We're In This Together

We climb the second rung of the ROPE (Rule Overload Prevention and Elimination) Ladder by teaching our operational systems — and the “Rules” that shape our systems — to our personnel. We have previously identified eight methods that can help convey knowledge, motivation and enthusiasm during the teaching process. Two final training suggestions focus on accountability at both ends of the corporate ladder.

In a healthy organizational culture of compliance, personnel realize that company leadership is ready and willing to help them comply with law, policy and procedure. But there must be clear expectations of compliance, and unambiguous consequences for failures, whether inadvertent, negligent, or intentional. There must be discussions of the company's compliance expectations, with tactful references to other employee policies on topics like progressive discipline.

Employees should be taught to properly respect — not fear — the consequences of non-compliance, but they must appreciate the reality of enforcement. Sometimes the reality is sobering, as with fraud investigations or substantial reimbursement investigations. Other times the reality is more benign, as with HIPAA enforcement.

While staff should be reassured that HHS is not planning any sweeps, dragnets or witch-hunts, they must understand that a complaint by a patient or other affected person can result in serious consequences for both the organization and the employee.

Even more important, personnel must be taught to comply with your policies and procedures simply because they are your policies and procedures — not because the law says so, not because government penalties may follow — but because the policies and procedures were created for good reasons, and because it is better to address policy flaws through official channels than to ignore the policies altogether. Remember our central premise: Teach your compliant internal policies; don't teach the Rules.

When you discuss enforcement issues, include updated enforcement statistics and anecdotes. This will enable your employees to imagine themselves in the place of those who become subjects of enforcement actions, and thus ponder the inherent danger of a casual attitude toward HIPAA compliance.

Finally, remember at all times to integrate enforcement discussions with your own internal needs for compliance. The key is to require compliance because “that's how we do it,” — for reasons that include profitability, efficiency, inventory control, record keeping or anything else — as well as compliance with the Rules.