How should COVID-19 affect your compliance program progress? Do we keep going? Halt? Or is the answer somewhere in between?
COVID-19 has had had varying effects on provider compliance and/or HIPAA programs. Some programs are progressing as usual. Some programs are progressing, but at a slower place – understandably, as it is hard to keep up with the federal guidance related to the pandemic. And for some providers, COVID-19 has brought compliance and HIPAA to a standstill.
Have reasonable expectations.
Responding to this pandemic might be the most important thing your organization does. Which means it might be the most important thing you do (professionally). Chances are, it has already affected your job. Whether you are working remotely (not an easy task), or trying to stay safe on-site, you are likely getting pulled into new tasks as the COVID-19 response is first priority.
All of you are likely spending considerable amounts of time – time previously spent on compliance tasks – reading, interpreting, and implementing an abundance of federal guidance related to COVID-19. CMS, the OIG, the OCR, the DOJ, and CISA have all issued multiple pieces of information about steps providers should take during the pandemic. Keeping up with this guidance can be a full-time job – when it is already challenging to keep up a full-time job with stay-at-home orders, school closures, and slow internet speeds. Just remember that review of the COVID guidance is a compliance task.
In this context, keeping up your normal compliance progress is likely very challenging. I am daily reminded of advice I received from a judge during my judicial clerkship many years ago: “All you can do is the best you can.” The “best we can” means that, given these constraints on our time, most of us will need to adjust our compliance goals and schedule. And that’s OK.
COVID-19 likely affects your compliance risk areas – or shifts their priority levels What’s high priority now? This will vary by organization, but here are some areas to consider focusing on:
- EMTALA for hospitals. CMS has issued guidance advising hospitals with emergency departments on how to handle emergency room patients who do or could have COVID-19. CMS has also issued limited waivers that apply to EMTALA, and where screening may occur. Compliance should be familiar with this guidance and make sure emergency room personnel, staff fielding inquiries from the public and communicating with the media, and others are aware of updated EMTALA parameters during the pandemic.
- HIPAA risks specific to COVID-19: For example, telehealth privacy and security; defending against cyber-scams preying on increased remote access; communicating with public health, media and the others; and social media use by employees. Compliance plays a crucial role in HIPAA compliance during COVID-19.
- Compliance risks applicable to telehealth (in addition to HIPAA). CMS has issued considerable guidance about telehealth, including the 1135 waiver. For example, this guidance allows providers to reduce or waive telehealth cost-sharing. Compliance has a key role in interpreting the telehealth guidance and developing a program that adheres to CMS guidelines.
- Infection control. Quality assurance is a component of a compliance program. As it relates to COVID-19, infection control is a significant risk on two fronts, preventing the spread of COVID-19 to non-infected patients and protecting employees. For post-acute care providers that don’t have COVID-19 in their buildings, infection control includes preventing the introduction of COVID-19 to the resident population.
Don’t stop everything.
While compliance likely looks different during this pandemic, it should not stop. Compliance has a significant role to play in responding to the pandemic – and your organization will need a strong compliance program when the pandemic ends.
Things to focus on:
- Board communication. Your board (and CEO and other leaders) is responsible for your organization’s success during an unprecedented time. They are more likely to succeed if compliance continues to provide them with essential information about compliance risks and guidance relevant to COVID-19.
- Listening. Compliance should help employees do their jobs in a complicated regulatory environment. Compliance should make working at your organization easier. How can compliance help your staff now? Think about all of your departments and varying levels of staff. What new information do they need to do their jobs during the pandemic? How can compliance help get that information to staff in the easiest way possible?
- Training. While administrative requirements such as routine annual training might seem to be a lower priority, skipping training obligations is risky. Options to use e-learning are exploding. Take advantage of them. And be creative: training does not have to be an in-service to be effective. Use the technology you have available to keep a highly qualified, educated staff during the pandemic.
- SNFs: Remember that compliance and ethics programs are now required by law, and that surveys will resume. Be ready for that survey. Work on your compliance risk assessment when you can. It might take you longer to do it – but do it.
This too shall pass.
And when it does, you will not want to rebuild your compliance culture from scratch. Your employees will probably be incredibly taxed by this pandemic. When things get back to normal (or at least a new normal), your organization will do better if an underlying culture of compliance and support is there. This means keeping up education and communication to the maximum extent possible.
The original posting can be seen at: http://www.healthcareperformance.com/blog/what-do-we-do-about-compliance-now