The Compliance INSIDER

Is your Organization Ready for Imaging Clinical Decision Support in 2020? The Protecting Access to Medicare Act (PAMA) was signed into law in April of 2014.As part of the legislation, under section 218b, providers will now have to consult...

Click Here to Continue Reading!

The Pain Management Best Practices Interagency Task Force was created to update best practices, issue recommendations for managing chronic and acute pain, and to propose updates to the Comprehensive Addiction and Recovery Act of 2016. The Task...

Click Here to Continue Reading!

Memorial Day weekend is here, and the busy season of summer vacations is fast approaching! Here are our tips for a smooth operating summer with employee time-off requests and staying cool in the heat! Managing Employee Vacations and...

Click Here to Continue Reading!

Imaging Service Company's Breach results in $3,000,000 Settlement The recent Office for Civil Rights (OCR) announcement of a settlement with a Tennessee diagnostic medical imaging services company due to a breach exposing 300,000...

Click Here to Continue Reading!

CDC and HHS Provide Update about the Measles Outbreak At the time of this update, the Centers for Disease Control and Prevention (CDC) and U.S. Department of Health and Human Services (HHS) reports over 700 cases of measles from 22 states. ...

Click Here to Continue Reading!

HHS Updates Deadline on Proposed Rules to Improve Interoperability EHI The U.S. Department of Health and Human Services (HHS) proposed new rules to support seamless and secure access, exchange, and use of electronic health information...

Click Here to Continue Reading!

In a recent, Breach Level Index report it was revealed that just in the first six months of 2018, 56% of the 4.5 billion data records that were compromised were from social media incidents. With 27% of all breach incidents being in the health...

Click Here to Continue Reading!

Did you know that April is National Workplace Violence Prevention month? Workplace violence doesn’t just involve criminal intent and irate customers. Employees bullying each other is another form of workplace violence that needs more...

Click Here to Continue Reading!

Don't Get Frightened this Halloween, Complete your Security Risk Analysis Instead! It's that time of year again, the weather is becoming colder and the holiday season is on its way!  Before you know it, we're going to be ringing...

Click Here to Continue Reading!

Halloween has been around for centuries with traditions that have been absorbed, changed, and celebrated by many different cultures. Halloween can be dated back to the ancient Celtic festival of Samhain-nearly 2000 years ago! Samhain was like a...

Click Here to Continue Reading!

HIPAA Privacy Rule – Understanding Health Oversight Disclosures At Healthcare Compliance Pros, we occasionally receive questions about disclosures for health oversight purposes. Health oversight can include disclosures for a variety of...

Click Here to Continue Reading!

The Federal Response to the Opioid Crisis Opioid addiction is the one of the fastest growing problems in America! In 2016, nearly 116 people died each day from opioid related overdoses in the United States.  The next year, in October of...

Click Here to Continue Reading!

It can be a very exciting time deciding to begin utilizing social media for your organizations. The risks and benefits have been weighed, and it is time to get started!  When getting started there may be some questions you have.  The...

Click Here to Continue Reading!

According the World Drug Report, from the United Nations Office on Drugs and Crime (UNODC), it is estimated that in 2018 the prescription drug abuse of opioids will reach new record highs! Just this past August, the married co-owners of a pain...

Click Here to Continue Reading!

The Office for Civil Rights (OCR) recently reported that scammers were fraudulently collecting sensitive information and stealing donations by creating and using fake social media platforms, such as Facebook, Twitter, charity websites,...

Click Here to Continue Reading!

An Update on the Destruction of Hurricane Florence Hurricane Florence has left a lot of damage along the east coast, especially the Carolina's. The eminent danger of the hurricane has passed and now it is concerns over the massive flooding...

Click Here to Continue Reading!

Labor Day is just around the corner here in the United States, always falling on the first Monday of September. This Federal holiday was created in the late 19th century as a response to the ongoing Labor Movement, when at the time the average...

Click Here to Continue Reading!

The Centers for Medicare and Medicaid Services (CMS) and the Office of Inspector General (OIG) highly encourage every healthcare organization to establish a compliance committee that advises your Compliance Officer and assists in the...

Click Here to Continue Reading!

Recently on August 2nd, 2018, the Centers for Medicare & Medicaid Services (CMS) finalized policies to advance with the MyHealthEData initiative and the CMS Patients Over Paperwork Initiative.  The CMS updates with these core pieces will...

Click Here to Continue Reading!

The U.S. Department of Labor's Occupational Safety and Health Administration (OSHA) recently announces plans to issue a Notice of Proposed Rulemaking (NPRM) to better protect personally identifiable information or data that could be...

Click Here to Continue Reading!

After arriving back to my office from attending a conference planning meeting with the American Association of Orthopaedic Executives' (AAOE), at the Gaylord Opryland Resort in Nashville. As a member of the Industry Relations Board (IRB), I...

Click Here to Continue Reading!

In the event of a disaster – natural or otherwise – difficult decisions may need to be made without hesitation. One such decision may be whether you should evacuate or "shelter in place." An example of when it may be...

Click Here to Continue Reading!

Ah, Independence Day. An annual holiday that provides an opportunity for us to have a day off work, to attend a morning parade, participate in a 5k, or other events. From there, we may get together with family and friends, have a picnic or...

Click Here to Continue Reading!

Ah summer! The weather is nice; the kids are out of school; and many of us take a much needed vacation. For employers and employees, there are potential obstacles to overcome, but these obstacles offer opportunities including rewards that summer...

Click Here to Continue Reading!

A judge recently ruled in favor of the OCR and ordered The University of Texas MD Anderson Cancer Center (Anderson Cancer Center) to pay over $4.3 million in civil monetary penalties. The judgment came after the Anderson Cancer Center lost two...

Click Here to Continue Reading!

Last year, Harvey and Irma occurred during hurricane season. This year, Alberto just had different plans. Alberto couldn't wait to kick off hurricane season a little bit early. Thankfully there was enough time and a reminder of "what...

Click Here to Continue Reading!

In an effort to reduce medication errors and harm, healthcare professionals, such as nurses, may utilize the "five rights" of medication administration: the right patient, the right drug, the right dose, the right route, and the right...

Click Here to Continue Reading!

When should you expect MIPS Performance Feedback? As of April 3, 2018, the submission period for 2017 Merit Based Incentive Payment System (MIPS) closed. And the Centers for Medicare & Medicaid Services (CMS) is currently in the process of...

Click Here to Continue Reading!

Is a Security Risk Analysis the same as a Gap Analysis? The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently addressed this question as part of their April 2018 OCR Cyber Security Newsletter:...

Click Here to Continue Reading!

Potential HIPAA Updates: During the recent HIPAA Summit, the Director of U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announce three potential HIPAA updates. Prior to making any changes, OCR is planning on...

Click Here to Continue Reading!

A valid prescription for a controlled substance must be issued for a legitimate medical purpose by a registered practitioner acting in the usual course of sound professional practice. The prescription must be written in ink or indelible pencil or...

Click Here to Continue Reading!

Cyber extortion is a crime involving an attack or threat of attack coupled with a demand for money to avert or stop the attack. And according to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) incidents of...

Click Here to Continue Reading!

This year, we expect the percentage of Americans accessing health information to grow, as well as the number of health systems making it possible for patients to access their medical records on their iPhones. Recent guidance by the US Department...

Click Here to Continue Reading!

There have been a lot of stories involving sexual harassment allegations against high profile men in the news lately. The #MeToo and #TimesUp movement may have a lot to do with the increased allegations and increased attention focused on the...

Click Here to Continue Reading!

A contingency plan should help an organization return to its daily operations as quickly as possible following an unforeseen event. The contingency plan should protect resources while minimizing inconveniences for patients, customers and the...

Click Here to Continue Reading!

FOR IMMEDIATE RELEASE April 19, 2018 Contact: Andre Williams, Executive Director Healthcare Business Management Association 202-367-1177 [email protected] Eric Christensen Healthcare Compliance Pros 801-657-4492 [email protected] Healthcare...

Click Here to Continue Reading!

In a recent settlement with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), a receiver appointed to liquidate the assets of Filefax, Inc. agreed to pay $100,000 for potential violations of the HIPAA Privacy...

Click Here to Continue Reading!

With Spring Break underway and summer on the horizon – do you know how your organization manages time-off for employees during vacation season? Have you checked your policies and procedures to make sure time off requests are handled...

Click Here to Continue Reading!

The California Attorney General recently announced a $2 million settlement with Cottage Health System and its affiliated hospitals in California resolving allegations they failed to implement basic, reasonable safeguards to protect patient...

Click Here to Continue Reading!

It was recently reported that in St. Lucie County, not only could you get a burger, some fries and a milkshake at the Steak 'n Shake, you could also get fentanyl, carfentanil or heroin. In what was called Operation Big Mi-Steak, more than 40...

Click Here to Continue Reading!

Schools nationwide have been having drills intended to prepare for active shooter situations, but are the drills enough? That is a question on a lot of minds following the tragic Parkland, Florida School shooting. According to one reporter, the...

Click Here to Continue Reading!

Healthcare organizations are not exempt when it comes to office romances. Some organizations may choose to ignore office romances; some organizations may ban them altogether; while others may have policies and procedures in place for disclosing...

Click Here to Continue Reading!

Are you among the lucky healthcare providers who have never experienced a "Breach" of Protected Health Information (PHI)?  You have run such a tight ship that a "Breach" has never occurred and that makes you feel relaxed...

Click Here to Continue Reading!

For information on Medicare or Medicaid cards, please call 1-800-MEDICARE (663-4227). The Centers for Medicare & Medicaid Services (CMS) announced that under the Medicare Access and CHIPS Reauthorization Act (MACRA) of 2015, they are required to...

Click Here to Continue Reading!

Included in the January 2018 Office of Inspector General's (OIG) Work Plan is an active item titled Questionable Billing for Off-the-Shelf Orthotic Devices.  The three off-the-shelf orthotic devices being reviewed are: L0648 –...

Click Here to Continue Reading!

In the healthcare industry, written and implemented policies and procedures should help an organization and its employees make decisions, take the appropriate action, and ensure activities are in compliance with laws. Policies and procedures are...

Click Here to Continue Reading!

On January 18, 2018 Allscripts experienced a ransomware attack that impacted their cloud based EHR and other services. At this time, Allscripts does not believe there is any reason to believe any data has been removed from their systems....

Click Here to Continue Reading!

The deadline for submitting notice of a breach affecting fewer than 500 individuals is just around the corner. If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of...

Click Here to Continue Reading!

The Office of the Inspector General's (OIG) Work Plan sets forth projects such as OIG audits and evaluations that are underway or planned to be addressed in the fiscal year and beyond.  Instead of providing the annual Work Plan we were...

Click Here to Continue Reading!

The Centers for Medicare & Medicaid Services (CMS) announced the data submission system for clinicians participating in the Quality Payment Program has been launched. Clinicians can now submit all of their 2017 Merit-based Incentive Payment...

Click Here to Continue Reading!

Last week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported that 21st Century Oncology, Inc. (21CO) agreed to pay $2.3 million and adopt a corrective action plan to settle potential violations of the...

Click Here to Continue Reading!

In the United States, users of mobile devices are spending on average 5 hours per day on our mobile devices. Most of our time, approximately 69% is spent in apps. And there have been a growing number of mobile device users in healthcare. For...

Click Here to Continue Reading!

Social Media can be a great tool for any practice to reach both current and potential patients. As we touched on in the first three parts of this series, social media can help you educate, communicate with, and interact with your patients but it...

Click Here to Continue Reading!

It's that time of year again. Not just the holidays, but the time of year plan sponsors ask for attestation from providers indicating General Compliance and Fraud, Waste, and Abuse training has been completed by those required to do so. The...

Click Here to Continue Reading!

The Centers for Medicare & Medicaid (CMS) recently issued the final rule will comment period for the second year of the Quality Payment Program. While Year 2 is said to be transitional, CMS has said they are making some minor changes and also...

Click Here to Continue Reading!

This month in the United States, the holidays are kicking off with Thanksgiving. Each November, family and friends gather to give thanks, eat good food and watch football. Here at HCP, we wanted to let you know that 10 things that top our list of...

Click Here to Continue Reading!

The Centers for Medicare & Medicaid (CMS) issued a reminder about correct coding of Evaluation and Management (E/M) services. As part of their reminder, they mentioned a study report the Office of the Inspector General (OIG) that noted 42 percent...

Click Here to Continue Reading!

Did you know that November 15th is National Clean out Your Refrigerator Day? If a task such as cleaning out the refrigerator deserves a special day, what about a task such as performing a HIPAA walkthrough?  With 2018 less than a month away,...

Click Here to Continue Reading!

Most organizations that offer a personal time off system for all leave purposes, or vacation leave and sick leave systems, typically award time off based on your employment status, job level, your title and years of service with your...

Click Here to Continue Reading!

So far in this series, we've concentrated on the "do nots" and potential dangers of social media. But with Facebook boasting more than 1.8 billion monthly users and Twitter having upwards of 300 million active users, it would be a...

Click Here to Continue Reading!

Halloween is upon us. For employers, choosing a costumes policy can be scary. Will you allow costumes? If yes, what costumes are allowed? Are there employees who may be offended by Halloween costumes? For employees, choosing a costume that aligns...

Click Here to Continue Reading!

Trick-or-treating is a popular Halloween tradition in the United States, and other countries. Most of us associate "treats" with some form of candy, and "tricks" as possible pranks or other forms of mischief if a treat is not...

Click Here to Continue Reading!

It was not that long ago when an employee at the University of Cincinnati Medical Center was fired for posting a patient's protected health information (PHI) on Facebook. The employee had posted a screen shot of a patient's medical record...

Click Here to Continue Reading!

According to the CMS announcement, it is not too late to participate in the first year – the transition year – of the Merit-Based Incentive Payment System (MIPS). With their announcement CMS appears to be giving a hint that the best...

Click Here to Continue Reading!

It's not surprising the popularity of social media continues to rise. Social media provides us with a convenient way to communicate electronically, to share information, ideas, personal thoughts, and other content.  The Pew Research...

Click Here to Continue Reading!

Following Governor Rick Scott's State of Emergency Declaration, I anxiously watched the news and tracked Hurricane Irma's progress. I wondered if there was a chance Hurricane Irma would turn harmlessly to sea. Once it was evident our...

Click Here to Continue Reading!

The HHS Office of Civil Rights (OCR) recently announced that Secretary Tom Price, M.D., declared a public health emergency in Texas, Louisiana, and Florida and has exercised the authority to waive sanctions and penalties against a Texas,...

Click Here to Continue Reading!

Hurricane Harvey has hit Texas and Louisiana in ways we have never seen.  According to the HHS Office for Civil Rights (OCR), scammers are fraudulently collecting sensitive information and stealing donations by creating and using fake social...

Click Here to Continue Reading!

In our article last week we discussed when a cloud-based phone provider is considered a business associate. For many healthcare organizations, whether or not to take a walk on the cloud side of computing solutions may be a difficult decision....

Click Here to Continue Reading!

Several years ago, Plain Old Telephone Service (POTS) was the most common option for communications over a telephone network. Now, there are a variety of other communications options to consider, such as cellular and Voice over IP (VoIP). While...

Click Here to Continue Reading!

The U.S. Department of Labor's Occupational Safety and Health Administration (OSHA) recently proposed a delay in the electronic reporting compliance date of the rule, Improve Tracking of Workplace Injuries and Illnesses, from July 1, 2017, to...

Click Here to Continue Reading!

MIPS eligible clinicians and groups may qualify for a reweighting of their Advancing Care Information performance category score to 0% of the final score, and can submit a hardship exception application, for one of the following specified...

Click Here to Continue Reading!

The U.S. Department of Justice (DOJ) recently announced that the operators of seven bogus medical clinics were among 12 defendants taken into custody on federal drug trafficking charges that allege they diverted at least 2 million prescription...

Click Here to Continue Reading!

Each year in August, National Immunization Awareness Month (NIAM) provides an opportunity to highlight the value of immunization across the lifespan. National Immunization Awareness Month presents a great opportunity to educate seniors and other...

Click Here to Continue Reading!

Not too long ago, "WannaCry," a ransomware attack significantly impacted organizations around the globe last month. Another attack – "Petya" – spread quickly impacting Microsoft Windows-based computers. These types...

Click Here to Continue Reading!

Not too long ago, the U.S. Equal Employment Opportunity Commission (EEOC) sued a company for sexual harassment.  The company that was sued violated federal law by allowing a manager to subject several female employees to sexual harassment....

Click Here to Continue Reading!

We are occasionally asked questions by our clients regarding business associates and business associate agreement (BAAs). Recently, we were asked if it is okay for vendors to propose changes to a covered entity's BAA: Response Under the HIPAA...

Click Here to Continue Reading!

Included in recent guidance regarding file sharing and cloud computing published by the Office for Civil Rights (OCR) were recent survey results regarding file sharing and collaboration tools used by organizations from a variety of industries...

Click Here to Continue Reading!

According to the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) guidance on HIPAA Privacy Rule and Sharing Information Related to Mental Health, there are times when it is appropriate for a health care provider to...

Click Here to Continue Reading!

There are several reports showing that the telemedicine market is growing somewhere between 18-30 percent per year.   The rate of growth is in part due to the combination and advancement of technology and communication, which allows...

Click Here to Continue Reading!

An organization in Texas has agreed to a $2.4 million monetary settlement and a comprehensive corrective action plan for an impermissible disclosure in a press release. The impermissible disclosure in a press release follows a permissible...

Click Here to Continue Reading!

The patient's doctor delivered the bad news: A CT scan showed cancer.  Surprisingly, though, just two months later a biopsy failed to detect a malignancy, leading a puzzled doctor to order a second biopsy. The mystery was solved when a...

Click Here to Continue Reading!

Ah summer! The weather is nice; the kids are out of school; and many of us take a much needed vacation. For employers and employees, there are potential obstacles to overcome, but these obstacles offer opportunities including rewards that summer...

Click Here to Continue Reading!

Last week a massive ransomware outbreak impact millions of computers and exposed weaknesses in Microsoft's Windows operating system. The latest attacks are known as "WanaCryptor", "WeCry", or "WeCryptor." Major...

Click Here to Continue Reading!

Compliance Q&A:  Can we ask a patient their date of birth at the front desk while checking them in? Law:  The HIPAA Privacy Rule does not prohibit covered entities from engaging in common and important health care practices; nor does it...

Click Here to Continue Reading!

Your OSHA and General OSHA courses received a new slide this month.  This update only applies to certain medical facilities. If your organizational type is not included in the following list, we would encourage you to HIDE the slide...

Click Here to Continue Reading!

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), recently announced the first HIPAA settlement involving a wireless health services provider, is a big one. The wireless services provider agreed to the settlement by...

Click Here to Continue Reading!

A Business Associate Agreement (BAA) is not optional. If you have a vendor who performs certain functions or activities involving protected health information (PHI), you must have a signed BAA in place. Recently the U.S. Department of Health and...

Click Here to Continue Reading!

There are just a few requirements in the statutes, like too many to count along with various interpretations and opinions.  The Federal Government is famous for many things, but specificity is not one of them.  So maybe you got the...

Click Here to Continue Reading!

In mid-October 2016, CMS requirements under Section 1557 Final Rule began. Healthcare Compliance Pros has answered several questions regarding Section 1557. The following list includes answers to the top frequently asked questions we have...

Click Here to Continue Reading!

Whether your practice accesses, creates, modifies, or stores electronic protected health information (ePHI) you must do everything possible to reduce, and eliminate as much as possible, any risks to that information. For one entity, a recent...

Click Here to Continue Reading!

At first when you read CIA in the title of this article, you may have asked yourself why in the world we would write about the Central Intelligence Agency (CIA). And you may be wondering why you would need to cover your assets (CYA) from the CIA...

Click Here to Continue Reading!

Smartphone usage is not only becoming more common but the variety of medical aid tools available to consumers on their smartphones continues to grow each year. Roughly 77 percent of Americans own a smartphone. Smartphone applications have...

Click Here to Continue Reading!

With Spring Break underway, Easter just around the corner, and summer on the horizon – do you know how your organization manages time-off for employees during vacation season? Have you checked your policies and procedures to make sure...

Click Here to Continue Reading!

Just last year, HHS issued a final rule modifying the HIPAA Privacy Rule to expressly permit certain, but not all, HIPAA covered entities to disclose the identities of individuals who are subject to a federal mental health...

Click Here to Continue Reading!

Imagine your practice filed a breach report with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) – a few years ago – regarding the loss of a smartphone that contained unsecured electronic protected...

Click Here to Continue Reading!

Active shooter events in healthcare facilities present unique challenges as staff members are faced with the decision about what to do with patients, visitors, and themselves. Patients may be unable to evacuate themselves due to injury, age, and...

Click Here to Continue Reading!

Included in the Merit-based Incentive Payment System (MIPS), Advancing Care Information replaces the Medicare EHR Incentive Program, a.k.a. Meaningful Use. Advancing Care Information makes up 25% of your 2017 Performance Score and focused on the...

Click Here to Continue Reading!

It is a common practice for new users to be assigned a simple, easy-to-remember password at the time of employment, or when a user is assigned a new application.  For example, a new user may be assigned a default password, such as...

Click Here to Continue Reading!

Since the enactment of the Affordable Care Act (ACA) in 2010, Section 1557 provides protection of civil rights by prohibiting discrimination on the basis of race, color, national origin, sex, age or disability in certain health programs or...

Click Here to Continue Reading!