The word “compliance” can mean many things to a healthcare organization—there are numerous rules and regulations any given facility must follow. For example, organizations must be operationally compliant—meeting OSHA, HIPAA and EPA guidelines—as well as clinically and financially compliant, following CMS and Joint Commission standards. Additionally, there’s the impending ICD-10 changes and other business regulations to keep in mind.
Due to the multitude of diverse yet wide-spread requirements, staying compliant can be overwhelming, particularly for smaller facilities and medical practices with limited time and resources to spend.
What happens when compliance falls short
Given the scope of compliance requirements, the consequences of noncompliance can be severe, especially when it comes to operationally-focused OSHA, HIPAA and EPA regulations. For example, if an organization does not meet OSHA standards, it can put itself at risk for major fines, which for nongovernment healthcare facilities have ranged from $8,700 to $89,000. Even on the lower end of that range, this is a big financial issue for any practice—especially smaller ones.
Moreover, OSHA compliance lapses can lead to an unsafe environment, leaving workers prone to injury and exposure. Aside from the direct costs—such as an injured worker’s medical expenses and lost work time—there can be indirect costs associated with noncompliance, like staff dissatisfaction and poor employee retention. If an organization is consistently non-compliant, it can even negatively impact the facility’s reputation, thus affecting market share and patient loyalty, and ultimately its bottom line.
Failing to meet OSHA standards is not the only costly compliance misstep. Penalties for HIPAA violations can range from thousands to millions of dollars depending on the level of negligence. EPA fines for improper hazardous drug disposal can be substantial, as well. Across the board, falling short with these operational requirements can have significant direct and indirect financial ramifications, putting a practice’s viability at risk.
What’s holding organizations back
Despite the potential consequences, many healthcare organizations do not have a robust compliance program—especially for the standards from the agencies mentioned above. This is due in part to the fact that smaller organizations often believe that federal agencies like OSHA and the EPA will target larger facilities rather than smaller ones. While it is true that standards-generating bodies are not able to review every entity, there is no guarantee that a smaller facility will avoid an audit. What if the organization has an incident that triggers a review? What if a patient or staff member complains? What if a facility is chosen at random? In these cases, the organization will be held to the same standards as its larger counterparts. As such, facilities of all sizes cannot afford to be unprepared.
Even if a practice appreciates the need for consistent compliance, it still may struggle to reach this goal due to the sheer volume and complexity of the various requirements. For some, simply understanding the standards and how they apply may be hard enough, but implementing a program to dependably meet the regulations may seem impossible.
Healthcare organizations cannot achieve regular compliance if they approach the effort haphazardly. Instead, they must craft and implement an overarching and comprehensive strategy to ensure staff fully understand what has to be done and can reliably execute compliance measures. Although an organization’s tactics may vary based on the size and scope of its facility, here are three strategic components that every compliance program should include:
- Engaged leadership. To attain successful compliance, an organization must be committed to the process. This dedication has to start at the top. To foster commitment, leaders must do more than give lip service to compliance efforts and be willing to invest in technology and training to empower staff to recognize compliance issues, take necessary steps to correct them and consistently perform their duties. Leaders themselves should also participate in any education offerings so they can be aware of what’s necessary to remain compliant.
- A dedicated expert. Because of the magnitude of various rules and regulations, organizations should have someone, or a group of people, dedicated to compliance activities. Depending on the facility, this may be an internal or external resource. For example, small physician practices that may not have the bandwidth to hire full-time OSHA, HIPAA and EPA experts may want to seek an outside partner who is intimately familiar with the standards. Doing so can provide them with software tools, consulting services and training programs to bring staff up to speed and ensure compliance.
- Comprehensive training. Meeting federal regulations involves a number of different actions, including having the right policies in place, knowing when to use certain equipment, engaging in proper waste disposal and so on. Staff need to fully understand what their part is in compliance and how they can reliably fill that role. For this, organizations should have robust training in place, which may involve onsite classes, offsite meetings or online education. Smaller organizations can benefit from web-based solutions, as they allow staff to participate in training where and when it is convenient. Again, facilities may want to rely on outside resources for web-based products as these entities can guarantee that information is current, up-to-date and accurate.
Approaching compliance holistically
While achieving stable compliance may seem daunting, it does not have to be. By taking a strategic view and seeking the necessary resources, organizations can ensure they meet the applicable standards, avoid severe financial ramifications and keep staff, patients and visitors safe.
Richard Best is the Technical Director/Corporate Director of OSHA Compliance for Stericycle, Inc.