Achieve Federal Health Regulation Compliance With Smart Hiring

By: on October 26, 2018

Physicians starting an independent practice can easily become overwhelmed by the number of different regulatory requirements they must meet—especially since failure to comply can lead to catastrophic penalties and practice closures.

what it feels like to open a new medical practice

Opening a new medical practice (Source)

To help new practices avoid penalties or closure, we’ve identified the key federal health regulations you need to understand and stay on top of. We’ll also show you why hiring a compliance officer is the best way to meet these regulations and avoid shuttering your practice’s doors before you’ve gotten off the ground.

Start by Appointing a Compliance Officer

Appointing one person on your team to be in charge of compliance is a great way to make absolutely sure you’ve dedicated the manpower to establishing compliance and staying on top of updates or changes.

It may be tempting to try to manage compliance yourself, but consider how much you’re already going to have on your plate with treating patients and running the practice.

By hiring a dedicated compliance officer, you’ll spread the workload more evenly and be certain no regulatory requirements are missed.

In addition to monitoring changes to laws and policies, here are some of the biggest responsibilities your compliance officer will be in charge of:

  • Assessing any existing office policies to determine a course of action for attaining compliance.
  • Creating and administering training programs for all staff members to ensure compliance is met.
  • Routinely reviewing the practice compliance plan and making and communicating any changes when need be.

If your budget doesn’t have room for an entire compliance role, you can also fold these responsibilities into the office manager duties. Alternatively, you could tie compliance to senior staff positions, which has the added benefit of creating a committee to work together on strategies and trainings.

Once a compliance officer has been hired or appointed, they should focus first on keeping up with the two regulations we’ll cover below in detail.

Key Regulation 1: The HIPAA Privacy Rule

The Health Insurance Portability and Accountability Act. This piece of legislation established the HIPAA Privacy Rule that all medical professionals are subject to.

When the HITECH Act passed in 2009, it established additional provisions to the HIPAA rule that were meant to account for the increased use of technology.

The HIPAA rule does three really important things:

  1. It defines Protected Health Information (PHI) as “’individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.”
  2. It explains exactly how and when PHI should be disclosed, including when the Privacy Rule permits and requires disclosure as well as when the subject of the PHI authorizes disclosure in writing.
  3. It outlines the steps to take after PHI has been wrongfully disclosed or violated as well as penalties for these violations, including fines of up to $1,500,000.

Here’s a breakdown of what to look out for with this regulation, and how compliance keeps you afloat:

Challenges of abiding by HIPAA: How your compliance officer can help:
It applies to all patient communication (even online reviews, emails, texts and social media). By auditing every place PHI exists within your practice and making sure best practices and trainings are in place to protect it.
Encrypting/securing data can be confusing. By ensuring your clinical documentation is all secure. If you’re still using paper methods for patient records, a compliance officer can research EHRs with security functions.
Staff may be vulnerable to phishing or other attacks from hackers. By creating and administering training sessions specifically for these kinds of malicious attacks to train your team on how to spot them and handle them.

Required reading for your compliance officer:

The U.S. Department of Health & Human Services has a comprehensive list of resources available on its website.

You can also read our “Best Practices for Avoiding HIPAA Violations” to learn more about maintaining compliance with this rule.

Key Regulation 2: MACRA Quality Payment Program

For practices that intend to accept Medicare payments, understanding the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) is crucial because it reimburses physicians based on the quality of care they provide.

MACRA aims to do this by creating a rigid grading system that will reward physicians who provide higher-value care. By some estimates, practices could see an increase of up to 9 percent in Medicare Part B base payments as well as even more lump sum payments in the coming years thanks to MACRA.

The MACRA Quality Payment Program lets practices select one of two tracks:

Track 1: Merit-Based Incentive Payment System (MIPS)

Under MIPS, practices are scored in four distinct categories:

  • Quality: Physicians must report on a minimum of six quality measures (such as treatment plans and outcomes). This category accounted for 60 percent of the final MIPS score in 2017.
  • Improvement Activities: Physicians must report on any activities they participate in aimed at improving the practice (such as ongoing care coordination and clinician and patient shared decision-making). This category accounted for 15 percent of the final MIPS score in 2017.
  • Advancing Care Information: Physicians must report on their use of certified EHR technology and practices related to the secure exchange of health information (such as interoperability functionality or direct messaging tools). This category accounted for 25 percent of the final MIPS score in 2017.
  • Cost: Physicians must report information related to cost of services (such as claims data and specialty treatments). This category accounted for 0 percent of the final MIPS score in 2017.

Track 2: The Advanced Alternative Payment Models for Your Practice

This track does not require practices to report on MIPS categories. Instead, physicians participate in initiatives that drive high-quality, coordinated and low-cost care to patients through one of nine Alternative Payment Models (APMs):

  • Bundled Payments for Care Improvement Advanced Model (BPCI Advanced)
  • Comprehensive ESRD Care (CEC) – Two-Sided Risk
  • Comprehensive Primary Care Plus (CPC+)
  • Medicare Accountable Care Organization (ACO) Track 1+ Model
  • Next Generation ACO Model
  • Shared Savings Program – Track 2
  • Shared Savings Program – Track 3
  • Comprehensive Care Model (OCM) – Two-Sided Risk
  • Comprehensive Care for Joint Replacement (CJR) Payment Model (Track 1-CEHRT)

Each APM is unique in its requirements, but they all share certain areas of focus such as care coordination, quality measures and improved patient/clinician relationships.

Below is an explanation of the ways in which a compliance officer solves the problems posed by MACRA:

Challenges of abiding by MACRA: How your compliance officer can help:
Deciding which track is right for your practice. By dedicating time to understand the differences between MIPS and APMs, and taking into account things like practice size, specialty, location etc.
Understanding exactly what information you need collect to report. By creating and teaching workflows for data collection and then creating the MACRA reports themselves.
Staying on top of any updates or changes to the reporting procedures. By periodically checking the Regulatory Agenda posted by the HHS to see if any updates are being made. They can also set up Google alerts and sign up for newsletters.

Required reading for your compliance officer:

Check out the Quality Payment Program website for all you need to know about MIPS and APMs as well as information on how you can register. The Physicians Advocacy Group also had a great resource for MACRA-related FAQs.

Also read our guide on MACRA and the Transition to Value-Based Care for a more detailed explanation of MACRA and steps to ensure your practice can accommodate the change.

Setting Up Your Compliance Officer for Success

Hopefully all this shows why you’re too busy to do this yourself, as well as how valuable a compliance officer can be. Whether you’re hiring a dedicated officer or adding those responsibilities to another position, you can check out our guide to writing medical job postings to learn more about how to hire the best medical staff.

To recap, here’s a helpful checklist to help your compliance officer get started:

what it feels like to open a new medical practice

If you’re looking for more tips on how to handle federal health regulations within your small practice, keep an eye out for the next piece in our business impact series where we’ll explore the specific effects of MACRA on new independent practices.

You may also like:

A Concierge Medicine Guide: Definition, Salary, and Set-Up Info

Ten Years of Technology: How the HITECH Act Influenced Physicians and EHR Adoption

MACRA and the Transition to Value-Based Care

Compare certified EHRs that make compliance easy