Practice Management

Healthcare Compliance – I Fought the Law and the Law Won

Dr. DeLoach, middle left (as you’re looking at photo), with ROB Professional Editor Laurie Sorrenson, OD, FAAO, to his right. Dr. DeLoach says you don’t want to take a chance and not comply with HIPAA regulations and the many other laws that apply to your practice.

By Joe DeLoach, OD, FAAO

June 28, 2023

The song “I Fought the Law (and the Law Won)” has been recorded by over a dozen artists and immortalized in the Rock and Roll Hall of Fame as one of the “Songs that Shaped Rock.” The theme of the chorus repeated over and over is simple – break the law, pay the price.

Healthcare compliance laws are a growing invasion into our desires to just be a doctor and take care of our business, staff and patients. Although not the army any of us signed up for, failure to comply with the rules and regulations can have serious financial and reputational consequences. Let’s look at the most common problems that are earning optometry the reputation as a profession that evidently likes to “fight the law.”

HIPAA – Just the Tip of the Iceberg
When I say “compliance,” you say “HIPAA” – but that is far from the reality of healthcare compliance. HIPAA is just one of many legal compliance issues all healthcare providers – BY LAW – must comply with. The list can be exhaustive – HIPAA, OSHA, CDC, CLIA, CMS Fraud and Abuse, Patient Discrimination, Patient Disability, Fee Transparency (aka. No Surprise Act), DME Rules, Human Resources and the vast sea of Human Resources. This list grows and the rules change constantly. As Axle Rose sang – “Welcome to the Jungle.”

Not In My House
Common misconception – compliance violations only affect large hospitals and mega-practices. Totally wrong! While the multi-million-dollar settlements get the headlines, most violations and resultant penalties occur in small healthcare practices. Optometry continues to be one of the least compliant healthcare specialties in almost all compliance laws. Why are the regulatory agencies picking on our “little profession”? Why does the robber rob the bank?

Reckless Indifference aka Gambling
Reckless indifference is a legal term found in most healthcare laws. It is a simple concept – I know what I am supposed to do under the law, but I choose to break the law. I admit – I totally resonate with Sammy Hager’s song, “I Can’t Drive 55,” but speeding ticket fines pale in comparison to the penalties for ignoring healthcare laws. Fines for reckless indifference can easily be multiple six figures.

Simply doing things the wrong way can still have a significant financial impact – you are expected to know and do it the right way. Patients and employees have private rights of action. No optometrist would even consider walking into an exam room without professional liability coverage, but well over half of our colleagues spend every day exercising reckless indifference toward compliance laws. The odds of a negative compliance event far exceed the likelihood of a malpractice or general liability incident.

Details, Details
We have inspected over 1,500 optometry practices across the country. A baker’s dozen list of common HIPAA/OSHA issues/violations includes:

  1. Reckless indifference (aka. John Lennon’s “I Should Have Known Better”)
  2. Lack of OSHA-mandated chemical lists and Safety Data Sheets
  3. Failure to display a HIPAA Notice of Privacy Practice
  4. Lack of documented staff training (HIPAA, OSHA, CMS Fraud and Abuse)
  5. Lack of Emergency Management Plan
  6. Fire extinguisher violations – lack of, improperly mounted, expired inspections
  7. Improperly marked and access to entrances and exits
  8. Unsecured paper medical records
  9.  Electrical outlet and electrical cord issues
  10.  Dangerous chemicals stored in a public restroom
  11. Username and password information on “stickies”
  12. Storage of old PCs and laptops
  13. Slip and fall – office clutter, rugs that slip, cords in the way, etc.

Most issues are easily resolved without a financial burden. You just need someone to guide you through the process.

The Madness We Call HR
Employee management is likely the most complex and rapidly changing component of healthcare compliance. Discrimination, disability accommodation, employee classification, use of independent contractors, non-competes, diversity, misunderstanding of “at will” and harassment – all buzzwords for HR specialists. Washington has a razor focus on HR and states are taking matters into their own hands making keeping up as an employer an onerous task and one impossible to do on your own. Unfortunately, employees are becoming more knowledgeable of the law than their employers creating a dangerous field of land mines. Comprehensive, federal AND state law-specific employee policies are essential.

Reimbursement Blues
Despite the wisdom of the old adage, “Do what’s right for the patient and the money will follow,” there is a continued focus on attempts to ignore the rules and create workarounds – deviations from the rules that never hold up in audits. Too many billing and coding decisions are based on the concept of “I’m getting paid” presented in numerous blogs. In the current age of payer oversight, “reimbursement” is not getting paid – it is keeping the money when the inevitable audit happens. A very short list of common issues includes:

  1. Failure to follow the core principles of medical reimbursement – medically necessary care based ONLY on the reason for the visit
  2. Overuse of the comprehensive ophthalmology code
  3. Under-use of the evaluation and management codes
  4. Misapplication of modifiers – especially -59 and -25
  5. Not adhering to the required service lists in vision plan provider manuals

A good deal of the problem is simply inadequate documentation combined with inaccurate advice. While no one wants to spend more time hammering a keyboard, proper documentation is the best way to keep your money in an audit. Listen to the real reimbursement experts in our profession, not those providing coding “trick or treat” workarounds:

I Just Work Here – It’s Not My Problem
Actually, it is! Staff and associate doctors can and have been held liable for HIPAA, OSHA and HR violations. In the reimbursement world, the doctor who delivered the care is ultimately responsible for not only the documentation of that care, but every aspect of the claims submission process. Following office rules that are not compliant with the law does not remove potential liability for everyone involved. Make sure where you work has your back!

Making It Harder Than It Has To Be
As we said from the beginning – simply not the army most anyone signed up for. Honestly, it doesn’t have to be that hard. Healthcare compliance is just too big to navigate on your own. All of these issues can be simplified by working with a company that specializes in the rules specific to optometry. You also need help with everything, not just HIPAA and OSHA. Look for a company that provides a comprehensive service, specific to optometry in a simplified manner. Definitely compare prices – compliance does not have to break the bank.

Joe DeLoach, OD, FAAO, is a Clinical Professor at the University of Houston College of Optometry and CEO of Practice Compliance Solutions. To contact: :

To Top
Subscribe Today for Free...
And join more than 35,000 optometric colleagues who have made Review of Optometric Business their daily business advisor.