Remain Compliant During COVID-19

May 5, 2020

During these unprecedented times, it is more important than ever that your organization has a plan in place to remain vigilant about compliance. This can however, look different for organizations of varying size. Let’s take a look at what is happening and what it means for you.

The New Compliance Norm

Whereas changes in the healthcare industry have historically moved at glacial speed, multiple changes are now being made very quickly because of COVID-19. A primary focus of these changes are regulatory requirements, some of which may only be temporary. Communicating regularly with compliance and risk departments to ensure they are fully prepared and that they respond quickly to these changes is imperative. Keeping up with regulatory changes could mean the difference between your business sinking or swimming once the tide has turned on this global pandemic. Be as nimble as the rapid changes occurring.

For smaller organizations without their own compliance and risk departments – or in-house legal counsel – they should consider bringing someone in quickly, or contract with a company experienced in handling the types of changes occurring. Even if a smaller agency was able to easily stay on top of compliance pre-pandemic, the rules have literally changed. Hiring or contracting outside professionals to put these changes into perspective for their organization will be the key to their successfully riding out this storm while keeping abreast of compliance modifications.

Each healthcare organization will need to modify their tracking, analysis, and reporting processes in order to keep current with these constant changes while using caution to ensure all regulatory requirements are being met. Tracking and reporting is different now; handling these modifications competently can affect whether your claims get paid. Using caution so that risk and compliance departments – or those charged with those specialized tasks – understand what the modifications mean to the letter of the law is imperative as they will ultimately be responsible for any discrepancies.

Although some of the changes are temporary, there may be some that remain in place. Documentation is key to ensuring your actions are well established and proven. How changes will impact each department depends greatly on how nimbly and quickly each modification is addressed, since the changes themselves are often occurring daily.

Acute Compliance Rules

In light of the COVID-19 pandemic; compliance considerations include emergency protocols an organization should be following. These encompass regularly reviewing and updating ethics policies and protocols for resource allocation. A robust tracking system for costs and expenditures related to disaster response for agencies using FEMA assistance is needed. Because care is not only happening in hospitals – it’s happening in hotels, parking lots, ships, and hastily erected temporary facilities – patients may not be covered under their current insurance, so ensuring reimbursement will still be given means adherence to the new, ever-changing rules is important. Implementing a Marshall Plan process for requesting funds for temporary structures, leasing properties, and obtaining supplies will help align with the protocols for managing COVID-19 compliance modifications.

Proper training needs to be in place and emergency operating centers (EOCs) like those mentioned are just one of many factors involved. Reviewing, revising, and implementing Substance Use Disorder (SUD) confidentiality and disclosure policies to meet Cares Act amendments is also key.

With temporary waivers like the Emergency Medical Treatment and Labor Act (EMTALA), there exists a process for relocating hospital patients to offsite locations for screening purposes. Once a disaster protocol has been instituted, the organization needs workflows in place to track time frames in order to meet the requirements for the short term waiver of HIPAA penalties. Certain sharing of protected health information outside of privacy rule requirements are only applicable to areas in a public health emergency if that hospital has implemented disaster protocol – and only 72 hours after the protocol has been implemented. A complete review of your ethics policies on resource allocation is warranted and revisions may be necessary.

With more and more physicians turning to virtual care, it is important to remember that all of the waivers and regulatory changes are tied specifically to the COVID-19 pandemic and are only temporary. At this time a HIPAA compliant telehealth solution may be required. It should be noted that there is already an expanded use of telehealth in hospice, rural areas, and Federal Qualified Health Centers. Although virtual health visits have been around for many years, some penalties have been eliminated because of our current extraordinary circumstances. The rules have been expanded to allow hospitals to utilize virtual visits, though there continue to be strict protocols to follow. For example, providers require their own room to perform telehealth appointments. They cannot just state that they complied in this way, they must prove it.

As part of the revenue cycle and reimbursement process, agencies must add COVID-19-specific telehealth codes into their practice management and ERP systems so proper billing and coding procedures are in place. A portion of the Marshall Plan funding will cover provider costs for delivering COVID care for the uninsured, which will bill at the Medicare rate, but only if there is adequate proof. If a robust tracking system isn’t in place, organizations may be responsible to pay back paid claims for procedures submitted for payment. Now is the time to institute a strong and discrete tracking system for costs and expenditures related to disaster response. Because hefty fines and penalties – as well as audits – are a consequence of not adhering to regulations, agencies not adapting to rapidly changing requirements will find themselves in dangerous territory. This is yet another reason extensive documentation is necessary. Be prepared to corroborate any process your agency has made in disaster response mode.


Since the sharing of information has changed significantly in the past 30 days, ensuring everything is done correctly – every step is recorded, every visit adheres to HIPAA, every charge coded appropriately – is central to every step an organization takes. From scheduling appointments, to seeing patients – virtually or in person, at a hospital or makeshift structure – to billing and beyond, prepare to validate that your organization is meeting all waiver and modification requirements. You must document and prove you followed regulations; you may need to defend your organization’s response if audited. These compliance modifications should be looked at daily. Regulations need constant monitoring because information is always evolving. Fully vet all changes through your organization’s legal counsel and send them through the risk and compliance departments or through those contracted to handle disaster protocols.

Looking toward the future, be aware that you may need to not only review your disaster response protocols, it may be necessary to revise them completely. Creating a detailed body of evidence for documentation should always be a part of an healthcare organization’s compliance protocol, but doing so during a disaster such as the current pandemic should be prioritized. John Lynch & Associates created a checklist containing what you need to know in order to successfully navigate COVID-19 compliance today and tomorrow. Download Now

Company Information
(623) 980-8018

PO Box 12372 Glendale, AZ 85318

Contact Us
Subscribe to Receive Update

Join hundreds of industry leaders and get our perspective on critical issues healthcare organizations face in a demanding environment, delivered to your inbox.

    Maintaining your trust is important to us. Your email address will always remain confidential.