Your Internet browser is outdated and cannot run this website. In order to view this site, and to protect your computer, please click to upgrade to a modern web browser of your choice:

Google Chrome or Mozilla Firefox

(Worry not– it's quick, safe and free, and you won't regret it!)

View Our Article in PDF

  • This field is for validation purposes and should be left unchanged.
Strategic Management ×
Share This:

Most have taken on responsibilities for HIPAA Privacy and Internal Audit

For many organizations, the Compliance Officer is a convenient party to take on additional duties as organizations tighten their budgets. This is a trend observed in the health care sector and conveyed by respondents in the soon to be released national healthcare “2019 Compliance Benchmark Survey” (Survey) conducted by Strategic Management and SAI Global. (Results from 2018 are available here.) In many cases, this assumption of duties is not accompanied with additional resources, placing a strain on the compliance office. Three quarters of Survey respondents reported that their Compliance Officer had assumed responsibility for HIPAA Privacy, and nearly one third had assumed responsibility for HIPAA Security. Nearly half of the respondents reported that Internal Audit was part of their compliance office, and over one third reported that risk management was a compliance office responsibility. About thirty percent of Survey respondents reported assumption of duties regarding other varied activities, such as revenue integrity, credentialing, and clinical oversight. Seventeen percent reported having their Compliance Officer assume the function of legal counsel. Organizations should take care when imposing new duties on their compliance officers that go beyond the traditional compliance duties, especially where there is a risk of undermining the compliance program. For example, one duty that should not be part of compliance is risk management. This clearly goes beyond the boundaries of corporate compliance and, in many cases, involves clinical issues outside the expertise of the compliance office.  Additionally, both the Department of Justice and the Department of Health and Human Services Office of Inspector General have made it clear that Compliance Officers should not be subordinate to or responsible for the legal counsel function of an organization.

Learn About Our Compliance Expert Services

Contact Us Today

The full “2019 Compliance Benchmark Survey” report will be available without charge at the upcoming HCCA conference in Boston at the Strategic Management Services Booth 420. 

Share This: