By Peter J. Cass, OD,
and Joe DeLoach, OD, FAAO
Oct. 24, 2018
HIPAA, and other regulations, can impact patient privacy, and safety, and the practice’s legal security.
Here’s how our practices stay in compliance with all laws, including our use of a new tool that we helped develop, and the advice we have given companies we consult with on reaching full compliance.
What’s “Compliance” Anyway?
That is an excellent question because the only compliance area most optometrists think about is HIPAA. But compliance in optometry encompasses four separate areas:
b. Hazard (OSHA, CLIA, CDC)
c. Human Resources
d. Fraud & Abuse
Other Articles to Explore
What’s at Stake Financially for the Practice?
The penalties are severe. Minimum HIPAA violations can cost $10,000, but average fines are around $250,000. OSHA fines can be severe, including civil and criminal charges. Penalties can also result in providers being removed from Medicare provider panels as well as VSP, EyeMed and Spectera provider panels.
Unfortunately, practices are 10 times more likely to be fined for a compliance violation than to face a malpractice claim. This increased dramatically over the past few years after the federal government gave states permission to investigate and collect fines.
Possibly the most important thing for doctors to remember regarding all compliance areas is that 90 percent of all complaints come from whistle blowers–unhappy patients, unhappy former employees or individuals trained by the government to secretly investigate doctors’ practices.
The Small Steps to Take
Compliance in all areas usually involves four steps:
a. Management training (doctors and office managers)
b. Office assessment
c. Creation of office policies and manuals (as well as supporting documents)
d. Staff education (formal training with documentation)
Trying to do all this on your own would take months of committed work. Partnering with compliance consultants is the only way to get this done.
The Big Steps
The most important parts of HIPAA compliance are:
b. Conduct a Security Risk Assessment and comply with all security standards
c. Train your staff (and document that training)
d. Post a Notice of Privacy Practice
e. Get all patients to sign an Acknowledgment of Privacy Practices
f. Sign Business Associate Agreements (BAAs) with appropriate parties
Editor’s Note: You can also use this HIPAA reference guide from the federal government as a tool to help you reach full compliance.
Completing these steps can minimize the risk of heavy fines and legal trouble.
Tools that Can Help You
New apps make it easier for doctors to reach full regulatory compliance. Owners need to know they have legal obligations to provide compliance for their business, and employed doctors and staff need to know they have personal liability for following these laws, whether their employer provides for practice compliance or not.
HIPAA and all other compliance laws change regularly, so it can be nearly impossible to keep up with on your own.
Apps can simply the process. We had a hand in creating the Practice Compliance Solutions (PCS) app, which automates the process of compliance for offices. Doctors review training materials, answer guided questions, and the app creates all the required documents to facilitate compliance. The app even has training modules that can be presented to, or watched individually, by support staff. Click HERE to watch a video about the PCS app.
There are other apps that aid compliance from companies like Compliancy Group, which also offer cloud-based app compliance.
The PCS App has a one-time setup fee of $600, and costs $99 per year for continual updates and maintenance.
While not a requirement of HIPAA, many local IT companies will offer to do on-site analysis of computer and network safety, which, although not a complete risk assessment, can be a valuable tool as part of a complete security risk analysis.
Joe DeLoach, OD, FAAO, is a partner with PlanoEye Associates in Plano, Texas.