Compliance. It’s a fundamental requirement for all healthcare organizations on multiple levels. How much do hospitals spend to meet regulatory compliance? What are the implications for hospital cybersecurity? Can new IT innovations be used to improve healthcare compliance? Let’s dig into the latest studies and news articles to find answers to these questions.
“With the ever-changing threat and regulatory landscapes, it’s critical that organizations take a risk-based approach to protecting health data and other sensitive information.”
Healthcare Compliance and Cybersecurity
Compliance and security are two very important issues that are a top priority for healthcare providers considering the sensitive nature of patient data. Because rigid security measures are critical, healthcare compliance and security require regular review as well as updates as necessary.
As the technological age infiltrates every facet of business with the latest devices, the increased use of applications, platforms, and connected devices in the healthcare space will inevitably bring about more audits according to a recent article in the Data Center Journal. Doctor’s offices, pharmacies, hospitals, and other healthcare facilities are frequently under attack because of the sheer amount of data they hold.
In today’s cyber world, data is more valuable than nearly any other commodity. In fact, healthcare organizations comprised greater than 36 percent of reported data breaches in 2016, according to the 2017 SecurityMetrics Guide to HIPAA Compliance. Patient data continues to rise in value and synergistically, as does the amount of cybercrime.
Michael Parisi, vice president of assurance strategy and community development at HITRUST, was featured in a recent article from Becker’s Hospital Review about healthcare cybersecurity. Mr. Parisi stated:
“With the ever-changing threat and regulatory landscapes, it’s critical that organizations take a risk-based approach to protecting health data and other sensitive information. It’s a provocative conversation we’re having about putting [personal health information] in the cloud. [Data] has to be secure, private and compliant. That’s the foundation of trust. If it doesn’t start with security in mind, don’t do it.”
Time Spent by Providers on Regulatory Compliance
Annually, healthcare organizations and providers (hospitals, post-acute providers, and health systems) are dumping $39B on regulatory compliance through the use of administrative tasks. This statistic comes from the American Hospital Association (AHA) study, “Regulatory Overload: Assessing the Regulatory Burden on Health Systems, Hospitals and Post-acute Care Providers” released on the 25th of October 2017.
Findings of this study mirror what most healthcare professionals have been saying ever since the rollout of complex initiatives designed to achieve a value-based care system: all the extra compliance and regulations are time-consuming and take away from patient care. Such initiatives include the new Centers for Medicare and Medicaid Services (CMS) audits and reimbursement programs, like Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) and its Merit-based Incentive Payment System (MIPS).
[Read also: “How to Prepare for CMS Audits to Mitigate Risk”]
On the surface, the idea of providers being held at a higher level of accountability and receiving payment based on patient outcomes instead of the traditional “fee-for-service” model, appears altruistic and positive for patients. However, in reality, it may be taking time away from patients. In a statement made about this study and its findings, Rick Pollack, AHA president and CEO stated:
“There is growing frustration for those on the front lines providing care in a system that often forces them to spend more time pushing paper rather than treating patients. Too often, these regulatory requirements seem detached from good and efficient patient care. The regulatory burden is substantial and unsustainable, and reducing the administrative complexity of health care would allow providers to spend more time on patients, not paperwork.”
Key findings from the AHA study include:
- Federal regulation compliance costs an average-sized hospital $7.6 million per year, which amounts to $1,200 for each patient admitted.
- An average-sized hospital also commits 59 full-time equivalents to regulatory compliance. Of which, more than 25 percent are healthcare workers that would be providing care to patients otherwise.
Go to the executive summary (PDF) of this study to read all the findings and the recommendations from the AHA for the reducing the burden of regulatory compliance.
Behavioral Health Telemedicine Improves Compliance and Increases Revenue
Can compliance be improved through innovative services, such as healthcare telemedicine? Among other benefits, such as shortened wait times and increased revenue, one health system claims their behavioral health telemedicine program also improves compliance.
Healthcare IT News reports that intake and placement services are currently being provided by Community Health System’s “Access Center” to nine Tennessee hospitals with plans to deploy these services to 30 more facilities in three more states by the end of the first quarter in 2018. As stated in the article, “The provider has seen improved compliance with Joint Commission standards. By reducing boarding times, hospitals are closer to meeting the Joint Commission standard of boarding less than four hours.”