Breaking Compliance News Blog

The other day I stopped by my favorite local coffee shop for an afternoon pick-me-up. I ordered my guilty pleasure – a brown sugar rosemary latte – and sat down in the only available seat on the lobby couch to wait.

A few minutes later, a young woman came in and sat down next to me, opened her laptop, and began clack-clacking away (a common occurrence, as this coffee place is known as an unofficial co-working space).

I got up to get my latte, sat back down, and noticed that the woman was on the phone. I began reading an article about a recent HIPAA breach (in a moment you will learn the irony in this), and tried not to be distracted by her call. But, I couldn’t help but notice she seemed to be talking about a patient. She mentioned the patient’s name and birthday, and then scheduled an appointment for him. She went on to do this for several other patients. Then she called a few patients to check on their condition and well-being. I also couldn’t help but notice that she was typing information into some kind of EMR database.

If this was a cartoon, my head would have exploded at this moment.

When my disbelief faded into the reality that this person – perhaps some kind of case worker or social worker – was in fact discussing patients and their health care information – I had a sinking feeling in my stomach. Does this really happen? Am I on some kind of brainy reality TV show for HIPAA professionals? How could two people sitting on the same couch have such different reactions to these phone calls? How could I be so appalled – and this woman be oblivious and even pleased to be accomplishing so much?

I’ll tell you why: awareness and training.

I think about HIPAA all the time. I follow HIPAA settlements and headlines daily, blog about them, and build training programs and policies around them. So, I see HIPAA everywhere.

I don’t know what kind of HIPAA training my couch neighbor has had. It could be she was trained extensively and chose to ignore the advice. Or perhaps it is more likely that she wasn’t trained on HIPAA – or at least, not recently – and not on protecting patient privacy when working remotely.

What about your staff? Would they know what to do?

MPA is excited to partner with LeadingAge Illinois to bring you a two-day compliance and HIPAA workshop in Springfield Illinois on October 24 and 25!

Come for a day of compliance, a day of HIPAA, or both!  You will get some MPA freebies, including our new Compliance Flash Cards.

How to Build & Maintain an Effective Compliance Program

Overview: This workshop will walk you through steps in building a compliance program. Special emphasis will be placed on strategies for evaluating board and Compliance Committee engagement, audit integrity, compliance culture, quality of reporting, and the programs’ ability to spot and address new compliance issues. You will also receive a compliance checklist, draft board resolution, suggested training topics, PEPPER guide, compliance risk area/audit plan worksheet and compliance officer handbook.

Faculty: Margaret C. Scavotto, JD, CHC, President, MPA    
Scott Gima, COO, Executive VP of Compliance & Management, MPA

Date/Location:

Wednesday, October 24, 2018
Illinois Education Association
3440 Liberty Dr. Springfield, IL 62704

Time: 9:00 a.m. – 4:30 p.m.

Fee Per Person: $149 members, $249 Non-members

Learn more or sign up here.

How to Build a HIPAA Program

Overview: In this workshop, we will provide an overview of HIPAA privacy, security, and breach notification that is appropriate for beginners, but will also serve as a refresher for more senior HIPAA professionals. We will emphasize practical strategies to make HIPAA a part of daily life and culture at your organization. Together we will brainstorm strategies to make HIPAA a mindset at our organizations. We will share examples from headlines as well as from around the water cooler, and discuss best practices and practical solutions for preventing these HIPAA hazards, with an emphasis on going beyond a paper policy and annual training.

Faculty: Margaret C. Scavotto, JD, CHC, President, MPA
Scott Gima, COO, Executive VP of Compliance & Management, MPA

Date/Location
 
Thursday, October 25, 2018
Illinois Education Association
3440 Liberty Dr. Springfield, IL 62704

Time: 9:00 a.m. – 4:30 p.m.

Fee Per Person: $149 members, $249 Non-members

Learn more or sign up here.

MPA is excited to partner with LeadingAge Illinois to bring you two two-day compliance and HIPAA workshops!

Come for a day of compliance, a day of HIPAA, or both! Two options: Naperville, IL and Springfield, IL

How to Build & Maintain an Effective Compliance Program

Overview: This workshop will walk you through steps in building a compliance program. Special emphasis will be placed on strategies for evaluating board and Compliance Committee engagement, audit integrity, compliance culture, quality of reporting, and the programs’ ability to spot and address new compliance issues. You will also receive a compliance checklist, draft board resolution, suggested training topics, PEPPER guide, compliance risk area/audit plan worksheet and compliance officer handbook.

Faculty: Margaret C. Scavotto, JD, CHC, President, MPA    
Scott Gima, COO, Executive VP of Compliance & Management, MPA

Date/Locations:

Thursday, September 27, 2018
NIU Naperville Conference Campus
1120 E Diehl Rd, Naperville, IL 60563

Wednesday, October 24, 2018
Illinois Education Association
3440 Liberty Dr. Springfield, IL 62704

Time: 9:00 a.m. – 4:30 p.m.

Fee Per Person: $149 members, $249 Non-members

Learn more or sign up here.

How to Build a HIPAA Program

Overview: In this workshop, we will provide an overview of HIPAA privacy, security, and breach notification that is appropriate for beginners, but will also serve as a refresher for more senior HIPAA professionals. We will emphasize practical strategies to make HIPAA a part of daily life and culture at your organization. Together we will brainstorm strategies to make HIPAA a mindset at our organizations. We will share examples from headlines as well as from around the water cooler, and discuss best practices and practical solutions for preventing these HIPAA hazards, with an emphasis on going beyond a paper policy and annual training.

Faculty: Margaret C. Scavotto, JD, CHC, President, MPA
Scott Gima, COO, Executive VP of Compliance & Management, MPA

Date/Locations
Friday, September 28, 2018
NIU Naperville Conference Campus
1120 E Diehl Rd, Naperville, IL 60563
 
Thursday, October 25, 2018
Illinois Education Association
3440 Liberty Dr. Springfield, IL 62704

Time: 9:00 a.m. – 4:30 p.m.

Fee Per Person: $149 members, $249 Non-members

Learn more or sign up here.

MPA is excited to partner with LeadingAge Illinois to bring you two two-day compliance and HIPAA workshops!

Come for a day of compliance, a day of HIPAA, or both! Two options: Naperville, IL and Springfield, IL

How to Build & Maintain an Effective Compliance Program

Overview: This workshop will walk you through steps in building a compliance program. Special emphasis will be placed on strategies for evaluating board and Compliance Committee engagement, audit integrity, compliance culture, quality of reporting, and the programs’ ability to spot and address new compliance issues. You will also receive a compliance checklist, draft board resolution, suggested training topics, PEPPER guide, compliance risk area/audit plan worksheet and compliance officer handbook.

Faculty: Margaret C. Scavotto, JD, CHC, President, MPA    
Scott Gima, COO, Executive VP of Compliance & Management, MPA

Date/Locations:

Thursday, September 27, 2018
NIU Naperville Conference Campus
1120 E Diehl Rd, Naperville, IL 60563

Wednesday, October 24, 2018
Illinois Education Association
3440 Liberty Dr. Springfield, IL 62704

Time: 9:00 a.m. – 4:30 p.m.

Fee Per Person: $149 members, $249 Non-members

Learn more or sign up here.

How to Build a HIPAA Program

Overview: In this workshop, we will provide an overview of HIPAA privacy, security, and breach notification that is appropriate for beginners, but will also serve as a refresher for more senior HIPAA professionals. We will emphasize practical strategies to make HIPAA a part of daily life and culture at your organization. Together we will brainstorm strategies to make HIPAA a mindset at our organizations. We will share examples from headlines as well as from around the water cooler, and discuss best practices and practical solutions for preventing these HIPAA hazards, with an emphasis on going beyond a paper policy and annual training.

Faculty: Margaret C. Scavotto, JD, CHC, President, MPA
Scott Gima, COO, Executive VP of Compliance & Management, MPA

Date/Locations
Friday, September 28, 2018
NIU Naperville Conference Campus
1120 E Diehl Rd, Naperville, IL 60563
 
Thursday, October 25, 2018
Illinois Education Association
3440 Liberty Dr. Springfield, IL 62704

Time: 9:00 a.m. – 4:30 p.m.

Fee Per Person: $149 members, $249 Non-members

Learn more or sign up here.

A nurse was fired from a Kentucky hospital after she told a physician and EKG technician to wear gloves for a procedure – because the patient has Hepatitis C. The patient was behind a privacy curtain, with other patients and staff nearby.

The patient complained to the hospital that the nurse revealed his diagnosis to nearby patients and staff who overheard her. The nurse was fired for violating HIPAA, and sued the hospital for wrongful termination. The nurse argued that she did not violate HIPAA, because her disclosure was “incidental” and permitted under HIPAA.

The nurse lost at trial, and, later, on appeal. The appellate court stated: “…even if [the hospital] were objectively wrong that [the nurse] violated HIPAA’s patient confidentiality provisions, [the nurse] cannot rely on HIPAA as a basis for a wrongful discharge claim, since HIPAA’s confidentiality provisions exist to protect patients and not healthcare employees.”

The nurse also sued the hospital for defamation. The nurse said a hospital employee defamed her when she reported the nurse’s HIPAA-based termination to the Metropolitan Louisville Healthcare Consortium. The Court upheld the trial court’s finding that no defamation occurred, because the hospital told the truth: the nurse was in fact terminated for violating HIPAA after she disclosed more information than the minimum necessary.

This is just one Kentucky court’s opinion – and keep in mind that the OCR has not released any enforcement regarding this instance. But, this lawsuit is an example of two things:

• A provider successfully firing someone for violating HIPAA; and
• An ongoing need to train staff on common HIPAA risks

MPA is excited to participate in ProviderTrust's free compliance webinar series. Join us for this complimentary webinar, and learn how to take your compliance program to the next level:

Great, You Have a Compliance Plan - Now What?

June 23, 2016

12:00 p.m. CST

The first step toward compliance is having a plan. There are some legal advantages of having a compliance plan as well as possible reduction in federal sentencing penalties. One of the legal ramifications of a compliance plan is being held liable for meting and complying with it. It is not just words on paper, but a document of how you will be held responsible. Together, we will:

• Learn how to "triage" the many tasks required to make your compliance program effective
• Identify key auditing, training, governance and reporting tasks to keep you on track
• Think beyond the 7 elements of a compliance program!

Click here to reserve your spot.

 The OIG recently issued a report summarizing HHS' improper payment rates in Fiscal Year 2015. The report found a 12.09% improper payment rate for Medicare fee-for-service claims in FY2015. HHS pointed to two main causes of the improper payments:

Compliance Officers are far too aware of the obstacles to engaging employees with compliance training. Employees don’t show up, leaving the Compliance Officer to schedule additional sessions for months. Employees show up—but don’t ask any questions, or, worse, fall asleep. Surely, there must be a better way.

1. Bring carrots.

Compliance has a reputation for being a “hammer,” and that doesn’t motivate employees to attend training. Yes, training needs to be required and discipline policies must apply, but a dangling carrot might be more effective in filling the seats. Does your budget allow you to provide a meal during training? What rewards can you offer for attendance? How about holding a raffle, and every attendee gets a ticket?

2. Customize.

Yes, you can search the internet for “Compliance training” and find existing training programs from other providers. But will they resonate with YOUR staff? Sample compliance program training sessions are a great place to start, but don’t forget to add discussion that is specific to the compliance risks your employees face. If it’s not relevant, it won’t be interesting.

3. Use hypos.

Compliance Officers read a lot of regulations and OIG guidance… so your employees don’t have to. Compliance training needs to educate personnel about the risks involved and how to respond to them, but PowerPoint slides full of excerpts from the Anti-Kickback Statute might not be the best way to go. Use real-world examples and hypotheticals to walk employees through situations they are likely to face on the job. The goal is for employees to think of compliance if they are ever in a tough situation—not to be able to recite the Anti-Kickback Statute.

4. Help your employees.

Sound obvious? Compliance Officers can get bogged down in the myriad risks that need to be conveyed to employees. Try a brain shift: what compliance information will help employees do their jobs better? What “do’s and don’ts” will help them out if they ever find themselves facing non-compliance? This approach can help compliance feel less like a hammer and more like a helpful resource.

5. Take it outside the class.

Annual and new hire compliance training is crucial! But it’s not enough to keep compliance top of mind on an ongoing basis. Compliance information and tips should be conveyed to your employees every month. Opportunities are everywhere: where can you catch the attention of your employees? Consider shift change chats, drinking fountain flyers, time clock posters, etc.—and never underestimate the message your Compliance Officer can convey while walking the floor.

Kickbacks can be one of the hardest skilled nursing compliance risk areas for employees to recognize—especially for employees who are new to health care. Kickbacks also bring some of the largest OIG compliance penalties for providers.