Breaking Compliance News Blog

2013's lessons for compliance ... and MPA's resolutions for 2014

Posted by Margaret Scavotto, JD, CHC on 1/8/14 12:22 PM

Find me on:

2013 brought so much compliance guidance and enforcement news, that it can be hard to keep up. MPA summarizes the biggest lessons from the past year, with suggested resolutions for how to make 2014 a better year.

Lesson One: A single HIPAA mistake could put a provider out of business.

The Office of Civil Rights put its HIPAA enforcement power to good use in 2013:

  • A managed care company paid $1.7 Million after an unsecured online database left the PHI of 612,402 individuals accessible to unauthorized parties.
  • A dermatology practice paid $150,000 after an unencrypted flash drive containing PHI for 2,200 people was stolen from an employee's vehicle.
  • A medical center paid $275,000 after two employees disclosed patient information to the media without patient authorization.
  • A health plan paid $1,215,780 after it sold a photocopier containing PHI for 344,579 individuals. The photocopier's hard drive was not encrypted.

MPA Resolution: HIPAA Privacy, Security and Breach Notification policies and procedures will be reviewed and updated; HIPAA Security risk assessments will be reviewed for currency and updated to reflect evolving technology; and employees will be trained on HIPAA.

Lesson Two: It pays to be a whistleblower.

752 whistleblower suits were filed in fiscal year 2013, setting a new record. These suits brought in $2.9 Billion for the government, with whistleblowers taking home $345 Million.

One such whistleblower case created a $400,000 windfall for two nurses who brought an action against an Illinois nursing home that submitted false claims for substandard care. The case ended with a $28.1 Million jury assessment against the nursing home owner.

No one knows more about your facility than your employees--and they are highly incentivized to report to the government. Encouraging employees to report potential non-compliance to your leadership can help you improve your organization, and stay out of hot water.

 MPA Resolution: Promote internal whistleblowing with anonymous, safe ways to report non-compliance to the compliance officer, and protect thisreporting mechanism with non-retaliation policies.

Lesson Three: Skilled nursing and therapy are government targets.

Enforcement headlines that we used to see in the hospital arena have crept into long term care. Therapy is a highly reimbursed area, so it only makes sense that the government focuses its enforcement efforts on therapy:

  • A nursing home company paid $48 Million to settle allegations that it knowingly submitted false claims to Medicare for medically unnecessary rehabilitation therapy services.
  • Another nursing home company paid  $2.7 Million to resolve allegations that it submitted claims to Medicare and Medicaid for medically unreasonable and unnecessary rehabilitation therapy.

MPA Resolution: Therapy and Skilled Nursing will be partners in 2014, working together to verify the necessity of services; accuracy of care planning; and accuracy of documentation supporting claims.

Lesson Four: CMS knows your RUG distribution, and so should you.

CMS sent Program for Evaluating Payment Patterns Electronic Reports (PEPPER) to nursing homes in August 2013. PEPPER uses Medicare Part A claims data to compare each SNF to state, national and Fiscal Intermediary data for RUG distributions, among other thingsCMS uses this report to identify if your facility is an outlier-and so should you.


MPA Resolution:

Review PEPPER and identify if you are an outlier in any of the tracked metrics. Monitor these metrics within your facility on an ongoing basis to make sure you are not an outlier.

Lesson Five: The OIG (still) expects monthly excluded provider screening.

In May 2013, the OIG released new guidance on excluded providers, in which it again recommended that employees and contractors be screened pre-hire and re-screened monthly. Providers who fail to screen monthly could face penalties of up to $10,000 per claim for each service provided by an excluded party, and could be excluded themselves.

MPA Resolution: Implement a solution for conducting monthly screens of all employees and contractors. There are multiple software options that can make this a very easy problem to solve. To read more about excluded providers, click here.

Lesson 6: Compliance isn't just's essential to reduce penalties.

As of March 23, 2013, compliance programs are mandatory for all nursing homes. Many nursing homes have decided to wait to comply until forthcoming regulations addressing the mandatory programs are issued. Lessons 1 through 5 show us that this is a perilous strategy: never before has enforcement in the nursing home field been so high. Likewise, never before have effective compliance programs been so crucial to keeping nursing homes away from penalties, investigations, and the headlines.

MPA Resolution: Implement an effective compliance program, with policies and procedures, training, auditing and monitoring, effective lines of communication, a compliance officer and committee, investigations and corrective action policies, and enforcement. For those with a program in place, use 2014 to make sure it is current, and an integral part of your operations and culture.

What keeps you up  at night? Free Compliance  Risk Assessment

Topics: Compliance Basics, Penalties and Enforcement, HIPAA, Excluded Providers, Whistleblowers

    Privacy Policy           Terms of Use