What It Takes to Be a Compliance Officer
A Compliance Officer (CO) is a workforce member or outside person that takes on the role and responsibility of implementing and managing the Compliance program for your facility. There are many nuances to this role and depending on the size of your practice, this may be one or more people. The role can encompass the development, implementation, training, enforcement, and maintenance of the program. Ideally, your office would have a separate individual to take on the role of HIPAA Official and/or Privacy/Security Officers.
Anyone Can Be Assigned as CO/Official
Certain personality qualities and capabilities make it easier for an individual to deliver the successful execution of compliance responsibilities. Methodical attention to detail is one of the most important attributes necessary to stay on top of compliance-related issues. For that reason, the treating provider may not be the best person to carry out this role – s/he is simply too busy. In most practices, the Compliance Officer (CO) is an existing employee who assumes the role. In a very small, one doctor/one CA practice, it’s pretty easy to decide who gets the job. Often, in these situations, the provider may choose to outsource the role to an external expert such as KMC University; other times, a billing team member or the Office Manager assumes this important position in the day-to-day operations of a compliant and efficient office.
I Don’t Have Time
The responsibilities assigned to the office CO are important, but, if handled wisely, the role does not require a significant investment in time. The position is usually scaled to the size of your practice, but in a typical chiropractic practice with an established routine, the day-to-day functions of a CO will demand 12-36 hours per year once the program is up and running. The initial set-up of the program requires a larger investment in time from everyone on the team. Once the compliance aspects are in place and current, we advise that an annual compliance calendar be established with compliance activities spread out over the year. We recommend that you allow 1-2 hours a month for these additional duties.
But I’m Not Trained
Obviously, it’s best not to throw a brand-new employee into this role. OIG compliance consists of attention to documentation, coding, billing and patient financial matters. We strongly recommend that practices work with a certified specialist when implementing these programs. The KMC University Library contains training that will help an individual be successful in these positions, but in the most productive practices, the individual(s) work with our specialists to job-share compliance roles. This may mean more personal training that allows the employee(s) to eventually take over completely or out-source a consultant role to KMCU to assist the employee(s) until s/he is established. There are also national certification programs such as Certified Professional Compliance Officer (CPCO) or Medical Compliance Specialist (MCS-P) that individuals may pursue before taking on compliance roles. Currently, certification is not a requirement for Compliance Officers; however, in the case of HIPPA security compliance, it is in the best interest of your clinic for the CO to understand the inner workings of information technology and its role in compliance security.
A Day in the Life of a CO
The Compliance Officer is responsible for the administration, evaluation and continued development of the Compliance Program to ensure adherence to applicable state and federal laws, statutes, and regulations. An overview of the job duties is discussed below.
A Compliance Officer:
- Oversees and/or develops and implements the policies and procedures necessary for the clinic/staff to adhere to applicable state and federal laws, statutes, and regulations.
- Compiles a monthly report for the Clinic Director and/or Executive Team (as directed) on all Compliance Program activities.
- Creates and maintains a system for auditing policies and procedures and measuring their effectiveness; periodically audits patient charts for breaches of confidentiality.
- Creates and enforces incident procedures to address breaches; determines appropriate disciplinary action for staff members who fail to comply with policies and procedures.
- Coordinates, conducts, and facilitates audit functions to identify inappropriate conduct or behavior. Provides education and materials as needed to supplement corrective actions.
- Investigates, responds to, documents, and takes corrective action for all incidents.
- Continually revises policies and procedures to reflect all changes in state and federal laws, statutes, and regulations.
- Annually reviews all policies and procedures to reflect operational structural changes and other regulatory changes as necessary.
- Investigates all alleged compliance complaints and recommends and implements corrective actions if necessary; monitors results to ensure prompt resolution.
The role of the Compliance Officer is an important one, for certain, but it does not have to be an overwhelming one. A Chief Compliance Officer may oversee others, such as a HIPAA Compliance Officer or a Privacy/Security Officer. Although the HIPAA Compliance Officer and the Privacy/Security Officer roles are different from that of an OIG Compliance Officer, it is in the best interest of the office for the CO to have knowledge of the HIPAA program, guidelines and regulations as well.
Don’t worry. If you’ve just been assigned this role and are not sure where to begin, we’ve got you! KMC University boasts the largest team of certified compliance specialists under one roof in the entire profession. Let us help!