The Compliance INSIDER

On December 10th, 2020, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to support individuals'...

The Office of Inspector General (OIG) recently announced their findings from an audit of outpatient outlier payments. The OIG selected an entity that had an increase of outlier payments from $82,555 in 2015 to $2.6 million in 2016. According...

A recent report conducted by the Department of Health and Human Services (HHS) showed a dramatic uptick in telehealth utilization by Medicare beneficiaries. Before COVID-19, Medicare primary care telehealth visits were less than one percent....

Social distancing also called "physical distancing," means keeping space between yourself and other people. To practice social or physical distancing we are advised to stay at least 6 feet (about 2 arms' length) from other people. The...

The cost of not adequately protecting healthcare information comes at a high cost to the healthcare industry. According to the most recent annual Cost of a Data Breach Report, the average total cost of a data breach is up to $3.92...

Essentials for Establishing a Culture of Compliance In a healthcare organization, a successful compliance program details the organization's commitment to ethical behavior. Compliance must be embedded in...

This past year was a busy year of complaints, breaches and OCR settlements! It appeared to be a year where "the squeaky wheel gets the grease" proved to be an accurate proverb. Several of the enforcement activities and settlements that were...

Something about Calendar Year 2020 feels futuristic. Afterall, it is two decades past the year 2000 (Y2K) - the year when significant problems were anticipated due to the computer programming shortcut related to the formatting and storage of...

Conducting and reviewing a security risk analysis (SRA) is perhaps one of the most important requirements your organization will undertake. An SRA should be thought of as an ongoing process for your organization to be continually improved upon...

Image Caption (Optional) Are you suffering from back pain at work? Do you come home after work every day and still have an aching feeling that just will not go away? If so, you need to make some serious adjustments to your routine at...

Did you know that beginning the year, the Centers for Medicare & Medicaid Services are requiring all Promoting Interoperability Programs (e.g., MIPS) participants to use 2015 Edition certified electronic health record technology (CEHRT) to...

Labor Day is just around the corner here in the United States, always falling on the first Monday of September. This Federal holiday was created in the late 19th century as a response to the ongoing Labor Movement when at the time the average...

The Centers for Medicare and Medicaid Services (CMS) and the Office of Inspector General (OIG) highly encourage every healthcare organization to establish a compliance committee that advises your Compliance Officer and assists in the...

The Centers for Medicare & Medicaid Services (CMS) have been voicing their concerns and seeking public comments regarding the current evaluation and management (E/M) documentation guidelines. CMS understands that the current guidelines are...

After arriving back to my office from attending a conference planning meeting with the American Association of Orthopaedic Executives' (AAOE), at the Gaylord Opryland Resort in Nashville. As a member of the Industry Relations Board (IRB), I...

In the event of a disaster – natural or otherwise – difficult decisions may need to be made without hesitation. One such decision may be whether you should evacuate or "shelter in place." An example of when it may be...

Social media usage is commonplace in our day-to-day lives and most of us use various types of social media platforms. Social Media is fun and convenient providing quick access to, and posting of information, ideas, personal messages, and other...

In 2017, most healthcare organizations were very familiar with the Advancing Care Information (ACI) category under the Merit-based Incentive Payment System (MIPS). And we became very familiar with the ACI acronym. Fast forward to 2018. CMS has...

Ah, Independence Day. An annual holiday that provides an opportunity for us to have a day off work, to attend a morning parade, participate in a 5k, or other events. From there, we may get together with family and friends, have a picnic or...

The Centers for Medicare & Medicaid Services (CMS) just issued a Request for Information seeking recommendations and input from the public on how to address any undue impact and burden of the physician self-referral law – commonly referred...

Occasionally we are asked questions about the Family and Medical Leave Act (FMLA). We receive a variety of questions regarding FMLA including questions about leave entitlement. For example: Is our practice required to comply with FMLA? If so,...

A judge recently ruled in favor of the OCR and ordered The University of Texas MD Anderson Cancer Center (Anderson Cancer Center) to pay over $4.3 million in civil monetary penalties. The judgment came after the Anderson Cancer Center lost two...

Last year, Harvey and Irma occurred during hurricane season. This year, Alberto just had different plans. Alberto couldn't wait to kick off hurricane season a little bit early. Thankfully there was enough time and a reminder of "what...

In an effort to reduce medication errors and harm, healthcare professionals, such as nurses, may utilize the "five rights" of medication administration: the right patient, the right drug, the right dose, the right route, and the right...

Cyber extortion is a crime involving an attack or threat of attack coupled with a demand for money to avert or stop the attack. And according to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) incidents of...

This year, we expect the percentage of Americans accessing health information to grow, as well as the number of health systems making it possible for patients to access their medical records on their iPhones. Recent guidance by the US Department...

There have been a lot of stories involving sexual harassment allegations against high profile men in the news lately. The #MeToo and #TimesUp movement may have a lot to do with the increased allegations and increased attention focused on the...

In a recent settlement with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), a receiver appointed to liquidate the assets of Filefax, Inc. agreed to pay $100,000 for potential violations of the HIPAA Privacy...

"Ouch!" What to do in the Event of a Needle-stick "Ouch!" could be heard coming from the exam room.   A medical assistant accidentally stuck herself with a needle after performing a blood draw.   When...

It was recently reported that in St. Lucie County, not only could you get a burger, some fries and a milkshake at the Steak 'n Shake, you could also get fentanyl, carfentanil or heroin. In what was called Operation Big Mi-Steak, more than 40...

Healthcare organizations are not exempt when it comes to office romances. Some organizations may choose to ignore office romances; some organizations may ban them altogether; while others may have policies and procedures in place for disclosing...

The Office of the Inspector General's (OIG) Work Plan sets forth projects such as OIG audits and evaluations that are underway or planned to be addressed in the fiscal year and beyond.  Instead of providing the annual Work Plan we were...

The Centers for Medicare & Medicaid Services (CMS) announced the data submission system for clinicians participating in the Quality Payment Program has been launched. Clinicians can now submit all of their 2017 Merit-based Incentive Payment...

In the United States, users of mobile devices are spending on average 5 hours per day on our mobile devices. Most of our time, approximately 69% is spent in apps. And there have been a growing number of mobile device users in healthcare. For...

The Centers for Medicare & Medicaid (CMS) recently issued the final rule will comment period for the second year of the Quality Payment Program. While Year 2 is said to be transitional, CMS has said they are making some minor changes and also...

The Centers for Medicare & Medicaid (CMS) issued a reminder about correct coding of Evaluation and Management (E/M) services. As part of their reminder, they mentioned a study report the Office of the Inspector General (OIG) that noted 42 percent...

Did you know that November 15th is National Clean out Your Refrigerator Day? If a task such as cleaning out the refrigerator deserves a special day, what about a task such as performing a HIPAA walkthrough?  With 2018 less than a month away,...

According to the CMS announcement, it is not too late to participate in the first year – the transition year – of the Merit-Based Incentive Payment System (MIPS). With their announcement CMS appears to be giving a hint that the best...

Following Governor Rick Scott's State of Emergency Declaration, I anxiously watched the news and tracked Hurricane Irma's progress. I wondered if there was a chance Hurricane Irma would turn harmlessly to sea. Once it was evident our...

Each year in August, National Immunization Awareness Month (NIAM) provides an opportunity to highlight the value of immunization across the lifespan. National Immunization Awareness Month presents a great opportunity to educate seniors and other...

There are several reports showing that the telemedicine market is growing somewhere between 18-30 percent per year.   The rate of growth is in part due to the combination and advancement of technology and communication, which allows...

Last week a massive ransomware outbreak impact millions of computers and exposed weaknesses in Microsoft's Windows operating system. The latest attacks are known as "WanaCryptor", "WeCry", or "WeCryptor." Major...

Compliance Q&A:  Can we ask a patient their date of birth at the front desk while checking them in? Law:  The HIPAA Privacy Rule does not prohibit covered entities from engaging in common and important health care practices; nor does it...

A Business Associate Agreement (BAA) is not optional. If you have a vendor who performs certain functions or activities involving protected health information (PHI), you must have a signed BAA in place. Recently the U.S. Department of Health and...

There are just a few requirements in the statutes, like too many to count along with various interpretations and opinions.  The Federal Government is famous for many things, but specificity is not one of them.  So maybe you got the...

Over the years, Healthcare Compliance Pros (HCP) has prided itself in easily accessible and personalized customer service. Our representatives are always on the ready to answer a call or respond to an emailed request for website assistance and...

In mid-October 2016, CMS requirements under Section 1557 Final Rule began. Healthcare Compliance Pros has answered several questions regarding Section 1557. The following list includes answers to the top frequently asked questions we have...

With Spring Break underway, Easter just around the corner, and summer on the horizon – do you know how your organization manages time-off for employees during vacation season? Have you checked your policies and procedures to make sure...

The Occupational Safety and Health Administration (OSHA) issued a final rule that is effective in 2017 that revised requirements for submitting records of workplace injuries and illnesses. Specifically, OSHA is requiring certain employers to...

Imagine your practice filed a breach report with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) – a few years ago – regarding the loss of a smartphone that contained unsecured electronic protected...

Occasionally we answer questions regarding what constitutes a reportable breach. Questions such as: Isn't it only a reportable breach if the incident involves electronic protected health information (ePHI)? What about paper? Should these...

The U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) recently announced that a Voluntary Resolution Agreement has been made with Erie County Department of Social Services.  The agreement is said to ensure...

Just recently it was announced that a potential HIPAA Privacy Rule and Security Rules violation lead a major organization to pay a sustainable fee, $650,000. The breach was reported to the U.S. Department of Health and Human Service (HHS), Office...

Are you familiar with the timeless Christmas classic "All I Want for Christmas Is My Two Front Teeth?"  Most of us are familiar with the lyrics and for some of us, we may have had a similar wish.   What would the lyrics...

Recently, the final rule Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers was published in the Federal Register.   While the rule goes into effect on November 16, 2016, health care...

Exclusion Lists: Part two of a two-part series We recently published the first part of our two-part series.  Part one provided a brief overview of the U.S. Department of Health and Human Services (HHS) Office of the Inspector General's...

Just recently, the Department of Health and Human Services Office of Inspector General (OIG) announced the largest health care fraud takedown in history. Specifically, in June 2016, the OIG along with state and federal law enforcement partners...

In the healthcare industry, providers, professionals and organizations are allowed some flexibility – standards may be required while others may be addressable.  While there technically is not a specific statute or regulation that...

The Office of Civil Rights (OCR) recently reported that Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...

Imagine you work for a practice and you have a patient call complaining that an employee has been accessing their patient account and giving personal information to a mutual acquaintance.  You have started investigating the situation but...

It is a common practice for new users to be assigned a simple, easy-to-remember password at the time of employment, or when a user is assigned a new application.  For example, a new user may be assigned a default password, such as...

Wearable Medical Devices – Safe or Sorry? Wearable device shipments will increase from 2.5 million Units in 2016 to 97.6 million by 2021 Wearable medical devices are rising in popularity. The next few years could see the devices become the...

OSHA SDS Deadline By the GHS safety data sheet deadline (June 1, 2016), users of potentially hazardous chemicals must have updated any "alternative workplace labeling" that they are using, as well as incorporating the elements of the...

Imagine you recently hired a cleaning company who comes in after business hours.  While doing their duties in your facility the cleaning company may come across protected health information (PHI).  Is a business associate agreement...

Just recently the Department of Health and Human Services, Office for Civil Rights (OCR) announced that it has reached a $2.2 million settlement with New York Presbyterian Hospital (NYP) for the egregious disclosure of two patients' protected...

On April 27, 2016 the Department of Health and Human Services (HHS) issued a proposed rule to implement key provisions of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA).  Included in the proposed rulemaking is the framework...

Compliance Changes and Updates for 2016 Last week HCP presented a round-table Compliance Webinar highlighting Compliance Changes and Updates for 2016. This round-table webinar was designed for those who currently manage a compliance program with...

The American Medical Association (AMA) recently published the "Top 9 Issues that will affect physicians in 2016."  Crucial developments will emerge in health care regulations, legislation and the health insurance market place....

Understandably, the first of the year presents its fair share of challenges for health care professionals and organizations.  For many of us, especially during the first of the year, it is easier to keep tabs on our day-to-day duties, and...

We understand that the healthcare industry continues to face a significant amount of regulatory oversight in HIPAA, OSHA, Corporate Compliance, and Human Resources. We believe in providing you with a comprehensive compliance program that will fit...

Effective January 1, 2016, the Centers for Medicare & Medicaid Services (CMS) is requiring sponsors to complete Corporate Compliance and fraud, waste and abuse (FWA) training for all employees of their organization and entities they...

The Centers for Medicare & Medicaid Services (CMS) recently finalized the Comprehensive Care for Joint Replacement (CJR) model.  This model tests bundled payment and quality measurement for an episode of care associated with hip and knee...

For many of us in the United States, the holidays kick off this week with Thanksgiving. Each year on the fourth Thursday in November, we gather for a day of giving thanks, family, feasting, and football.  Thanksgiving is a day of giving...

It was recently reported that employees were fired from Las Vegas hospital after attempting to take a photograph of Lamar Odom, in addition to attempting to access his medical records. According to the report a representative of Sunrise Hospital...

To help organizations answer some questions that have recently been asked, we thought it would be helpful to "throwback" to our Cover Your Attestation article series we published in January. In the first part of our Cover Your...

To help organizations answer some questions that have recently been asked, we thought it would be helpful to "throwback" to our Cover Your Attestation article series we published in January. Why are insurance companies asking for...

HHS is very concerned with prescription drug abuse. In July they released a plan on hhs.gov to combat abuse of opioid painkillers:  "The opioid crisis is affecting communities across the country. Deaths from drug overdose have risen...

Throwback trends are popular, especially on social media sites.  By now most of us are familiar with Throwback Thursday trends and many of us have experience using the hashtag (#) TBT.  In recognizing this popular trend, we thought it...

Friday, the U.S. Department of Health & Human Services (HHS) announced final rules that make sure women have access to recommended preventative services, including contraceptive services, at no additional cost as requirement by the Affordable...

COVID-19 has had an impact, changing many things in the daily lives of people everywhere! For example, preventative measures such as washing our hands regularly for 20 seconds, with soap and water or alcohol-based hand rub, and avoiding our...

Social media can be an excellent tool for communication if healthcare organizations refrain from sharing patient-specific information without patient authorization - in addition to other safe social media practices. Failure to use social media...

In a recent report published by Risk Based Security, 2019 is on track to be the "worst year on record" for breach activity. The report indicated that 3,813 breaches were reported through June 30, 2019, exposing over 4.1 billion records! Of...