With numerous regulations affecting the healthcare industry, maintaining compliance is a critical and important aspect to operating a successful practice. It is important for health care providers to understand all the legal and regulatory guidelines to remain compliant and reduce risks.
Physician practices maintain compliance efforts to protect their practice and reduce risk against legal consequences. All covered physician practices should review and revise HIPAA policies and procedures, understand the regulations of the antitrust and Stark laws, as well as the work plan of the Office of Inspector General as it relates to healthcare laws, privacy, and regulations for billing and collections.
This section on regulatory compliance is designed to equip rheumatology practices with the latest information and resources to operate a successful practice.
The Stark Law is three separate provisions that sets limitation and governs physician self-referral for Medicare and Medicaid patients. The Stark law only applies to “designated health services,” which include most ancillary services, such as clinical laboratory services, outpatient prescription drug services, and physical and occupational therapy and imaging services (e.g., MRI, CT, ultrasound). Many of the Stark exceptions require that whatever financial relationship exists reflects “fair market value.”
To ensure there is no violation of Stark, practices must evaluate any economic benefits they receive from entities to which they refer Medicare and Medicaid patients. It is important to verify whether they meet any of the almost 20 detailed and complicated “exceptions” described in the statute.
View the full outline of the Stark Law Guidelines, along with the exceptions and ramifications of the rule.
The rules of HIPAA are published by the Department of Health and Human Services (HHS) and enforced by the Centers for Medicare and Medicaid Services (CMS) and the Office of Civil Rights (OCR). The primary focus of the law was to ensure the portability of health insurance coverage for Americans changing jobs. It was also designed to protect the privacy and security of patient records and bring uniformity to claims processing.
All healthcare organizations are affected in some way by HIPAA. The entities that are affected include all health care providers, health plans, employers, public health authorities, hospitals, life insurers, clearinghouses, billing agencies, information systems vendors, and service organizations.
The three main rules of HIPAA are:
HIPAA calls for severe civil and criminal penalties for noncompliance, including:
Administrative Simplification in the Affordable Care Act
The Affordable Care Act (ACA) expanded the provisions in HIPAA to support administrative simplification. These new requirements include operating rules for the HIPAA-named standards, a standard for electronic funds transfer, and a national health plan identifier.
It is imperative for physician practices to maintain HIPAA compliance on a daily basis by conducting an organizational assessment and determining if there are any gaps that may exist. It is also important to assign a team or staff member to manage and coordinate HIPAA compliance within the practice by doing quarterly educational sessions as well as developing policies and procedures for the practice to ensure compliance.
View the complete requirements and standards of the privacy requirements of the HIPAA Regulations and Guidance >
With the ongoing focus of fighting healthcare fraud and abuse the Office of the Inspector General (OIG) has worked to help physician practices develop a compliance program in their organization. The compliance guidance is geared towards promoting adherence to the statues and regulations applicable to federal health programs to prevent and reduce improper conduct.
The OIG has indicated that the approach to a compliance plan in physician practices should be incremental and flexible when developing and implementing a compliance program. Physician practices should view compliance programs as a response to working towards compliance on a continued basis to identify issues within the practice and prevent problems from occurring in the future.
A compliance program also sends an important message to practice staff that while mistakes will occur, employees have an ethical duty to report erroneous or fraudulent conduct, so that it may be corrected.
Download the ACR Office Compliance Plan to help with developing a compliance program that best fits your practice’s organizational needs.
The OIG Work Plan is released each year and gives a summary of the new and ongoing reviews and activities that will be pursued with respect to HHS programs and operations during the current fiscal year and beyond.