In the book, Jurassic Park, and in the movie of the same name, it quickly becomes obvious that despite absolute belief and assurance that the system is closed, there is always the chance of a leak.
Shift from dinosaurs on an island to your patients’ protected health information, or “PHI,” which you probably believe to be safely ensconced within your practice’s system or that of your outsourced billing and collection service, all nicely guarded by your compliance program. After all, you have a copy of the compliance binder on your bookshelf.
I can almost guarantee you that there’s a leak. It may not be intentional as in the Jurassic Park character who attempts to abscond with dinosaur embryos. It may simply be inadvertent as in the dinosaurs that find their way off the island.
The downside of an inadvertent PHI leak can be fines couched as civil monetary penalties; a wreckless or purposeful leak can lead to criminal prosecution. That plus the damage to the reputation of your group, jeopardy of its relationship with referral sources and facilities, and potential liability under various legal theories to the patients whose information was disclosed.
In this light, compliance auditing is a must. But the auditing process, and the corrective action taken, must not simply be viewed as correcting a problem; rather, the best return on investment for your group is to dual-purpose compliance – yes, it reduces risk, but it can also be a focal point around which to fine tune and improve your group’s systems and performance.