Breaking Compliance News Blog

Margaret Scavotto, JD, CHC

Find me on:

Recent Posts

I’ll have a brown sugar rosemary latte and a HIPAA breach, please.

Posted by Margaret Scavotto, JD, CHC on 3/12/19 8:43 AM

The other day I stopped by my favorite local coffee shop for an afternoon pick-me-up. I ordered my guilty pleasure – a brown sugar rosemary latte – and sat down in the only available seat on the lobby couch to wait.

A few minutes later, a young woman came in and sat down next to me, opened her laptop, and began clack-clacking away (a common occurrence, as this coffee place is known as an unofficial co-working space).

I got up to get my latte, sat back down, and noticed that the woman was on the phone. I began reading an article about a recent HIPAA breach (in a moment you will learn the irony in this), and tried not to be distracted by her call. But, I couldn’t help but notice she seemed to be talking about a patient. She mentioned the patient’s name and birthday, and then scheduled an appointment for him. She went on to do this for several other patients. Then she called a few patients to check on their condition and well-being. I also couldn’t help but notice that she was typing information into some kind of EMR database.

If this was a cartoon, my head would have exploded at this moment.

When my disbelief faded into the reality that this person – perhaps some kind of case worker or social worker – was in fact discussing patients and their health care information – I had a sinking feeling in my stomach. Does this really happen? Am I on some kind of brainy reality TV show for HIPAA professionals? How could two people sitting on the same couch have such different reactions to these phone calls? How could I be so appalled – and this woman be oblivious and even pleased to be accomplishing so much?

I’ll tell you why: awareness and training.

I think about HIPAA all the time. I follow HIPAA settlements and headlines daily, blog about them, and build training programs and policies around them. So, I see HIPAA everywhere.

I don’t know what kind of HIPAA training my couch neighbor has had. It could be she was trained extensively and chose to ignore the advice. Or perhaps it is more likely that she wasn’t trained on HIPAA – or at least, not recently – and not on protecting patient privacy when working remotely.

What about your staff? Would they know what to do?


Read More

Topics: Training and Education, HIPAA, Culture of Compliance

Margaret Scavotto writes for HCCA: Compliance When Nobody is Watching

Posted by Margaret Scavotto, JD, CHC on 2/13/19 8:54 AM

Compliance When Nobody is Watching

by Margaret Scavotto, JD, CHC

Everyone knows an effective compliance program needs leaders, policies, training, audits, reporting, investigations, corrective action, and discipline.

You probably already have these elements in place. You have policies and training to help your employees do the right thing. You have audits to verify that your employees are following compliance policies (and doing the right thing). 

Read more here.

For Compliance Today: Copyright 2019 Compliance Today, a publication of the Health Care Compliance Association (HCCA).


Read More

Topics: Culture of Compliance

Stay informed in 2019

Posted by Margaret Scavotto, JD, CHC on 2/5/19 11:31 AM

MPA scours OIG and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and bring you the latest compliance and HIPAA developments, and deliver them to your inbox in our Monthly Compliance News Report.

Not yet a subscriber? Use coupon code NEWYEAR to save 25% off the price when you sign up.  

You can read a sample report here.

Read More

Topics: Compliance Basics

10,000 steps to compliance

Posted by Margaret Scavotto, JD, CHC on 1/23/19 7:51 AM

Don’t be discouraged by the title - this story is actually (hopefully) encouraging.

When I first got my Fitbit, I learned I averaged 5,000 to 6,000 steps a day. A few times a week I’d get far more than that, but my weekday average could be better.

Around Thanksgiving 2018, I decided to pick up the pace and set a goal of reaching 10,000 steps a day - no matter what.

I went to Zumba at the Y (7,000 steps), walked around my in-laws’ pond (1,000 steps), walked up and down the stairs at my office (100 steps), and danced around the kitchen (as many steps as it took).

I hit 10,000 steps 14 days in a row. And then I kept going. I of course have an off day every now and then. But overall, I feel better when I find the time to get 10,000 steps. And over time, it’s become easier to work this into my day.

What does this have to do with compliance?

Compliance professionals often tell me: I start working on compliance, but then I get distracted and weeks go by. I start working on an audit and then something else comes up and by the time I get back into the audit, I have to re-learn the entire process. I want to spend more time on compliance, but there is just so much else to do.

The problem here is that compliance needs to be part of our daily routine, no matter what. 

By consistently reaching a small goal (10,000 steps a day), I achieved a bigger goal: I lost 10 pounds. Compliance is the same way. If you commit to working on compliance consistently - even slowly but surely - over time, you will be rewarded with bigger results.

Here are some ways you can commit to compliance every day – and achieve big goals over time:

  • In 5 minutes, you can go over a compliance tip, question or flash card with an employee, making a positive connection with compliance and reinforcing compliance knowledge.
  • In 10 minutes, you can walk the halls and increase your visibility as Compliance Officer.
  • In 20 minutes, you can conduct a HIPAA walk-through audit of a department.
  • In 30 minutes, you can review a policy with an employee.

Make room for small tasks, and watch your compliance program meet big goals in 2019.

Read More

Topics: Compliance Officer & Committee, Compliance Basics, Culture of Compliance

*Free Webinar* MPA and Wolters Kluwer present: Creating a Culture of Compliance

Posted by Margaret Scavotto, JD, CHC on 1/17/19 7:52 AM

Every compliance program needs policies, training, reporting, leadership and audits to succeed – but it’s not enough. Federal guidance makes clear that an effective compliance program requires a strong culture to support it. Practical experience also teaches us that culture will make or break a compliance program.


We will walk through steps providers can take at the employee, management and board levels to cultivate a compliance culture that takes your company in a direction of employee trust, internal reporting, audits with integrity, and compliance strength.

  • Using examples from the headlines, we will walk through real-world fact patterns and decisions that shaped compliance culture.
  • Learn to identify steps providers can take to promote a positive culture of compliance, as well as strategies to counteract negative culture forces. Approaches will include board involvement, staff training, accountability and incentives, and more.
  • Learn conventional and unconventional strategies for building your own culture of compliance.
Wolters Kluwer Legal & Regulatory U.S. is pleased to partner with Above the Law for CLE accreditation.*  Upon the conclusion of each webinar an informal certificate of completion will be issued by Wolters Kluwer Legal & Regulatory U.S. Attendees will also receive an official certificate via email from Above the Law's third party CLE provider, Marino Law. 

*CLE available for NY, NJ and CA. A Uniform Certificate of Attendance for CLE credit will be issued for all other states.

Read More

Topics: Training and Education

Stay informed in 2019

Posted by Margaret Scavotto, JD, CHC on 1/15/19 6:27 AM

MPA scours OIG and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and bring you the latest compliance and HIPAA developments, and deliver them to your inbox in our Monthly Compliance News Report.

Not yet a subscriber? Use coupon code NEWYEAR to save 25% off the price when you sign up.  

You can read a sample report here.

Read More

Topics: Compliance Basics

HIPAA breaches are everywhere: Are your employees prepared?

Posted by Margaret Scavotto, JD, CHC on 12/13/18 2:01 PM

A hospital OR secretary was fired after she accessed the hospital's EHR to locate a co-worker's phone number.

A child's adoptive parents sued a hospital for allegedly violating HIPAA when it notified the child's birth mother of his death.

Hospital employees clicked on links in emails that appeared to be from trusted sources, unleashing a spear phishing attack. Hackers accessed PHI for 63,000 individuals - some of whom are suing the hospital for failing to protect their privacy.

A patient is suing CVS for telling his wife about his Viagra prescription.

Some of you might read these (true) stories and view them as blatant, or at least ignorant, HIPAA violations. Or maybe you believe these are honest mistakes. I think it depends on whether, when, and how the healthcare employees involved were trained on HIPAA in a practical way.

In the CVS example, we can imagine a pharmacist or pharmacy tech at the register and taking phone calls. This person talks to people all day long about prescriptions - often prescriptions dropped off or picked up by a spouse. When is the last time this pharmacist was trained on when to share information with a spouse (and when to keep it confidential)?

Regarding the spear phishing example, I received two phishing email attempts today, and it's only 2:00 p.m. I recognized the emails as phony - but my day job involves HIPAA, and I read about HIPAA for fun. It's always on my mind. Would healthcare employees who spend their days scheduling patients, sending out EOBs, or providing care recognize suspicious emails? It depends on how well they have been trained, and how often.

HIPAA, like the rest of compliance, is not simply something for the lawyers or the compliance department to figure out.

Our compliance programs are only as strong as our weakest employees - and it's up to us to train them to get it right.




Read More

Topics: HIPAA, Social Media, data breach, security

MPA's gift to you: Free compliance video on perks and presents

Posted by Margaret Scavotto, JD, CHC on 12/11/18 7:29 AM

I like presents.

Giving them, getting them, even writing thank you notes for them.

But in healthcare, presents are tricky.

That is why, this holiday season, MPA is sharing a compliance video with you. You are welcome to share this video with your staff to help them navigate patient and vendor gifts, freebies and perks this holiday season.

Perks and Presents



Want to do more to cultivate a culture of compliance?

MPA's Compliance Flash Cards are here...

     .... choose card-stock or digital download:

compliance flash cards sample 1

Read More

Topics: Culture of Compliance

Compliance Officer Interview: Connie Rhoads and Pet Posters!

Posted by Margaret Scavotto, JD, CHC on 12/5/18 7:45 AM

Today I am going to tell you about the best compliance culture idea I have ever heard: Pet Posters.

That's right: Using employee pet photos to create posters promoting compliance.

This idea is clever, charming, motivating, effective - and the brainchild of Connie Rhoads, Vice President of Corporate Compliance at Christian Horizonsa senior living provider in the Midwest.


I interviewed Connie to learn more about how she came up with Pet Posters and how it has been a success at Christian Horizons. (Side note: Connie and I agree that the Ghostbusters poster is our favorite - but it's hard to pick just one).

Margaret: How did you come up with Pet Posters?


I attended a webinar that shared examples from companies who achieved significant impact from small changes to their compliance programs. One of the companies shared their updated compliance hotline poster. They had simply changed the picture on their poster from a rotary phone to a picture of a puppy with its head tilted, as if it was unsure of something. Simply changing the picture was enough to capture their associates' attention. The Compliance Department started receiving appropriate concerns when previously a hotline call was a rarity. 

That was my inspiration! I thought to myself, everyone loves pets, especially their own, so I came up with the ‘Is Your Pet Destined for Stardom?’ Compliance Poster Contest.  Our marketing team created a flyer for the contest and poster templates. I also created a page of suggested slogans. Associates simply had to insert their pet photo into the template, add the slogan, save it and send it in.  We included credits to the ‘Celebrity’ and their owner on each poster. 

Margaret: How long have you been using the Pet Poster program?


Our inaugural promotion was for Compliance and Ethics Week 2016; 2018 is our third year.

Margaret: Have you had any participation obstacles – and how have you overcome them?


Yes - a few. 

Read More

Topics: Culture of Compliance

Compliance Flash Cards are now available in card-stock!

Posted by Margaret Scavotto, JD, CHC on 11/28/18 8:33 AM

Grow employee knowledge and build a culture of compliance with MPA's Compliance Flash Cards! 


The Compliance Flash Cards have been so popular, we have decided to offer them in print! Order now and a set of Compliance Flash Cards will be mailed to you.

  • Incorporate Compliance Flash Cards into new employee orientation and annual compliance training
  • Walk the halls and use the Compliance Flash Cards to have small conversations with staff - increasing compliance awareness and Compliance Officer visibility

MPA's Compliance Flash Cards include:

  • 3 Flash Cards address reporting non-compliance

  • 2 Flash Cards address abuse (1 specifically for SNFs)

  • 4 Flash Cards address Resident Rights in SNFs

  • 5 Flash Cards address documentation, including 2 specifically for SNFs

  • 10 Flash Cards address HIPAA

  • 10 Flash Cards address HIPAA & Social Media (including 4 specifically for hospitals and 4 specifically for SNFs)

  • 1 Flash Card addresses Quality Care

  • 1 Flash Card addresses False Claims

  • 2 Flash Cards address Kickbacks

For digital flash cards, click here.

Read More

Topics: Culture of Compliance

    Privacy Policy           Terms of Use