Breaking Compliance News Blog

1. Without a review, you don’t know what you don’t know.

Were policies distributed? Were staff, board members, contractors, and volunteers properly trained? Were all risk areas audited? Were audit findings mitigated? Were compliance reports properly investigated and met with discipline and corrective action? Without conducting a review, you don’t know. Who would you rather identify your compliance flaws: your own organization, via a compliance review – or the government, via an audit or investigation?

Maybe.

MPA scours OIG and OCR enforcement updates and news so that you don't have to.

Every month, we summarize enforcement trends and bring you the latest compliance and HIPAA developments, and deliver them to your inbox in our Monthly Compliance News Report.

Not yet a subscriber? Use coupon code StayInformed to save 25% off the price when you sign up.  

You can read a sample report here.

MPA scours OIG and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Coming to October's issue:

• Nurse criminally charged after using whiteout on patient record
    
• Doctor prescribed opioids without seeing patients
    
• Personal care aide bribed patients and falsified time sheets
     
• Pain practice put productivity over medical necessity

• Hospital’s “wall of shame” has HIPAA and human rights law consequences

• Abuse filmed and shared on social media

• Hospice’s breach notification letters cause second breach

• Ransomware causes healthcare provider to permanently close

• ... and much more!

Not yet a subscriber? click here tosign up.  

You can read a sample report here.

At the risk of getting some Billboard top ten 1980’s Janet Jackson lyrics stuck in your head for the rest of the day, I’d like to ask you an important question:

What has compliance done for you lately?

Phrased another way:

How has your compliance program helped your organization this year?

Did your hotline encourage employees to report potential false claims internally, so they could be self-reported? Did this hotline call possibly avoid a whistleblower situation?

Did routine compliance audits find a documentation issue – so you could correct it before it became a widespread problem?

Maybe the compliance department collaborated with the HIPAA Security Officer to run a ransomware and phishing campaign, educating employees about potentially hazardous emails and links. As a result, the Compliance Officer and Security Officer received dozens of calls from employees reporting suspicious emails and links that potentially contained ransomware or malware. Can you put a price tag on potentially avoiding a costly ransomware attack?

The Department of Justice Criminal Division recently issued a Guidance Document for prosecutors: Evaluation of Corporate Compliance Programs. 

In this document, the DOJ outlines three questions prosecutors should ask when making an "individualized determination of a corporate compliance program's effectiveness:

1. "Is the corporation's compliance program well designed?"
2. "Is the program being applied earnestly and in good faith?" In other words, is the program being implemented effectively?
3. "Does the corporation's compliance program work" in practice?

Note: This topic is of special interest to our SNF readers. General healthcare compliance and HIPAA topics will return next week!

The Affordable Care Act mandated compliance and ethics programs for all nursing facilities. Medicare and Medicaid will require implementation by November 28, 2019.

Are you ready?

Fortunately, the ACA requirements closely – but not entirely – track the ACA OIG compliance program guidance and the Federal Sentencing Guidelines principles for compliance programs, so providers who have built compliance programs on these documents should be in pretty good shape. Here is what the ACA requires nursing facilities to have by November 28, 2019:

• Written compliance and ethics policies and procedures that are communicated to staff, contractors and volunteers and:
  • Reduce the risk of criminal, civil and administrative violations
  • Promote quality of care
  • Designate a compliance contact to receive reports
  • Include an anonymous way to report non-compliance without retribution
  • Include disciplinary standards
  • Apply to contractors and volunteers
• Assigned high-level personnel oversight for the compliance program, and sufficient resources and authority for such high-level personnel
• Due care not to delegate substantial discretionary authority to individuals the SNF knew or should have known had a propensity to commit a crime
• Auditing and monitoring
• A reporting system
• Consistent enforcement via discipline
• Annual review.* 

*It can take weeks or even months to review a compliance program, so if this is your first experience with annual review, it is a good idea to start early.

Organizations with five or more facilities must also have:

All skilled nursing facilities will be required to have conducted an annual review of their compliance programs by November 28, 2019 (and it’s essential for other providers, too).  SNFs who have not conducted an annual review by November 28, 2019 will be in violation of the law.  

Note: This topic is of special interest to our SNF readers. General healthcare compliance and HIPAA topics will return next week!

The Affordable Care Act mandated compliance and ethics programs for all nursing facilities. Medicare and Medicaid will require implementation by November 28, 2019.

Are you ready?

Fortunately, the ACA requirements closely – but not entirely – track the ACA OIG compliance program guidance and the Federal Sentencing Guidelines principles for compliance programs, so providers who have built compliance programs on these documents should be in pretty good shape. Here is what the ACA requires nursing facilities to have by November 28, 2019:

• Written compliance and ethics policies and procedures that are communicated to staff, contractors and volunteers and:
  • Reduce the risk of criminal, civil and administrative violations
  • Promote quality of care
  • Designate a compliance contact to receive reports
  • Include an anonymous way to report non-compliance without retribution
  • Include disciplinary standards
  • Apply to contractors and volunteers
• Assigned high-level personnel oversight for the compliance program, and sufficient resources and authority for such high-level personnel
• Due care not to delegate substantial discretionary authority to individuals the SNF knew or should have known had a propensity to commit a crime
• Auditing and monitoring
• A reporting system
• Consistent enforcement via discipline
• Annual review.* 

*It can take weeks or even months to review a compliance program, so if this is your first experience with annual review, it is a good idea to start early.

Organizations with five or more facilities must also have:

• A mandatory annual compliance training program, and
• A compliance officer who reports directly to the governing body, with designated compliance liaisons at each site

Note: while these items are only mandatory under the ACA for SNFs with five or more sites, it is a good idea for all SNFs to consider incorporating these items into their own compliance programs. While they are not mandatory for smaller organizations, they will strengthen your program and make it easier to run an effective compliance program.

MPA's Compliance and HIPAA training handbooks for healthcare staff are here!

Help your staff get HIPAA right, all day, every day.

MPA noticed that most HIPAA training doesn't cover the top calls we get: snooping, selfies, social media, and other common breaches.

This HIPAA training handbook won't tell your staff that HIPAA was enacted in 1996 - because that won't help your staff make good HIPAA decisions on a daily basis. This handbook will, however, provide common sense HIPAA information your staff need to succeed in healthcare.

Each chapter is accompanied by a mini-quiz to test staff knowledge.

Learn more.

Help your staff get compliance right, all day, every day.

MPA noticed that most compliance training does not cover the daily risks most healthcare staff encounter - or is written in legalese that is challenging for many healthcare employees.

This training handbook won't tell your staff that OIG stands for "Office of Inspector General," because that isn't going to help most of your staff understand compliance. This handbook will break down compliance concepts in simple, understandable chapters to help them do their jobs in a way that follows your compliance program. 

Each chapter is accompanied by a mini-quiz to test staff knowledge.

Learn more.