The healthcare regulatory landscape is becoming increasingly crowded, and dozens of agencies now oversee various aspects of an ASC's operations, resulting in an abundance of rules. Staying on top of regulations is important to ensure patient safety, information security as well as financial success.
"The hardest part isn't getting compliant, its staying compliant," said Mitchell Brie of Healthcare Compliance Network, a partner of health IT company MTBC, at the Becker's ASC 25th Annual Meeting: The Business and Operations of ASCs in Chicago on Oct. 18. "And the ones who aren't compliant are the ones who have to pay the money."
Mr. Brie discussed various compliance problem areas for ASCs, including HIPAA security rules and business associate agreements. It is essential for ASCs to have business associate agreements with every vendor that has access to the electronic personal health information of its patients. He suggested ASCs have a minimum of two compliance meetings per year as well as regular HIPAA training sessions. Additionally, ASCs must protect themselves against malware, phishing attacks and breaches.
"Healthcare is highly susceptible to phishing attacks and lags behind other industries in resiliency to phishing," said Mr. Brie. "You want to make sure, for those of you who are building a new ASC, that your IT security is strong and airtight."
Another ASC compliance problem Mr. Brie touched upon is the lack of a workplace violence program. The basic features of such a program include facility assessment, external threat assessment, panic alarms and response processes. Having group meetings to discuss the workplace violence program is important to help employees understand potential violence issues as well as the center's response. ASCs are also increasingly facing the issue of active shooters and must have a plan for these incidents as well, Mr. Brie said.
Mr. Brie also noted the seven elements of compliance:
- Implement a compliance plan
- Hire a compliance officer
- Educate everyone in the center
- Respond immediately to letters from oversight agencies
- Conduct regular security risk assessments/audits
- Communicate with your center to make sure everyone is working in a compliant manner
- Enforce a compliance plan