Breaking Compliance News Blog

Margaret Scavotto, JD, CHC

Find me on:

Recent Posts

Be a compliance expert in 2020.

Posted by Margaret Scavotto, JD, CHC on 1/28/20 8:30 AM

MPA scours OIG and OCR enforcement updates and news so that you don't have to.

Every month, we summarize enforcement trends and bring you the latest compliance and HIPAA developments, and deliver them to your inbox in our Monthly Compliance News Report.

Not yet a subscriber? Use coupon code StayInformed to save 25% off the price when you sign up.  

You can read a sample report here.

Read More

Topics: Compliance Basics, Penalties and Enforcement, OIG compliance resources

Phase III: Do SNFs need to conduct a compliance program annual review?

Posted by Margaret Scavotto, JD, CHC on 1/21/20 8:00 AM

In a word: yes.

In July 2019, CMS published a proposed rule that would modify the Compliance and Ethics program aspects of the Phase III Long-Term Care Facilities Requirements for Participation.

One of the proposed modifications brought a sigh of relief from the nursing home industry: CMS wants to drop the requirement that nursing homes conduct an annual review of their compliance programs.

Instead, CMS proposes the following: “The operating organization for each facility must periodically review and revise its compliance program to identify necessary changes within the organization and its facilities.”

While CMS did not define “periodically” in the proposed rule, CMS refers to a “biennial” review in the proposed rule comments. Hopefully this will be clarified in the final rule.

Keep in mind that the Proposed Rule has not yet been made final, and, as of November 28, 2019, SNFs are expected to comply with the original Phase 3 compliance requirements at 42 CFR 483.85. But, what if the Proposed Rule becomes final?

Read More

Topics: annual review, compliance, Phase 3

Quiz: Is your nursing home ready for Phase 3 compliance?

Posted by Margaret Scavotto, JD, CHC on 1/7/20 8:15 AM

As of November 28, 2019, nursing homes are expected to be in compliance with the Phase 3 compliance regulations.

On November 22, 2019, CMS issued a memorandum with an update on the Phase 3 Requirements of Participation. In this memo, CMS advised:

  • CMS will not release updated Interpretive Guidance and training addressing Phase 3 until the second quarter of 2020. CMS is somewhat limited in its ability to survey until then.
  • But... nursing homes are still expected to comply with Phase 3 by November 28, 2019.

What does this mean?

Read More

Topics: compliance, Phase 3

Compliance Officer Burnout

Posted by Margaret Scavotto, JD, CHC on 12/10/19 8:30 AM

How many hats does your compliance officer wear? Here are some of the additional roles compliance officers have mentioned to me:

  • HR Director
  • Administrator/CEO
  • Nursing Home Admissions Director
  • Training Manager
  • Clinical Director or QAPI Director
  • Assistant Administrator or VP
  • CFO
  • Privacy Officer and/or Security Officer
  • Director of Nursing
  • Marketing/PR Director

Sometimes people just laugh when I ask if they have roles in addition to Compliance Officer – because they have so many.

Give them a break

Read More

Topics: compliance officer

Phase 3 Nursing Home Compliance Update!

Posted by Margaret Scavotto, JD, CHC on 12/4/19 10:58 AM

On November 22, 2019, CMS issued a memorandum with an update on the Phase 3 Requirements of Participation. In this memo, CMS advised:

  • CMS will not release updated Interpretive Guidance and training addressing Phase 3 until the second quarter of 2020. CMS is somewhat limited in its ability to survey until then.
  • But... nursing homes are still expected to comply with Phase 3 by November 28, 2019.

What does this mean??

It means that, right now, nursing homes are required by law to comply with Phase 3, including the Compliance and Ethics Program requirements - and CMS expects nursing homes to be in compliance.

Read More

Topics: skilled nursing, guidance, compliance, Phase 3

* Breaking News: OCR announces $1.6 million HIPAA penalty

Posted by Margaret Scavotto, JD, CHC on 11/7/19 3:04 PM

This afternoon, the Office for Civil Rights announced its second HIPAA enforcement this week - this time, with a governmental agency. 

The Texas Health and Human Services Commission (TX HHSC) received a $1.6 million civil monetary penalty from the OCR for HIPAA Privacy and Security violations committed by the Texas Department of Aging and Disability Services (DADS), which is now part of TX HHSC.

In 2015, DADS notified OCR of a breach after it discovered that the ePHI for 6,617 individuals was accessible via the internet. OCR explains:

Read More

Topics: HIPAA, data breach, security, breach notification

Stay informed with MPA's Monthly Compliance Newsletter

Posted by Margaret Scavotto, JD, CHC on 11/6/19 7:45 AM

MPA scours OIG and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Coming to October's issue:

  • Nurse criminally charged after using whiteout on patient record
      
  • Doctor prescribed opioids without seeing patients
      
  • Personal care aide bribed patients and falsified time sheets
       
  • Pain practice put productivity over medical necessity
  • Hospital’s “wall of shame” has HIPAA and human rights law consequences

  • Abuse filmed and shared on social media

  • Hospice’s breach notification letters cause second breach

  • Ransomware causes healthcare provider to permanently close

  • ... and much more!

Not yet a subscriber? click here tosign up.  

You can read a sample report here.

Read More

Topics: Compliance Basics

* Breaking News: $3 million unencrypted mobile device HIPAA settlement

Posted by Margaret Scavotto, JD, CHC on 11/5/19 3:36 PM

This afternoon, the Office for Civil Rights (OCR) announced a $3,000,000 HIPAA settlement with the University of Rochester Medical Center (URMC). This settlement resolves Privacy and Security Rule allegations.

Read More

Topics: HIPAA, data breach, security

DOJ cracking down on nursing homes

Posted by Margaret Scavotto, JD, CHC on 11/5/19 8:15 AM

The Department of Justice (DOJ) aims to use its Elder Justice Initiative to  pursue more criminal charges in nursing home investigations. Typically, the DOJ uses civil lawsuits to pursue False Claims Act violations against nursing homes. Toni Bacon, a DOJ associate deputy general, explains the shift: "We need to go after cases civilly because they [are] providing grossly substandard care and, in the appropriate case, refer it for a parallel criminal prosecution."

Read More

Topics: Penalties and Enforcement, compliance

OCR announces $2.15 million HIPAA settlement

Posted by Margaret Scavotto, JD, CHC on 10/31/19 1:47 PM

 

Jackson Health System (JHS), a not-for-profit medical system in Miami, entered a $2.15 million settlement with the OCR to resolve potential violations of the Security and Breach Notification Rules.

In January 2013, JHS lost paper records for 756 patients. JHS reported this breach to the OCR in August 2013. During its investigation, JHS learned that three additional boxes of records affecting 1,436 patients were lost in December 2012; and JHS reported this breach to the OCR in June 2016.

In February 2016, JHS notified the OCR that an employee inappropriately accessed 24,000 patient records since 2011, and sold some patient PHI.

 

Upon investigating, the OCR found:

Read More

Topics: HIPAA, security, breach notification

    Privacy Policy           Terms of Use