Outsourcing Compliance, especially in a small hospital setting, may be the best way to be in compliance with required regulations and apply limited resources. Why do many healthcare organizations still not have a formal corporate compliance program, or do not have what would be considered an effective program? Lack of resources is often mentioned. Outsourcing compliance may be the answer. A corporate compliance program must address many issues, not just what is popularly discussed in the news media, such as HIPAA breaches. Outsourcing compliance, and providing privacy officer functions via a third party, may well work best for a smaller hospital.
Corporate Compliance Programs have been around now for over two decades. Guidance from the Health and Human Services Department Office of Inspector General for healthcare organizations on Corporate Compliance Programs implementation and maintenance continue to be freely available.
Outsourcing Compliance: benefits to a smaller healthcare organization
- An outside consultant is expected to be a subject matter expert, with experience in the area. And a consulting firm can bring the expertise of multiple staff members to bear on the wide range of compliance issues healthcare organizations face.
- An outside consultant can bring new perspectives to the operation and the ways in which the organization maintains compliance in key risk areas pertinent to healthcare organizations.
- An outside consultant can be a cost-effective solution, where the services of a full-time person are not necessary, given the scope of the organization’s services and its compliance program.
- In addition to a corporate compliance program, a qualified outside consultant can also provide services as the Privacy Officer for a small healthcare organization.
Although you can obtain the expertise of an experienced compliance officer through outsourcing compliance to a healthcare consulting firm, the legal responsibility and accountability for the effectiveness of the corporate compliance program always remains with the healthcare organization.
Outsourcing Compliance: checklist for a hospital
Use this checklist of five critical items, or questions to ask, in the initiation of outsourcing your compliance program:
- Make sure you reach agreement on a scope of services for the consultant. For instance, do you need first a comprehensive assessment of the existing program? Maybe you need – in addition – a complete HIPAA Risk Analyses?
- Are you starting from scratch, or is the current corporate compliance program dysfunctional and needs an overhaul?
- Are you in the midst of an investigation that may lead to actions taken by regulatory authorities? Do you need the expertise of a seasoned compliance officer to assist with the organization’s response to any ongoing investigation(s)? Does your legal team need assistance in coordinating investigation responses, internal or with regulatory entities?
- Will the compliance officer have extended responsibility for areas like setting up or maintaining an external hotline for receiving calls related to compliance or privacy?
- Will the compliance officer be responsible for employee or medical staff sanctions screening, or for other services such as physician contracting?
The Fox Group, LLC is providing compliance services to a number of hospitals and healthcare organizations. Experience and expertise is what counts. As this case study of a small rural hospital shows, successful outsourcingt compliance, even in a crisis situation, can turn into a sustainable and successful arrangement.