For some government programs, it is not acceptable to have only a compliance strategy; each practice must have a written plan as well. A good written plan can reduce the number of innocent mistakes and will go a long way toward audit avoidance.
And, if your practice ends up as the target of allegations, having an up-to-date compliance plan - and demonstrating how you followed it - can help your outcome tremendously. Here are some of the written plans you have to have in your office.
Patient Billing
State law requires physicians to have written billing policies that cover possible patient discounts for charity care and the uninsured, whether late payments will incur interest, and your billing complaint process and procedures. Details (PDF) are available on the TMA website along with a downloadable notice (PDF) you can print and post in your office as required.
HIPAA Privacy and Security
Required written privacy policies and procedures should provide guidance for practice staff who deal with protected health information (PHI) and have responsibility for privacy compliance. Required written security policies and procedures outline the administrative, physical, and technical safeguards your practice uses to protect electronic PHI. The document must explain how you assessed risks and decided on the specific security measures.
In addition, you must have a written notice of privacy practices for patients, a plain-language description of how you use, disclose, and protect patients' PHI, and patients' rights with respect to the information. TMA members can download a sample notice of privacy practices from the TMA website (log-in required).
Occupational Safety and Health Administration (OSHA)
The OSHA Bloodborne Pathogens standard requires a written exposure control plan (PDF), to be updated annually. This document lists job classifications in your practice in which staff have occupational exposure, the tasks and procedures they perform that result in their exposure, and how you are minimizing the risk and meeting all requirements of the standard.
OHSA also requires a written hazard communication program (PDF). It must indicate how you fulfill the requirements for labels for hazardous chemicals, safety data sheets, and employee information and training, and include a list of the hazardous chemicals in your office.
OSHA has samples of both (PDF) these written plans that you can customize. Or, you can use the OSHA Program Manual for Medical Facilities available in the TMA Education Center to develop your complete safety program.
Federal Health Plans
The Affordable Care Act says physicians must establish an antifraud compliance program, with specific core elements, as a condition of enrollment in Medicare or Medicaid. That means having a formal (written) process that addresses key factors in rules and regulations for billing, such as proper coding, medical necessity, appropriate documentation, and proper referral practices. The federal government has not yet issued an enforcement date for compliance plans for Medicare. State law requiring compliance plans for Medicaid took effect in 2012. TMA advises any practice that accepts payment from a government program to have a formal compliance plan (PDF) as risk protection.
In fact, good, standard practices mitigate risk in many areas. Medical practices have to follow many laws, not just those that require a written plan, like hiring and firing laws. The Texas Medical Liability Trust's Risk Management Guide for Physician Practices (PDF) says, "Risk management is an overall philosophy for the entire office."
The above written compliance plans don't all have to be separate documents on your shelf. A better approach is to incorporate them into you practice's policies and procedures manual to help your practice be both compliant and efficient in day-to-day operations.
TMA Can Help
- Browse through the TMA Education Center. You'll find webinars, publications, and books that delve into various aspects of compliance, some with sample written plans.
TMA Practice E-tips main page