Accurate financial reporting is important, and your accounting practice should be consistent. Accounting reports must be prepared in accordance with recognized accounting standards.
Licensure & Human Resource Matters
Ensure that both the practice and each professional (e.g., physician, nurse, nurse practitioner) have maintained all required licenses, accreditations, certifications and other requirements. Review your employee handbook and current employment and independent contractor agreements to ensure they are up to date and that there have not been any changes in law that would affect the validity of any contract provision. For example, if your employment agreement includes a restrictive covenant, such as a noncompetition clause, it’s possible that state law may have changed regarding the enforceability of such a provision since the contract was signed.
Data Privacy & Security
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations are intended to protect the privacy and security of patients’ protected health information. Ensure your practice has implemented (and enforces) internal policies and procedures to comply with the HIPAA Privacy, Security and Breach Notification Rules. The HIPAA Privacy Rule provides limitations and conditions on the use and disclosure of patients’ protected health information. The HIPAA Security Rule requires implementation of administrative, physical and technical safeguards and certain other organizational requirements to protect the confidentiality and security of electronic protected health information. The HIPAA Breach Notification Rule outlines the requirements pertaining to responding to breaches of patient protected health information.
As part of your internal review, you should ensure that your workforce has been properly trained in HIPAA compliance and that such training is documented in writing. A great deal of focus is placed on HIPAA compliance, and it’s important to remain cognizant of state privacy and confidentiality laws, as well as data security laws, that may affect your practice. You need to comply with all relevant state laws, not only for those states in which you have a physical location, but also states where patients may reside, because those state laws may apply as well.
Conclusion
Conducting regular internal compliance checkups could make the difference between a successful government audit, a lucrative business transaction and/or avoiding civil and criminal penalties for violations of law.
Steven M. Harris, Esq., is a nationally recognized healthcare attorney and a member of the law firm McDonald Hopkins LLC. Contact him via e-mail at [email protected].