Compliance & Risk Management
The focus on fraud and abuse by public and private payers has increased dramatically. Although fraud investigations are less likely to target physician practices than other parts of the health care industry, you are responsible for knowing and acting in accordance with federal and state laws and the contractual responsibilities and limitations of your practice. Educate yourself on the laws, regulations and issues related to medical fraud and abuse, and make sure you have a workable compliance program in place.
The Health Insurance Portability and Accountability Act (HIPAA) deals with the access and portability of care, and requires the establishment of national standards for the use and transmission of electronic health care information for optimal efficiency and security. HIPAA rules and regulations provide protection to patients but also allow the appropriate sharing of patients’ medical information by the necessary participants in the health care industry—physicians, hospitals, payers, clearinghouses, care facilities, etc.—in a secure, controlled and standardized framework. Learn more about HIPAA and how you can ensure your practice takes full advantage of HIPAA’s electronic transactions and code set requirements, as well as complies with its privacy and security requirements.
Identity theft occurs when specific personal information (names and addresses, Social Security or credit card numbers, etc.) is stolen and used to commit fraud or other crimes. Such theft is an all-too-common occurrence in our technological age. In a physician practice, you need to be concerned with your individual and business information, as well as the patient information with which you are entrusted. Understand the full risk posed to physician practices by identity theft, and how to protect your practice and patients.
Depending on your practice, there are a number of areas that raise particular compliance risks. Among those common to many physician practices include the rules established by:
- the Occupational Safety and Health Administration (OSHA);
- the Clinical Laboratory Improvement Act (CLIA);
- regulatory agencies responsible for specific medical equipment and devices, especially those involving radiation; and
- agencies charged with protecting employees, including the wage and hour requirements enforced by state and federal Departments of Labor.
Physician practices must understand what state and federal laws govern their activities, and establish mechanisms to maintain compliance with these laws as the physician practice and these requirements evolve.
Having a formalized, documented and ongoing compliance program in place at your physician practice will allow for early detection of any compliance issues, and show external auditors and investigators that your practice is operating with a goal of being compliant with all laws and regulations. Learn more about managing compliance in your practice.
An audit is an examination of records or financial accounts to check for accuracy. A goal of every medical practice should be to secure the correctness of its patients' accounts. Learn how the different types of audits (internal, external, retrospective, CMS RAC) can impact your practice and make sure your compliance program has prepared you adequately.