Compliance ProgramAll employees need to be familiar with the concept of the compliance program. They should know who the compliance officer is, where to find the compliance officer, how to contact the compliance officer and should feel comfortable bringing compliance questions and concerns to first their supervisor and second, the compliance officer. Whatever the structure of your program, ensure that employees are familiar with the compliance office, staff and policies and procedures.
Many compliance officers include an overview of the 7 Elements of an Effective Compliance program during annual training and new employee orientation. This provides a good framework for discussing the compliance program and the responsibility of employees. The 7 Elements include:
Written standards of conduct and policies and procedures
Designation of a chief compliance officer, staff and compliance committee
Compliance education and training
Anonymous compliance hotline and open-door policy
System of response and enforcement/ disciplinary action
Auditing and monitoring
Investigation and remediation of identified issues/ sanctions
Fraud, Waste and Abuse
With the implementation of the Deficit Reduction Act of 2005 and annual training requirements for Medicare Advantage and Prescription Drug Plans to provide fraud, waste and abuse training, most compliance training programs now provide this information. Typically, the information provides is way over the top. Fraud case examples are a good way to illustrate the issues and penalties that ensue.
Stark, Anti-kickback, False Claims, EMTALA
For the general audience, the basics on the Stark Law, Anti-kickback Statute, False Claims and EMTALA should be presented. As with Fraud, Waste and Abuse training, it's best to use case examples to illustrate how the laws should be followed and any consequences of noncompliance. Employees should understand the policies and procedures surrounding false claims and whistleblower protection.
HIPAA Privacy
All employees, contractors, students and volunteers should be trainined on HIPAA Privacy and confidentiality. This audience needs to understand how to keep information confidential and following the "need to know" principle for accessing and disclosing protected health information (PHI). Employees should understand their responsibility and also the rights of the patient under HIPAA.
HIPAA Security
As with HIPAA Privacy training, HIPAA Security training should be conducted annually, with ongoing reminders throughout the year. The HIPAA security rule includes four "addressable" topics that should be included in training content for all employees:
Periodic security updates
Procedures for guarding against, detecting, and reporting malicious software
Procedures for monitoring log-in attempts and reporting discrepancies
Procedures for creating, changing, and safeguarding passwords
(AHIMA. "HIPAA Privacy and Security Training (Updated)." (Updated November 2010))
Specific Training
Billing and Reimbursement Topics
Coding
Hot Topics and Regulatory Changes
Recovery Audit Contractors
OCR Audits