Face Challenges Confidently

4 Current Hospital Compliance Issues To Watch For

Monday, December 17th, 2018

There are many laws your hospital must follow, but the Stark and HIPAA laws are two of the most important. The key to compliance with these laws and their related regulations is rigorous, thorough procedures. It isn’t enough to simply write your procedures in a handbook. You also have to train your doctors, support staff, and employees to follow and respect them.

Caring for patients is your number one priority. But, you must emphasize to your team that hospital compliance is vital to staying out of trouble with the federal government. Violations of the Stark Law could result in exclusion from Medicare and Medicaid. Violating HIPAA could leave your staff, medical facility, and patients exposed. Staying compliant helps you take care of your patients as well as your practice and staff.

Tackling policy compliance

Drafting and complying with policies is one of the most tedious jobs in any industry. However, it is essential, especially for hospitals. Your hospital must update policies and ensure that all staff are trained and aware of all rules and laws. Your policies protect your patients, staff, doctors, and the hospital from errors and private data breaches.

You might be wondering how to drive participation from your staff and employees. Some of the most common reasons for not complying with policies include not having time, not understanding policies, or not knowing where the policies are.

A common technique is to hold competitions among departments. Make it engaging and rewarding to review and comply with policies often. For example, the first department to read and certify its understanding of, and compliance with, policies could receive a hosted lunch on behalf of the hospital.

Stark Law compliance

It is especially important to remain in compliance with the Stark Law. The Stark Law, which similar to the Anti-Kickback Statute, is a federal law with related regulations that prohibit healthcare providers from engaging in “self-referrals” for services paid by Medicare or Medicaid. “Self-referrals” can include referrals to any entity in which the doctor or their family member has a financial or equity interest.

A financial relationship includes any direct or indirect relationship, such as a series of corporate shell companies between the doctor and his family member. But there is one bright spot: retirement plans are excluded from the Stark Law. So, if your family member has a 401(k) that invests in a medical provider, you can still refer business to it.

If you are confused by Stark Law or where to begin updating your compliance standards and policies, an attorney can help.

Complying with HIPAA

HIPAA is a federal law that protects and secures patient information. It prohibits hospitals from using or disclosing patient information without the knowledge or consent of patients. It may sound easy to comply with, but many routine hospital functions are affected by HIPAA requirements.

A common issue with HIPAA compliance is lost or stolen mobile devices, for example. Your staff likely discusses and relays patient information over their phones or hospital-issued devices. If employees lose their phones, it may be a HIPAA violation. Your hospital should protect those mobile devices with anti-virus software, firewalls, and authentication procedures to restrict the unauthorized disclosure of patient information.

Patient files need to be properly stored and secured as well. Misfiling patient documents or improperly storing them on a device could result in a HIPAA violation. Your compliance officers should remain vigilant, especially with routine tasks like filing. Attorneys can help you stay compliant with HIPAA as well by seeing where your policies are outdated and advising you on new laws.

Issues to address in 2019

With changes and advancements in technology, the healthcare industry must prepare to stay compliant on many fronts. This includes information and security systems.

Intelligent technologies

Artificial intelligence, machine learning, the internet, and other technologies are moving into the healthcare industry. You have probably read the plethora of headlines of hospitals using sophisticated computers for patient data studies. Your hospital must be prepared to adopt these technologies to stay competitive and to ensure you’re providing the best possible care at the best prices. But, be wary of these new technologies. Make sure your compliance and attorneys establish standards for the collection and review of patient data by these programs.


In terms of data breaches and loss of private data, 2018 was no different than 2017, and 2019 is likely to be the same. Your hospital probably has already implemented cybersecurity policies. If you haven’t, that should be a priority in 2019. But this doesn’t reduce the risk of cyber breaches entirely. Your hospital could face thousands of attacks a day from hackers because you carry some of the most sensitive data about your patients. Your hospital should commit itself to investing in information experts who specialize in the intersection of medical devices, laws, and software for healthcare providers.

Get help with hospital compliance from Brown & Fortunato

Violations of HIPAA or Stark Law could result in your hospital losing access to Medicare and Medicaid. At Brown & Fortunato, P.C., our Health Law team is focused on helping to protect your practice from this outcome. For more information about how we can assist your hospital or about our practice areas, give us a call at (833) 228-6300 or contact us via email today.