With data privacy laws being proposed and enforced worldwide, it’s no surprise that many healthcare organizations are revisiting their internal compliance guidelines. A lot has changed since President Bill Clinton signed HIPAA into law in 1996, and compliance officers and their teams have complex legal waters to navigate.

According to SAI Global’s 2019 Healthcare Compliance Benchmark Report, the bulk of a contemporary healthcare compliance officer’s responsibilities — 67.5% — concerns HIPAA privacy and security. With data privacy concerns on the rise, what changes should healthcare organizations expect to encounter in practicing compliance? Are there tools out there to make compliance easier?

Change doesn’t have to be paralyzing. Here are some steps that your healthcare organization can take to prepare for compliance as we approach the start of a new decade.

Educate Through Onboarding

For many companies, onboarding consists of nothing more than classroom-style presentations and signatures stating that new hires were present and listened. But that’s a huge missed opportunity says Max Aulakh, CEO of Ignyte Assurance Platform. “A lot of data breaches are accidental,” Aulakh says. “Security training can prevent these breaches, and that should be emphasized upfront.”

Training during onboarding can be used to offset other compliance concerns, such as insurance compliance. “Insurance carriers are scrutinizing reimbursement more intensely — and in some cases that leads to recouped payments,” says Veda Collmer, Chief Compliance Officer at WebPT. “Moving forward, providers will have to understand policy coverage as well as documentation expectations.”

These are technical exercises that can be initiated during onboarding and carried throughout an employee’s tenure through seminars and online training.

Seek Out New Technology

Most health systems are using outdated, legacy technology for compliance management. These older systems handle fall risks, OSHA and other more traditional concerns, but they aren’t equipped to handle the data privacy concerns of contemporary compliance, Aulakh says.

“Data privacy concerns are an internet-scale problem,” he says. “Modern healthcare requires a compliance management system that can gather all the data points, manage the incident workflow and do a thorough job of meeting the intent of compliance.”

Technology is critical for all aspects of healthcare compliance, Collmer says. “Healthcare IT will continue to play a big role as more organizations move to certified electronic health records,” she says, noting that certifications for healthcare IT practitioners may increase costs but are worth getting to minimize risk.

Keep Council On-Hand

Healthcare compliance can be a lot to handle. The best way to maintain compliance is by hiring a compliance officer with a legal background. “Ideally the compliance officer is an attorney, allowing them to comprehend very complicated regulations and statutes as well as how different laws interact with each other,” Collmer says.

An attorney can look ahead and anticipate some legal changes. “Being proactive reduces the risk of enforcement action, preserves the provider's reputation and — most importantly — ensures quality patient care,” Collmer says.

As healthcare continues to evolve, it’s critical for healthcare organizations to stay on top of compliance concerns. Combining training, technology and knowledgeable consultants can prevent compliance problems and produce a culture of patient safety.