Healthcare companies invest significant resources into compliance training because it is imperative to stay on top of the evolving landscape of regulations and laws affecting healthcare companies.
Compliance in the news
Unless the ethics or regulatory violations stem from top-down instructions, no C-suite executives expect to see their company in the headlines for fraud, HIPAA violations or unlicensed practice.
Olympus Medical Systems found themselves in the spotlight for a failure to file adverse reports regarding bacterial infections and will pay a hefty $85 million fine as a result. Recently, a New York audiology practice, Oviatt Hearing and Balance LLC, settled a claim for over $566,000 after being charged with using unlicensed employees to provide services such as audiology exams, and then billing Medicare as if the services had been performed by licensed professionals.
No patient wants their private medical information compromised. In 2017, Aetna was in the news for revealing 12,000 members’ HIV status through visible envelope windows. While the fine has not yet been released, it will likely correspond to the severity of the breach.
A Top Offender: HIPAA Violations
One of the biggest reasons for companies to invest in quality training programs, such as a Master of Jurisprudence (M.J.) in Healthcare Compliance, is to protect against HIPAA violations. The Office for Civil Rights now investigates all “reported breaches involving the protected health information of 500 or more individuals” and will prioritize which smaller breaches to investigate, according to a recent article published by Healthcare IT News.
All organizations worry about protecting patient health information. Some HIPAA breaches are accidental privacy violations such as a failure to properly encrypt a personal mobile device used for accessing patient records during rounds or accidentally emailing health information to the wrong recipient. Others are malicious attacks including phishing emails, ransomware attacks, or employee data theft. According to a report published by Beazley Breach Insights in October 2017, unintended disclosures accounted for 41% of all data breaches in the healthcare sector, whereas hacks and malware accounted for 19% of data breaches in healthcare.
It is not enough for organizations to just worry about protecting patient health information. They must ensure that their staff knows the latest practices in regulatory compliance and that the policies and systems in place conform to those regulations.
HIPAA requires organizations to maintain compliance plans which, among other requirements, include staff training. Compliance plans and the training requirements may also include regulations from the Occupational Safety and Health Administration (OSHA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and the Office of Inspector General.
A well-trained compliance officer protects both the healthcare organization and the patients they serve. Compliance is a complex and ever-changing aspect of healthcare that presents challenges to those providing care. Without adequate training, both intended and accidental data breaches will continue to occur.
Training Programs and Degree Options
Some companies and positions will require a Healthcare Compliance Certification and/or a Healthcare Privacy Certification, which can be obtained through such organizations as Advancing the Business of Healthcare or the Compliance Certification Board. In addition, the Health Care Compliance Association offers national conferences, webinars and compliance “academies” on a variety of related topics. Finally, there are degree-granting programs dedicated to healthcare compliance.
The online M.J. in Healthcare Compliance offered by Stetson University College of Law, for example, has semester-long courses dedicated to Risk Management, HIPAA, Fraud, and Abuse, among others. The master’s program is ideal for healthcare professionals seeking advancement in the industry or for those who have found themselves in a compliance role but lack the depth needed as the organization’s subject matter expert. The courses dig into tax and antitrust laws, EMTALA, kickbacks, false claims and even teach students the fundamentals of Contract Law. The online program, while rigorous, offers flexibility that a brick-and-mortar program does not. Working professionals can complete their assignments throughout the week when it is convenient for them.
It is imperative that healthcare organizations invest in continuous, mandatory compliance training for staff, and develop and enforce policies that protect patient health data, prevent fraud and prevent other ethical and regulatory violations.