When Is Compliance Voluntary? Some Perspectives
From time to time, we hear about compliance with federal regulatory requirements being "voluntary" for the regulated entity. In my experience, voluntary compliance is a loaded term that only works within a defined context. Bear in mind that my perspective is informed by having been concerned with the role of Health Information Technology (HIT) as used by healthcare providers, so I have always carried the bias of viewing compliance through the lens of both an HIT developer and an HIT provider user of same. Let me offer a few examples of how voluntary compliance plays out such that it is rarely voluntary considering other factors:
First, one could always make the decision not to comply and to wait and see what happens. This is not the same as "fraud" or willful negligence. I am not speaking of intentional acts of non-compliance but deliberate acts of doing nothing to comply because the costs of doing so may outweigh the negative consequences, and until and unless something becomes required, there is no negative outcome to compel a different approach. However, over the course of time, while it may be that there is no immediate consequence in terms of how one may normally think of suffering civil or criminal penalties that come from a formal finding of non-compliance, there is almost always a long-term consequence. Remember the Framm oil commercials? Pay me now or pay me later?
One could take the choice of not undertaking the effort to comply with something where there is optionality to comply or not. It may also be in such a case there is not a negative consequence to no act now for something that may become required in the future, but it may also be a hedge bet that it will bear out in one's favor in the long run to make such a decision. And sadly, it does not always work that way. Let me give two examples.
In both of these cases, a decision could have been made to either address the optionality of a compliance requirement in the present or to defer the expense of doing so until it really became necessary. For the discarded drug example, when the requirement became mandatory, it caught many off guard because the compliance timeline was short, and there was high pressure to develop usable solutions to a complex requirement without a lot of time. For the ICD 10 example, the use of hardcoded or hard-wired references to ICD-9 codes in business logic of HIT, in reference database structures, in search routines or other applications was exposed and immediately broken unless redesigned. In both cases, considerations of short-term costs and expediency had to be balanced (even if not consciously or as learned in hindsight) against longer-term costs and pressure of having to respond when requirements became mandatory. Were those the right choices? It depends on the circumstance, but I would argue foresight and engaging in complete thoughts of design for change would have been the better path in both cases.
And last, there are those occasions where compliance may be voluntary in terms of how the regulations are written, but the choice of non-compliance is no choice at all if one cares to remain credible or viable. There is no better example of this than the attainment of certification under ONC's HIT certification program or the use of Certified HIT as a hospital or a physician/clinician who participates in Medicare. ONC's certification program is officially "voluntary", and the election to use Certified HIT as a Medicare participating provider is also "voluntary". However, both are laden with consequence if one understands what it means to not pursue what is "voluntary".
领英推荐
In both of these cases, "voluntary" is a fallacy if one is serious about being considered viable in the market either as HIT developer or provider when one considers where voluntary ends and mandatory begins.
Why do I bring all this up? The choice never ends. We see many new HIT requirements coming all of the time including ONC's new certification rulemaking, and CMS's proposals around updating HIPAA standards for healthcare attachments and for payer interoperability and electronic prior authorization. We anticipate more with every cycle of CMS payment system rulemaking for quality measures, value-based programs, and payment policies that all create annual updates to requirements for use of HIT. All of these create demands for new development and adoption by HIT developers and their provider customers. In the balance of choosing to act now or later, it is a critical decision that must be undertaken. In an era of provider burnout and regulatory overload, while we must work to help regulators understand the real impact they have on those regulated, we have to take care not to build traps for ourselves in how we respond. I urge complete whole thinking to model out the impacts of how to respond to what is "voluntary".
If these things are nagging you, I am here to help. Reach out to me at [email protected] and let's talk.
Health Care Attorney ? Legal Content Specialist for Health Law at Bloomberg Law
1 年Without reading, my initial thought is the short answer is the same short answer to every legal question, "it depends" ??