The Compliance INSIDER

It has been a major focus for the U.S. Department of Health and Human Services (HHS) to combat the opioid epidemic while still ensuring that the confidentiality of patient records is maintained. HHS is proposing to revise the federal...

Wear RED with Healthcare Compliance Pros as we support National Wear Red Day. The first Friday of February is designated as American Heart Month where businesses and individuals all across the country join in support to eradicate heart disease...

On November 1, the Centers for Medicare & Medicaid Services (CMS) finalized the 2019 Physician Fee Schedule (PFS) and the Quality Payment Program (QPP) rule. The final rule includes updates to coding requirements for Evaluation and Management...

Halloween has been around for centuries with traditions that have been absorbed, changed, and celebrated by many different cultures. Halloween can be dated back to the ancient Celtic festival of Samhain-nearly 2000 years ago! Samhain was like a...

HIPAA Privacy Rule – Understanding Health Oversight Disclosures At Healthcare Compliance Pros, we occasionally receive questions about disclosures for health oversight purposes. Health oversight can include disclosures for a variety of...

Recently on August 2nd, 2018, the Centers for Medicare & Medicaid Services (CMS) finalized policies to advance with the MyHealthEData initiative and the CMS Patients Over Paperwork Initiative.  The CMS updates with these core pieces will...

After arriving back to my office from attending a conference planning meeting with the American Association of Orthopaedic Executives' (AAOE), at the Gaylord Opryland Resort in Nashville. As a member of the Industry Relations Board (IRB), I...

Facebook Last year, Facebook announced they have 2.01 billion monthly users. The daily percentage of users is less, but is still an impressive 1.32 billion users that are actively using Facebook daily. What is a DO, and a DON'T that your...

Ah summer! The weather is nice; the kids are out of school; and many of us take a much needed vacation. For employers and employees, there are potential obstacles to overcome, but these obstacles offer opportunities including rewards that...

The Centers for Medicare & Medicaid Services (CMS) just issued a Request for Information seeking recommendations and input from the public on how to address any undue impact and burden of the physician self-referral law – commonly referred...

New Medicare cards are currently being sent to people with Medicare who live in the following states: Arkansas, Illinois, Indiana, Iowa, Kansas, Minnesota, Nebraska, North Dakota, Oklahoma, South Dakota and Wisconsin. These states make up...

Occasionally we are asked questions about the Family and Medical Leave Act (FMLA). We receive a variety of questions regarding FMLA including questions about leave entitlement. For example: Is our practice required to comply with FMLA? If so,...

A judge recently ruled in favor of the OCR and ordered The University of Texas MD Anderson Cancer Center (Anderson Cancer Center) to pay over $4.3 million in civil monetary penalties. The judgment came after the Anderson Cancer Center lost two...

Last year, Harvey and Irma occurred during hurricane season. This year, Alberto just had different plans. Alberto couldn't wait to kick off hurricane season a little bit early. Thankfully there was enough time and a reminder of "what...

In an effort to reduce medication errors and harm, healthcare professionals, such as nurses, may utilize the "five rights" of medication administration: the right patient, the right drug, the right dose, the right route, and the right...

When should you expect MIPS Performance Feedback? As of April 3, 2018, the submission period for 2017 Merit Based Incentive Payment System (MIPS) closed. And the Centers for Medicare & Medicaid Services (CMS) is currently in the process of...

Potential HIPAA Updates: During the recent HIPAA Summit, the Director of U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announce three potential HIPAA updates. Prior to making any changes, OCR is planning on...

A valid prescription for a controlled substance must be issued for a legitimate medical purpose by a registered practitioner acting in the usual course of sound professional practice. The prescription must be written in ink or indelible pencil or...

There have been a lot of stories involving sexual harassment allegations against high profile men in the news lately. The #MeToo and #TimesUp movement may have a lot to do with the increased allegations and increased attention focused on the...

FOR IMMEDIATE RELEASE April 19, 2018 Contact: Andre Williams, Executive Director Healthcare Business Management Association 202-367-1177 [email protected] Eric Christensen Healthcare Compliance Pros 801-657-4492 [email protected] Healthcare...

This year the tax filing deadline is Tuesday, April 17. The IRS tax filing deadline is commonly referred to as "Tax Day" in the United States.  Although taxes are due by April 17h, you have an option to request...

It feels like not a day goes by when a new high-profile story of discrimination is published in the news. For example, it was recently reported that ESPN is being hit with a lawsuit for discrimination and sexual harassment by a former employee....

The California Attorney General recently announced a $2 million settlement with Cottage Health System and its affiliated hospitals in California resolving allegations they failed to implement basic, reasonable safeguards to protect patient...

Failure to perform a Security Risk Analysis and adopt a comprehensive corrective action plan resulted in a covered entity agreeing to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR)....

President Donald Trump and Vice President Mike Pence recently swore in Alex Azar as the new HHS Secretary. One of his major goals and responsibilities will be to fight the opioid crisis, while also focusing on bringing drug prices down. "We...

It was recently reported that in St. Lucie County, not only could you get a burger, some fries and a milkshake at the Steak 'n Shake, you could also get fentanyl, carfentanil or heroin. In what was called Operation Big Mi-Steak, more than 40...

Schools nationwide have been having drills intended to prepare for active shooter situations, but are the drills enough? That is a question on a lot of minds following the tragic Parkland, Florida School shooting. According to one reporter, the...

There are many ways integrity is defined. Most of us have heard integrity defined as what you do when nobody else is around, or what you do and how you do it on a daily basis. Integrity is a concept that includes consistency in actions,...

Healthcare organizations are not exempt when it comes to office romances. Some organizations may choose to ignore office romances; some organizations may ban them altogether; while others may have policies and procedures in place for disclosing...

Are you among the lucky healthcare providers who have never experienced a "Breach" of Protected Health Information (PHI)?  You have run such a tight ship that a "Breach" has never occurred and that makes you feel relaxed...

For information on Medicare or Medicaid cards, please call 1-800-MEDICARE (663-4227). The Centers for Medicare & Medicaid Services (CMS) announced that under the Medicare Access and CHIPS Reauthorization Act (MACRA) of 2015, they are required to...

Included in the January 2018 Office of Inspector General's (OIG) Work Plan is an active item titled Questionable Billing for Off-the-Shelf Orthotic Devices.  The three off-the-shelf orthotic devices being reviewed are: L0648 –...

In the healthcare industry, written and implemented policies and procedures should help an organization and its employees make decisions, take the appropriate action, and ensure activities are in compliance with laws. Policies and procedures are...

On January 18, 2018 Allscripts experienced a ransomware attack that impacted their cloud based EHR and other services. At this time, Allscripts does not believe there is any reason to believe any data has been removed from their systems....

The deadline for submitting notice of a breach affecting fewer than 500 individuals is just around the corner. If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of...

The Office of the Inspector General's (OIG) Work Plan sets forth projects such as OIG audits and evaluations that are underway or planned to be addressed in the fiscal year and beyond.  Instead of providing the annual Work Plan we were...

The Centers for Medicare & Medicaid Services (CMS) announced the data submission system for clinicians participating in the Quality Payment Program has been launched. Clinicians can now submit all of their 2017 Merit-based Incentive Payment...

Last week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported that 21st Century Oncology, Inc. (21CO) agreed to pay $2.3 million and adopt a corrective action plan to settle potential violations of the...

In the United States, users of mobile devices are spending on average 5 hours per day on our mobile devices. Most of our time, approximately 69% is spent in apps. And there have been a growing number of mobile device users in healthcare. For...

Social Media can be a great tool for any practice to reach both current and potential patients. As we touched on in the first three parts of this series, social media can help you educate, communicate with, and interact with your patients but it...

It's that time of year again. Not just the holidays, but the time of year plan sponsors ask for attestation from providers indicating General Compliance and Fraud, Waste, and Abuse training has been completed by those required to do so. The...

The Centers for Medicare & Medicaid (CMS) recently issued the final rule will comment period for the second year of the Quality Payment Program. While Year 2 is said to be transitional, CMS has said they are making some minor changes and also...

This month in the United States, the holidays are kicking off with Thanksgiving. Each November, family and friends gather to give thanks, eat good food and watch football. Here at HCP, we wanted to let you know that 10 things that top our list of...

The Centers for Medicare & Medicaid (CMS) issued a reminder about correct coding of Evaluation and Management (E/M) services. As part of their reminder, they mentioned a study report the Office of the Inspector General (OIG) that noted 42 percent...

Did you know that November 15th is National Clean out Your Refrigerator Day? If a task such as cleaning out the refrigerator deserves a special day, what about a task such as performing a HIPAA walkthrough?  With 2018 less than a month away,...

Most organizations that offer a personal time off system for all leave purposes, or vacation leave and sick leave systems, typically award time off based on your employment status, job level, your title and years of service with your...

Halloween is upon us. For employers, choosing a costumes policy can be scary. Will you allow costumes? If yes, what costumes are allowed? Are there employees who may be offended by Halloween costumes? For employees, choosing a costume that aligns...

Trick-or-treating is a popular Halloween tradition in the United States, and other countries. Most of us associate "treats" with some form of candy, and "tricks" as possible pranks or other forms of mischief if a treat is not...

It's not surprising the popularity of social media continues to rise. Social media provides us with a convenient way to communicate electronically, to share information, ideas, personal thoughts, and other content.  The Pew Research...

Following Governor Rick Scott's State of Emergency Declaration, I anxiously watched the news and tracked Hurricane Irma's progress. I wondered if there was a chance Hurricane Irma would turn harmlessly to sea. Once it was evident our...

The HHS Office of Civil Rights (OCR) recently announced that Secretary Tom Price, M.D., declared a public health emergency in Texas, Louisiana, and Florida and has exercised the authority to waive sanctions and penalties against a Texas,...

Hurricane Harvey has hit Texas and Louisiana in ways we have never seen. According to the HHS Office for Civil Rights (OCR), scammers are fraudulently collecting sensitive information and stealing donations by creating and using fake social...

The U.S. Department of Labor's Occupational Safety and Health Administration (OSHA) recently proposed a delay in the electronic reporting compliance date of the rule, Improve Tracking of Workplace Injuries and Illnesses, from July 1, 2017, to...

MIPS eligible clinicians and groups may qualify for a reweighting of their Advancing Care Information performance category score to 0% of the final score, and can submit a hardship exception application, for one of the following specified...

The U.S. Department of Justice (DOJ) recently announced that the operators of seven bogus medical clinics were among 12 defendants taken into custody on federal drug trafficking charges that allege they diverted at least 2 million prescription...

Each year in August, National Immunization Awareness Month (NIAM) provides an opportunity to highlight the value of immunization across the lifespan. National Immunization Awareness Month presents a great opportunity to educate seniors and other...

Not too long ago, "WannaCry," a ransomware attack significantly impacted organizations around the globe last month. Another attack – "Petya" – spread quickly impacting Microsoft Windows-based computers. These types...

Not too long ago, the U.S. Equal Employment Opportunity Commission (EEOC) sued a company for sexual harassment.  The company that was sued violated federal law by allowing a manager to subject several female employees to sexual harassment....

We are occasionally asked questions by our clients regarding business associates and business associate agreement (BAAs). Recently, we were asked if it is okay for vendors to propose changes to a covered entity's BAA: Response Under the HIPAA...

Included in recent guidance regarding file sharing and cloud computing published by the Office for Civil Rights (OCR) were recent survey results regarding file sharing and collaboration tools used by organizations from a variety of industries...

According to the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) guidance on HIPAA Privacy Rule and Sharing Information Related to Mental Health, there are times when it is appropriate for a health care provider to...

There are several reports showing that the telemedicine market is growing somewhere between 18-30 percent per year.   The rate of growth is in part due to the combination and advancement of technology and communication, which allows...

An organization in Texas has agreed to a $2.4 million monetary settlement and a comprehensive corrective action plan for an impermissible disclosure in a press release. The impermissible disclosure in a press release follows a permissible...

Currently, employers are not required by federal law to give former employees their final paycheck immediately.  However, federal law does apply if the regular payday for the last pay period an employee worked has passed and the employee has...

Last week a massive ransomware outbreak impact millions of computers and exposed weaknesses in Microsoft's Windows operating system. The latest attacks are known as "WanaCryptor", "WeCry", or "WeCryptor." Major...

Your OSHA and General OSHA courses received a new slide this month.  This update only applies to certain medical facilities. If your organizational type is not included in the following list, we would encourage you to HIDE the slide...

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), recently announced the first HIPAA settlement involving a wireless health services provider, is a big one. The wireless services provider agreed to the settlement by...

On May 8th, Healthcare Compliance Pros will be launching a new reporting feature for Account Administrators. This new and improved report will provide a snapshot view of the compliance performance for your account. The report will outline...

Over the years, Healthcare Compliance Pros (HCP) has prided itself in easily accessible and personalized customer service. Our representatives are always on the ready to answer a call or respond to an emailed request for website assistance and...

At first when you read CIA in the title of this article, you may have asked yourself why in the world we would write about the Central Intelligence Agency (CIA). And you may be wondering why you would need to cover your assets (CYA) from the CIA...

Smartphone usage is not only becoming more common but the variety of medical aid tools available to consumers on their smartphones continues to grow each year. Roughly 77 percent of Americans own a smartphone. Smartphone applications have...

With Spring Break underway, Easter just around the corner, and summer on the horizon – do you know how your organization manages time-off for employees during vacation season? Have you checked your policies and procedures to make sure...

The Occupational Safety and Health Administration (OSHA) issued a final rule that is effective in 2017 that revised requirements for submitting records of workplace injuries and illnesses. Specifically, OSHA is requiring certain employers to...

Just last year, HHS issued a final rule modifying the HIPAA Privacy Rule to expressly permit certain, but not all, HIPAA covered entities to disclose the identities of individuals who are subject to a federal mental health...

Imagine your practice filed a breach report with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) – a few years ago – regarding the loss of a smartphone that contained unsecured electronic protected...

Given that HIPAA was first enacted in 1996, healthcare professionals have had 21 years to perfectly design, implement, and execute compliance plans.  However, the reality for most organizations is that HIPAA compliance is still a work in...

The U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) recently published "Guidance on HIPAA, Same-sex Marriage, and Sharing Information with Patients' Loved Ones." The new FAQ OCR issued was developed in...

Occasionally we answer questions regarding what constitutes a reportable breach. Questions such as: Isn't it only a reportable breach if the incident involves electronic protected health information (ePHI)? What about paper? Should these...

The deadline for submitting notice of a breach affecting fewer than 500 individuals is just around the corner. If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of...

Answer the three questions below to assess your knowledge about HIPAA Security Risk Analysis. The answers to the questions are listed in three short paragraphs following the true or false assessment. True or False:  My EHR vendor already...

Earlier this month, the U.S. Department of Health and Human Services (HHS) entered into a Voluntary Resolution Agreement with John Dempsey Hospital, a subsidiary of University of Connecticut Health Center (UConn Health). The agreement was formed...

Active shooter events in healthcare facilities present unique challenges as staff members are faced with the decision about what to do with patients, visitors, and themselves. Patients may be unable to evacuate themselves due to injury, age, and...

The U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) recently announced that a Voluntary Resolution Agreement has been made with Erie County Department of Social Services.  The agreement is said to ensure...

Recently there has been a lot of chatter and questions being asked in health care settings regarding the future of the Affordable Care Act ("Obamacare"): will the Affordable Care Act be repealed? Will most of the law remain...

Just recently it was announced that a potential HIPAA Privacy Rule and Security Rules violation lead a major organization to pay a sustainable fee, $650,000. The breach was reported to the U.S. Department of Health and Human Service (HHS), Office...

Are you familiar with the timeless Christmas classic "All I Want for Christmas Is My Two Front Teeth?"  Most of us are familiar with the lyrics and for some of us, we may have had a similar wish.   What would the lyrics...

Imagine you work for a practice and you receive a request for medical records from the parents of an adult patient who died.  The patient (their son) did not have a power of attorney assigned.  Under HIPAA are you permitted to release...

Phishing Scam Alert – November 28, 2016 Healthcare Compliance Pros has received the following communication from the OCR: "It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under...

An employee of a company recently posted comments regarding Pokémon Go on Facebook. The employee's comments led to Facebook users finding out the name of the company, slamming the company and leaving messages regarding its employment...

Just recently, two Southern California hospitals were attacked by hackers who infiltrated their computer systems with ransomware and demanded payment to unlock the data.  According to the report, Chino Valley Medical Center in Chino and...

The Centers for Medicare & Medicaid Services (CMS) issued final rules that explain how physicians and other health care professionals will be paid for services provided to Medicare beneficiaries in 2016. According to the CMS announcement, key...

On October 29, 2015, the Centers for Medicare & Medicaid Services ("CMS") released the final 2016 Medicare Physician Fee Schedule (the "Final Rule") with few changes between the proposed rule and final rule as it related to...

Healthcare Management Consultant David Zetter, the founder and lead consultant with Zetter HealthCare, recently answered questions regarding ICD-10 for an administrator of multiple practices.  The questions that were asked by the...

ICD-10 is just about here. Are you ready? Let the countdown begin.  There are officially less than 30 days remaining until the United States transitions from ICD-9 to ICD-10 for the code set for medical diagnoses and inpatient hospital...

When Medicare and Medicaid programs were first signed into law on July 30, 1965, could President Lyndon B. Johnson have imagined where we are now?  Initially Medicare and Medicaid started as basic health coverage programs for...

The first round of the 2017 Medicare Durable Medicare Durable Medical Equipment, Prosthetics, Orthotics and Supplies (DMEPOS) Competitive Bidding Program, timeline was recently announced by the Centers for Medicare & Medicaid Services...

On July 7th, the Centers for Medicare & Medicaid Services (CMS) announced that it is making several critical changes to the transition period to ICD-10. They published a PDF that covers the concessions and how they will affect your practice:...

Recently, CMS released "the first proposed update to the physician payment schedule since the repeal of the Sustainable Growth Rate." This proposed update is largely focused on person-centered care, and continued efforts of transforming...

Friday, the U.S. Department of Health & Human Services (HHS) announced final rules that make sure women have access to recommended preventative services, including contraceptive services, at no additional cost as requirement by the Affordable...

Our Monthly Refresher Training Webinars have focused on a variety of topics including: a general overview of managing your Healthcare Compliance Pros program, OSHA and HIPAA Assessments, managing Training Reminders, etc. Live Recorded Webinars:...

With the ICD-10 implementation less than 100 days away and some rumblings comingfrom Capitol Hill, CMS and the four largest medical societies, we will be closely analyzing announcements and updates as we learn of them. October 1st is still the...

Creating Organization Specific Training using HCP's Blank Modules The Monthly Refresher Training for June covered Website Compliance Information Resources and all participants received a free Blank Module. The Blank Modules can be used...

Did you know? On June 25th 2015 OSHA released new items of focus for Healthcare Inspections.  The new focus items include:  musculoskeletal disorders, bloodborne pathogens, workplace violence, tuberculosis and slips, trips and...

By: Reed Tinsley, CPA Why should you strive to give exceptional customer service to your patients? Why not just good? The answer is that most patients often have a hard time differentiating between similar services offered by different physician...

In October, we announced our new Medical Assistant Credentialing module. This module is available for the purpose of helping medical assistants and other health care professionals who are not credentialed, to meet the requirements of Centers of...

On October 31, 2014 the United Stated Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its Fiscal Year 2015 Work Plan. The Work Plan is released annually to identify new and ongoing investigative,...

Recently the Medical Group Management Association (MGMA) sent a letter to the Centers for Medicare and Medicaid Services (CMS) asking to extend the October 1, 2014 date for new eligible professionals (EPs) to attest to meeting the 2014 meaningful...

Recapping Fill Needles Q: What guidance does OSHA give on recapping fill needles? A: OSHA is pretty blunt about recapping needles. They don't recommend it! The Bloodborne Pathogens standard section (d)(2)(vii) states: "Contaminated...

The Centers for Medicare and Medicaid Services informed congressional health staff members on August 4, 2014, that the Recovery Audit Contractor (RAC) Program is restarting in August. According to the CMS Communication, "Today, the Centers...

This week's article is about confidentiality and non disclosure agreements.  Your HCP compliance Program includes a Confidentiality and Non-Disclosure Agreement.  We thought it might be helpful to give you instructions on...

Taxpayer identity theft came to the forefront during the 2013 tax year filing season.  Identity theft occurs when someone uses your personal information such as your name, Social Security number or other identifying information, without your...

Summer is officially here on the 21st, but we've been growing our repository of compliance information for you all Spring! We are constantly adding new information to your Forms and Reference Guides.  For example: This Spring we added...

It is a common practice for new users to be assigned a simple, easy-to-remember password at the time of employment, or when a user is assigned a new application.  For example, a new user may be assigned a default password, such as...

What would your answer be to the following question: How many times can we take the Healthcare Compliance Pros training this year? A)     Once B)    Take the training once, review the content multiple times...

Many administrators have asked us about electronic communications, more specifically about third party email providers such as Gmail, Yahoo! Mail, Hotmail, and others. This is part one of a two part article series. Recently a practice manager...

OSHA issued the 2014 inspection plan aimed at reducing injuries and illnesses at high-hazard workplaces – workplaces where the highest rates of injuries and illnesses occur. This plan is for high-hazard no construction workplaces with 20 or...

ICD-10 will be here in 2014. What are you doing to prepare for this massive change? ICD-10 will be here on October 1, 2014 and we will be going from 17,000 ICD-9 codes to 68,000 ICD-10CM codes. These new ICD-10CM codes will bring with them new...