Breaking Compliance News Blog

MPA scours OIG and OCR enforcement updates and news so that you don't have to.

Every month, we summarize enforcement trends and bring you the latest compliance and HIPAA developments, and deliver them to your inbox in our Monthly Compliance News Report.

Not yet a subscriber? Use coupon code StayInformed to save 25% off the price when you sign up.  

You can read a sample report here.

MPA scours OIG and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Coming to October's issue:

• Nurse criminally charged after using whiteout on patient record
    
• Doctor prescribed opioids without seeing patients
    
• Personal care aide bribed patients and falsified time sheets
     
• Pain practice put productivity over medical necessity

• Hospital’s “wall of shame” has HIPAA and human rights law consequences

• Abuse filmed and shared on social media

• Hospice’s breach notification letters cause second breach

• Ransomware causes healthcare provider to permanently close

• ... and much more!

Not yet a subscriber? click here tosign up.  

You can read a sample report here.

At the risk of getting some Billboard top ten 1980’s Janet Jackson lyrics stuck in your head for the rest of the day, I’d like to ask you an important question:

What has compliance done for you lately?

Phrased another way:

How has your compliance program helped your organization this year?

Did your hotline encourage employees to report potential false claims internally, so they could be self-reported? Did this hotline call possibly avoid a whistleblower situation?

Did routine compliance audits find a documentation issue – so you could correct it before it became a widespread problem?

Maybe the compliance department collaborated with the HIPAA Security Officer to run a ransomware and phishing campaign, educating employees about potentially hazardous emails and links. As a result, the Compliance Officer and Security Officer received dozens of calls from employees reporting suspicious emails and links that potentially contained ransomware or malware. Can you put a price tag on potentially avoiding a costly ransomware attack?

The Department of Justice Criminal Division recently issued a Guidance Document for prosecutors: Evaluation of Corporate Compliance Programs. 

In this document, the DOJ outlines three questions prosecutors should ask when making an "individualized determination of a corporate compliance program's effectiveness:

1. "Is the corporation's compliance program well designed?"
2. "Is the program being applied earnestly and in good faith?" In other words, is the program being implemented effectively?
3. "Does the corporation's compliance program work" in practice?

Note: This topic is of special interest to our SNF readers. General healthcare compliance and HIPAA topics will return next week!

The Affordable Care Act mandated compliance and ethics programs for all nursing facilities. Medicare and Medicaid will require implementation by November 28, 2019.

Are you ready?

Fortunately, the ACA requirements closely – but not entirely – track the ACA OIG compliance program guidance and the Federal Sentencing Guidelines principles for compliance programs, so providers who have built compliance programs on these documents should be in pretty good shape. Here is what the ACA requires nursing facilities to have by November 28, 2019:

• Written compliance and ethics policies and procedures that are communicated to staff, contractors and volunteers and:
  • Reduce the risk of criminal, civil and administrative violations
  • Promote quality of care
  • Designate a compliance contact to receive reports
  • Include an anonymous way to report non-compliance without retribution
  • Include disciplinary standards
  • Apply to contractors and volunteers
• Assigned high-level personnel oversight for the compliance program, and sufficient resources and authority for such high-level personnel
• Due care not to delegate substantial discretionary authority to individuals the SNF knew or should have known had a propensity to commit a crime
• Auditing and monitoring
• A reporting system
• Consistent enforcement via discipline
• Annual review.* 

*It can take weeks or even months to review a compliance program, so if this is your first experience with annual review, it is a good idea to start early.

Organizations with five or more facilities must also have:

All skilled nursing facilities will be required to have conducted an annual review of their compliance programs by November 28, 2019 (and it’s essential for other providers, too).  SNFs who have not conducted an annual review by November 28, 2019 will be in violation of the law.  

Note: This topic is of special interest to our SNF readers. General healthcare compliance and HIPAA topics will return next week!

The Affordable Care Act mandated compliance and ethics programs for all nursing facilities. Medicare and Medicaid will require implementation by November 28, 2019.

Are you ready?

Fortunately, the ACA requirements closely – but not entirely – track the ACA OIG compliance program guidance and the Federal Sentencing Guidelines principles for compliance programs, so providers who have built compliance programs on these documents should be in pretty good shape. Here is what the ACA requires nursing facilities to have by November 28, 2019:

• Written compliance and ethics policies and procedures that are communicated to staff, contractors and volunteers and:
  • Reduce the risk of criminal, civil and administrative violations
  • Promote quality of care
  • Designate a compliance contact to receive reports
  • Include an anonymous way to report non-compliance without retribution
  • Include disciplinary standards
  • Apply to contractors and volunteers
• Assigned high-level personnel oversight for the compliance program, and sufficient resources and authority for such high-level personnel
• Due care not to delegate substantial discretionary authority to individuals the SNF knew or should have known had a propensity to commit a crime
• Auditing and monitoring
• A reporting system
• Consistent enforcement via discipline
• Annual review.* 

*It can take weeks or even months to review a compliance program, so if this is your first experience with annual review, it is a good idea to start early.

Organizations with five or more facilities must also have:

• A mandatory annual compliance training program, and
• A compliance officer who reports directly to the governing body, with designated compliance liaisons at each site

Note: while these items are only mandatory under the ACA for SNFs with five or more sites, it is a good idea for all SNFs to consider incorporating these items into their own compliance programs. While they are not mandatory for smaller organizations, they will strengthen your program and make it easier to run an effective compliance program.

MPA's Compliance and HIPAA training handbooks for healthcare staff are here!

Help your staff get HIPAA right, all day, every day.

MPA noticed that most HIPAA training doesn't cover the top calls we get: snooping, selfies, social media, and other common breaches.

This HIPAA training handbook won't tell your staff that HIPAA was enacted in 1996 - because that won't help your staff make good HIPAA decisions on a daily basis. This handbook will, however, provide common sense HIPAA information your staff need to succeed in healthcare.

Each chapter is accompanied by a mini-quiz to test staff knowledge.

Learn more.

Help your staff get compliance right, all day, every day.

MPA noticed that most compliance training does not cover the daily risks most healthcare staff encounter - or is written in legalese that is challenging for many healthcare employees.

This training handbook won't tell your staff that OIG stands for "Office of Inspector General," because that isn't going to help most of your staff understand compliance. This handbook will break down compliance concepts in simple, understandable chapters to help them do their jobs in a way that follows your compliance program. 

Each chapter is accompanied by a mini-quiz to test staff knowledge.

Learn more.

MPA scours OIG and OCR enforcement updates and news headlines so you don't have to.

Every month, we summarize enforcement trends and bring you the latest compliance and HIPAA developments, and deliver them to your inbox in our Monthly Compliance News Report.

Not yet a subscriber? Use coupon code NEWYEAR to save 25% off the price when you sign up.  

You can read a sample report here.

Don’t be discouraged by the title - this story is actually (hopefully) encouraging.

When I first got my Fitbit, I learned I averaged 5,000 to 6,000 steps a day. A few times a week I’d get far more than that, but my weekday average could be better.

Around Thanksgiving 2018, I decided to pick up the pace and set a goal of reaching 10,000 steps a day - no matter what.

I went to Zumba at the Y (7,000 steps), walked around my in-laws’ pond (1,000 steps), walked up and down the stairs at my office (100 steps), and danced around the kitchen (as many steps as it took).

I hit 10,000 steps 14 days in a row. And then I kept going. I of course have an off day every now and then. But overall, I feel better when I find the time to get 10,000 steps. And over time, it’s become easier to work this into my day.

What does this have to do with compliance?

Compliance professionals often tell me: I start working on compliance, but then I get distracted and weeks go by. I start working on an audit and then something else comes up and by the time I get back into the audit, I have to re-learn the entire process. I want to spend more time on compliance, but there is just so much else to do.

The problem here is that compliance needs to be part of our daily routine, no matter what. 

By consistently reaching a small goal (10,000 steps a day), I achieved a bigger goal: I lost 10 pounds. Compliance is the same way. If you commit to working on compliance consistently - even slowly but surely - over time, you will be rewarded with bigger results.

Here are some ways you can commit to compliance every day – and achieve big goals over time:

• In 5 minutes, you can go over a compliance tip, question or flash card with an employee, making a positive connection with compliance and reinforcing compliance knowledge.
• In 10 minutes, you can walk the halls and increase your visibility as Compliance Officer.
• In 20 minutes, you can conduct a HIPAA walk-through audit of a department.
• In 30 minutes, you can review a policy with an employee.

Make room for small tasks, and watch your compliance program meet big goals in 2019.