Physical Therapy Compliance Checklist

The following are identified by HHS OCR as elements of an effective compliance program

Getting Started

1. Have you conducted the required annual Audits/Assessments?
❑ Security Risk Assessment
❑ Privacy Standards Audit
❑ HITECH Privacy Audit
❑ Security Standards Audit
❑ Asset and Device Audit
❑ Physical Site Audit
❑ Documentation, Coding and Billing Audit

2. Have you identified all gaps uncovered in the audits above?
❑ Have you documented all deficiencies?

3. Have all staff members undergone annual HIPAA training?
❑ Do you have documentation of their training?
❑ Is a staff member designated as the Compliance, Privacy & Security Officer?

4. Do you have Policies and Procedures for HIPAA and Breach Notification Rules?
❑ Have all staff members read and attested to the policies and procedures?
❑ Do you have documentation for annual review of your policies and procedures?
❑ Do you have documentation of their legal attestation?

5. Have you identified all of your vendors and Business Associates (BA)?
❑ Do you have Business Associates Agreements in place with all vendors?
❑ Are you tracking and reviewing all Business Associates agreements annually?
❑ Have you performed due diligence to assess the BA and their HIPAA compliance?

6. Do you have a defined process for incidents or breaches?
❑ Are you tracking and managing the investigations of all incidents?
❑ Are you able to provide required reporting of breaches or incidents?
❑ Do your staff members have access to a meaningful reporting procedure?

Additional Items for your Compliance Operations

❑ 1. Effective training and education for all staff members
❑ 2. All staff are aware of their role-based compliance requirements
❑ 3. Annually updated HIPAA & OSHA Manual
❑ 4. Effective routine monitoring and quality assurance systems
❑ 5. Annual evaluation of accuracy for your baseline risk assessment
❑ 6. Annual audit for the effectiveness of your compliance program
❑ 7. Do you monitor corrective actions after their implementation to ensure that they are effective
❑ 8. Do you maintain documentation of compliance deficiencies
❑ 9. Annual audit for the effectiveness of your compliance program

Core Compliance: Outpatient Practices

❑ HIPAA
     ❑ Security Rule
     ❑ Privacy Rule
❑ Detailed Documentation Standards
❑ Coding & Billing Rules
❑ Workplace Safety
❑ Anti-Fraud Laws
❑ Social Media
❑ Harassment & Discrimination

Have questions or need help ensuring you have the right elements of an effective compliance program in place? Don’t rely on memory to keep all the necessary guidelines from this checklist in mind – have it clearly laid out in writing.

You should already have an all-encompassing, working P&P Manual in your practice that you regularly update. Your program must be customizable and uniquely developed for your practice to capture the individual patient volume, treatments, equipment and company culture.

There is opportunity for Compliance violations in absolutely every corner of your practice – no division is exempt. For a comprehensive and detailed policy template for your clinic, check out our MEG Academy Compliance Program.