What are health care’s top compliance risks for 2017?
Cybersecurity is on every industry’s top 10 list, but health care is particularly susceptible because its data is worth 10 times the price of credit data on the black market. And, health-care organizations are increasingly becoming the target of ransomware attacks. The second risk is government’s recent focus on the quality of care provided to patients. Physicians, hospitals, and other providers that did not comply with Medicare’s regulations regarding the medical necessity of services provided have had to pay settlements to the U.S. government. Health-care providers need to ensure compliance with these requirements.
How can compliance officers best ensure they do not face personal liability in compliance failures?
This is the $64,000 question! Having asked myself that question on many occasions, I have only one response: Be diligent. We must thoroughly investigate and respond to every compliance complaint and report. Gone are the days where we disregard a report solely because the source is a disgruntled employee. We must take every report very seriously. We must ensure our investigation and remediation are well-documented. In this litigious environment, “dotting the i’s and crossing the t’s” can truly make all the difference.
How can internal audit and compliance best collaborate to address regulatory burdens?
In our organization, audit and compliance staff work together to ensure regulatory compliance. For instance, in the course of a compliance audit, an IT auditor may mine the data looking for anomalies, and then the clinical compliance auditor would review the medical records selected in the data mining process for compliance with a given regulation. Likewise, in a compliance investigation, our audit staff will conduct interviews and perform data analytics. The compliance staff will do the research on applicable regulatory guidance and then audit selected records for compliance.