Breaking Compliance News Blog

Nursing home compliance programs: What is happening with surveys?

Posted by Margaret Scavotto, JD, CHC on 1/28/21 10:40 AM

 



Nursing homes have been through a lot in the past pandemic-year (to put it mildly). Possibly more than any other category of organizations. The constant changes in surveys have not made this easier:

  • In March 2020, CMS temporarily suspended routine nursing home surveys due to COVID-19, in order to focus on infection control and Immediate Jeopardy issues.
  • In August 2020, CMS announced that it would resume onsite surveys, and expand desk reviews. 
  • In December 2020, we learned that the pandemic has created significant state survey backlogs. 

What’s next?

The OIG recommended that backlogged surveys be completed. And we know infection control is still a top concern – but that the comprehensive survey process is also back. We also know that – at some point in the future – Compliance and Ethics programs will be part of the nursing home survey process. We are still waiting on a final rule and surveyor guidance addressing these Compliance and Ethics programs – but the fact is, at the present moment, compliance programs are mandatory for nursing homes and will become part of the survey process.

Many nursing homes put compliance on hold – understandably - when COVID-19 hit. If your organization is not ready to be surveyed on compliance, now is the time to get ready. Here is what you need:

  • Written standards, policies and procedures
  • Assignment of responsibility to high-level personnel
  • Sufficient resources and authority
  • Due care not to delegate to those with a propensity to commit crimes
  • Policy communication to staff, contractors and volunteers
  • Auditing and monitoring
  • Reporting system
  • Disciplinary enforcement
  • Corrective action
  • Annual review

Chains of 5+ SNFs also need:

  • Mandatory annual compliance training
  • Compliance officer who reports to the governing body
  • Compliance liaisons at each facility

While these requirements could change with the issuance of the Final Rule and surveyor guidance, MPA recommends building your program to meet these guidelines plus OIG guidance – and adjusting your program if and when changes are made.

MPA can help

MPA has SNF compliance programs available for purchase and download on our store. They meet current Phase 3 requirements, and they come with 12 months of updates – if requirements change, MPA updates the program for you at no additional charge. MPA can also conduct your annual review.

Get your compliance program ready for survey with MPA's Training E-Course:

Read More

Topics: compliance, Phase 3, surveys

OCR publishes audit report: How do you measure up?

Posted by Margaret Scavotto, JD, CHC on 1/26/21 2:50 PM

 

In December, the OCR published the results of the 2016-2017 Phase 2 HIPAA Audits, which included desk audits of 166 covered entities and 41 business associates. The audits sought to determine the extent to which these organizations comply with selected HIPAA rules. The OCR found:

  • Only 2% of covered entities fully met the requirements for the content of the Notice of Privacy Practice. Most of these providers failed to provide a notice written in plain language.
  • 57% of covered entities posted the Notice of Privacy Practices prominently on their websites (e.g. on a drop down menu on a home page, or at the top or bottom of their home page).
  • 89% of covered entities failed to show they complied with the individual right of access.
  • 71% of covered entities issued breach notices in a timely manner.
  • 67% of covered entities provided breach notification letters that were missing required content.
  • 94% of overed entities “failed to implement appropriate risk management activities sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.” For example: “In some instances, encryption was included as part of a remediation plan, but was not carried out or was not implemented within a reasonable timeframe.”
  • 14% of covered entities “are substantially fulfilling their regulatory responsibilities to safeguard ePHI they hold through risk analysis activities.”

For the 14% of covered entities who failed to meet risk analysis requirements, there were some common issues:

  • "Providers commonly submitted documentation of some security activities of a third party security vendor, but no documentation of any risk analysis that served as the basis of the activities.”
  • “Entities offered third party template policy manuals that contain no evidence of entity-specific review or revision and no evidence of implementation.”

Are you ready?

The OCR's report did not speak highly of covered entities' HIPAA compliance. In fact, for some metrics, collective compliance was alarmingly low. How would your organization measure up?

Covered entities and business associates were given 10 business days to respond to the audit document requests. While there is not a formal HIPAA audit program underway now, providers often receive audit letters from the OCR in response to a complaint or as part of a formal investigation. Are you prepared to prove your HIPAA compliance within 10 business days (without creating new documentation)?

Improve your HIPAA compliance with MPA's 4-Part Webinar Training Series:

Read More

Topics: Auditing and Monitoring, HIPAA, compliance

Free Webinar: Compliance New Year's Resolutions for SNFs

Posted by Margaret Scavotto, JD, CHC on 1/25/21 9:49 AM

Start 2021 off strong with MPA's Free Compliance Webinar Series!

 

Read More

Topics: Training and Education, HIPAA, Social Media, compliance

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 1/21/21 10:00 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

Free Webinar: Compliance New Year's Resolutions for SNFs

Posted by Margaret Scavotto, JD, CHC on 1/19/21 9:30 AM

Start 2021 off strong with the next TWO webinars in MPA's Free Compliance Webinar Series!

 

Read More

Topics: Training and Education, HIPAA, Social Media, compliance

Free Webinar: Most Questionable Healthcare Social Media Posts of 2020

Posted by Margaret Scavotto, JD, CHC on 1/13/21 12:29 PM

Start 2021 off strong with the next TWO webinars in MPA's Free Compliance Webinar Series!

 

Read More

Topics: Training and Education, HIPAA, Social Media, compliance

Free Webinar: Compliance New Year's Resolutions for SNFs

Posted by Margaret Scavotto, JD, CHC on 1/11/21 10:30 AM

Start 2021 off strong with the next TWO webinars in MPA's Free Compliance Webinar Series!

 

Read More

Topics: Training and Education, HIPAA, Social Media, compliance

Free Webinar: Most Questionable Healthcare Social Media Posts of 2020

Posted by Margaret Scavotto, JD, CHC on 1/7/21 9:15 AM

Start 2021 off strong with the next TWO webinars in MPA's Free Compliance Webinar Series!

 

Read More

Topics: Training and Education, HIPAA, Social Media, compliance

Having a hard time keeping up with compliance news? MPA can help

Posted by Margaret Scavotto, JD, CHC on 12/14/20 4:07 PM

 

MPA brings you a lot of compliance and HIPAA news in our blog.

But did you know there's even more in our monthly newsletter subscription?

MPA scours OIG, DOJ, FBI, and OCR enforcement updates and news headlines so you don't have to.

Read More

Topics: Compliance Basics

Train Remotely with Compliance and HIPAA Training Handbooks

Posted by Margaret Scavotto, JD, CHC on 12/2/20 10:30 AM

The pandemic has led covered entities and business associates to rethink training.

For starters, in-services are not always practical right now. With more remote employees, and concerns about trying to contain spread of the virus, in-person, classroom-style training is not working for everyone.

Plus, many providers are dealing with an evolving workforce: more agency/temp staff, more healthcare professionals newly hired due to loosened education or certification requirements during COVID-19. All of these people need training - and providers have less time to train.

Compliance and HIPAA training does not have to be in the form of a live in-service to be effective. 

MPA's Compliance and HIPAA Training Handbooks can help.

Read More

Topics: Compliance Basics, Training and Education, HIPAA, Culture of Compliance, MPA's Compliance Store, COVID-19

    Privacy Policy           Terms of Use