Healthcare Compliance is Everybody’s Business: Clinical, Revenue Cycle, IT, Sales and Marketing

Effective healthcare compliance requires a strong relationship with Nursing, Physicians, Revenue Cycle, IT, Sales and Marketing

Build relationships with key clinical and operational areas 

Sharon Parsley, JD, MBA, CHC, CHRC contributes a monthly post on compliance officer effectiveness for the YouCompli blog. In this article she looks at specific ways to engage and communicate with Nursing, Physicians, Sales & Marketing, Revenue Cycle, and IT.

Many people in our discipline love the slogan “compliance is everybody’s business.” As a practical matter though, how do we make that a reality within our organizations? With limited budgets, perpetual resource constraints, and a constant need to “prove” our value to the enterprise, one way to maximize our reach and influence is by building strong relationships with key clinical and operational areas of our organizations. 

Nursing and Healthcare Compliance

Nursing represents the largest team in many healthcare organizations, so we must build strong relationships here. In an inpatient setting, nursing is going to be a 24×7 business. That means you have to find ways to raise compliance awareness for nursing teams who work 7pm to 7am weekend shifts, not just those who work during business hours.  Consider scheduling periodic weekend rounding on different units. You could also publish a weekend open forum or office hours schedule and encourage your nursing team to stop by for a quick coffee. Given the intensity of nurses’ workday, keeping your messaging concise, specific, and relevant is imperative. 

Meet regularly with nursing leadership. This will help you understand the key issues facing them. I find that the more time I spend with colleagues during times of relative calm, the better our work together goes when an issue does arise. If a policy change results in a need to alter nursing processes or procedures, work closely with nursing leaders to develop communication plans and methods to monitor adherence to the process change at issue. 

Physicians and Healthcare Compliance

I’ve seen a very broad spectrum of relationships with physicians and licensed independent practitioners (LIPs) over the past 20 years. I bet you have too. For me, that spectrum has ranged from positions of trust and mutual respect, to begrudging acceptance, to a few that bordered on being openly hostile. Nonetheless, we have to work together. And in contentious relationships, it is usually on me to find a way to smooth things out.  

The practice of medicine has, largely, become more business than science, but few physicians really enjoy being told what to do or how to practice. Who can blame them? How can we get them to comply without being perceived as adding to their administrative burden? That answer will vary depending on the nature and size of your organization but try starting small. Finding just one physician who is willing to truly champion compliance to his or her peer group can be pivotal to the success of your compliance reach into your physician and LIP ranks. 

Related: Investing time with clinical and operational colleagues improves relationships

For me, that has sometimes been the Chief Medical Officer or a physician CEO who really understood what I was trying to do. On other occasions, though, it has been practitioners who have stepped over a line or cut a few corners which resulted in a compliance issue. In several of those circumstances, once an issue was brought forward that practitioner collaborated with me to prospectively modify the behavior in question. In the process, they became compliance champions. 

 Seize every opportunity to demonstrate that compliance is not the police. We are trained professionals tasked with protecting the organization from risk and supporting the mission of providing excellent patient care. Yes, a big part of that is preventing, detecting, and remedying misconduct. But we also identify opportunities to improve processes based on regulatory guidance and we can help protect revenue and income. Help your physicians and LIPs understand your mission and how it can complement their oath to do no harm. 

Sales and Marketing Healthcare Compliance

Sales and marketing in healthcare is, as we all know, unique. In most industries, treating a prospect to a nice evening meal, hosting him or her for a round of golf at your country club, or inviting the prospect to a local sporting event is not only permissible, but common. In healthcare, however, those same activities can potentially run afoul of federal and state laws. 

If you are in the medical device or pharmaceutical space, your industry groups have published codes of ethics that create some boundaries for what sales and marketing can and cannot do. For most of the rest of us, we usually attempt to distill the applicable law and regulation into policies. Understanding and articulating the Stark law and its exceptions and the Anti-kickback law and its safe harbors is tricky. Your sales and marketing teams are not likely to be well versed on these regulatory issues and how they may limit certain activities. 

Meet with them regularly and offer an onboarding tailored to new sales and marketing department personnel. As much as possible, offer specific examples of what is ok, what is not, and the “why” behind each category. Can your sales team provide lunch for everyone working in a community physician’s office? If so, does some portion of that then need to be included in a Stark non-monetary compensation tracking tool? Does the answer change if it is a lunch-and-learn? Can your marketing team sponsor a mall walker program? If so, can they provide a step counter to enrollees in the program? Can marketing give holiday gifts to physicians? If so, is it non-monetary comp that must be tracked, a medical staff incidental benefit or neither? Providing specific examples tailored to your enterprise helps raise awareness. 

Revenue Cycle and Healthcare Compliance

Nurturing a strong partnership with your revenue cycle team is imperative. Governmental and commercial payers have developed extremely sophisticated data mining programs that often identify coding and billing aberrations even before we find them internally. Understanding how to distinguish coding-specific payment denials from medical necessity denials is an important skill. Those issues can help with early identification of localized and more systemic issues. 

Everyone in our discipline is likely aware of the possibility of “reverse false claims” liability. Here, any overpayment from a governmental payer source must be returned within 60 days of its identification. If it is not, the organization can be assessed penalties and be responsible for treble damages. Establish a regularly scheduled meeting among compliance and revenue cycle to discuss areas of vulnerability, patterns of denials, and emerging areas of revenue integrity risk. 

Information Technology and Security

Information technology and information security departments are instrumental in protecting the organization’s data assets. Ransomware, phishing, and cyberattacks are in the news frequently now that hackers have targeted the healthcare community. Virtually all healthcare companies deal with some subset of data which contains protected health information or PHI. Here is one major area where compliance and IT functions may overlap. As your IT group develops strategies to mitigate cyber risk, your privacy function should be involved to ensure that all applicable federal and state privacy laws and regulations are considered. If your organization maintains student health records, you may also need to ensure that FERPA regulations are understood and heeded. If credit card data is used and stored, there are likely PCI requirements that need to also be incorporated into these tactics and strategies. 

IT often recommends the adoption of certain tools and technologies that impact your electronic medical records. Compliance needs to be part of the evaluation committee for new products to ensure that PHI is properly identified and safeguarded. If your organization conducts an annual risk assessment, this is one area for close collaboration between Compliance and IT. Risk assessment processes vary greatly from one organization to another. Understand new and emerging areas of cyber risk and what issues are “top of mind” for your IT and data security teams.  Based on those risks, you can develop targeted training and education and build auditing and monitoring activities to identify potential issues and mitigate risks.   

The more you can help your colleagues across departments see how you help them achieve their goals, the more invested they will be in compliance. The investment of time and collaborative energy on your part will pay off in a more effective compliance program, better overall patient experience, and revenue protection for the organization.  

How YouCompli can help

Use YouCompli to give yourself time back to focus on relationships and listening. Build a scalable, repeatable change management process to enable your team and colleagues to focus on their expertise rather than the minutia of monitoring and reading regs.  

Compliance Officer Effectiveness Series. Get all the articles from Sharon Parsley, JD, MBA, CHC, CHRC

Never miss an article about compliance officer effectiveness – register to receive emails from YouCompli.

Sharon Parsley, JD, MBA, CHC, CHRC, is a health law attorney, compliance officer, author, speaker, investigator, and problem solver. She currently serves as the president and managing director of Quest Advisory Group, LLC. She has nearly 20 years of healthcare compliance and legal leadership experience, and she believes that mentorship and on-the-job training are critical to compliance professional success.