The Compliance INSIDER

In a recent, Breach Level Index report it was revealed that just in the first six months of 2018, 56% of the 4.5 billion data records that were compromised were from social media incidents. With 27% of all breach incidents being in the health...

Did you know that April is National Workplace Violence Prevention month? Workplace violence doesn’t just involve criminal intent and irate customers. Employees bullying each other is another form of workplace violence that needs more...

Don't Get Frightened this Halloween, Complete your Security Risk Analysis Instead! It's that time of year again, the weather is becoming colder and the holiday season is on its way!  Before you know it, we're going to be ringing...

Halloween has been around for centuries with traditions that have been absorbed, changed, and celebrated by many different cultures. Halloween can be dated back to the ancient Celtic festival of Samhain-nearly 2000 years ago! Samhain was like a...

HIPAA Privacy Rule – Understanding Health Oversight Disclosures At Healthcare Compliance Pros, we occasionally receive questions about disclosures for health oversight purposes. Health oversight can include disclosures for a variety of...

The Federal Response to the Opioid Crisis Opioid addiction is the one of the fastest growing problems in America! In 2016, nearly 116 people died each day from opioid related overdoses in the United States.  The next year, in October of...

It can be a very exciting time deciding to begin utilizing social media for your organizations. The risks and benefits have been weighed, and it is time to get started!  When getting started there may be some questions you have.  The...

According the World Drug Report, from the United Nations Office on Drugs and Crime (UNODC), it is estimated that in 2018 the prescription drug abuse of opioids will reach new record highs! Just this past August, the married co-owners of a pain...

The Office for Civil Rights (OCR) recently reported that scammers were fraudulently collecting sensitive information and stealing donations by creating and using fake social media platforms, such as Facebook, Twitter, charity websites,...

An Update on the Destruction of Hurricane Florence Hurricane Florence has left a lot of damage along the east coast, especially the Carolina's. The eminent danger of the hurricane has passed and now it is concerns over the massive flooding...

Labor Day is just around the corner here in the United States, always falling on the first Monday of September. This Federal holiday was created in the late 19th century as a response to the ongoing Labor Movement, when at the time the average...

The Centers for Medicare and Medicaid Services (CMS) and the Office of Inspector General (OIG) highly encourage every healthcare organization to establish a compliance committee that advises your Compliance Officer and assists in the...

Recently on August 2nd, 2018, the Centers for Medicare & Medicaid Services (CMS) finalized policies to advance with the MyHealthEData initiative and the CMS Patients Over Paperwork Initiative.  The CMS updates with these core pieces will...

The U.S. Department of Labor's Occupational Safety and Health Administration (OSHA) recently announces plans to issue a Notice of Proposed Rulemaking (NPRM) to better protect personally identifiable information or data that could be...

After arriving back to my office from attending a conference planning meeting with the American Association of Orthopaedic Executives' (AAOE), at the Gaylord Opryland Resort in Nashville. As a member of the Industry Relations Board (IRB), I...

In the event of a disaster – natural or otherwise – difficult decisions may need to be made without hesitation. One such decision may be whether you should evacuate or "shelter in place." An example of when it may be...

Ah, Independence Day. An annual holiday that provides an opportunity for us to have a day off work, to attend a morning parade, participate in a 5k, or other events. From there, we may get together with family and friends, have a picnic or...

Ah summer! The weather is nice; the kids are out of school; and many of us take a much needed vacation. For employers and employees, there are potential obstacles to overcome, but these obstacles offer opportunities including rewards that summer...

A judge recently ruled in favor of the OCR and ordered The University of Texas MD Anderson Cancer Center (Anderson Cancer Center) to pay over $4.3 million in civil monetary penalties. The judgment came after the Anderson Cancer Center lost two...

Last year, Harvey and Irma occurred during hurricane season. This year, Alberto just had different plans. Alberto couldn't wait to kick off hurricane season a little bit early. Thankfully there was enough time and a reminder of "what...

In an effort to reduce medication errors and harm, healthcare professionals, such as nurses, may utilize the "five rights" of medication administration: the right patient, the right drug, the right dose, the right route, and the right...

When should you expect MIPS Performance Feedback? As of April 3, 2018, the submission period for 2017 Merit Based Incentive Payment System (MIPS) closed. And the Centers for Medicare & Medicaid Services (CMS) is currently in the process of...

Is a Security Risk Analysis the same as a Gap Analysis? The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently addressed this question as part of their April 2018 OCR Cyber Security Newsletter:...

Potential HIPAA Updates: During the recent HIPAA Summit, the Director of U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announce three potential HIPAA updates. Prior to making any changes, OCR is planning on...

A valid prescription for a controlled substance must be issued for a legitimate medical purpose by a registered practitioner acting in the usual course of sound professional practice. The prescription must be written in ink or indelible pencil or...

Cyber extortion is a crime involving an attack or threat of attack coupled with a demand for money to avert or stop the attack. And according to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) incidents of...

This year, we expect the percentage of Americans accessing health information to grow, as well as the number of health systems making it possible for patients to access their medical records on their iPhones. Recent guidance by the US Department...

There have been a lot of stories involving sexual harassment allegations against high profile men in the news lately. The #MeToo and #TimesUp movement may have a lot to do with the increased allegations and increased attention focused on the...

A contingency plan should help an organization return to its daily operations as quickly as possible following an unforeseen event. The contingency plan should protect resources while minimizing inconveniences for patients, customers and the...

FOR IMMEDIATE RELEASE April 19, 2018 Contact: Andre Williams, Executive Director Healthcare Business Management Association 202-367-1177 [email protected] Eric Christensen Healthcare Compliance Pros 801-657-4492 [email protected] Healthcare...

In a recent settlement with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), a receiver appointed to liquidate the assets of Filefax, Inc. agreed to pay $100,000 for potential violations of the HIPAA Privacy...

With Spring Break underway and summer on the horizon – do you know how your organization manages time-off for employees during vacation season? Have you checked your policies and procedures to make sure time off requests are handled...

The California Attorney General recently announced a $2 million settlement with Cottage Health System and its affiliated hospitals in California resolving allegations they failed to implement basic, reasonable safeguards to protect patient...

It was recently reported that in St. Lucie County, not only could you get a burger, some fries and a milkshake at the Steak 'n Shake, you could also get fentanyl, carfentanil or heroin. In what was called Operation Big Mi-Steak, more than 40...

Schools nationwide have been having drills intended to prepare for active shooter situations, but are the drills enough? That is a question on a lot of minds following the tragic Parkland, Florida School shooting. According to one reporter, the...

Healthcare organizations are not exempt when it comes to office romances. Some organizations may choose to ignore office romances; some organizations may ban them altogether; while others may have policies and procedures in place for disclosing...

Are you among the lucky healthcare providers who have never experienced a "Breach" of Protected Health Information (PHI)?  You have run such a tight ship that a "Breach" has never occurred and that makes you feel relaxed...

For information on Medicare or Medicaid cards, please call 1-800-MEDICARE (663-4227). The Centers for Medicare & Medicaid Services (CMS) announced that under the Medicare Access and CHIPS Reauthorization Act (MACRA) of 2015, they are required to...

Included in the January 2018 Office of Inspector General's (OIG) Work Plan is an active item titled Questionable Billing for Off-the-Shelf Orthotic Devices.  The three off-the-shelf orthotic devices being reviewed are: L0648 –...

In the healthcare industry, written and implemented policies and procedures should help an organization and its employees make decisions, take the appropriate action, and ensure activities are in compliance with laws. Policies and procedures are...

On January 18, 2018 Allscripts experienced a ransomware attack that impacted their cloud based EHR and other services. At this time, Allscripts does not believe there is any reason to believe any data has been removed from their systems....

The deadline for submitting notice of a breach affecting fewer than 500 individuals is just around the corner. If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of...

The Office of the Inspector General's (OIG) Work Plan sets forth projects such as OIG audits and evaluations that are underway or planned to be addressed in the fiscal year and beyond.  Instead of providing the annual Work Plan we were...

The Centers for Medicare & Medicaid Services (CMS) announced the data submission system for clinicians participating in the Quality Payment Program has been launched. Clinicians can now submit all of their 2017 Merit-based Incentive Payment...

Last week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported that 21st Century Oncology, Inc. (21CO) agreed to pay $2.3 million and adopt a corrective action plan to settle potential violations of the...

In the United States, users of mobile devices are spending on average 5 hours per day on our mobile devices. Most of our time, approximately 69% is spent in apps. And there have been a growing number of mobile device users in healthcare. For...

Social Media can be a great tool for any practice to reach both current and potential patients. As we touched on in the first three parts of this series, social media can help you educate, communicate with, and interact with your patients but it...

It's that time of year again. Not just the holidays, but the time of year plan sponsors ask for attestation from providers indicating General Compliance and Fraud, Waste, and Abuse training has been completed by those required to do so. The...

The Centers for Medicare & Medicaid (CMS) recently issued the final rule will comment period for the second year of the Quality Payment Program. While Year 2 is said to be transitional, CMS has said they are making some minor changes and also...

This month in the United States, the holidays are kicking off with Thanksgiving. Each November, family and friends gather to give thanks, eat good food and watch football. Here at HCP, we wanted to let you know that 10 things that top our list of...

The Centers for Medicare & Medicaid (CMS) issued a reminder about correct coding of Evaluation and Management (E/M) services. As part of their reminder, they mentioned a study report the Office of the Inspector General (OIG) that noted 42 percent...

Did you know that November 15th is National Clean out Your Refrigerator Day? If a task such as cleaning out the refrigerator deserves a special day, what about a task such as performing a HIPAA walkthrough?  With 2018 less than a month away,...

Most organizations that offer a personal time off system for all leave purposes, or vacation leave and sick leave systems, typically award time off based on your employment status, job level, your title and years of service with your...

So far in this series, we've concentrated on the "do nots" and potential dangers of social media. But with Facebook boasting more than 1.8 billion monthly users and Twitter having upwards of 300 million active users, it would be a...

Halloween is upon us. For employers, choosing a costumes policy can be scary. Will you allow costumes? If yes, what costumes are allowed? Are there employees who may be offended by Halloween costumes? For employees, choosing a costume that aligns...

Trick-or-treating is a popular Halloween tradition in the United States, and other countries. Most of us associate "treats" with some form of candy, and "tricks" as possible pranks or other forms of mischief if a treat is not...

It was not that long ago when an employee at the University of Cincinnati Medical Center was fired for posting a patient's protected health information (PHI) on Facebook. The employee had posted a screen shot of a patient's medical record...

According to the CMS announcement, it is not too late to participate in the first year – the transition year – of the Merit-Based Incentive Payment System (MIPS). With their announcement CMS appears to be giving a hint that the best...

It's not surprising the popularity of social media continues to rise. Social media provides us with a convenient way to communicate electronically, to share information, ideas, personal thoughts, and other content.  The Pew Research...

Following Governor Rick Scott's State of Emergency Declaration, I anxiously watched the news and tracked Hurricane Irma's progress. I wondered if there was a chance Hurricane Irma would turn harmlessly to sea. Once it was evident our...

The HHS Office of Civil Rights (OCR) recently announced that Secretary Tom Price, M.D., declared a public health emergency in Texas, Louisiana, and Florida and has exercised the authority to waive sanctions and penalties against a Texas,...

Hurricane Harvey has hit Texas and Louisiana in ways we have never seen.  According to the HHS Office for Civil Rights (OCR), scammers are fraudulently collecting sensitive information and stealing donations by creating and using fake social...

In our article last week we discussed when a cloud-based phone provider is considered a business associate. For many healthcare organizations, whether or not to take a walk on the cloud side of computing solutions may be a difficult decision....

Several years ago, Plain Old Telephone Service (POTS) was the most common option for communications over a telephone network. Now, there are a variety of other communications options to consider, such as cellular and Voice over IP (VoIP). While...

The U.S. Department of Labor's Occupational Safety and Health Administration (OSHA) recently proposed a delay in the electronic reporting compliance date of the rule, Improve Tracking of Workplace Injuries and Illnesses, from July 1, 2017, to...

MIPS eligible clinicians and groups may qualify for a reweighting of their Advancing Care Information performance category score to 0% of the final score, and can submit a hardship exception application, for one of the following specified...

The U.S. Department of Justice (DOJ) recently announced that the operators of seven bogus medical clinics were among 12 defendants taken into custody on federal drug trafficking charges that allege they diverted at least 2 million prescription...

Each year in August, National Immunization Awareness Month (NIAM) provides an opportunity to highlight the value of immunization across the lifespan. National Immunization Awareness Month presents a great opportunity to educate seniors and other...

Not too long ago, "WannaCry," a ransomware attack significantly impacted organizations around the globe last month. Another attack – "Petya" – spread quickly impacting Microsoft Windows-based computers. These types...

Not too long ago, the U.S. Equal Employment Opportunity Commission (EEOC) sued a company for sexual harassment.  The company that was sued violated federal law by allowing a manager to subject several female employees to sexual harassment....

We are occasionally asked questions by our clients regarding business associates and business associate agreement (BAAs). Recently, we were asked if it is okay for vendors to propose changes to a covered entity's BAA: Response Under the HIPAA...

Included in recent guidance regarding file sharing and cloud computing published by the Office for Civil Rights (OCR) were recent survey results regarding file sharing and collaboration tools used by organizations from a variety of industries...

According to the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) guidance on HIPAA Privacy Rule and Sharing Information Related to Mental Health, there are times when it is appropriate for a health care provider to...

There are several reports showing that the telemedicine market is growing somewhere between 18-30 percent per year.   The rate of growth is in part due to the combination and advancement of technology and communication, which allows...

An organization in Texas has agreed to a $2.4 million monetary settlement and a comprehensive corrective action plan for an impermissible disclosure in a press release. The impermissible disclosure in a press release follows a permissible...

The patient's doctor delivered the bad news: A CT scan showed cancer.  Surprisingly, though, just two months later a biopsy failed to detect a malignancy, leading a puzzled doctor to order a second biopsy. The mystery was solved when a...

Ah summer! The weather is nice; the kids are out of school; and many of us take a much needed vacation. For employers and employees, there are potential obstacles to overcome, but these obstacles offer opportunities including rewards that summer...

Last week a massive ransomware outbreak impact millions of computers and exposed weaknesses in Microsoft's Windows operating system. The latest attacks are known as "WanaCryptor", "WeCry", or "WeCryptor." Major...

Compliance Q&A:  Can we ask a patient their date of birth at the front desk while checking them in? Law:  The HIPAA Privacy Rule does not prohibit covered entities from engaging in common and important health care practices; nor does it...

Your OSHA and General OSHA courses received a new slide this month.  This update only applies to certain medical facilities. If your organizational type is not included in the following list, we would encourage you to HIDE the slide...

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), recently announced the first HIPAA settlement involving a wireless health services provider, is a big one. The wireless services provider agreed to the settlement by...

A Business Associate Agreement (BAA) is not optional. If you have a vendor who performs certain functions or activities involving protected health information (PHI), you must have a signed BAA in place. Recently the U.S. Department of Health and...

There are just a few requirements in the statutes, like too many to count along with various interpretations and opinions.  The Federal Government is famous for many things, but specificity is not one of them.  So maybe you got the...

In mid-October 2016, CMS requirements under Section 1557 Final Rule began. Healthcare Compliance Pros has answered several questions regarding Section 1557. The following list includes answers to the top frequently asked questions we have...

Whether your practice accesses, creates, modifies, or stores electronic protected health information (ePHI) you must do everything possible to reduce, and eliminate as much as possible, any risks to that information. For one entity, a recent...

At first when you read CIA in the title of this article, you may have asked yourself why in the world we would write about the Central Intelligence Agency (CIA). And you may be wondering why you would need to cover your assets (CYA) from the CIA...

Smartphone usage is not only becoming more common but the variety of medical aid tools available to consumers on their smartphones continues to grow each year. Roughly 77 percent of Americans own a smartphone. Smartphone applications have...

With Spring Break underway, Easter just around the corner, and summer on the horizon – do you know how your organization manages time-off for employees during vacation season? Have you checked your policies and procedures to make sure...

Just last year, HHS issued a final rule modifying the HIPAA Privacy Rule to expressly permit certain, but not all, HIPAA covered entities to disclose the identities of individuals who are subject to a federal mental health...

Imagine your practice filed a breach report with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) – a few years ago – regarding the loss of a smartphone that contained unsecured electronic protected...

Active shooter events in healthcare facilities present unique challenges as staff members are faced with the decision about what to do with patients, visitors, and themselves. Patients may be unable to evacuate themselves due to injury, age, and...

Included in the Merit-based Incentive Payment System (MIPS), Advancing Care Information replaces the Medicare EHR Incentive Program, a.k.a. Meaningful Use. Advancing Care Information makes up 25% of your 2017 Performance Score and focused on the...

It is a common practice for new users to be assigned a simple, easy-to-remember password at the time of employment, or when a user is assigned a new application.  For example, a new user may be assigned a default password, such as...