Health care providers operate in one of the most highly regulated industries in terms of compliance and governmental oversight. As a result, providers face a number of regulatory and compliance challenges each year. Below are my top three challenges that health care providers will face in 2020:
Cyber-Attacks and Cyber-Security—Not to anyone’s surprise, we are continuing to see a rise in the number of cyber-attacks against healthcare entities due to a variety of factors. Attackers are getting smarter and more persistent, employees are getting more comfortable working with electronic information (which sometimes makes them more relaxed and susceptible to oversights), records maintained within the healthcare industry are valuable due to the vast amount of information contained therein, and providers typically maintain several electronic systems containing patient information (EMR, billing, practice management, e-mail) all of which are susceptible to attack. Implementing policies and procedures designed to mitigate the risk of an attack, and training employees on such practices is instrumental as we continue to see the number of attacks on the rise. Further, putting in place and implementing a plan in the event of an attack is not something that providers can continue to overlook. Among other things, providers need a plan for stopping the attack, backing up the data, mitigating the harm, and notifying those who have been affected. With regard to notification, providers must not only be familiar with the laws of the state in which they are located, but also the state in which the patients reside. We are now seeing a number of state data privacy and security laws attempting to impose obligations on entities located outside of the state who maintain information on residents living within the state.
Fraud and Abuse Oversight and Activity—We continue to see a lot of activity in the fraud and abuse area in terms of governmental investigations, qui tam suits, criminal indictments, suspension of payments, and revocation and exclusion of providers. In light of such activity and the recently released guidance on effective corporate compliance programs, maintaining an effective compliance program will be a top priority for 2020. Review your compliance program to ensure it is consistent with the recently released guidance. Make sure your Compliance Officer is providing internal oversight and direction, training employees, and making compliance efforts a top priority within the organization. In addition, have a plan for when the government comes knocking and relay such plan to the appropriate individuals within the organization.
Regulatory Changes—The Department of Health and Human Services recently released proposed changes to the Anti-Kickback Statute and the Stark Law. While we do not yet know which portions of the proposed changes will be implemented in final rule-making, there will be changes and those changes will more than likely come in 2020. Providers should review the proposed changes and start thinking about what relationships, if any, will be impacted by the proposed changes. Getting up to speed on the changes and ensuring that existing relationships are compliant will be a priority in 2020.