Breaking Compliance News Blog

You need your compliance program now more than ever

Posted by Margaret Scavotto, JD, CHC on 7/30/20 9:15 AM

In June 2020, The Society of Corporate Compliance and Ethics and the Health Care Compliance Association published survey results: Compliance and the COVID-19 Pandemic.

This survey of compliance professionals found:

"The COVID-19 pandemic has upended countless organizations and how people work... compliance programs have also felt the impact. Teams have had to adjust the way they work to ensure that regulatory mandates are still met - all while staying on top of the myriad regulation changes meant to address the pandemic."

I think we can all agree it has not been easy.

Here is what your healthcare professional peers say about COVID-19's effect on compliance:

Read More

Topics: Culture of Compliance, compliance, COVID-19

Sign up for MPA's free webinar: HIPAA & PR Pitfalls

Posted by Margaret Scavotto, JD, CHC on 7/28/20 8:53 AM

Sign up for the next webinar in MPA's Free Compliance Webinar Series:

August 11 at 11 a.m. CST: HIPAA & PR Pitfalls

The OCR has entered multiple HIPAA settlements with healthcare providers who violated HIPAA with public relations campaigns and media communications. This was an issue before COVID-19, and the pandemic has only increased media attention and the need for effective HIPAA protocols.

Learn how to stay on the good side of the news.

Sign up here.

Read More

Topics: HIPAA, Culture of Compliance, compliance

Has your HIPAA training kept up with COVID-19?

Posted by Margaret Scavotto, JD, CHC on 7/23/20 10:15 AM

During the pandemic, healthcare providers have seen countless headlines announcing both HIPAA guidance related to COVID-19, and HIPAA breaches. For example:

If your HIPAA training hasn't changed in response to this guidance and headlines, that could be a problem.

Read More

Topics: HIPAA, data breach, COVID-19

Train Remotely with Compliance and HIPAA Training Handbooks

Posted by Margaret Scavotto, JD, CHC on 7/21/20 9:45 AM

The pandemic has led covered entities and business associates to rethink training.

For starters, in-services are not always practical right now. With more remote employees, and concerns about trying to contain spread of the virus, in-person, classroom-style training is not working for everyone.

Plus, many providers are dealing with an evolving workforce: more agency/temp staff, more healthcare professionals newly hired due to loosened education or certification requirements during COVID-19. All of these people need training - and providers have less time to train.

Compliance and HIPAA training does not have to be in the form of a live in-service to be effective. 

MPA's Compliance and HIPAA Training Handbooks can help.

Read More

Topics: Compliance Basics, Training and Education, HIPAA, Culture of Compliance, MPA's Compliance Store, COVID-19

DOJ revises compliance program guidance: How do you measure up?

Posted by Margaret Scavotto, JD, CHC on 7/16/20 8:50 AM

In June 2020, the U.S. Department of Justice, Criminal Division, updated its guidance document: Evaluation of Corporate Compliance Programs. The guidance was last updated in April 2019.

This guidance is used in two ways:

  • Federal prosecutors conducting criminal investigations (such as into healthcare fraud) use it to evaluate a corporation’s compliance program. This evaluation can impact any financial penalties imposed.
  • Corporations, including healthcare providers, use it to evaluate their own compliance programs.

Here are some of the DOJ’s June 2020 changes to its compliance evaluation guidance:

Read More

Nursing Home Residents Can Keep Stimulus Checks

Posted by Margaret Scavotto, JD, CHC on 7/16/20 8:45 AM

On June 11, CMS issued an alert warning nursing homes not to seize residents' CARES Act stimulus checks. Providers that do so could lose their Medicare and Medicaid contracts.

CMS cited resident rights laws in support of its warning:

  • 42 CFR 483.12, Freedom from Abuse, Neglect and Exploitation (prohibition against misappropriation of resident property): "the deliberate misplacement, exploitation or wrongful, temporary, or permanent use of a resident's belongings or money without the resident's consent."
  • 42 CFR 483.10, each resident has "the right to manage his or her financial affairs"; "The facility must not require residents to deposit their personal funds with the facility. If a resident chooses to deposit personal funds with the facility, upon written authorization of a resident, the facility must act as a fiduciary of the resident's funds and hold, safeguard, manage, and account for the personal funds of the resident deposited with the facility...."

The FTC issued a consumer alert advising Medicaid beneficiaries that nursing homes CANNOT require them to sign their CARES Act stimulus checks over to the nursing home. The FTC encourages residents who have been asked by nursing homes for their CARES Act checks to complaint to the state attorney general.

MPA has updated its Resident Rights Policy and Resident Rights Summary to reflect this alert. Subscribers to MPA's Nursing Home Compliance Program received an email with the new policy downloads today. Click here to subscribe.

Read More

Topics: Resident Rights, compliance, Phase 3

Compliance Lessons from The Office

Posted by Margaret Scavotto, JD, CHC on 7/14/20 9:45 AM

NBC's The Office is one of my favorite shows to watch at the end of the day if there's time to unwind. Luckily, all nine seasons are available on Netflix through 2020. As a compliance professional, I can't help gleaning some valuable compliance Do's and Don'ts while watching Michael Scott. Join me on July 21 for a free webinar: Compliance Lessons from NBC's The Office.

Here's a few of the lessons we will discuss:

  • When an employee commits a serious compliance violation, don't look the other way because you really like the person.
  • Thank employees when they do something great.
  • Be consistent with discipline - use a standardized system.
  • Don't celebrate a lack of compliance reports or audit findings.
  • Respect your employees by keeping the complaints confidential.

While we can't play clips fro The Office during the webinar due to copyright reasons, here are the episodes we will discuss:

  • Season 1, Episode 3: Healthcare
  • Season 2, Episode 1: The Dundies
  • Season 2, Episode 2: Sexual Harassment
  • Season 2, Episode 15: Boys and Girls
  • Season 2, Episode 21: Conflict Resolution
  • Season 4, Episode 3: Launch Party
  • Season 5, Episode 3: Business Ethics

July 21 at 10 a.m CST: Compliance Lessons from NBC's The Office:

While this webinar is based on a TV comedy, I assure you we will cover lots of serious compliance lessons! There is much to learn about compliance culture - good and bad - from Michael Scott.

Sign up here.

Read More

Topics: Culture of Compliance, compliance, webinar

Stay informed with MPA's Monthly Compliance Newsletter Subscription

Posted by Margaret Scavotto, JD, CHC on 7/10/20 9:45 AM

MPA scours OIG, DOJ, FBI, and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Coming to this month's issue: 

  • Man charged for promoting unproven COVID-19 tests
  • Home health company breached Corporate Integrity Agreement when it failed to return overpayments
  • OCR enters Early Case Resolutions (ECR) with a state whose COVID-19 hospital visitation policy allegedly amounted to disability discrimination
  • OCR enters Early Case Resolution (ECR) with an organization that allegedly failed to provider interpreting services
  • Employee downloaded patient records and gave them to an attorney
  • 971-person breach due to employees using passwords for multiple accounts
  • Nursing home sued for response to COVID-19
  • Telehealth app breach allows patients to view videos of other patient telehealth visits

Not yet a subscriber? click here to sign up.  

You can read a sample report here

Read More

Topics: Compliance Basics

Download MPA's HIPAA, COVID-19 & Social Media Roadmap

Posted by Margaret Scavotto & Scott Gima on 7/8/20 8:38 AM

The rise of social media has revolutionized the way people connect. In the health care workplace, social media also brings countless opportunities for employees to violate HIPAA. Balancing this new landscape of increased sharing through technology and unchanged patient privacy rights is a minefield for healthcare providers.

Without education and policies from their employers, health care employees can easily get into trouble, quickly putting their employers at risk for HIPAA penalties, lawsuits, and devastating PR consequences. The pandemic has only exacerbated the privacy challenges associated with social media. MPA’s HIPAA, Social Media & COVID-19 Roadmap tells you what you need to know about this challenge, and what you can do about it.

Taking on the unstoppable world of social media might seem impossible. But it's better to help employees use it properly--and know when they aren't - than to do nothing and wait to hear it from the patients (or the media).

Click here to download.

Read More

Topics: HIPAA, COVID-19

HIPAA News: Who Leaked Ezekiel Elliott’s COVID-19 Results?

Posted by Margaret Scavotto, JD, CHC on 7/2/20 9:30 AM

It’s not often that I cite a Sports Illustrated article in a HIPAA blog – but last week, the compliance and sports worlds collided when Dallas Cowboys Running Back Ezekiel Elliott’s COVID-19 results went viral

Elliot issued his official, one-word response to the news on twitter: “HIPAA ??” Elliot went on to deny reports that his own agent leaked the news about his COVID-19 status, tweeting that his agent confirmed the information AFTER it was leaked to the media.

We do not know how this happened, but healthcare providers should think through the possibilities and look inward.

  • Did an employee of a healthcare provider treating (or testing) Elliott leak the information? Could this happen within your organization?
  • Are your employees trained about the consequences of breaching patient information in this way? What would your employees find more compelling – your HIPAA policies, or a bribe from a reporter? (To be clear, we have no knowledge that this is what happened here – but it is a possibility).
  • Are your employees trained to understand that COVID-19 status is sensitive PHI – with higher stakes for the patient?
  • Does your organization segregate patient records access to minimize the likelihood of a breach?
  • When your organization treats high-profile patients, are extra precautions taken to protect their PHI (for example, admitting/treating them under an alias)?
  • Do you conduct regular information system activity review audits, to both prevent and detect unauthorized records access?

We don’t know how Zeke Elliott’s records were leaked – but we know it’s wrong, and healthcare providers should take all steps to avoid a similar problem. Keep in mind that breaches of high-profile individuals will continue to be a challenge after COVID-19. As the 4th of July approaches, you might remember Jason Pierre-Paul, the NY Giants player who sued ESPN after a reporter tweeted a picture of his medical record when he was treated for a fireworks injury to his hand.

MPA can help with HIPAA training. We offer interactive, customized Zoom training sessions with current real-world examples and pre- and post-testing.



Read More

Topics: HIPAA, COVID-19

    Privacy Policy           Terms of Use