The Compliance INSIDER

Essentials for Establishing a Culture of Compliance In a healthcare organization, a successful compliance program details the organization's commitment to ethical behavior. Compliance must be embedded in...

This past year was a busy year of complaints, breaches and OCR settlements! It appeared to be a year where "the squeaky wheel gets the grease" proved to be an accurate proverb. Several of the enforcement activities and settlements that were...

Something about Calendar Year 2020 feels futuristic. Afterall, it is two decades past the year 2000 (Y2K) - the year when significant problems were anticipated due to the computer programming shortcut related to the formatting and storage of...

Healthcare Compliance Pros is wrapping up the end of 2019 with brand new courses available on December 11, 2019! Caring for Patients in the LGBTQ Community - Issues and concerns for LGBTQ patients can often arise in healthcare. While...

The end of the year is approaching and here at Healthcare Compliance Pros, we are ready for the holidays! However, with the end of the year comes the deadline to complete a Security Risk Analysis (SRA) for 2019 as well. We're here to remind...

For one covered entity, violations of the HIPAA Security and Breach Notification Rules ended up costing them over $2.15 million! The covered entity has already paid the full civil monetary penalty (CMP) and did not contest the Office for Civil...

The Office for Civil Rights (OCR) announced a successful corrective action and resolution for a complaint against a covered entity. According to OCR, the complaint alleged that Florida Orthopaedic unlawfully canceled surgery because of a...

On October 9. 2019, the Department of Health and Human Services (HHS) announced proposed changes that would update the Physician Self-Referral Law (Stark Law) issued by the Centers for Medicare & Medicaid Services (CMS), and the Federal...

It has been a major focus for the U.S. Department of Health and Human Services (HHS) to combat the opioid epidemic while still ensuring that the confidentiality of patient records is maintained. HHS is proposing to revise the federal...

Did you know that a whopping 95% percent of people in the United States use the internet and 86% use it every day? Users of social media account for 74% of internet users, and the average daily time spent using social media on any device...

Telephones have been a staple of communication for as long as most of us can remember! The cell phone has noticeably changed the way we communicate both personally and increasingly professionally with the introduction of texting. In 2015, a...

Our Compliance for Your Practice training is now available! The Centers for Medicare & Medicaid Services (CMS) previously required healthcare organizations to ensure that training was being provided on unmodified content. This past...

A compliance hotline used correctly can be a powerful tool for any organization; from being able to offer suggestions to reporting concerns. For healthcare organizations, the recommendation to provide hotlines and other forms of communication...

Conducting and reviewing a security risk analysis (SRA) is perhaps one of the most important requirements your organization will undertake. An SRA should be thought of as an ongoing process for your organization to be continually improved upon...

A Disaster Recovery Program is Important Regardless of Location When we talk about Disaster Recovery and Emergency Preparedness, hurricanes often come to mind, and for good reason! The past few years we have experienced hurricanes that...

CMS Announces the Beginning of MIPS Data Validation and Audits It was not a matter of if but when.... when would the Centers for Medicare & Medicaid Services (CMS) review and audit Merit-based Incentive Payment System (MIPS) data...

The Largest Healthcare Fraud Scheme Ever Charged by DOJ The U.S. Department of Justice (DOJ) recently announced a South Florida Healthcare Facility Owner was convicted for his role in the largest healthcare fraud scheme ever,...

Independence Day for many is about bringing the family together and enjoying various holiday activities like parades, picnics, s'more making, fireworks all while avoiding things like heat exhaustion, sunburns, and firework dangers! To get the...

#MeToo and #TimesUp have been circulating around social media and news outlets in the last few years in response to the outpouring of sexual harassment allegations and complaints that have been recently exposed. Cases of highly powerful men...

The HHS Office for Civil Rights (OCR) just recently issued a fact sheet that explains all requirements a business associate can be held directly liable for under HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (HIPAA...

Between August 1, 2018 and March 30, 2019, a recent data breach from Quest Diagnostics was reported May 2019 after an estimated 11.9 million patient's financial data, social security numbers and other medical information was accessed...

Is your Organization Ready for Imaging Clinical Decision Support in 2020? The Protecting Access to Medicare Act (PAMA) was signed into law in April of 2014.As part of the legislation, under section 218b, providers will now have to consult...

The Pain Management Best Practices Interagency Task Force was created to update best practices, issue recommendations for managing chronic and acute pain, and to propose updates to the Comprehensive Addiction and Recovery Act of 2016. The Task...

Memorial Day weekend is here, and the busy season of summer vacations is fast approaching! Here are our tips for a smooth operating summer with employee time-off requests and staying cool in the heat! Managing Employee Vacations and...

Imaging Service Company's Breach results in $3,000,000 Settlement The recent Office for Civil Rights (OCR) announcement of a settlement with a Tennessee diagnostic medical imaging services company due to a breach exposing 300,000...

CDC and HHS Provide Update about the Measles Outbreak At the time of this update, the Centers for Disease Control and Prevention (CDC) and U.S. Department of Health and Human Services (HHS) reports over 700 cases of measles from 22 states. ...

HHS Updates Deadline on Proposed Rules to Improve Interoperability EHI The U.S. Department of Health and Human Services (HHS) proposed new rules to support seamless and secure access, exchange, and use of electronic health information...

In a recent, Breach Level Index report it was revealed that just in the first six months of 2018, 56% of the 4.5 billion data records that were compromised were from social media incidents. With 27% of all breach incidents being in the health...

Did you know that April is National Workplace Violence Prevention month? Workplace violence doesn’t just involve criminal intent and irate customers. Employees bullying each other is another form of workplace violence that needs more...

It's that time of year again, the weather is becoming colder and the holiday season is on its way! Before you know it, we're going to be ringing in a new year. This means you only have a few months to complete your Security Risk Analysis (SRA)...

Halloween has been around for centuries with traditions that have been absorbed, changed, and celebrated by many different cultures. Halloween can be dated back to the ancient Celtic festival of Samhain-nearly 2000 years ago! Samhain was like a...

HIPAA Privacy Rule �" Understanding Health Oversight Disclosures At Healthcare Compliance Pros, we occasionally receive questions about disclosures for health oversight purposes. Health oversight can include disclosures for a variety of...

The Federal Response to the Opioid Crisis Opioid addiction is the one of the fastest growing problems in America!� In 2016, nearly 116 people died each day from opioid related overdoses in the United States. � The next year, in October...

It can be a very exciting time deciding to begin utilizing social media for your organizations. The risks and benefits have been weighed, and it is time to get started! � When getting started there may be some questions you have. � The...

According the World Drug Report, from the United Nations Office on Drugs and Crime (UNODC), it is estimated that in 2018 the prescription drug abuse of opioids will reach new record highs! Just this past August, the married co-owners of a pain...

The Office for Civil Rights (OCR) recently reported that scammers were fraudulently collecting sensitive information and stealing donations by creating and using fake� social media� platforms, such as Facebook, Twitter, charity...

What You Need to Know about Disaster Recovery Plans Last year it was the constant news of hurricanes and tropical storms that originated from the Atlantic Ocean that destroyed parts of Florida and nearby areas. This year, the Eastern Pacific...

Labor Day is just around the corner here in the United States, always falling on the first Monday of September. This Federal holiday was created in the late 19th century as a response to the ongoing Labor Movement, when at the time the average...

The Centers for Medicare and Medicaid Services (CMS) and the Office of Inspector General (OIG) highly encourage every healthcare organization to establish a compliance committee that advises your Compliance Officer and assists in the...

Recently on August 2nd, 2018, the Centers for Medicare & Medicaid Services (CMS) finalized policies to advance with the MyHealthEData initiative and the CMS Patients Over Paperwork Initiative. � The CMS updates with these core pieces will...

The U.S. Department of Labor�™s Occupational Safety and Health Administration (OSHA) recently announces plans to issue a Notice of Proposed Rulemaking (NPRM) to better protect personally identifiable information or data that could be...

After arriving back to my office from attending a conference planning meeting with the American Association of Orthopaedic Executives�™ (AAOE), at the Gaylord Opryland Resort in Nashville. As a member of the Industry Relations Board (IRB),...

In the event of a disaster �" natural or otherwise �" difficult decisions may need to be made without hesitation. One such decision may be whether you should evacuate or “shelter in place.” An example of when it may be necessary...

Ah, Independence Day. An annual holiday that provides an opportunity for us to have a day off work, to attend a morning parade, participate in a 5k, or other events. From there, we may get together with family and friends, have a picnic or...

Ah summer! The weather is nice; the kids are out of school; and many of us take a much needed vacation. For employers and employees, there are potential obstacles to overcome, but these obstacles offer opportunities including rewards that...

A judge recently ruled in favor of the OCR and ordered The University of Texas MD Anderson Cancer Center (Anderson Cancer Center) to pay over $4.3 million in civil monetary penalties. The judgment came after the Anderson Cancer Center lost two...

Last year, Harvey and Irma occurred during hurricane season. This year, Alberto just had different plans. Alberto couldn�™t wait to kick off hurricane season a little bit early. Thankfully there was enough time and a reminder of “what...

In an effort to reduce medication errors and harm, healthcare professionals, such as nurses, may utilize the “five rights” of medication administration: the right patient, the right drug, the right dose, the right route, and the right time....

When should you expect MIPS Performance Feedback? As of April 3, 2018, the submission period for 2017 Merit Based Incentive Payment System (MIPS) closed. And the Centers for Medicare & Medicaid Services (CMS) is currently in the process of...

Is a Security Risk Analysis the same as a Gap Analysis? The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently addressed this question as part of their April 2018 OCR Cyber Security Newsletter:...

Potential HIPAA Updates: During the recent HIPAA Summit, the Director of U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announce three potential HIPAA updates. Prior to making any changes, OCR is planning on...

A valid prescription for a controlled substance must be issued for a legitimate medical purpose by a registered practitioner acting in the usual course of sound professional practice. The prescription must be written in ink or indelible pencil or...

Cyber extortion is a crime involving an attack or threat of attack coupled with a demand for money to avert or stop the attack. And according to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) incidents of...

This year, we expect the percentage of Americans accessing health information to grow, as well as the number of health systems making it possible for patients to access their medical records on their iPhones. Recent guidance by the US Department...

There have been a lot of stories involving sexual harassment allegations against high profile men in the news lately. The #MeToo and #TimesUp movement may have a lot to do with the increased allegations and increased attention focused on the...

A contingency plan should help an organization return to its daily operations as quickly as possible following an unforeseen event. The contingency plan should protect resources while minimizing inconveniences for patients, customers and the...

FOR IMMEDIATE RELEASE April 19, 2018 Contact: Andre Williams, Executive Director Healthcare Business Management Association 202-367-1177 [email protected] Eric Christensen Healthcare Compliance Pros 801-657-4492 [email protected] Healthcare...

In a recent settlement with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), a receiver appointed to liquidate the assets of Filefax, Inc. agreed to pay $100,000 for potential violations of the HIPAA Privacy...

With Spring Break underway and summer on the horizon �" do you know how your organization manages time-off for employees during vacation season?� Have you checked your policies and procedures to make sure time off requests are handled...

The California Attorney General recently announced a $2 million settlement with Cottage Health System and its affiliated hospitals in California resolving allegations they failed to implement basic, reasonable safeguards to protect patient...

It was recently reported that in St. Lucie County, not only could you get a burger, some fries and a milkshake at the Steak ‘n Shake, you could also get fentanyl, carfentanil or heroin. In what was called Operation Big Mi-Steak, more than 40...

Schools nationwide have been having drills intended to prepare for active shooter situations, but are the drills enough? That is a question on a lot of minds following the tragic Parkland, Florida School shooting. According to one reporter, the...

Healthcare organizations are not exempt when it comes to office romances. Some organizations may choose to ignore office romances; some organizations may ban them altogether; while others may have policies and procedures in place for disclosing...

Are you among the lucky healthcare providers who have never experienced a “Breach” of Protected Health Information (PHI)?�  You have run such a tight ship that a “Breach” has never occurred and that makes you feel relaxed and...

For information on Medicare or Medicaid cards, please call 1-800-MEDICARE (663-4227). The Centers for Medicare & Medicaid Services (CMS) announced that under the Medicare Access and CHIPS Reauthorization Act (MACRA) of 2015, they are required to...

Included in the January 2018 Office of Inspector General�™s (OIG) Work Plan is an active item titled Questionable Billing for Off-the-Shelf Orthotic Devices. � The three off-the-shelf orthotic devices being reviewed are: L0648...

In the healthcare industry, written and implemented policies and procedures should help an organization and its employees make decisions, take the appropriate action, and ensure activities are in compliance with laws. Policies and procedures are...

On January 18, 2018 Allscripts experienced a ransomware attack that impacted their cloud based EHR and other services. At this time, Allscripts does not believe there is any reason to believe any data has been removed from their systems....

The deadline for submitting notice of a breach affecting fewer than 500 individuals is just around the corner. If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of...

The Office of the Inspector General�™s (OIG) Work Plan sets forth projects such as OIG audits and evaluations that are underway or planned to be addressed in the fiscal year and beyond.�  Instead of providing the annual Work Plan we...

The Centers for Medicare & Medicaid Services (CMS) announced the data submission system for clinicians participating in the Quality Payment Program has been launched. Clinicians can now submit all of their 2017 Merit-based Incentive Payment...

Last week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported that 21st Century Oncology, Inc. (21CO) agreed to pay $2.3 million and adopt a corrective action plan to settle potential violations of the...

In the United States, users of mobile devices are spending on average 5 hours per day on our mobile devices. Most of our time, approximately 69% is spent in apps. And there have been a growing number of mobile device users in healthcare. For...

Social Media can be a great tool for any practice to reach both current and potential patients. As we touched on in the first three parts of this series, social media can help you educate, communicate with, and interact with your patients but it...

It�™s that time of year again. Not just the holidays, but the time of year plan sponsors ask for attestation from providers indicating General Compliance and Fraud, Waste, and Abuse training has been completed by those required to do so....

The Centers for Medicare & Medicaid (CMS) recently issued the final rule will comment period for the second year of the Quality Payment Program. While Year 2 is said to be transitional, CMS has said they are making some minor changes and also...

This month in the United States, the holidays are kicking off with Thanksgiving. Each November, family and friends gather to give thanks, eat good food and watch football. Here at HCP, we wanted to let you know that 10 things that top our list of...

The Centers for Medicare & Medicaid (CMS) issued a reminder about correct coding of Evaluation and Management (E/M) services. As part of their reminder, they mentioned a study report the Office of the Inspector General (OIG) that noted 42 percent...

Did you know that November 15th is National Clean out Your Refrigerator Day? If a task such as cleaning out the refrigerator deserves a special day, what about a task such as performing a HIPAA walkthrough?�  With 2018 less than a month...

Most organizations that offer a personal time off system for all leave purposes, or vacation leave and sick leave systems, typically award time off based on your employment status, job level, your title and years of service with your...

So far in this series, we have concentrated on what to avoid posting on social media and potential dangers of social media. But with Facebook boasting more than 1.8 billion monthly users and Twitter having upwards of 300 million active users, it...

Halloween is upon us. For employers, choosing a costumes policy can be scary. Will you allow costumes? If yes, what costumes are allowed? Are there employees who may be offended by Halloween costumes? For employees, choosing a costume that aligns...

Trick-or-treating is a popular Halloween tradition in the United States, and other countries. Most of us associate “treats” with some form of candy, and “tricks” as possible pranks or other forms of mischief if a treat is not given by the...

According to the CMS announcement, it is not too late to participate in the first year �" the transition year �" of the Merit-Based Incentive Payment System (MIPS). With their announcement CMS appears to be giving a hint that the best...

It�™s not surprising the popularity of social media continues to rise. Social media provides us with a convenient way to communicate electronically, to share information, ideas, personal thoughts, and other content.�  The Pew Research...

Following Governor Rick Scott�™s State of Emergency Declaration, I anxiously watched the news and tracked Hurricane Irma�™s progress. I wondered if there was a chance Hurricane Irma would turn harmlessly to sea. Once it was evident...

The HHS Office of Civil Rights (OCR) recently announced that Secretary Tom Price, M.D., declared a public health emergency in Texas, Louisiana, and Florida and has exercised the authority to waive sanctions and penalties against a Texas,...

Hurricane Harvey has hit Texas and Louisiana in ways we have never seen. According to the HHS Office for Civil Rights (OCR), scammers are fraudulently collecting sensitive information and stealing donations by creating and using fake social...

In our article last week we discussed when a cloud-based phone provider is considered a business associate. For many healthcare organizations, whether or not to take a walk on the cloud side of computing solutions may be a difficult decision....

Several years ago, Plain Old Telephone Service (POTS) was the most common option for communications over a telephone network. Now, there are a variety of other communications options to consider, such as cellular and Voice over IP (VoIP). While...

The U.S. Department of Labor�™s Occupational Safety and Health Administration (OSHA) recently proposed a delay in the electronic reporting compliance date of the rule, Improve Tracking of Workplace Injuries and Illnesses, from July 1,...

MIPS eligible clinicians and groups may qualify for a reweighting of their Advancing Care Information performance category score to 0% of the final score, and can submit a hardship exception application, for one of the following specified...

The U.S. Department of Justice (DOJ) recently announced that the operators of seven bogus medical clinics were among 12 defendants taken into custody on federal drug trafficking charges that allege they diverted at least 2 million prescription...

Each year in August, National Immunization Awareness Month (NIAM) provides an opportunity to highlight the value of immunization across the lifespan. National Immunization Awareness Month presents a great opportunity to educate seniors and other...

Not too long ago, “WannaCry,” a ransomware attack significantly impacted organizations around the globe last month. Another attack �" “Petya” �" spread quickly impacting Microsoft Windows-based computers. These types of...

Not too long ago, the U.S. Equal Employment Opportunity Commission (EEOC) sued a company for sexual harassment.�  The company that was sued violated federal law by allowing a manager to subject several female employees to sexual harassment....

We are occasionally asked questions by our clients regarding business associates and business associate agreement (BAAs). Recently, we were asked if it is okay for vendors to propose changes to a covered entity�™s BAA: Response Under the...

Included in recent guidance regarding file sharing and cloud computing published by the Office for Civil Rights (OCR) were recent survey results regarding file sharing and collaboration tools used by organizations from a variety of industries...

According to the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) guidance on HIPAA Privacy Rule and Sharing Information Related to Mental Health, there are times when it is appropriate for a health care provider to...

There are several reports showing that the telemedicine market is growing somewhere between 18-30 percent per year.�  � The rate of growth is in part due to the combination and advancement of technology and communication, which allows...

An organization in Texas has agreed to a $2.4 million monetary settlement and a comprehensive corrective action plan for an impermissible disclosure in a press release. The impermissible disclosure in a press release follows a permissible...

The patient�™s doctor delivered the bad news: A CT scan showed cancer.�  Surprisingly, though, just two months later a biopsy failed to detect a malignancy, leading a puzzled doctor to order a second biopsy. The mystery was solved...

Ah summer! The weather is nice; the kids are out of school; and many of us take a much needed vacation. For employers and employees, there are potential obstacles to overcome, but these obstacles offer opportunities including rewards that summer...

Last week a massive ransomware outbreak impact millions of computers and exposed weaknesses in Microsoft�™s Windows operating system. The latest attacks are known as “WanaCryptor”, “WeCry”, or “WeCryptor.” Major corporations...

Compliance Q&A:�  Can we ask a patient their date of birth at the front desk while checking them in? Law:�  The HIPAA Privacy Rule does not prohibit covered entities from engaging in common and important health care practices; nor does...

Your OSHA and General OSHA courses received a new slide this month.�  This update only applies to certain medical facilities. If your organizational type is not included in the following list, we would encourage you to HIDE the slide...

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), recently announced the first HIPAA settlement involving a wireless health services provider, is a big one. The wireless services provider agreed to the settlement by...

A Business Associate Agreement (BAA) is not optional. If you have a vendor who performs certain functions or activities involving protected health information (PHI), you must have a signed BAA in place. Recently the U.S. Department of Health and...

There are just a few requirements in the statutes, like too many to count along with various interpretations and opinions.�  The Federal Government is famous for many things, but specificity is not one of them.�  So maybe you got the...

In mid-October 2016, CMS requirements under Section 1557 Final Rule began. Healthcare Compliance Pros has answered several questions regarding Section 1557. The following list includes answers to the top frequently asked questions we have...

Whether your practice accesses, creates, modifies, or stores electronic protected health information (ePHI) you must do everything possible to reduce, and eliminate as much as possible, any risks to that information. For one entity, a recent...

At first when you read CIA in the title of this article, you may have asked yourself why in the world we would write about the Central Intelligence Agency (CIA). And you may be wondering why you would need to cover your assets (CYA) from the CIA...

Smartphone usage is not only becoming more common but the variety of medical aid tools available to consumers on their smartphones continues to grow each year.� Roughly 77 percent of Americans own a smartphone. Smartphone applications have...

With Spring Break underway, Easter just around the corner, and summer on the horizon �" do you know how your organization manages time-off for employees during vacation season?� Have you checked your policies and procedures to make...

Just last year, HHS issued a final rule modifying the HIPAA Privacy Rule to expressly permit certain, but not all, HIPAA covered entities to disclose the identities of individuals who are subject to a federal� mental health...

Imagine your practice filed a breach report with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) �" a few years ago �" regarding the loss of a smartphone that contained unsecured electronic protected...

Active shooter events in healthcare facilities present unique challenges as staff members are faced with the decision about what to do with patients, visitors, and themselves. Patients may be unable to evacuate themselves due to injury, age, and...

Included in the Merit-based Incentive Payment System (MIPS), Advancing Care Information replaces the Medicare EHR Incentive Program, a.k.a. Meaningful Use. Advancing Care Information makes up 25% of your 2017 Performance Score and focused on the...

It is a common practice for new users to be assigned a simple, easy-to-remember password at the time of employment, or when a user is assigned a new application.�  For example, a new user may be assigned a default password, such as...

COVID-19 has had an impact, changing many things in the daily lives of people everywhere! For example, preventative measures such as washing our hands regularly for 20 seconds, with soap and water or alcohol-based hand rub, and avoiding our...

In a recent report published by Risk Based Security, 2019 is on track to be the "worst year on record" for breach activity. The report indicated that 3,813 breaches were reported through June 30, 2019, exposing over 4.1 billion records! Of...

Since the enactment of the Affordable Care Act (ACA) in 2010, Section 1557 provides protection of civil rights by prohibiting discrimination on the basis of race, color, national origin, sex, age or disability in certain health programs or...