Maintaining a healthcare compliance program can be challenging for compliance officers as they guide their organizations through an increasingly complex landscape, but developing partnerships can help.

“Getting other departments involved is the best way to ensure compliance becomes part of the culture of the organization,” says David Sims, Managing Partner at Security First IT, an IT security and support firm that specializes in healthcare.

To successfully navigate federal patient-privacy laws and protect against cyber attacks and data breaches, compliance officers will need to think strategically and work closely with other stakeholders. Here are some ways healthcare compliance officers can partner across departments to strengthen their compliance programs.

Start with Planning

Sims, who is the founder of an organization that trains IT companies on how to address HIPAA compliance and who co-hosts the “Help Me With HIPAA” podcast, says the planning phases for response plans, disaster-recovery plans and business-continuity plans are excellent times to incorporate multiple stakeholders within your organization.

“During the planning phases, it is crucial to have the involvement of other departments so that you can understand how an incident will affect that department and what measures are available to mitigate and respond,” he says.

Sims says incorporating other departments into the planning process helps move the function from a compliance officer responsibility to an organizational responsibility. “The biggest threat to an organization is often its people,” he says. “However, people can also be your front line of defense. The key is consistent training and involvement.”

Jennifer Shimek, KPMG’s Advisory Principal for Risk Consulting in Healthcare and Life Sciences, says developing partnerships and relationships across departments is more than just a good idea — it’s necessary if you expect your compliance program to be successful.

“As one of the most highly regulated and complex sectors of the economy, a healthcare organization’s compliance function needs to collaborate across the business,” she says. “Healthcare organizations not only provide direct patient care, process complex claims across commercial or governmental payers, protect patient information, but also serve as an employer to many, all of which the compliance function touches. Compliance has a direct impact on finance, corporate internal audit, clinical care, privacy, HR, legal and technology, as well as board-reporting responsibilities.”

See Something, Say Something

Sims says that another way to build relationships across departments is to institute a successful "See Something, Say Something" program whereby employees and department heads are empowered to bring compliance failures to the attention of the compliance officer without fear.

“This ability to find issues early and address them is crucial to ensuring security and privacy violations are squashed before they become major issues or even headline news,” he says.

The ultimate goal for this type of program, he says, should be protecting your patients. He says compliance officers can do much more and have greater success when they include other departments, empower them with responsibility and hold them accountable.

Cooperation in Credentialing

Diane Meldi, President of the National Association Medical Staff Services (NAMSS), says the healthcare industry is changing rapidly and these changes will continue to have far-reaching implications for all healthcare professionals, specifically the medical services profession that plays a leading role in compliance via credentialing of physicians and other medical practitioners.

To navigate this changing landscape, Meldi says, medical services professionals will need to form closer working relationships with all stakeholders who interact with practitioners as they are entering the system, including the credentialing committee, medical staff leadership, C-suite leadership, quality and risk management, legal counsel, provider enrollment, onboarding, information technology and health plans.

“Through partnering and collaborating with these different departments, MSPs will be successful in achieving and sustaining effective credentialing and privileging practices as the gatekeepers of patient safety, and ensure it is a priority for all departments in their organizations,” she says.