Path Forward Blog
Balancing the Urgent AND the Important
Compliance during COVID-19: 5 Must-Dos
During a crisis it can be hard to stay focused on both the urgent and the important. The new normal includes telehealth, work-from-home, redesigned processes, and new threats to privacy and security. Compliance officers get it: the compliance to-do list is important, but everyone’s focus is on urgent.
As you prepare to expand or re-open your practice, your priorities will change along with new opportunities and threats.
Your compliance team can help you prioritize and manage your regulatory and contractual to-do lists. Recent allowances have been temporary and limited in scope, such as the HIPAA guidance on telehealth vendors, and we expect enforcement to resume at some point. The pandemic has reminded us that nothing stays the same for long, and that important can turn to urgent in an instant.
As a compliance officer and compliance advisor, I work with our internal team and with healthcare practice clients to help prioritize obligations and to balance operational improvements with financial realities.
Many healthcare practices are feeling nervous financially. We don’t know how or when practices will be able to safely resume seeing the volume of patients they saw pre-quarantine. Your to-do list starts with items that most directly impact the bottom line.
5 Ways to Protect Your Healthcare Practice
- Update your business continuity and disaster recovery plans. Heavyweight champ Mike Tyson famously said, “everyone has a plan until they get punched in the mouth.” No matter how good your plans were before Covid-19, chances are that things haven’t gone as planned. Update your plan with what you learned. What went well? What were the unexpected challenges? For example, prevention is much less expensive than remediation, so make sure your plan includes security patches are up to date.
- Revisit your monitoring and auditing standards. In a crisis it’s easy to overlook your regular checks and balances, even something as routine as reviewing your bank statements. Keeping an eye on your billing and collections is critical. So is making sure you continue to meet payor and regulatory standards, whether it’s commercial insurance, state filings, or Medicare. Your compliance team can help you prioritize and perform your internal controls.
- Update your policies and procedures. Many practices didn’t have formal standards for teleworking or telehealth sessions before Covid-19. Maybe your information systems usage policy doesn’t prohibit unsecured wireless networks, or maybe your annual risk assessment didn’t include employees working at home. Standards that made sense before the pandemic will still need to be reviewed. Again, use what you learned over the past few months. It’s not as exciting as remote surgery, but updating your policies and procedures should still be part of your plan to come back stronger. Many policies need revisiting considering a more robust work-from-home and telehealth arrangement for physicians and staff.
- Catch up on due diligence for new vendors. Have you added a new telehealth vendor, or did you outsource billing or printing services? If you didn’t have time for due diligence then, now’s the time to get it done. HHS’ April 2nd notification about public health authorities and providers’ business associates is not a blanket suspension of rules on vendors. CMS has not suspended its rules on first-tier, downstream, and related entities.
- Don’t sleep on (or during) HIPAA and compliance training. HHS has not addressed mandatory compliance training in its Covid-19 guidance. We have to assume that training deadlines haven’t changed. If you added new staff during the past few months, the clock is ticking for HIPAA and CMS training. Don’t forget that insurers and states may require additional training, too.
Anticipate the Next 3 Steps
While it’s not clear yet whether recent changes to compliance requirements are going to become permanent, it’s important to prepare for them as though they will. Enforcement of security measures will adapt to technology, and we know telehealth is here to stay in one capacity or another. Temporary HIPAA allowances for disclosures about Covid-19 will spur discussions on information about other threats to public health.
Investing time now to evaluate your compliance plan will pay dividends and keep the important from becoming urgent. If you need guidance, please reach out to me. We offer free compliance consultations to help healthcare practices sort out what needs to be done to #comebackstronger.