Federal and state regulations on the provision of health care are largely intended to ensure patients receive safe, high-quality care. As pharmacists know well, health systems, hospitals, and post-acute care (PAC) providers (eg, long-term care hospitals, inpatient rehabilitation facilities, skilled nursing facilities, and home health agencies), are faced with maintaining compliance to a growing number of regulations. A recent American Hospital Association study found that health systems, hospitals, and PAC providers spend nearly $39 billion each year on administrative activities related to regulatory compliance.1
Within health systems, the pharmacy department assumes responsibility for numerous state and federal regulatory and accreditation requirements. However, it is not uncommon for pharmacy to operate without a structured, systemized method for documenting and tracking maintenance of compliance activities. This gap increases the risk that information on site visits will not be shared across departmental practice areas, and that necessary documentation will not be properly maintained. Thus, it is critical to implement a coordinated strategy for ensuring regulatory compliance.
The University of North Carolina Hospitals’ (UNCH) pharmacy department decided it was necessary to clarify how we handle the numerous state and federal regulations for which pharmacy is responsible. We also wanted to define accountability and ownership over compliance management and documentation. In order to understand the current state of compliance within the department, a baseline assessment was incorporated as a strategic initiative. The goals were multifaceted:
- To clearly delineate the various regulatory and accreditation bodies for which pharmacy is responsible
- To ascertain pharmacy’s current state of compliance
- To develop a structured method to maintain compliance with said bodies
- To plan for ongoing review and communication regarding compliance within (and beyond) pharmacy
Baseline Assessment Process
UNCH’s baseline compliance assessment is described in the SIDEBAR below. The “Background” section specifies the regulatory areas identified for inclusion. Going forward, we plan to incorporate guidance and regulations from additional bodies, including the National Institute for Occupational Safety and Health (NIOSH), Centers for Disease Control and Prevention (CDC), the Family Educational Rights and Privacy Act (FERPA), and purchasing and payer requirements. However, these areas were not included in our initial assessment.
To begin the baseline assessment, primary contacts were identified for each compliance area. Assigning primary contacts of record allowed us to establish ownership for each area of pharmacy compliance, and to ensure streamlined communication channels. Each contact person was asked a series of questions to assess current practice in regard to regulatory compliance. See SIDEBAR below.
Opportunities Identified and Actions Taken
The baseline assessment revealed that there was no standardized method of documenting information related to regulatory and compliance maintenance. Resources were found for the majority of regulatory and accreditation areas, but compliance-related information was not consistently stored on shared drives nor shared across pharmacy areas. Concerns regarding risk were identified for several regulatory areas, yet efforts to formally address these concerns were inconsistent. Motivated by these findings, the assistant director with oversight over departmental compliance and a health-system pharmacy administration resident, developed a spreadsheet-based compliance tool to maintain real-time information on the state of compliance throughout the department, as well as to document where resources are stored.
The spreadsheet, which encompasses the information gathered through the baseline compliance assessment survey for each of the identified regulatory areas, is a live document stored on a pharmacy leadership shared drive. The spreadsheet serves as a communication tool and information clearinghouse for:
- The primary contact(s) for a given regulatory or accreditation area
- Recent site visit dates (and expected future visit dates) and any findings identified
- Resources for ongoing compliance
- Status of any compliance gaps yet to be resolved and area/staff member responsible
By utilizing this tool, transparency and shared ownership of overall compliance has improved throughout the pharmacy, and this heightened commitment includes pharmacy leadership. Furthermore, there is increased accountability for follow-through on compliance gap remediation, as status and responsible staff are documented via the spreadsheet tool, which is reviewed quarterly by pharmacy leadership.
Since creating this tool, our pharmacy has had two state board of pharmacy visits; the centralized resources simplified the retrieval of compliance-related information. Our satellite pharmacy leaders (eg, pediatrics, cancer hospital infusion pharmacy, off-site infusion center pharmacies, etc) also have found the shared resources to be beneficial. Historically, they had taken a silo approach to maintaining and documenting compliance for their operations, which resulted in significant duplication of efforts.
The UNCH department of pharmacy had a successful experience completing the baseline compliance assessment, and then developing and implementing the compliance spreadsheet and information clearinghouse. As with any project, we learned several lessons along the way and identified recommendations for pharmacies interested in completing a similar activity:
- Familiarize yourself with the departments that support compliance at the organizational level. Reach out to representatives from the following groups (as applicable) for assistance throughout the process: Human Resources, Compliance, Office of Equal Opportunity, Student Affairs, IT Privacy and Security, Legal Counsel, Quality, and Accreditation.
- Identify primary contacts for each regulatory area, understanding that there may be multiple owners (eg, compliance with USP <797> may be co-owned by managers from each pharmacy site that operates a sterile products preparation area).
- Acquire or develop a formalized documentation strategy (eg, a compliance tool) for reporting on regulatory visits and storing related documentation. This tool should comprise all compliance-related information and resources in a centralized location.
- Include a master schedule of anticipated site visits and detail the necessary resources.
- Include regulatory and accreditation compliance and site visit updates as a standing agenda item for senior leadership meetings.
- Maintain all compliance-related resources on a secure but accessible shared drive made known to all relevant parties.
- Update a master compliance assessment document with the following information: resource location for each regulatory area, attestation requirement(s), and ongoing areas of risk.
- Develop a strategy for prioritizing and addressing identified areas of risk. Owners should be identified for each risk improvement area, and this should be reported to leadership on a regular basis. These areas of risk can serve as the basis of an annual Opportunities/Vulnerabilities grid.
1. Assessing the Regulatory Burden on Health Systems, Hospitals and Post-acute Care Providers. American Hospital Association. www.aha.org/guidesreports/2017-11-03-regulatory-overload-report. Accessed September 7, 2018.
Mary-Haston Leary, PharmD, MS, BCPS, is the clinical manager, analytics, outcomes, and impact at the University of North Carolina (UNC) Hospitals. She received her pharmacy education at the University of Mississippi School of Pharmacy, and MS at the UNC Eshelman School of Pharmacy. Mary-Haston’s professional interests include practice advancement through analytics and data-driven decision making, and practice-based outcomes research.
Ashley L. Pappas, PharmD, BCPS, is the assistant director, medication-use policy and analytics at the UNC Hospitals and an adjunct professor of clinical education at the UNC Eshelman School of Pharmacy. She received her PharmD from Virginia Commonwealth University and her Masters in Healthcare Administration at UNC.
UNCH Department of Pharmacy Baseline Compliance Assessment
UNCH’s department of pharmacy has several regulatory areas for which it is expected to maintain compliance. There has been unclear accountability for ownership and documentation in each of these regulatory areas. A Baseline Compliance Assessment was built in the department as an FY2018 initiative within the strategy framework.
The following regulatory areas were identified for inclusion in the Baseline Assessment: The Joint Commission, URAC, ASHP Residency, NC Board of Pharmacy, CMS – Conditions of Participation, NC Division of Health Service Regulation, DEA – Controlled Substances, USP <795>, USP <797>, USP <800>, Compounding 503A, Compounding 503B, FDA – DSCSA, FDA – REMS, DHHS, 340B, Billing and Coding, Contracts, Competencies, Annual Education Requirements, Staff License Renewals, Technician Certification, HIPAA.
Primary contacts were identified for each area, and were asked a series of questions to assess current practice in regard to regulatory compliance. Questions asked included the following:
- Are there additional stakeholders/secondary contacts?
- When was the most recent site visit (if applicable)?
- Were we cited for anything (if so, what)?
- Where is the documentation from site visits stored?
- Are there external resources used to maintain compliance (if so, what are they and how are they accessed)?
- Is there a method in place for staying up-to-date on new or changing standards?
- Are there internal resources used to maintain compliance? Where are these internal resources located?
- Globally, are there areas of risk you are concerned about?
The preliminary assessment revealed that there is currently no standardized method of documenting information related to regulatory and compliance maintenance. Resources exist for the majority of these regulatory areas, but are not consistently stored on shared drives. Areas of risk were identified for several regulatory areas; however, there are inconsistencies as to whether these areas of risk are being formally addressed. Additionally, there is no dedicated resource for maintaining the department’s compliance.
- A formalized documentation strategy must be developed for reporting on regulatory visits and storing documentation from these visits. Recommend adding site-specific folders within the compliance folder in the pharmacy leadership shared drive.
- A proactive master schedule of anticipated site visits for the region should be built. Additionally, regulatory site visits should be added as a standing agenda item at senior leadership meetings.
- Resources used to maintain compliance should be stored on a shared drive. The name and location of these resources should be made available on a central document (such as: Compliance Assessment Document).
- The Compliance Assessment Document should be updated to include the following information: resource location for each regulatory area, attestation requirements and ongoing areas of risk.
- A strategy should be developed for prioritizing and addressing identified areas of risk. Recommend a report on identified areas of risk on a defined frequency, to be used to build an annual Opportunities/Vulnerabilities grid.
- Determine the comfort level with decentral/area-specific ownership, and establish how this should be maintained.
- Incorporate site visit documentation into the board of pharmacy Attestation Survey.
- Considerations for future inclusion in the assessment: NIOSH, CDC, FERPA, purchasing, payer requirements.