Breaking Compliance News Blog

MPA scours OIG, DOJ, FBI, and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Coming to this month's issue: 

• Man charged for promoting unproven COVID-19 tests
• Home health company breached Corporate Integrity Agreement when it failed to return overpayments
• OCR enters Early Case Resolutions (ECR) with a state whose COVID-19 hospital visitation policy allegedly amounted to disability discrimination
• OCR enters Early Case Resolution (ECR) with an organization that allegedly failed to provider interpreting services
• Employee downloaded patient records and gave them to an attorney
• 971-person breach due to employees using passwords for multiple accounts
• Nursing home sued for response to COVID-19
• Telehealth app breach allows patients to view videos of other patient telehealth visits

Not yet a subscriber? click here to sign up.  

You can read a sample report here. 

Here in Missouri, much of the state reopened on June 15: pools, restaurants, and gyms included. But life looks a lot different. Visitors are still restricted at nursing homes, people are wearing masks, hand sanitizer lurks around every corner, and many people are still choosing to stay home and use curbside services. It’s a different world.

Throughout the pandemic, I have asked healthcare providers: How has COVID-19 affected your compliance and HIPAA programs?

• Some people say: “It’s business as usual.”
• Others say: “I’m still working on compliance but at a much slower pace.” This is understandable, given the number of COVID-related tasks and guidance added to compliance officers’ plates.
• A few people have told me they actually have MORE time to work on compliance now, because other projects have been put on hold.
• And a handful have told me that compliance has been put on hold completely during the pandemic. I understand why this happens and I empathize with it. These are unprecedented times and healthcare providers are in the middle of a centennial challenge.

If you have had to curtail or limit your compliance efforts due to COVID-19: Document your decisions. Document what activities have been delayed, and why (e.g., resources were redirected to infection control).

As we enter month four of the national public health emergency, my hope for compliance officers who have slowed (or stopped) compliance efforts that they find a way to keep their compliance programs going and, to the extent possible, get back to business as usual.

Where should we start?

How you resume compliance will depend on your risks and resources. Here are some ideas to consider:

• Schedule a quarterly compliance committee meeting (especially if you are overdue). Use this time to recap your organization’s risks – COVID and non-COVID – and prioritize.
• Create an action plan to address these risks in order of priority. Decide how you will tackle each risk. Map out your plan over 12 months – and follow up monthly or quarterly to check on progress.
• Update your board. It’s possible that board meetings have been filled with urgent COVID-19 issues. If compliance has been bumped from the agenda, it’s time to get back on. Compliance, after all, has a key role in addressing and mitigating COVID-19 risks, like HIPAA, infection control, and EMTALA.
• Find out how you can support your staff. Healthcare employees are likely exhausted, overwhelmed, and stressed out. Compliance can help. An unprecedented amount of guidance has been published since February. What information could your employees be struggling with? Do they need help understanding new HIPAA guidance during the pandemic? When is the last time your employees were reminded of how to report compliance issues? When is the last time the Compliance Officer walked the floors to talk with staff, encouraging them to raise questions?
• Nursing homes should work on Phase 3 Compliance and Ethics programs. This means making sure updated policies are in place, policies are disseminated, and an annual review is conducted. It can take several months to conduct an annual review – start now and move the process forward. When surveys resume, you will be better off if you aren’t scrambling to implement compliance.

Yes, the pandemic continues. But compliance should also continue. When COVID-19 passes, or at least subsides to a better “new normal,” your organization will need compliance. Compliance provides education that helps people do their jobs; risk management and strategy to make your organization better; and process improvement to provide the best care possible. By taking little steps now to keep compliance going, you can avoid starting over after the pandemic.

MPA turns 25 in June 2020, and we're in good company.

MPA is officially as old as Craigslist and match.com. MPA started helping healthcare providers in 1995 – the same year Kramer began sculpting with pasta on Seinfeld.

We are proud that we have been helping healthcare providers for a quarter century, and we appreciate that we have earned your trust. We wish we could invite each and every one of you to a party to celebrate, but the pandemic has other ideas. Instead, we are saying thank you for 25 years of business with a giveaway.

This June, we are giving away a 12-month license to a Compliance Toolkit, ($1,750). We are also giving away our HIPAA Tools ($995).

Click here to enter. We’ll announce the winner by email at the end of June.

MPA turns 25 in June 2020!

That’s right, we are as old as eBay, and Kendall Jenner. In 1995, the first Honda CR-V was made, and so was MPA. Braveheart began its legacy in 1995 and so did we.  

We are proud that we have been helping healthcare providers for a quarter century, and we appreciate that we have earned your trust. We wish we could invite each and every one of you to a party to celebrate, but the pandemic has other ideas. Instead, we are saying thank you for 25 years of business with a giveaway.

This June, we are giving away a 12-month license to a Compliance Toolkit, ($1,750). We are also giving away our HIPAA Tools ($995).

Click here to enter. We’ll announce the winner by email at the end of June.

MPA scours OIG, DOJ, FBI, and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Coming to this month's issue:

• DOJ stops phony COVID-19 "ozone therapy"
    
• Rehab company pressured SNF therapists to provide Ultra High Therapy
    
• Executives pay up for unnecessary tests
     
• DOJ wants mandatory breach reporting

• Some enforcers offer discretion during the pandemic

• FBI warns of PPE scams

• Nursing home sued for response to COVID-19

• Hackers targeting small healthcare providers, executives

• HIPAA reminder: Is your workforce changing during the pandemic?

Not yet a subscriber? click here to sign up.  

You can read a sample report here. 

1. Without a review, you don’t know what you don’t know.

Were policies distributed? Were staff, board members, contractors, and volunteers properly trained? Were all risk areas audited? Were audit findings mitigated? Were compliance reports properly investigated and met with discipline and corrective action? Without conducting a review, you don’t know. Who would you rather identify your compliance flaws: your own organization, via a compliance review – or the government, via an audit or investigation?

Maybe.

MPA scours OIG and OCR enforcement updates and news so that you don't have to.

Every month, we summarize enforcement trends and bring you the latest compliance and HIPAA developments, and deliver them to your inbox in our Monthly Compliance News Report.

Not yet a subscriber? Use coupon code StayInformed to save 25% off the price when you sign up.  

You can read a sample report here.

MPA scours OIG and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Coming to October's issue:

• Nurse criminally charged after using whiteout on patient record
    
• Doctor prescribed opioids without seeing patients
    
• Personal care aide bribed patients and falsified time sheets
     
• Pain practice put productivity over medical necessity

• Hospital’s “wall of shame” has HIPAA and human rights law consequences

• Abuse filmed and shared on social media

• Hospice’s breach notification letters cause second breach

• Ransomware causes healthcare provider to permanently close

• ... and much more!

Not yet a subscriber? click here tosign up.  

You can read a sample report here.

At the risk of getting some Billboard top ten 1980’s Janet Jackson lyrics stuck in your head for the rest of the day, I’d like to ask you an important question:

What has compliance done for you lately?

Phrased another way:

How has your compliance program helped your organization this year?

Did your hotline encourage employees to report potential false claims internally, so they could be self-reported? Did this hotline call possibly avoid a whistleblower situation?

Did routine compliance audits find a documentation issue – so you could correct it before it became a widespread problem?

Maybe the compliance department collaborated with the HIPAA Security Officer to run a ransomware and phishing campaign, educating employees about potentially hazardous emails and links. As a result, the Compliance Officer and Security Officer received dozens of calls from employees reporting suspicious emails and links that potentially contained ransomware or malware. Can you put a price tag on potentially avoiding a costly ransomware attack?