Building an Effective Compliance PlanHIPAA Exams
Having an effective compliance plan in place is crucial to meeting the requirements of every HIPAA law and regulations There are a number of steps involved in the development of the plan, starting with having a designated compliance officer, or committee to make sure all key requirements are met. The compliance team or officer should be certified by the AAPC or Health Care Compliance Association so that your organization can confidently move forward in the development and implementation of the plan.
Components of an Effective Compliance Plan
Every effective plan has a number of key components involved that must be carried out by the compliance officer or committee:
- Performance of a Baseline Assessment
- Drafting of formal compliance program documents.
- Review of all relevant documentation and coordination of an organization-wide audit.
- Review of all current areas of noncompliance.
- Distribution of documentation compiled for compliance plan.
After the plan has been developed, what does the compliance officer or committee do?
After the initial coordination and distribution of the plan, the compliance officer or committee must review and update the plan on a consistent basis to ensure all employees are well trained and internal protocols of the plan are sufficiently carried out. Any changes must be immediately disseminated to the entire organization.
Additional compliance responsibilities:
- Development, coordination and training of all employees and members of the organization. The initial training must be comprehensive and cover the entire corporate compliance plan.
- Performing audits of the training records to be maintained by the organization.
- Reviewing all independent contractor agreements to ensure compliance is being met and all laws are followed.
- Coordination and screening of all employees, independent contractors and other agents of the organization, doing thorough checks to make sure all contractors are operating within their scope and guidelines. Every effort must be made to check with the U.S. Government Accountability Office and cumulative sanction report to make sure no contractors or agents are debarred.
- Conducting audits both internally and externally to make sure all compliance efforts are strictly adhered to. Every department within the organization must be examined, including all administrative areas and laboratories that are regulated under HIPAA and OSHA guidelines. This includes the coordination, training and auditing of all compliance manuals.
- Development of policies and programs when noncompliance issues need to be reported. A reporting system must be in place that all employees and agents are aware of to notify the compliance officer or team when noncompliance issues are brought to light.
- Coordination of any investigations that highlight deficiencies in the current reporting system or any deficiencies that are identified through period assessments of the plan and internal compliance.
- Coordination of any actions taken to correct noncompliance issues that have been identified.
- Maintaining all necessary files related to the compliance plan. Every component must be documented, in addition to all training schedules, a listing of all employees who have been trained, reports of screenings, reports of noncompliance, investigations and corrective actions.
- Report to the board of directors on the progression of the initial implementation of the plan.
- Develop a working budget to accommodate all training needs and compliance duties.
Reviewing these steps, selecting a compliance officer and/or team, and periodic assessments will assist in the development of a thorough and comprehensive plan for present and future compliance.