Every healthcare professional knows about the consequences of compliance issues in healthcare. The role of healthcare compliance officers is to ensure internal policies and external laws and regulations are met by all personnel. These leaders create programs for training employees, reinforce a culture of compliance and stay alert to new trends and regulations.

Explore three key issues healthcare compliance officers should be monitoring in the coming calendar year.

1. Ransomware

Healthcare organizations rely on data and digital connectivity to operate. Malicious cyberattacks featuring ransomware — a software-based attack that locks access to a system or database until a ransom is paid — can put patient care at risk while compromising patient privacy.

According to The State of Ransomware in Healthcare 2022 survey from security firm Sophos,  66% of healthcare organizations were hit by ransomware in 2021, up from 34% in 2020. The report also found that the average cost for a healthcare organization to remediate the impact of a ransomware attack was $1.85 million in 2021, the second-highest average cost across all sectors.

Human error is one of the top risk factors for cybersecurity breaches. According to the 2022 Verizon Data Breach Investigations Report, 82% of cybersecurity breaches tracked over a 12-month period were due to human error, which itself is 2.5 times more likely than malicious behaviors.

Compliance officers should ensure they have clear cybersecurity policies, including for mitigation after an incident, and that employees have regular training regarding cyberthreats. The Sophos report revealed that 52% of healthcare organizations with cyber insurance have increased staff training and education activities.

Compliance officers can also work with IT to create compliance programs that emphasize password management, sound decision-making and how to report suspicious activity. This training should include real-life examples of risk factors.

2. Telemedicine

Telemedicine spiked in the early months of the COVID-19 pandemic and continues to be a viable, reliable alternative for many patients.

A KFF-Epic Research analysis of March to August 2021 found that 8% of outpatient visits were conducted via telehealth. That is significant since, before COVID-19, telehealth outpatient visits as a percentage of outpatient visits were a rounding error.

When COVID-19 was declared a national health emergency in March 2020, the Centers for Medicare & Medicaid Services relaxed many compliance rules regarding telemedicine to improve access to rural healthcare facilities.

While the federal health emergency is expected to continue into the spring of 2023, compliance officers should prioritize incorporating telemedicine processes into their organization’s policies and procedures. These policies include telemedicine billing, licensing requirements, financial relationships between telemedicine providers and other medical providers, and documentation of medical necessities for telemedicine treatment.

3. Unsecured Data

More than 19 million records were compromised in healthcare data breaches during the first half of 2022, according to healthcare cybersecurity firm Fortified Health Security. Unauthorized access and disclosure accounted for 15% of those breaches.

While data compliance and data security are sometimes used interchangeably, they are not the same thing. A healthcare provider’s data system can be compliant without being secure, especially with the increase of hybrid and remote workers.

A compliant system keeps patient data private, and a secure system prevents data from being hacked. Compliance officers should work with IT security officers to ensure that their organization’s data system has both qualities. Keep in mind that assessments of compliance and security must be done separately.

Compliance officers are responsible for enforcing the Health Insurance Portability and Accountability Act (HIPAA), a federal regulation that protects sensitive patient health information from being released without the patient’s consent or knowledge.

Compliance officers should oversee HIPAA training for employees, with an emphasis on the risks of sharing unauthorized patient information through mobile devices and social media. HIPAA regulations exist to safeguard patient privacy, and the penalties for violations can be costly for employees and facilities.

Preparing for the Future

The COVID-19 pandemic changed the landscape of the healthcare industry, and that impact continues to affect decision-making and strategy, including in compliance.

Compliance officers must stay true to their mission of protecting patient health information in order to solve compliance issues in healthcare for 2023. Focusing on ransomware, telemedicine and data security and privacy can give them a head start and allow them to pivot to confront unforeseen threats.