Spring Forward With 2024 Compliance Changes

Brian Williams, MHA, MBA
Cleaning cart in hospital in front of windows

It may seem a little early to do some spring cleaning, but not when it comes to compliance! It’s that time of the year to check your records for 2023 compliance deficiencies and set your organization up for success in 2024. The concept of “Springing in the New Year” starts with giving up those bad compliance habits that always put you behind and your organization at risk.

When you consider the potential financial consequences of non-compliance and the evolving regulatory environment, your organization has to understand and implement both federal and state laws. Common risks include billing, coding, sales, marketing, quality of care, patient incentives, and arrangements with physicians, other health care providers, vendors, and other potential sources or recipients of healthcare business referrals. 

Review Recent Compliance Changes

There is a major shift in compliance priorities toward addressing health inequities and improving access to quality healthcare services. The OIG is making major investments to systematically detect and prosecute fraud. And as JDSupra points out, the OIG’s increased resources for compliance education may signal heightened audit and enforcement initiatives in the future. We all should be a LOT more prepared! 

Listen to this podcast where my colleague, Hira Rashid, talks about anticipating policy changes.

New GCPG From OIG

The OIG published the General Compliance Program Guidance (GCPG) on November 23rd of 2023, in anticipation of a significant increase in compliance enforcement and changes in how they will provide guidance. Release of Industry-Specific Compliance Program Guidance (ICPG) is anticipated in 2024. In this guidance it’s clear the OIG expects healthcare organizations and suppliers to understand their role and responsibilities to fight fraud, waste, and abuse. They note the best way to identify risks is to follow the money.

2024 OSHA Compliance Changes

The Occupational Health and Safety Administration (OSHA) continues to focus on worker safety compliance in a post-pandemic era. Employers with as few as 100 employees are required to submit OSHA 300 Logs, which will identify unsafe working conditions that will be publicly reported. The rule is effective on January 1, 2024, and annual reporting is due March 2, 2024, through OSHA’s Injury Tracking Application (ITA). 

Employers are required to allow staff or their representatives to be involved in the identification of work hazards and accompany OSHA officials when inspecting for unsafe work conditions. OSHA intends on publishing trends and specific employer safety data.

Here are a few suggestions for compliance:

  • Make it easy to report work hazards
  • Create a safety committee with employee participation
  • Conduct quarterly Environment of Care inspections 

Expected 2024 HIPAA Changes

Several major changes to HIPAA Privacy Rule and 42 CFR Part 2 are being considered. The proposed changes could ease the restrictions on disclosures of PHI as well as strengthening patient rights to their own PHI. It is anticipated that the Office of Civil Rights (OCR) will continue their focus on right of access enforcement. The lines are also blurring between state consumer data privacy laws and HIPAA, which is making compliance increasingly complex.

New HD Compliance Regulations

New in 2023, all DEA-registered practitioners must complete eight hours of training in accordance with the DEA Medication Access and Training Expansion Act. If your practitioners have not yet completed this training, here’s a list of continuing education (CE) courses that are included in the MedTrainer course library at no extra charge. 

Also in 2023, USP <800> became an enforceable standard for organizations who compound or administer hazardous pharmaceuticals. USP <800> standards apply to all healthcare personnel who receive, prepare, administer, transport or otherwise come in contact with hazardous drugs and all the environments in which they are handled.

Download a toolkit with everything you need to know about USP <800> compliance.

Top 3 Compliance Program Elements To Review Annually

When you put into perspective the continual evolution of federal and state regulations, accreditation standards, high staff turnover, staff’s increasing responsibilities, and the real potential for financial consequences or survey deficiencies, it can be a bit overwhelming.  

When you’re evaluating 2024 compliance changes, here’s a look at what I think are the most important compliance tasks to complete at the beginning of every year. I’ve also included the question that you might get from a regulatory or accreditation surveyor. 

Remember: If it isn’t documented, it didn’t happen.

1. Documented Corporate Compliance Program

Question from surveyor: Does your organization have a Corporate Compliance Program and Code of Conduct that applies to owners, providers, and staff?

The updated OIG guidance provides recommendations that include seven elements which are used by prosecutors when evaluating civil and monetary fines associated with the Federal Anti-Kickback Statute, Physician Self-Referral laws, the False Claims Act,Criminal Health Care Fraud Statutes, and HIPAA Privacy and Security Rules. 

Written policies and procedures, compliance leadership and oversight, training and education, effective lines of communication with the compliance officer and disclosure programs, enforcing standards (including incentives and consequences), risk assessment, auditing and monitoring, and ultimately responding to detected offense and developing corrective action initiatives. 

2. Review Infection Control and Prevention Plan

Question from surveyor: Does the organization have an infection control and prevention plan and a qualified individual (staff or a contractor) who is responsible?

Evaluate your current infection control and prevention plan. Centers for Medicare and Medicaid Services (CMS) requires nursing homes and ambulatory surgery centers (ASCs) to have an individual who is qualified by experience and training to serve as an infection control preventionist. In the absence of a required infection preventionist, it is also best practice to review your infection control and prevention policies and strategy in this post-pandemic period.

image-infection-guide-cta

Take a deeper dive into infection control plans in this free ebook.

All staff with the potential for exposure to bloodborne pathogens must be provided training and then an annual refresher course. Staff with potential exposure must be offered the Hepatitis B vaccination. If you have offered the vaccine, but staff refuse to accept it, you must have a declination signed by the employee.

3. Maintain Monthly Exclusions Monitoring

Question from surveyor: Does the organization ensure that there are no excluded individuals or companies providing goods or services that are reimbursed through Medicare or Medicaid?

The risk to healthcare organizations allowing excluded providers to care for patients is very high. In the OIG’s 2023 semi-annual report to Congress, they shared that investigations resulted in expected recovery of $3.16 billion, along with 707 criminal actions taken against individuals, 746 civil actions, and 2,112 exclusions. 

It is critical to complete federal and state exclusions checks regularly — guidance says monthly. With automated exclusions monitoring tools, it is easier than ever to manage this process, so there’s really no excuse!