To say 2020 has been a challenging year for healthcare organizations would be quite an understatement! Yet, for the most part, healthcare organizations throughout the country have handled these challenges impressively well, as demonstrated in their commitment to ensuring a safe and compliant environment for their employees and patients. For some organizations, throughout this COVID-19 pandemic, the added challenge of distinguishing what they are expected to comply with has only added to their challenges.
For example, recently, the U.S. Department of Labor's Occupational Safety and Health Administration (OSHA) announced coronavirus violations for 85 establishments resulting in proposed penalties totaling $1,222,156. The violations came despite enforcement discretion that OSHA announced in April because the discretion is based on an employer's good faith efforts during the COVID-19 pandemic. The majority of organizations cited by OSHA were in the healthcare industry and failing to do things such as:
- Implementing a written respiratory protection program;
- Providing a medical evaluation, respirator fit test, training on the proper use of a respirator and personal protective equipment;
- Reporting an injury, illness, or fatality;
- Recording an injury or illness on OSHA recordkeeping forms; and
- Complying the General Duty Clause of the Occupational Safety and Health Act of 1970
For most of these organizations, it appears they did not understand their obligations, including what was expected to be complied with.
A Culture of Compliance
A "culture of compliance" is a phrase often heard in the healthcare industry, but what does that mean? It starts with an effective compliance program. Successful compliance programs will detail the organization's commitment to ethical behavior. It starts from the top down for healthcare organizations, applying to all employees regardless of their position. Compliance must be embedded in everyone's daily interactions inside the organization; thus, creating a culture of compliance.
At a minimum, an effective compliance program consists of the following seven elements:
- Written policies and procedures, and standards of conduct that are implemented, updated, and enforceable. Just saying, "We have a policy, but it's not documented anywhere." is not enough.
- A compliance officer and compliance committee must be established and should have the tools and resources available to ensure a culture of compliance is embedded throughout the organization.
- Training and education must be effective. In other words, it contributes to the success and culture of compliance within the organization.
- Effective lines of communication are developed and work in practice. Meaning, if an employee has a concern they need to address, there are methods in place they can do so without fear of retaliation.
- Conducting internal monitoring and auditing. Ongoing monitoring of your organization's compliance activities and periodic audits are important, especially for identifying deficiencies or areas for improvement; thus, contributing to a culture of compliance within the organization.
- Enforcing standards through well-publicized disciplinary guidelines. Consequences for non-compliance must be communicated, applied consistently, and enforced. All employees, regardless of their roles and responsibilities, must understand their obligations.
- Responding promptly to detected offenses and undertaking corrective action. Mechanisms should be in place to identify and track compliance issues so they can be responded to and corrected promptly. Doing so is vital to maintaining an effective compliance
Maintain a Culture of Compliance
Maintaining a culture of compliance during uncertain times starts with having an effective compliance program in place. All employees must understand their roles and responsibilities and that they are an integral part of establishing a successful culture of compliance within the organization. An organization's "good faith efforts" must be documented, so there is proof in the event of an inspection or audit. During uncertain times having a structured compliance program that contributes to the organization's culture of compliance is important. And as the Office of Inspector General has said, "just because your competitor is doing something doesn't mean you can or should." In other words, make sure you are documenting, implementing, monitoring, and periodically auditing your compliance activities and updating them as needed.
About the Author
Chad joined Healthcare Compliance Pros (HCP) in 2014 as the Director of Compliance. Chad's seasoned background includes over 20 years of combined experience in healthcare, information technology, and compliance consulting services. Chad is primarily involved in consulting with healthcare clients about their HIPAA and HIPAA HITECH-related issues, including breach determination, breach mitigation, and corporate OIG and CMS compliance.
Chad is involved in several on-site client audits and helps successfully implement HIPAA regulatory requirements to protect healthcare organizations from serious fines related to audits and breaches. Through his national experience in remediating regulatory issues, Chad possesses a broad knowledge of U.S. state and federal agencies and provides in-depth regulatory support and assistance for all clients.
In addition to working directly with clients related to all compliance matters, Chad is also the main contributor to HCP's weekly healthcare forum, where he shares his expert knowledge related to industry topics, trending compliance news, and new regulatory requirements. Chad is a published author with several advocacy groups, including MGMA, AAOE, RBMA, AOA, PAHCOM, and HBMA.
Chad holds undergraduate degrees in the areas of Medical Specialties and Healthcare Administration, and a master's degree in Healthcare Informatics.