Roles and Functions
Until this assignment, I had never had to work directly with legal compliance in my job beyond getting group training on general legal policies and procedures. I found the experience enlightening. In my hospital’s organization, the legal compliance function is fulfilled by consultants to the human resources (HR) organization. These individuals are available to consult with the HR department staff to respond to questions, assess situations, and otherwise help determine the proper course of action in a given situation. The consultants have law degrees and have some degree of specialization in health law in particular—I was unable to determine if there was any type of “board certification” equivalent in law that pertained to their specialty, or if they simply had extensive experience dealing with health legal issues.
As I observed the interaction with the legal consultants and the HR department personnel, I noticed in particularly that a nurse or nurse administrator consistently followed and observed everything they did and said with respect to patients; they were not allowed to consult with patients without a nurse being present.
Relating Role to Nursing Practice
One of the key issues that was emphasized in this experience once more was the critical importance of ensuring complete legal compliance with all regulations. Obviously part of that is to ensure the financial well-being of the hospital and its continued accreditation. But more importantly, the reasons for those regulations are to ensure improved patient care and best practices throughout the system. By ensuring that our nursing care complies with the law at all stages, we are ensuring that all nurses here provide the best possible care for our patients, and that is the ultimate goal of my hospital.
I think the two key insights gained in this experience were that legal compliance has a direct and immediate impact on quality of care. By ensuring that all patients receive care per the legal guidelines, we are in effect ensuring that the care we offer fits the best practices as gleaned from the National Advisory Board. In addition, I realized that legal compliance does one other thing: My hospital is part of a state-wide network of hospitals, and legal compliance ensures a high degree of consistency of care. A patient will get the same standard of care no matter which hospital they go to.
I also noticed, a little to my surprise, that the overall approach taken by the legal compliance consultant was very low-key and non-judgmental. They were far more likely to ask non-threatening questions—clearly simply asking for information—than to do anything that intimidated or even peripherally could be interpreted as accusing. In their interactions with the nursing staff, they tended to be calm, pleasant, and they went out of their way to be non-threatening and even encouraging. When asked a question, they didn’t respond with thick “legal-ese” but instead gave an honest, straight-forward answer to the question. It was a very pleasant introduction to the concept of legal compliance in the hospital environment.
I think the issue of legal compliance is one that is given good support in my organization and I came away from this experience assured that our policies and procedures are in good compliance with the existing requirements. As part of the discussion with the legal compliance officer, we talked about the various issues with HIPAA including, for example, the distinction between security and privacy. Gallagher (2004) outlined that distinction and notes that security is, in essence, about maintaining records (electronic and paper) in a form that keeps unauthorized people out of them, whereas privacy involves understanding who is authorized to have access to the records. The compliance officer presented the information very much in accord with Gallagher (2004).
In my discussions, we also talked a about the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) and how the new law requires even more stringent privacy and legal compliance control (Long, 2011). Long (2011) noted that this is now a requirement under HITECH and that fines for hospitals and other healthcare organizations who do not comply with the new requirements can be $8 million to $17 million for every breach of the regulations. The new regulations include using a third-party specialist to determine whether there are security gaps in the hospital system; ensuring that all portable devices encrypt data; monitoring the system for potential breaches of security for any system that has access to private health information; including automated privacy breach systems to identify those who access private information about celebrities, friends, family, and neighbors; and ensuring that there are proper audit trails for all health IT applications (Long, 2011). Again, the compliance officer was able to discuss these issues with me very clearly, leaving me with a much better understanding of the legal and even the financial ramifications of complying with the new regulations.