It is important to maintain governance and compliance for healthcare entities and medical practices in California.   The US Department of Health and Human Services recently reported cybersecurity breaches skyrocketed in 2021 to an all-time high affecting more than 45 million individual patients.  What are the primary risks for any medical practice or healthcare related business?

The primary risks are monetary exposure and damage to your brand and reputation and resulting monetary exposure.  When a patient’s information is exposed or your system suffers a breach it becomes a direct reflection on you as a professional as well as your practice.  The American Journal of Managed Care recently reported institutions which suffered a public data breach including:

• American Medical Collection Agency or AMCA – 25 million patients
• Dominion National – 2.96 million patients
• Inmediata – 1.5 million patients

The Journal further reported that the failure to maintain governance and compliance for healthcare entities and medical practices results in consequential damage to the reputation and brand of offending institutions and practices.  As a result, these entities must substantially increase their marketing budgets and develop public facing strategies to re-instill confidence in their patients and the community at large.  The result: an average increase more than 2/3 the existing budget.

Governance and compliance for healthcare entities requires a well-conceived and implemented legal strategy encompassing all corporate and employment related documentation backed by state-of-the-art internal IT systems and applications, and rigorous, systematic and consistent processes and practices to protect patient data on internal systems, as well as during patient interactions and on any printed forms, appointment summary or receipt information provided to the patient during their visit.

Clinical governance has gained the attention of most healthcare professionals over the past several years as Medicare increasingly ties reimbursement to the patient experience.  Clinical governance and compliance policies and procedures combine the protection of the patient’s personal information and medical data with the delivery of  excellence in every aspect of your organization’s service.

Pro Tip: “Broadly speaking, healthcare providers are supposed to provide efficient, honest, non fraudulent care for people’s health and all of the processes that go into making them able to do so. And bill for it. Bill, the federal government, bill private insurance is included. And there are several departments that oversee things like that. There’s your Department of Health and Human Services. There’s Department of Managed Healthcare that does private and public health, that has their guidelines and regulations. There’s compliance with HIPAA. There’s compliance with anti-kickback statutes, such as Stark Law.

The Department of Health and Human Services lists five areas of fraud and regulations that they claim are and they know are very important to them, and they enforce them. And those five areas are false claims, making false claims for healthcare. I saw one that actually went into criminal prosecution where in Orange County there was a healthcare provider that was providing services and charging it to Medicare and for years, and this guy never saw the patients, and that wasn’t enough. He had nurses and non nurses who just wore white coats seeing the patients, and then that wasn’t enough. So he had those same people bill for seeing the patients when even they didn’t see the patients by the time they put him in jail and he had amassed over $60 million in fraudulent charges that he collected. He was living the life and they got them, put them away. All those patients got terrible healthcare. And now bigger budgets are out there to go enforce these against honest doctors to make sure they cross every T and dot every I.

How is corporate governance and compliance different in a healthcare setting than it might be in a normal corporate environment?

Well, here in California there’s not as much regulation in a “normal” non-medical corporate environment. For example, I’m a licensed professional, a lawyer. I do have regulation too, but most of us are not told where they can get their customers from. Doctors and healthcare care providers are really told how to get their customers. They’re told on a state level, if you want to get these kind of clients, you better do it in certain ways. Otherwise you are going to be in trouble and you’ll be paying penalties and you’ll be subject to licensed hearings and fines and suspension of business and everything you can imagine. And then on the federal side, they have the stark laws, anti-kickback statutes there too. If you want to work for Medicare or any federal budget, you’ve got to comply with those as well, which say you cannot have any referral source unless it meets one of the exemptions under the statute. And when you form your company, you have to have that in mind, and you have your business model and your plan in healthcare, there’s a fourth coach, and there’s your lawyer banker, your accountant, and also a compliance coach or a manager or director that you can go to that is experienced in this as well.” – Dan Watkins, Founding Partner

The Watkins Firm has served the California medical business and healthcare industry for decades.  If maintaining crucial governance and compliance for healthcare entities in California and medical practices across our state is important to you, we invite you to review our podcast Episode 37 – Medical and Healthcare Business Corporate Compliance as well as the strong recommendations of our clients and contact the Watkins Firm or call 858-535-1511 for a complimentary consultation today.