5 Takeaways from the HCCA 2021 Compliance Institute

Senior Director of Marketing

A year after the pandemic, the 25th Health Care Compliance Association (HCCA) Compliance Institute took place virtually this past week. As the healthcare industry adapts to the new normal, HCCA’s conference provides an opportunity for compliance professionals to learn about the latest developments and priorities from regulators. Last year changed the world and the workplace forever and healthcare compliance officers must find more ways to collaborate and strengthen their compliance programs in a new environment. 

The following represent my top takeaways from HCCA’s 2021 Compliance Institute.  

Modernizing Program Integrity and Compliance

The silver lining from the COVID-19 pandemic perhaps is the multitude of changes it accelerated across industries. “We’re making it easier for [healthcare compliance officers] to access and use information to support your work and improve compliance programs,” said Christi Grimm, Principal Deputy Inspector General, Office of the Inspector General (OIG), U.S. Department of Health & Human Services (HHS). Grimm shared how the OIG adopted new approaches during COVID-19 and are continuing to assess what worked well and what to keep after the pandemic. 

“We’re seeking feedback from healthcare stakeholders about how to modernize the types of integrity and compliance information OIG provides,” Grimm stated. One example is OIG’s List of Excluded Individuals and Entities (LEIE), which receives over 26 million visits annually. 

“As part of this new initiative, OIG is researching how to best adopt APIs and modernizing LEIE information to make it easier to access through compliance software and apps that use APIs to support new approaches to compliance,” Grimm explained. 

While the OIG recognizes the significance of telehealth, telefraud has emerged as a key concern during the pandemic with over $6 billion in alleged losses during 2020. “We believe in the value of telehealth, but it is critical to investigate situations where the services provided are medically unnecessary whether they are done in the traditional format or in a telehealth format,” said Gary Cantrell, Deputy Inspector General for Investigations, HHS-OIG. 

Fostering Collaboration for Improved Outcomes

One of the biggest changes from the pandemic is the emergence of integration and collaboration across silos. For organizations that work in silos, this time period has up-ended them during the crisis. “Everyone has to be all hands on deck and collaborate with how we deal with this pandemic,” said Janine M. Valdez, Vice President of Compliance at Genesis, during a conference learning session. “It has to be an endeavor of collaboration with operations and human resources. There’s a lot that compliance is involved now that we may not have been heavily involved in the past.”

In order to address the ongoing state and federal regulatory changes during the pandemic, healthcare organizations must focus on communication and collaboration. “Having a tight communication pathway between the clinical teams and compliance is key,” said Dr. George Diaz, Director of Antimicrobial Stewardship at Providence Regional Medical Center Everett, during a conference panel. “All of our regions and hospitals were represented so that we could generate clinical consensus to ensure our processes were compliant with both federal and local laws. Then we could send out communications to the frontline staff.”

But collaboration doesn’t have to end within your organization. Nora O’Brien, Chief Executive Officer at Connect Consulting Services, recommends to continue fostering relationships with healthcare coalition and community partners ahead of time, and not just during times of disaster. By taking a proactive approach, you can set your organization for success in the event of a crisis. 

Managing Risk in a Blended/Remote Workplace

The healthcare industry experienced nearly 600 data breaches in 2020, an increase of 55% from 2019, according to research from Bitglass. “Most healthcare organizations do not have robust security programs in place, which makes them vulnerable to cyber attacks,” stated Gui Cozzi, Cybersecurity Practice Lead at Dean Dorton, during a conference session. 

As healthcare organizations adopted remote work in response to the pandemic, security and privacy policies have traditionally been developed with the mindset of working inside a healthcare facility. Fifty-three percent of employees are using their personal laptops for work and 45% have not been provided with new guidance on how to handle personal identifiable information (PII) when working from home, according to a Morning Consult and IBM Security Work From Home Study.

In order to mitigate the increased risk of a remote workplace, Cozzi recommends the following steps:

  • Develop and update policies and procedures: Start with the Acceptable Use policy and include privacy concerns with having a home office. Ensure your Incident Response plan can be executed in a remote work environment.
  • Expand IT change management protocol: Ensure IT processes are revised to account for remote work and document them properly.
  • Implement safeguards for password protection: At a minimum, recommend multi-factor authorization (MFA) on all work from home systems, including email.
  • Reinforce email security measures: Consider email phishing protection, URL rewriting, and attachment detonation/sandbox when traditional measures such as a firewall don’t apply in a work from home environment.

Juggling the Opioid Epidemic During COVID-19

While the pandemic has catalyzed innovation in some instances, it has also exacerbated the opioid epidemic in an alarming way. After the onset of the COVID-19 pandemic, the United States saw an increase in fatal opioid-related deaths. The final CDC data for 2020 in the United States could exceed 90,000 overdose deaths, compared to 70,630 in 2019. This would not only be the highest annual number on record, but the largest single-year percentage increase in two decades. 

“Because elective surgeries were put on hold, it has contributed to people who were managing their pain before to turn to drugs,” explained Denise Hill, Associate Professor of Practice at Drake University, College of Law, Business & Public Administration. “COVID-19 made some start using drugs and alcohol. Calls to SAMHSA increased by 700% and fatal overdoses increased by 57%. These are just a few of the headlines we’ve seen.” 

Prevention of overdoses and addiction requires increased focus and attention. “Because substance abuse treatment programs were underfunded to start, our attention on COVID-19 last year means it wasn’t on opioid,” said Nancy Ruzicka, Owner of Ruzicka Healthcare Consulting. “Some of these other issues just got left by the wayside. They weren’t funded and we weren’t paying attention to them.” 

Ruzicka recommends the following steps to mitigate your organization’s risk during the new height of the opioid epidemic:

  • Garner leadership commitment: Leadership’s support is key to appropriate opioid management, appropriate investigations, and appropriate actions.
  • Collaborate with pharmacy staff: Identify potential drug trends and diversions and assess your organization’s level of risk.
  • Develop a risk response plan: Work with risk management staff to monitor and review the risk plan and protocols.

Supporting Diversity and Inclusion in Compliance

After the events that occurred over the past year, organizations are focusing on strengthening their diversity and inclusion workplace initiatives. Compliance and ethics professionals can play a key role in actively fostering a healthy work environment where all employees can thrive and succeed

“We’ve included a diversity and inclusion statement in our compliance code of conduct,” Veronica Xu, Chief Compliance Officer at Saber Healthcare Group, shared during a presentation. “We want [our team] to really see our organization’s commitment to diversity and inclusion. We collaborate with the HR team and other departments to promote that.”

During the closing keynote, Dr. Arin Reeves, Researcher, Author and Advisor on Leadership and Inclusion, discussed how inclusion doesn’t require compliance professionals to add time to their day. “Everything you are doing, you are either doing inclusively, or you are not,” Dr. Reeves explains. “You shouldn’t feel like you have to calendar inclusion. It’s about asking yourself: Everything you do, how can you do it more inclusively? You become a person that is constantly calibrating to be more inclusive.”

According to Dr. Reeves, there are six traits that support inclusive leadership: 

  • Cultural intelligence: Recognize that you need to work the other people work, not just the way you do.
  • Curiosity: Focus on maintaining a 2:1 ratio of questions to statements in conversations.
  • Cognizance: What you see after you get past your biases. The more curious you are, the more you land in cognizance.
  • Collaboration: Find ways to increase participation by everyone such as speaking in order instead of spontaneously and finding different ways to connect.
  • Commitment: Create accountability mechanisms to ensure inclusive leadership when external stressors affect cognitive load and processing.
  • Courage: Focus on tiny gains and find small ways to start doing things differently.

As we prepare for the new normal after the COVID-19 pandemic recedes, one thing is for certain: compliance officers must embrace change to succeed and safeguard their healthcare organizations into the future. Emerging trends like remote work and telehealth are here to stay, so it is important to adopt the necessary policies and procedures to help your organization thrive, mitigate risk, and support compliance in a rapidly changing environment.

Did you attend the HCCA 2021 Compliance Institute? What were your favorite takeaways? Let us know in the comments section below.