Reviewing and Updating Your Corporate Compliance Plan

Articles / Publications

Reprinted with Permission from the Medical Association of the State of Alabama.

As 2018 winds down and 2019 kicks off, it is wise to review various aspects of your practice to ensure everything is up to date and continues to operate in compliance with applicable laws. One area of focus for such review is your corporate compliance plan.

Compliance plans are written policies and procedures, adopted by a healthcare provider, to assist in its day-to-day compliance with applicable laws and business policies. Healthcare providers who participate in a federal healthcare program are required to implement a corporate compliance plan.

A compliance plan that is drafted without further review, revision, or implementation carries the same effect as having no compliance plan at all. Thus, to be effective and beneficial, all compliance plans should be periodically reviewed and revised to address changes in the law, operational changes, and past experiences.

As you revise your corporate compliance plan consider the following:

  • The Office of Inspector General ("OIG") has published guidance on effective compliance plans for many types of healthcare providers, including physician practices. While the OIG allows flexibility in developing a compliance plan, this guidance provides a good insight into the various areas and topics that might be included in an effective compliance plan. The OIG compliance plan guidance can be accessed here.
  • A main component of a corporate compliance plan is the written policies and procedures that set forth the day-to-day compliance expectations of the provider. Among other things, the policies should include a review of the applicable laws and regulations (e.g., Stark, Anti-Kickback, False Claims Act, Civil Monetary Penalties, etc.), what is expected in terms of complying with such laws, the consequences of noncompliance, and ways to report non-compliance.
  • Compliance plans should address the risks that are associated with a particular practice. Risk Areas that are common to physician practices include coding and billing, medically necessary services, proper documentation, record retention, fraud and abuse concerns, and conflicts of interest.
  • Compliance plans should address monitoring and auditing processes that detect compliance violations and ways to respond to such violations. Among other things, there should be a mechanism for reporting compliance plan violations, investigating such reports, correcting compliance plan violations, and imposing disciplinary action.
  • An effective compliance plan should include a training component, pursuant to which employees and contractors are periodically educated and trained on the various elements of the plan. Training should occur both when an employee or contractor is hired and periodically thereafter (e.g., every year or every six months). Many providers have found monthly "reminders", whether at a staff meeting or via e-mail distribution, to be effective.
  • The corporate compliance plan should be made available to all employees and contractors to which it applies. If your compliance plan is lengthy, you may want to consider also having a summary available that hits the main points of the plan.
  • Any revisions you make to the compliance plan as a result of your review should be formally adopted by the practice's Board of Directors or similar Governing Body. Employees and contractors should be promptly updated on any revisions.

Download the article, "Reviewing and Updating Your Corporate Compliance Plan" written by Kelli C. Fleming.

 

Burr
Jump to Page

Contact Us

About Burr & Forman Cybersecurity & Data Privacy Law

Burr & Forman's experienced team helps clients navigate the complex cybersecurity and data privacy landscape with strategies designed to assess current risks, develop a corrective action plan, implement best practices, and provide immediate and appropriate responses to a cybersecurity breach.

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.


Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.