Healthcare organizations say they are spending a lot of money on compliance and related activities. According to PwC’s State of Compliance 2014 survey, close to one-third of healthcare provider respondents estimate their total annual budget at the corporate compliance function level adds up to $1 million or more.
More types of organizations now bear the costs of compliance responsibilities, as well. “State and federal healthcare regulatory activities look at spanning the entire continuum of care now,” said Nancy Markle, VP at healthcare management and consulting company The Camden Group.
While compliance regulations used to primarily affect hospitals, now physicians’ offices, post-acute care centers and other venues must also demonstrate they meet regulatory guidelines, from the meaningful use of electronic health records technology to HIPAA privacy standards to the security of physical facilities.
“Healthcare entities are pouring huge resources into compliance programs,” said Roy Snell, CEO of the Health Care Compliance Association, a member-based association for compliance professionals in the healthcare provider field. “Everyone is going all out to comply with the numerous, changing, and complex healthcare laws.” Snell thinks it’s a guessing game to try to put a specific number on the cost of compliance, though – and that you couldn’t even start without considering the benefits.
Organizations that have effective compliance and ethics programs attract and retain good staff, he says, and are more trusted by their communities and potential customers. “Good compliance and ethics programs have an impact on revenue that must be considered when you calculate cost,” Snell said. “Trusted companies get more revenue than companies that can’t be trusted.”
Mitigating compliance costs
Even so, it’s not surprising if hospitals and healthcare systems want to mitigate their compliance spend as much as possible, as well as reduce the odds of facing large penalties for being out of compliance. As the PwC report points out, among the increasing challenges hospitals face are reduced reimbursements, higher costs, and big technology upgrades and system implementations.
Indeed, technology upgrades may be undertaken to move off of legacy systems that are harder to protect and therefore could leave an organization and its IT systems more open to data security compliance risks or violations, said Will Hinde, senior director in business and technology consulting firm West Monroe Partners’ healthcare practice. “The need is there to encrypt data at rest and secure connections, and not doing so can result in multimillion dollar fines,” he said.
You have to connect the clinical people with the financial staff.
The path to lowering the costs of compliance starts with putting appropriate policies and procedures in place – and getting the right people at the table to make that happen. For example, in order to ensure that Medicare compliance requirements related to providing patient care meld with those that are related to ensuring appropriate payment, such as the move to ICD-10 codes, “you have to connect the clinical people with the financial staff,” said Catherine M. Boerner, president of compliance, privacy and security consulting firm Boerner Consultiing LLC, and formerly a board of director member of the Health Care Compliance Association. “The communication and connection between them becomes key, as does having the appropriate and specialized compliance training in place for those involved in operationally carrying out that compliance from both functions,” she said.
Ensure that training and education is regularly updated, too, said Markle, so that staff stays abreast of the policies and procedures they need to follow “as regulations seem to be ever-changing.” She also recommends that healthcare organizations put in place systematic, ongoing processes for proactive monitoring, such as regular internal audits. The third leg of the compliance stool is to create a culture of continuous quality improvement.
“Look at high-priority areas, establish those processes that adhere to compliance requirements, and decrease variations in practice,” she says. Organizations that have experienced fines or penalties, particularly those that were very large in nature and very high risk, and that embraced these three steps, tend to “develop early warning systems to avoid those types of non-compliance issues from happening again,” said Markle.
Snell also points out that healthcare organizations should keep in mind that they have been addressing compliance issues on their own “long before the enforcement community went all in on healthcare enforcement about 20 years ago. We had audit, legal, risk, education, etc. forever,” he says. But those expenses generally weren’t coordinated in a cost-effective way that avoids duplication of efforts. Healthcare organizations hired compliance officers and built compliance and ethics programs to solve these issues, and those that bring strong leadership and good judgment to the task add real value to the institution.
“An effective compliance officer can get great ROI out of the compliance and ethics budget,” said Snell.