took precautions to protect patient privacy provider. Good faith might mean using a platform like Microsoft Teams, Zoom, or WebEx and patient-specific passcodes – and still having a privacy breach. In a case like this, the regulator has the discretion not to impose fines under HIPAA. 

 

Consents and visits with minors 

Developing a process to obtain consent to treat before the first visit can help you comply with consent requirements. This may include mailing or securely emailing the consent to the patient (or parent or legal guardian) the week before the telehealth visit and having the patient send it back.  This gives the provider time to answer the patient’s questions about consent for treatment.   

For urgent telehealth visit, make sure there are policies in place to address telephone/verbal consent or to obtain two provider consents.  If your system allows, you may be able to electronically send the consent. The patient can sign it online so you can add it to the electronic health record.  

Whatever method to obtain consent your organization chooses, ensure there is a policy addressing the proper procedure and educate the team on the policy.   

For telehealth visits with minors, try to follow the same process as for in-person visits. That means you should obtain the consent to treat and have it signed by a parent or legal guardian.  Then have the parent or legal guardian attends the telehealth visit with the minor patient.  This way diagnosis, care, and treatment plan can be discussed with the patient and the parent or legal guardian at the same time.  

 

Crossing state lines for telehealth

Things to consider if the patient and provider are not conducting the telehealth visit in the same state: 

  • Licensing: Some state licensing boards have reciprocity. Some may not require an additional license in compact states while others may require a temporary or actual license to provide care in that state. This often applies to care provided via telehealth. 
  • Prescriptions: Can you prescribe across state lines? Avoid compliance issues by sending the prescription to a pharmacy in the provider’s “home” state. Then have the patient request a pharmacy-to-pharmacy transfer of the prescription. 
  • Your insurance: Does your medical professional liability (MPL) insurance provide coverage if you are out of state? How about if the patient is located outside your “home” state? Contact your MPL insurer to be certain you have coverage in the event of an out of state lawsuit. 
  • The patient’s insurance: What will the patient’s insurance cover for visits conducted out of the patient’s “home” state?  Be sure to verify this before the patient’s telehealth visit to ensure proper billing and reimbursement for the visit and to decrease billing denials.   

Considerations for adding telehealth as a service line 

There are resources available for organizations considering adding telehealth as a permanent service line. YouCompli can help you understand which regulations apply to you, stay on top of changes, and manage implementation.  

You can also find many free resources online:  

For many types of visits, patients love the option of telehealth. As providers work to be sure that they continue to deliver quality care, Compliance teams have an equally big job to be sure the systems and processes are in place to support that experience. 

Keep on top of regulations affecting telehealth and making sure those regulations are translated into policies and procedures that affect patient care. YouCompli customers have access to notifications about changes to regulations, resources to inform policy and procedure updates, and tools to track compliance. Contact us today to learn more. 

Denise Atwood, RN, JD, CPHRM is the Chief Risk Officer at District Medical Group (DMG), Inc., vice president of DMG Insurance Company (DMGIC), and owner Denise Atwood, PLLC.   

Disclaimer: The opinions expressed in this blog are the author’s and do not represent the opinions of DMG. 

Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  

Growth in Telemedicine Could Mean Trouble if You Are Not Careful

We can all agree that 2020 was a year filled with surprises. The emergence of COVID-19 brought restrictions, which made the business of healthcare even more challenging. But then came the saving grace: telemedicine!

Even though telemedicine has been around in some form since the 1900s, its popularity exploded during the midst of the pandemic. With millions of people stuck indoors due to government lockdowns, health care providers turned to telemedicine options to provide desperately needed health care.

According to Doximity, a social media networking service for medical professionals, only 14 percent of Americans utilized telemedicine before the pandemic. But since the outbreak, telemedicine usage skyrocketed by 57 percent. Among patients suffering from chronic conditions, the number of virtual care visits increased by a staggering 77 percent!

The increase in telemedicine accessibility also means healthcare providers can potentially face compliance issue pitfalls, which could land them in trouble with the United States government. Before COVID-19 became a household name, Medicare and Medicaid upheld strict rules regarding payment for telemedicine services. For instance, reimbursement for telemedicine services was limited to patients residing in areas of the country with limited healthcare.In an attempt to slow the spread of COVID-19, government payors loosened these restrictions.

Unfortunately, telehealth services’ widespread use brought an uptick in COVID-19 related scams that specifically target healthcare providers offering this service. Such illegal activity caught the attention of the Department of Justice (D.O.J.).

A primary focus of the D.O.J. is a government agency that mostly focuses on telehealth arrangements that implicate the Anti-Kickback Statute.  The statute forbids transactions designed to corrupt medical judgment by rewarding referrals for Medicaid and Medicare services. In the past year, more than $4.5 billion in false claims were connected to telemedicine. And over 100 healthcare professionals were charged with submitting fraudulent claims to Medicare, Medicaid, and private insurance companies.

New changes to the Stark and Anti-Kickback Statutes that were long in the works took effect on January 19, 2021. The regulation updates are designed to eliminate regulatory and administrative barriers that hindered movement towards a value-based health care system. The updated rules also offer healthcare providers more flexibility to coordinate and improve patient care while maintaining safeguards against overutilization and inappropriate incentives.

The Stark Exceptions finalized three new exceptions for value-based arrangements between healthcare providers and payor systems like Medicaid and Medicare. These exemptions are solely based on the quality of delivered patient care instead of the volume of services.  For example, healthcare providers face at least a 10 percent financial risk for failure to achieve value-based goals. In comparison, the Anti-Kickback Statute requires at least a 5 percent financial risk for value-based arrangements.

Physicians’ practices should express caution when offering telemedicine services to steer clear of trouble with the government. As with traditional in-person healthcare, it’s best to avoid doing business with third-party companies that give money in exchange for referrals.

Here are a few guidelines physicians should consider avoiding getting on the D.O.J.’s naughty list.

  1. Consult with counsel before entering into any outside business relationships.
  2. Establish guidelines for physical examinations and prescribing practices.
  3. Monitor the prescribing habits of their physicians and nurse practitioners.
  4. Adopt data analytic tools to identify any abnormal billing behavior.

Physicians considering telemedicine should also consider the following tips to stay compliant.

Practicing Telemedicine Across State Lines.

Usually, state governments require practicing physicians to conduct telemedicine sessions within the state they are licensed. But in some states, this stipulation is relaxed due to COVID-19 to make healthcare more accessible. But physicians must contact their state’s medical board for updated information concerning this topic.

Informed Consent.

Healthcare providers are still expected to obtain consent before providing telehealth services. Besides requesting written or verbal consent from patients, providers should make patients aware of the risks and benefits of receiving telehealth services.

Use Caution When Prescribing Medication.

Because of COVID-19, the Drug Enforcement Administration (D.E.A.) allows registered practitioners to use prescribed medication to patients via telemedcicine technology. Physicians must adhere to the following conditions:

  • Prescribed medication(s) must be for a legitimate medical purpose.
  • The telehealth session is conducted using a two-way, audio-visual, interactive communication system.
  • The practitioners must practice healthcare within Federal and State law.

Only time will tell whether or not telemedicine will continue to grow in the upcoming months. But doctors should continue to use caution when using this technology to serve the public.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

The Pandemic Is No Excuse: Enforcement Actions Taken by the Office for Civil Rights

We’ve known that enforcement actions were going to pick up again, even though many regulations are still waived or modified during the public health emergency. In the past few months, several decisions have been rendered by the Office for Civil Rights (OCR) which prove the point. Hospitals and other healthcare organizations need remain cautious and cognizant of exactly which regulations are being enforced, and make sure that existing procedures and policies are being followed. 

Religious Rights 

For exampleOCR resolved a complaint against Prince George’s Hospital Center of the University of Maryland Medical System (UMMS). The complaint was raised by a woman who wanted to have a priest attend her critically injured husband during the pandemic. Despite the priest’s willingness to wear any necessary personal protective equipment (PPE), he was refused entry. UMMS implemented a new policy guaranteeing “adequate and lawful access to chaplains or clergy” in order to resolve the complaint. 

second religiously-based complaint was also resolved recently by OCR. In this complaint, filed by a civil rights group, a medical student at Staten Island University Hospital (SIUH) in New York City was ordered to shave his beard, which he kept for religious reasons. The hospital stated that this was in order to ensure his N95 respirator mask had a tight seal around his nose and mouth, even though he had passed a fit test. In resolving the complaint, SIUH provided the student with a Powered Air Purifying Respirator (PAPR) as a religious accommodation. 

Privacy 

OCR also recently resolved a HIPAA-based complaintLifespan Health System Affiliated Covered Entity (Lifespan ACE) in Rhode Island agreed to pay OCR $1,040,000 and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to the theft of an unencrypted laptopNot only did the laptop contain electronic protected health information (ePHI) for 20,431 individuals, OCR found systemic noncompliance with HIPAAincluding lack of encryption on laptops and a lack of device and media controls. 

A Warning for Compliance 

All these enforcement actions took place during the COVID-19 pandemic. The presence of the pandemic is not being taken as a reason for not proceeding with enforcement action. Compliance professionals need to be very aware of what regulations still apply, and how their organizations are continuing to stay within the scope of existing regulations. 

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

Emergency Preparedness Revisited

Emergency preparedness has always been one of the top concerns of hospital administrators and medical staff, but never has it been more critical. As the the coronavirus pandemic continues to impact the United States, and facilities are struggling to maintain levels of personal protective equipment (PPE) and ventilators, administrators and compliance professionals should also review the updated federal emergency preparedness requirements, published by the Centers for Medicare and Medicaid Services (CMS) in the Federal Register on September 30, 2019.

We previously blogged about these requirements in 2017, but the requirements have changed in the past few years. Here are the four core elements of a hospital’s emergency preparedness plan to handle natural and man-made disasters — and a look at how they are impacted by last year’s final rule revision by CMS:

Risk Assessment and Planning

Commonly referred to as the emergency plan, CMS requires such a strategy to be developed and then updated at least once a year. It is based on certain risk assessments and uses an “all-hazards” approach that focuses on hospital capacities and capabilities, care-related emergencies, equipment and power failures, communication interruptions (including cyberattacks), and interruptions to water, food, and medication supply chains.

A major change to this element involves hospital climate control and power. Facilities are no longer required to heat and cool the building evenly. However, safe temperatures are to be maintained in areas deemed necessary to protect patients, other people in the facility, and provisions stored in the facility during the course of an emergency, as determined by a risk assessment. If a hospital is unable to maintain safe temperatures, it should follow an established plan for a timely relocation/evacuation that avoids patient exposure to harmful conditions. Additionally, hospitals are required to have an essential electric system with a generator that complies with the NFPA 99 – Health Care Facilities Code.

Like before, the plan must include strategies for addressing emergency events and include a process to work in conjunction with local, tribal, regional, state, and federal emergency preparedness officials. But the key change to the all-hazards approach — and this is crucial in light of recent events — is that all participating hospitals must be prepared for emerging infectious disease (EID) threats, such as the coronavirus. EIDs may require modification to standard facility protocols to protect the health and safety of patients and personnel, such as isolation and PPE usage.

Communication Plan

This element received additional fine-tuning. Participating hospitals still must develop a communication plan that complies with local, state, and federal laws and the plan must be reviewed and updated annually. It should now also include the names and contact information of key hospital personnel for local, tribal, regional, state, and federal emergency preparedness officials. And, it should detail how patient care is coordinated within the facility, across healthcare providers, and with local and state public health departments and emergency management systems.

Policies and Procedures

Hospital policies and procedures still must be based on the emergency plan, risk assessment, and the communication plan, and must be reviewed and updated at least once a year. They should address a broad range of topics and situations, including subsistence needs (water, food, medical supplies) of patients and staff, emergency staffing strategies, tracking the location of on-duty staff and patients during emergencies, sheltering-in-place plans, and patient relocation/evacuation plans.

Training and Testing Program

This revised element the result of an additive process. Program development is based on the emergency plan, the risk assessment, the communication plan, and the policies and procedures. As before, the final rule states the program must detail who needs to be trained, describe the frequency of training, how knowledge is assessed, and document how the training was conducted.

During the course of normal events, hospitals are required to annually conduct a mock disaster drill that is either a full-scale, community-based or individual facility-based exercise. In addition, hospitals must also hold a discussion-based tabletop exercise with its senior staff to discuss hypothetical emergency scenarios and reassess policies and procedures. But recent years have not been normal.

Along with the coronavirus outbreak, many parts of the country have suffered from an increase in natural disasters or mass shootings. The final rule revision acknowledges this wide spectrum of emergencies. If there is an event that activates a hospital’s emergency plan, that facility is exempt from holding its annual mock disaster drill for one year following the incident, provided it has written documentation. If a hospital activates its emergency plan twice in one year, it is exempt from both the mock disaster drill and tabletop exercise for one year following the actual events. Again, written documentation of these events and procedures is required.

Maintain Compliance with CMS

Being compliant with the September 30, 2019 final rule is a requirement for your facility’s Condition of Participation (CoP) / Condition for Certification (CfC) with CMS. Failure to comply, even during a pandemic, could thus have significant impact on your organization. The youCompli compliance management software is a powerful tool to help mitigate risk and enable your hospital to effectively implement these, and many other, regulatory requirements. The software is easy to use and quick to deploy, and can be a powerful means to drive efficiencies through your compliance department.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

For Hospitals, Climate Change Compliance Pays. Literally.

Hospitals nationwide are trying to recover from what AHA president Rick Pollack calls a “triple whammy.” Between “increased expenses incurred in…caring for the COVID patients,” “the decreased revenues” from “having shut down regular operations in terms of scheduled procedures,” and “the increased number of uninsured,” it’s probably no surprise that, according to AHA estimates, US hospitals are losing as much as $50 billion a month.

What is surprising, though, is how hospitals are offsetting some of those losses — to the tune of tens or hundreds of thousands of dollars a year — with significant savings from climate change sustainability. In principle, this boils down to cutting waste — wasted food, wasted paper, red bag waste, wasted electricity — and associated disposal costs.

Climate change regulations are complex, and are likely to change over time, as climate change becomes a more serious issue for regulators. Establishing a program now that fits within existing regulations, has potential to grow, and will support the hospital’s budget needs — all without violating other compliance requirements — is a significant win for compliance professionals.

As these examples show, there are opportunities now to reduce your climate risk, save money, and stay compliant:

Reduced Consumption

ORs and Medical Waste

  • ORs account for 20-30% of a hospital’s total waste, up to 60% of its medical waste, and about a third of its expenses. By lowering the number of air exchanges per hour (ACH) from 25 to 20 (the federal and state required minimum) between surgical procedures, the Cleveland Clinic saves $250,000 a year.
  • Health Partners’ waste reduction and recycling program has diverted 793,000 pounds from the ORs of all its hospitals.
  • By removing 91,753 pounds of instruments from the reprocessing cycle, Dartmouth Hitchcock Medical Center saved almost $1.5 million.
  • Seattle’s Virginia Mason Medical Center cut supply costs by over $3 million in three years by switching to reprocessed medical devices.

Implications for Compliance

Selling these savings to the executive board is easy. Savings like these don’t just go once to your bottom line. They stay there, year after year. What’s more, they can increase your property value by as much as eight times your investment. Reducing energy use can also earn you federal tax reductions and refunds, state matching grants, and electric utility rebates.

From a compliance standpoint, the obvious concern is whether implementing these changes to green your organization will have negative impacts on your exposure to compliance risk. And that’s a big challenge to overcome. What you need is a way get clear insight into what regulations require, and what environmentally-focused options are available.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

The Results Are In: What the Data Say About the Impact of COVID-19 on Healthcare Compliance

We keep hearing that COVID-19 changed everything, especially in healthcare. But actual data is pretty thin on the ground.

Mostly, we’ve been hearing anecdotes and stories, many of which are striking. The problem with stories is that they can be unique or unusual, and without the context of clear data, we can’t really tell.

Last week, we got some data.

In May, the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA) surveyed their audiences on the impact of COVID-19 on their organizations and their work. They received 300 responses, have collated the results, and there are some interesting trends. You can read the full survey results here.

Confirming What We Knew

Some trends are unsurprising, and confirm what we already knew. Survey respondents said they had concerns about the increased risk of compliance failures as a result of the pandemic.

  • 77% expected that there would be some increase, or a great increase, in compliance failures.

It’s also unsurprising to see that healthcare saw more of an increase in the number of inquiries being made of the compliance team.

  • 42% reported an increase in healthcare
  • 30% reported an increase outside of healthcare

Given the number of healthcare-related regulatory waivers and temporary changes that have been issued, this makes total sense.

Positively, collaboration with other departments has been largely unaffected or increased during the pandemic. Compliance is still seen as really valuable to the organization as a whole. The numbers range from 83% to 96% of respondents reporting that collaboration has stayed the same or increased (depending on department).

Differences for Healthcare Compliance

The data also show some surprising trends, specifically related to healthcare compliance.

We know that there has been a huge shift to remote work. The surprising aspect is that the shift is very different between healthcare compliance and compliance elsewhere.

  • In healthcare, 60% reported working remotely
  • Outside of healthcare, 84% reported working remotely

This gap is big, and hard to explain. Working in healthcare institutions would, presumably, increase the risk of being exposed to the virus. It would have been reasonable to expect that healthcare institutions would do as much as possible to try to get their non-clinical staff set up to work effectively off-site.

What’s even more surprising is that healthcare professionals are less likely to report that the transition to remote work has gone well.

  • In healthcare, 47% said the transition had gone better than expected
  • Outside of healthcare, 64% said the transition had gone better than expected

The survey doesn’t indicate why this is so. Speculating a little, it could be that the disruption in moving to a remote office, coupled with the sudden influx of regulatory changes, made it more difficult for healthcare compliance professionals to manage their day-to-day work. If this is true, it would also explain why healthcare institutions were less likely to transition compliance professionals to remote work.

There’s another difference between healthcare and other types of organizations, and this suggests things will be difficult for compliance professionals going forward into 2021. In relation to budgets:

  • In healthcare, 40% reported a budget reduction
  • Outside of healthcare, 31% reported a budget reduction

In short, budget reductions are coming to compliance, as they are going to come to other parts of the healthcare system. (If they aren’t already in place.) As COVID-19 related waivers and suspensions start to expire, compliance is going to have to find a way to do more with fewer resources.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More