Return to the Blog Home Page

Don’t Get Frightened this Halloween, Complete your SRA Instead!

Wednesday, October 31st, 2018

Don’t Get Frightened this Halloween, Complete your Security Risk Analysis Instead!

It’s that time of year again, the weather is becoming colder and the holiday season is on its way!  Before you know it, we’re going to be ringing in a new year. This means you only have a few months to complete your Security Risk Analysis (SRA) for the 2018 reporting year. While this might seem overwhelming and frightening, we want you to know that HCP is here to help ease that process.

What is an SRA?

A Security Risk Analysis is an invaluable tool, it helps to ensure compliance with HIPAA’s physical, technical and administrative safeguards. SRA’s help to identify areas of compliance and areas of high risk that might need attention and improvement. Both HIPAA regulations and the Promoting Interoperability category of MIPS require that covered entities complete or review a risk assessment of their healthcare organization annually. 

How can HCP help?

HCP’s SRA assessment tool will take you step by step through the various elements of your practice that need to be addressed. Clients with our enhanced SRA services also have the benefit of having our compliance specialists review their SRA to identify any potential high-risk areas and develop an action plan.

Plan Ahead

SRAs are nothing to be scared of and our hope is that through HCP’s assessment tool and expertise, we make the process as pain-free as possible. But don’t wait too long, SRAs need to be submitted to HCP as soon as possible in order to guarantee a 2018 completion date.

Please contact us by email: [email protected] or by phone: 855-427-0427 with any questions or concerns about your SRA.

Candy Corn, Black Cats, Jack-o-Lanterns, Bobbing for Apples, and of course, Trick or Treat!

Monday, October 22nd, 2018

halloween tips healthcare Halloween has been around for centuries with traditions that have been absorbed, changed, and celebrated by many different cultures. Halloween can be dated back to the ancient Celtic festival of Samhain-nearly 2000 years ago! Samhain was like a New Year’s Eve in modern times, it was the celebration of the death of the present year with a new year beginning the following day. Samhain morphed into the Christian influenced, All-Hallows Eve on October 31st, with All Souls day or later named All Saint’s Day the following day, November 1st.  Halloween came into colonial America with the immigration of Europeans who celebrated similar festivals from where they had emigrated from. Now, Halloween is a national and even worldwide celebration!

There are several traditions associated with Halloween, including religious and secular observances. In the United States, common traditions include activities such as costume parties, trick-or-treating, decorating and carving pumpkins, playing pranks, visiting haunted attractions, telling scary stories and watching horror films.

All of us at HCP wish you a happy and safe Halloween! If you are planning on celebrating, decorating and dressing up in the workplace, we offer the following suggestions.

Always strive to be mindful, respectful, appropriate and professional with your choices.

  • No Grim Reaper aka Death – Being in the healthcare setting it would be highly inappropriate to dress up as death or anything else that is violent and grotesque in nature.  Sorry Michael Myers, Freddy Krueger, Jason Voorhees or Scream ghost mask guy, this means NO to you!
  • Culturally appropriate– Avoid offensive costumes. If you suspect anyone could be offended by your choice of costume – don’t wear it! Don’t wear any costume that could be perceived as mocking any religion, ethnicity, political or cultural point of view.
  • Age Appropriate– Any costume or decoration should be appropriate for all ages to see and enjoy.  Whether or not many of your patients are older or younger, they could have accompanying family members who are. Keep the scaring for haunted houses and away from work!
  • Dress Code– Does your company have a specific dress code for dressing up? If there is one, be sure to review it with employees prior to Halloween.  All costumes should be considered dress code appropriate, just like any other work day.
  • Functional– Can you successfully do your job without interference from your costume? Your costume should in no way affect the professionalism of your field.  Never wear masks and avoid costumes that would be difficult to work in for an entire shift.
  • Keep it Simple– Along with being able to be functional, it is a good rule to keep it simple. A festive shirt, scrubs, scarf, hat or headband (think kitty, bunny or bug) can be a great way to celebrate Halloween.
  • Be Inclusive– If dressing up is permitted, encourage employees to participate. Never force any employee to dress up if they choose not to though.  Consider having an office theme for even more fun.
  • Decorations– If allowed, decorate the office for Halloween and Autumn. Set the tone within the office space and have fun with it!   All decorations should be appropriate, just like costumes should be, nothing scary, offensive or grotesque!

Halloween is meant to be a fun celebration for families and communities, with costumes, delicious treats, and some spooks! It is also the kick-off to the holiday season! Halloween starts it off, with holidays like Thanksgiving, Christmas, Hanukkah, Winter Solstice, Kwanzaa, and New Year’s Day to follow! Speaking of holidays,  did you know there are just over 4 weeks until Thanksgiving and just over 8 weeks until Christmas? Let the countdowns begin…


HIPAA Privacy Rule – Understanding Health Oversight Disclosures

Wednesday, September 26th, 2018

HIPAA Privacy Rule – Understanding Health Oversight Disclosures

At Healthcare Compliance Pros, we occasionally receive questions about disclosures for health oversight purposes. Health oversight can include disclosures for a variety of entities at the federal, state and local levels. There are times when these entities will request health information about individuals, which leads to questions about if and how the information should be disclosed under the HIPAA Privacy Rule.

Under certain key provisions in the HIPAA Privacy Rule, covered entities are permitted to share protected health information (PHI) electronically with health oversight agencies without written authorization from the individual of patient.

According to the U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR), the HIPAA provision works across the following settings where health oversight occurs:

  • A health plan that shares beneficiary PHI with the state health insurance commissioner responsible for evaluating insurers’ conduct in the marketplace;
  • A physician who sends her patients’ PHI to the state medical board investigating patient complaints;
  • A nursing home that sends PHI to the state Medicaid fraud office in response to its request for data that could validate compliance with Medicaid billing guidelines;
  • A hospital that shares PHI with the U.S. Food and Drug Administration in connection to an investigation about the safety of certain implantable devices;
  • A health plan sending beneficiary enrollment PHI to a state insurance department conducting an audit to ensure civil rights compliance; and
  • Providers disclosing PHI to Centers for Medicare and Medicaid Services (CMS) contractors conducting Medicaid compliance work on behalf of CMS.

Remember, that even these types of disclosures must be kept to the minimum necessary for the intended purpose and always be disclosed in accordance with HIPAA Security Rule considerations.

Please contact us if you have additional questions, such as questions about permissible disclosures, by phone: 855-427-0427 or by email: [email protected]  

The Federal Response to the Opioid Crisis and the Importance of Opioid Crisis Training

Monday, September 24th, 2018

The Federal Response to the Opioid Crisis

Opioid addiction is the one of the fastest growing problems in America! In 2016, nearly 116 people died each day from opioid related overdoses in the United States.  The next year, in October of 2017, a Public Health Emergency was declared in response to the national opioid crisis.  At both the federal and state levels there is progress being made towards beginning to combat this crisis.  To prevent more deaths from this epidemic it is important for all healthcare professionals to have a clear understanding of their role within it. The OIG, Office of Inspector General, has identified three top priorities in their response to the opioid epidemic:

  • Identify opportunities to improve the effectiveness and efficiency of Health and Human Services programs.
  • Identify, better investigation tools, better enforcement and accountability of those engaged in fraud.
  • Empowering and collaborating with partners through better data sharing and education.

As part of their strategy to fight the opioid crisis, the OIG released the results of an analysis of Part D prescription drug event records for opioids received in 2017.  Part of the study determined beneficiaries’ morphine equivalent dose (MED), which is a measure that converts the various opioids and strengths into one standard value. The study revealed:

  • Nearly 1 in 3 Part D beneficiaries received a prescription opioid in 2017.
  • 1 in 10 Part D beneficiaries received opioids for 3 months or more.
  • There was a decrease from 2016 to 2017 from the beneficiaries who received high amounts of opioids.
  • About 71,000 beneficiaries are at serious risk of opioid misuse or overdose. Almost 300 of the prescribers had questionable opioid prescription practices.
  • Overall Part D spending for opioids decreased due in part to declining prices.

Did you know?
That nearly 116 people in 2016 died in the United States from opioid-related drug overdoses? According to NIDA, the National Institute on Drug Abuse, more than 49,000 Americans died from opioid overdose in 2017, with a significant increase in synthetic opioids, predominantly Fentanyl overdose from the years prior. For more information check out the NIDA, Overdose Statistics.

To achieve success combating this health epidemic. HHS– including CMS and OIG, will continue to work together to develop new strategies in the effort to end this opioid crisis. These efforts include:

  • CMS is implementing new initiatives in 2019.
  • OIG is also working to increase its efforts to fight the opioid crisis by working with law enforcement partners.
  • Identifying other approaches to support prevention.
  • OIG is also committed to continue forging relationships with States and the private sector.
  • OIG supports States’ efforts to implement and enforce strong prescriptions drug monitoring programs. `

Healthcare Compliance Pros is excited to announce the release of our new Opioid Crisis Training module on October 1, 2018.  Education is the best form of prevention, to best serve your patients, it is important to be able to understand what the opioid crisis is. Our training course will answer the following questions and more!

  • How did it begin?
  • How do opioids work?
  • What are the signs of an overdose?
  • What are the signs of an addiction?
  • What treatments should be used?
  • What response is being done at the federal and state levels?
  • Is there a guideline for the prescribing of opioids?

Do you have questions about this new course? Are you interested in adding this new training? If so, please contact us by email: [email protected] or by phone: 855-427-0427.



Helpful Tips on Getting Started with Social Media

Monday, September 17th, 2018

It can be a very exciting time deciding to begin utilizing social media for your organizations. The risks and benefits have been weighed, and it is time to get started!  When getting started there may be some questions you have.  The first important question is which social media network you should begin with.

So, which of the many social media platforms should your organizations use?

To help narrow your decision consider the following questions:

  • How much time do you plan to invest and maintain your social media site(s)?
  • Who will be responsible for managing your social medial site(s)?
  • How will you measure success?
  • Are your prepared to develop and implement a social media policy?
  • Do you have enough content to be successful?

Along with the previous considerations, the U.S. Department of Health and Human Services (HHS), have the following considerations when determining which social network in best for your office:


Facebook Twitter Instagram
Posting At least one a day Several times a day Several times a week
Timing Content appears in a newsfeed for several days Content is constantly changing Content appears in the Instagram feed for up to one week
Style Longer, more evergreen Driven by trends/hashtags Compelling images/videos


LinkedIn YouTube Other (e.g., Snapchat)
Posting Several times a week As video becomes available At least once a day
Timing Content appears in newsfeed for several days Content lives permanently on channel Content may appear for a limited time
Style More serious Produced videos More casual, point-and-shoot

Best Practices

Regardless of which network you choose to use for your office, the following best practices should be considered:

  1. Understand HIPAA – The same rules regarding patient privacy that apply to everything else you do in healthcare also apply to social media activities.
  2. Clearly define how information posted will be used.
  3. If comments or questions on your social media platform are approaching HIPAA violations, take them offline. Ask patients to call your office for more details.
  4. Don’t post anything you wouldn’t say in an elevator or coffee shop.
  5. State clearly that social media is not to be used for personal medical advice.

Have additional questions about utilizing social media in your office? Feel free to contact us by email: [email protected] or by phone: 855-427-0427.

Opioid Epidemic in the News – Pain Clinic Doctors Guilty of Conspiracy

Monday, September 10th, 2018

According the World Drug Report, from the United Nations Office on Drugs and Crime (UNODC), it is estimated that in 2018 the prescription drug abuse of opioids will reach new record highs! Just this past August, the married co-owners of a pain management clinic along with their patient recruiter pleaded guilty to conspiracy to distribute controlled substances for their participation in a scheme to unlawfully distribute thousands of pills of oxycodone.

“The so-called ‘pain clinic’ owned by David Bosch and Tania Sanchez traded oxycodone prescriptions for cash, resulting in bogus, medically unnecessary prescriptions for at least 7,500 tablets of oxycodone,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division. “Pill mills like this must be shut down.  The Department of Justice is committed to reducing the staggering number of opioid overdoses in this country, and holding accountable all responsible parties, from owners of illegal clinics to patient recruiters, for their roles in this deadly scourge.”

According to the U.S. Department of Justice, Bosch and Sanchez owned and operated the pain management clinic.  The clinic was a “cash-only clinic” that was ran until their arrests in May of 2018.  A physician was hired to be the purported medical doctor, knowing the physician would write prescriptions for oxycodone without regard to medical necessity.  In return, the physician was paid $125 for each prescription.  They also conspired with patient recruiters and drug diverters to distribute oxycodone. This included a recruiter that brought in at least 18 individuals who paid approximately $250 for each purported “medical consultation” to receive controlled substances, especially oxycodone. These recruits received prescriptions for at least 5,000 tablets of oxycodone 30 mg.

Did you know?

Medical necessity is defined by the American Medical Association as: “Health care services or products that a prudent physician would provide to a patient for the purpose of preventing, diagnosing or treating an illness, injury, disease or its symptoms in a manner that is:

(a) in accordance with generally accepted standards of medical practice;

(b) clinically appropriate in terms of type, frequency, extent, site, and duration; and

(c) not primarily for the economic benefit of the health plans and purchasers or for the convenience of the patient, treating physician, or other health care provider.”

There has been some debate on how exactly the opioid crisis began, but since 1999 the number of opioids prescribed and sold in the US has quadrupled. The massive increase in the widespread availability of the prescriptions before having the proper understanding of how addictive these medications can be, has contributed to the epidemic. With this misuse of opioid prescriptions, the overdose rates began to increase before having a full understanding of the medications dangers.

Opioid Crisis Training

Are you looking to help train your organization on the many facets of this opioid epidemic? Here at Healthcare Compliance Pros we are gearing up to release our new Opioid Crisis Training module. This training will include topics such as the Effects of Opioids, Signs of an Overdose, Checklists and Guidelines for Prescribing, and other important topics. Contact us today for more information about our Opioid Crisis Training module.