Breaking Compliance News Blog

BREAKING NEWS: CMS TO ENFORCE SNF COMPLIANCE IN OCTOBER

Posted by Margaret Scavotto & Scott Gima on 6/29/22 8:09 PM

Today, CMS issued new and revised guidance for long-term care surveyors. This guidance includes the following updates:
  • Clarifications and technical corrections of Phase 2 guidance issued in 2017
  • New guidance for Phase 3 requirements that went into effect November 28, 2019
  • Arbitration requirements and guidance which went into effect September 16, 2019
  • Changes to the Psychosocial Severity Guide
The new guidance for Phase 3 requirements includes the long-awaited F-Tag F895: Compliance and Ethics Programs.
 
In addition to the surveyor guidance, CMS has posted training on the new compliance guidance for surveyors, and the updated State Operations Manual provisions related to F895 (Appendix PP). Here’s what you need to know:
 

ENFORCEMENT

CMS will begin reviewing nursing home Compliance and Ethics programs via survey on October 24, 2022.
 

WHAT ABOUT THE PROPOSED RULE?

The State Operations Manual uses the original Compliance and Ethics Programs rule that was issued as part of Phase 3 – not the proposed rule. Nursing homes should make sure their compliance programs are built to the original rule (plus OIG guidance). MPA has summarized the requirements for you below.
 

NURSING HOME COMPLIANCE REQUIREMENTS

All nursing homes must have the following:
  • Written compliance and ethics policies and procedures that:
    • Reduce the risk of criminal, civil and administrative violations
    • Promote quality of care
    • Designate a compliance contact to receive reports
    • Include an anonymous way to report non-compliance without retribution
    • Include disciplinary standards
    • Apply to contractors and volunteers
  • Policies and procedures communicated to all staff, contractors, and volunteers
  • Assigned high-level personnel oversight for the compliance program, and sufficient resources and authority for such high-level personnel
  • Due care not to delegate substantial discretionary authority to individuals the SNF knew or should have known had a propensity to commit a crime
  • Auditing and monitoring
  • A reporting system
  • Consistent enforcement via discipline
  • Annual review. 
Organizations with five or more facilities must also have:
  • A mandatory annual compliance training program, and
  • A compliance officer who reports directly to the governing body, with designated compliance liaisons at each site
(For a comprehensive list of requirements, please see 42 CFR 483.85).
 

WHAT ELSE IS IN THE GUIDANCE?

The CMS guidance also addresses other Phase 2 and Phase 3 provisions of the long-term care regulations. You can read the other changes here
 

IF YOU NEED HELP

MPA is ready to help you meet these compliance and ethics requirements, MPA has nursing home compliance programs available for download on our store.
 
And, we can review your existing compliance program, or do your annual review. Reply to this email for more information.

Read More

Topics: Penalties and Enforcement, Affordable Care Act, compliance, surveys

Subscribe to MPA’s Compliance Newsletter and Stay on Top of Compliance

Posted by Margaret Scavotto, JD, CHC on 5/25/22 8:45 AM

MPA scours OIG, DOJ, FBI, OSHA, & OCR updates so you don't have to.

We summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Read MPA’s News Report to stay current with compliance news and developments. Then, forward the News Report (or excerpts) to your Board, Compliance Committee, and management team, to keep them informed with little effort. MPA’s clients use the News Report to find ideas for compliance and HIPAA training, and identify areas where policies or audits are needed.

This month’s issue includes:

  • A summary of the 33 OIG health care fraud enforcement cases announced last month
  • Examples of False Claims, Kickback, opioid, and state enforcement from last month
  • Items added to the OIG Work Plan  
  • The latest OIG Advisory Opinion
  • OSHA update
  • Four new HIPAA enforcements, including a dentist who told a patient to "Get a life" in response to an online review
  • The end of multiple COVID-19 PHE waivers for SNFs
  • The DOJ's first settlement under its Civil Cyber-Fraud Initiative
  • Biden's Cyber Incident Reporting Act, which will require health care providers to notify CISA of cyber incidents within 72 hours
  • Telehealth for 151 more days
  • ... and more!
  • You can read a sample report here

Price: $25/month

Cancel any time.

Subscribe today

 

Read More

Topics: Training and Education, compliance

Compliance Lessons from the Phillies: Own Your Mistakes and We’ve Got Your Back

Posted by Scott Gima on 5/17/22 8:45 AM

Alec Bohm, a third overall pick in the 2018 draft, is playing his third season with the Phillies. On April 11, against the Mets, Bohm was playing third base and committed three throwing errors early in the game. In the second inning, the Philadelphia fans mockingly cheered Bohm after a clean fielding play for an out. While walking back to third base, the TV broadcast captures Bohm telling shortstop Didi Gregorius, “I ****ing hate this place.”

Wow. Was he talking about the fans, the city, the situation right then and there? This is one of those “fork in the road” events that could turn a young player with a promising career into an exiled player. Just give social media the chance. The Phillies came back from a 4-run deficit to win the game with five runs in the 8th, which ironically started off with a walk to Bohm. But the comeback was clearly not the story of the game. In the clubhouse after the game, the reporters gathered around Bohm to hear what he had to say. Keep in mind that the video of what Alec Bohm said to his shortstop was not 100% clear. This is what he had to say:

Read More

Topics: compliance

Subscribe to MPA’s Compliance Newsletter and Stay on Top of Compliance

Posted by Margaret Scavotto, JD, CHC on 4/20/22 8:45 AM

MPA scours OIG, DOJ, FBI, OSHA, & OCR updates so you don't have to.

We summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Read MPA’s News Report to stay current with compliance news and developments. Then, forward the News Report (or excerpts) to your Board, Compliance Committee, and management team, to keep them informed with little effort. MPA’s clients use the News Report to find ideas for compliance and HIPAA training, and identify areas where policies or audits are needed.

This month’s issue includes:

  • A summary of the 33 OIG health care fraud enforcement cases announced last month
  • Examples of False Claims, Kickback, opioid, and state enforcement from last month
  • Items added to the OIG Work Plan  
  • The latest OIG Advisory Opinion
  • OSHA update
  • Four new HIPAA enforcements, including a dentist who told a patient to "Get a life" in response to an online review
  • The end of multiple COVID-19 PHE waivers for SNFs
  • The DOJ's first settlement under its Civil Cyber-Fraud Initiative
  • Biden's Cyber Incident Reporting Act, which will require health care providers to notify CISA of cyber incidents within 72 hours
  • Telehealth for 151 more days
  • ... and more!
  • You can read a sample report here

Price: $25/month

Cancel any time.

Subscribe today

 

Read More

Topics: Training and Education, compliance

Compliance Lessons from Circus Camp

Posted by Margaret Scavotto, JD, CHC on 4/19/22 8:45 AM

This blog was originally posted on the Compliance and Ethics blog, published by the Health Care Compliance Association and the Society of Corporate Compliance and Ethics.

 

Last week was Spring Break in my house. We didn’t have travel plans, so my kids went to Circus Camp and Ice Cream Camp at the local performing arts center. Almost as good as the beach.

Every evening after camp, my kids exuberantly regaled us stories of walking on the tightwire, using stilts, juggling, doing “super cool” trampoline jumps, and balancing peacock feathers on their foreheads. They also brought home ice cream, which was a big win for Mom.

On the last day of camp, we were invited to a 15-minute circus show, where we could see what the kids learned. During the show, my daughter waited patiently on the rainbow gym mat while her fellow plate spinners, stilt walkers, and jugglers performed – until it was her turn to walk the tightwire. The time I was most proud of her was not actually when she walked across the tightwire (although that was pretty neat). I was the proudest of her when she was sitting quietly on the sidelines while her friends performed, waiting her turn.

She’s six. That’s a big deal.

She’s a pint-sized ball of energy overflowing with excitement for her new skills – and she still understood that the circus isn’t a solo act. It only works if everyone waits their turn – allowing each individual their turn to shine.

Compliance isn’t a solo act either.

If you are thinking that linking “circus” and “compliance” is one analogy too far, hear me out.

Let’s say you are the Corporate Compliance Officer for a hospital. You have your CHC certification, you have years of experience, you are good at your job, and you are extremely dedicated to it. The hospital is lucky to have you.

You put together a list of the top 10 risks you want to audit this year, rank them by priority, and map out a 12-month plan to complete these audits. The list will keep your auditing department busy, and you feel comfortable that the organization is looking at the top concerns.

But.

Do other leaders agree with your top 10? Do other decision makers think your top 10 align with their top 10? If not, and you spend resources auditing them and find a problem, you might struggle to get support for the corrective action if there is not consensus that it’s a priority.

Let’s say you put together a training plan for the next 12 months. It naturally includes compliance and HIPAA training for new employee orientation, plus annual training on those subjects. You also put together a monthly education campaign with a schedule of topics that will get promoted with tips, flashcards, and flyers. Think of how compliance awareness will grow!

But.

Do managers agree with your 12 months of topics? Maybe you picked social media as a quarterly topic – do managers also see social media as a top concern? Have managers had a chance to weigh in on the areas where employees make mistakes or ask questions? Do these topics vary by department, building, or shift?

Compliance isn’t a solo act.

Compliance depends on committed compliance officers who tirelessly plan, strategize, and come up with new ideas. But our work cannot stop there. We also need to communicate, build relationships and gain trust – reach out, listen, obtain feedback, and secure buy-in. When we take that extra step, the goals and plans we painstakingly make for our organization’s compliance program are far more likely to succeed.

If the plate spinners had come out while a kindergartner was walking across the tightwire, chaos would have ensued, and nobody would sign up for Circus Camp next year. Buy-in would have been lost. Likewise, compliance officers who take their turn, and give others a chance to be heard, will steal the show.

Read More

Topics: Compliance Officer & Committee, compliance

Elon Musk and the Pizza: There’s Two Sides to Every Story

Posted by Margaret Scavotto, JD, CHC on 4/12/22 8:15 AM

This blog was originally posted on the Compliance and Ethics blog, published by the Health Care Compliance Association and the Society of Corporate Compliance and Ethics.

There’s a rumor going around about Elon Musk.

A rumor that Elon Musk is very generous.

The story goes that Mr. Musk was visiting the Tesla Headquarters in Texas, when he encountered an individual waiting in the lobby. This man told Elon he needed to get paid. Elon asked the man how much he gets paid a month, and the man said: “$2,000.” So, Elon wrote the man a check for $2,000 and told him to have a nice day. The man leaves with his check. Another Tesla employee turns to Elon and says: “You just tipped the pizza guy two grand.”

I don’t know how this story started, or if it’s true. My bet? Not true. I couldn’t tell you if Elon Musk tips the pizza delivery guy (or gal) $2,000. But I bet he uses payroll to compensate his employees, rather than writing a personal check.

There’s two sides to every story. And things aren’t always what they seem.

This is true for (mythical) hasty check writing, and for compliance investigations. Here’s an example – and this time, it really did happen.

A nursing home Compliance Officer called to tell me someone slid an anonymous note under her door. The note said: “A nurse aide hugged a resident at lunch and I think it was inappropriate.”

The Compliance Officer’s first reaction was: If this report is accurate, it is concerning. But we need to know more. The next day, the Compliance Officer found a way to help out in the dining room – and she watched. And she saw the hug! A nurse aide did indeed hug a resident: her great aunt. After the nurse aide left, the Compliance Officer spoke with the resident, who confirmed that the hugs are very welcome.

There are two sides to every story.

Now the Compliance Officer knew both sides to this story – but the anonymous note writer did not. To address this, we put together a compliance educational flyer to post throughout the building: “When is it OK to hug a resident?” It didn’t provide the entire story, but hopefully it showed the reporter that she was heard – and Compliance responds.

How do you find all sides to a complaint?

  • Don’t make assumptions. Don’t jump to conclusions. Your mind should be blank. Maintain objectivity.
  • Ask questions. Look for FACTS.
  • Can you interview an independent eyewitness (or eyewitnesses)?
  • Conclude what you can from facts. This requires you to put aside what “could have” happened.

I’ll never know if the Elon Musk story is true. But if it is, I’m glad that pizza deliverer got a huge tip.

You don’t need to know all sides of a story to be generous. Especially if you’re Elon Musk. But you do need to llook for both sides to get to the bottom of compliance business.

 

Read More

Topics: compliance, investigations

Have You Trained Your Board On Compliance This Year?

Posted by Margaret Scavotto, JD, CHC on 4/6/22 8:30 AM

 

Your Board is responsible for compliance failures. And, board members can be held personally liable for financial losses caused by those compliance failures.

In other words, your Board is ultimately responsible for your compliance program.

Does your Board know this?

Board Responsibility

The OIG has said: “every Board is responsible for ensuring that its organization complies with relevant Federal, State, and local laws.” 

And, the OIG Compliance Program Guidance for Nursing Facilities, Footnote 4, explains that corporate directors can be personally liable for compliance failures: “Recent case law suggests that the failure of a corporate director to attempt in good faith to institute a compliance program in certain situations may be a breach of a director’s fiduciary obligation. See, e.g., In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 970 (Ct. Chanc. Del. 1996).”

The Caremark lawsuit established that the Board has:

A duty to attempt in good faith to assure that a corporate information and reporting system,

  • which the Board concludes is adequate, exists,
  • and that failure to do so under some circumstances, may...render a director liable for losses caused by non-compliance with applicable legal standards

Keeping Your Board Informed

The Board has a big job with respect to compliance. This means that on-going board training and education should be on every Compliance Officer’s task list as a standing item. Annual training is not enough and can be accomplished with MPA put together an outline of what this might look like:

Need Help? MPA Can:

  • Train your board by Zoom
  • Provide written education for your board
  • Do you need training topics? Purchase a subscription to MPA’s Compliance Newsletter. Once a month, MPA provides a summary of OIG, DOG, FBI and OCR enforcement updates as well as recent compliance and HIPAA news stories. You can read a sample report here

Read More

Topics: Board Involvement, Training and Education, compliance

Earn CEUs with MPA's FREE Compliance Webinars!

Posted by Margaret Scavotto, JD, CHC on 4/5/22 8:15 AM

 

 

Sign up for MPA's FREE Compliance webinars:

All webinars are 11:00 a.m. CST - 12:00 p.m. CST and are presented by Margaret Scavotto and Scott Gima.

 

April 6, 2022: Compliance Lessons from Ted Lasso

1.2 CCB CEUs

“Taking on a challenge is a lot like riding a horse, isn’t it?”

"You know what the happiest animal on Earth is? It's a goldfish. You know why? It's got a 10-second memory."

"If the Internet has taught us anything, it's that sometimes it's easier to speak our minds anonymously."

 

Ted Lasso, the Apple TV series that has earned a host of Emmys and Golden Globes, has become a household staple. For most of us, it’s a 29-minute mental break when our work is done for the day. But America’s favorite soccer coach also brings us some priceless compliance lessons. Leading a compliance program through and beyond a pandemic isn’t too different from leading a downtrodden soccer team in England: it’s challenging and requires continuous sources of motivation.

SIGN UP

 

May 11, 2022: Affordable Care Act Compliance Programs for Nursing Homes

1.2 CCB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; and a pandemic. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.

SIGN UP

 

The Compliance Certification Board (CCB)® has approved this event for up to 1.2  live CCB CEUs based on a 50-minute hour. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

Earn CEUs with MPA's FREE Compliance Webinars!

Posted by Margaret Scavotto, JD, CHC on 3/29/22 11:16 AM

 

 

Sign up for MPA's FREE Compliance webinars:

All webinars are 11:00 a.m. CST - 12:00 p.m. CST and are presented by Margaret Scavotto and Scott Gima.

 

April 6, 2022: Compliance Lessons from Ted Lasso

1.2 CCB CEUs

“Taking on a challenge is a lot like riding a horse, isn’t it?”

"You know what the happiest animal on Earth is? It's a goldfish. You know why? It's got a 10-second memory."

"If the Internet has taught us anything, it's that sometimes it's easier to speak our minds anonymously."

 

Ted Lasso, the Apple TV series that has earned a host of Emmys and Golden Globes, has become a household staple. For most of us, it’s a 29-minute mental break when our work is done for the day. But America’s favorite soccer coach also brings us some priceless compliance lessons. Leading a compliance program through and beyond a pandemic isn’t too different from leading a downtrodden soccer team in England: it’s challenging and requires continuous sources of motivation.

SIGN UP

 

May 11, 2022: Affordable Care Act Compliance Programs for Nursing Homes

1.2 CCB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; and a pandemic. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.

SIGN UP

 

The Compliance Certification Board (CCB)® has approved this event for up to 1.2  live CCB CEUs based on a 50-minute hour. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

What the Russia-Ukraine Conflict Means for Your Cybersecurity

Posted by Scott Gima on 3/22/22 8:15 AM

 

I recently had a conversation with Scott Wolff, President and owner of LanServ, a St. Louis IT and managed service provider. Scott was a recent guest expert for a MPA webinar that discussed HIPAA Security Risk Assessment and cybersecurity.

I asked Scott if there has been an increase in cyber threat activity as a result of the Russian invasion of Ukraine. Surprisingly, Scott has so far found a significant decrease in hacker activity with his clients. Maybe all the hackers are focused on Russia and Ukraine, but regardless of the reason, it is very easy for organizations to let their guard down.

Coincidently, the same thing was discussed earlier this week with some members of Congress who received a briefing on the elevated Russia cyber threat to the US. Former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs led the briefing which was closed to the public. The Washington Post was able to speak to Krebs after the briefing. He is worried about complacency. He told the Post “We have been talking with some alarm for weeks, if not months, about the potential Russian threat and fatigue is real and the desensitization to ongoing activities that are happening elsewhere is real.”

Krebs also stated: “the Russian cyberthreat as especially elevated now because Putin has already demonstrated he’s willing to cross Western red lines by invading Ukraine.”

I agree with Krebs. Just because cyberattacks have not yet occurred against the United States, organizational efforts to improve cybersecurity should continue and be responsive to new threats. This is especially true for critical infrastructure entities including health care providers.

I asked Scott Wolff, President/Director of IT Operations for LanServ, Inc., for his take on the situation:

The current reduction in cyber security events started a few weeks ago, and appears to coincide with the Russian invasion of Ukraine.  To many of us this may provide a much needed break from responding to the high volume increase in cyber security events over the last few years, and thus take the time to kick back and breathe a little bit. 

However, I am approaching this temporary reduction in events as a “quiet before the storm scenario.”  Currently, I am spending even more time than normal implementing additional security measures, as well as learning from the Russian cyber-attacks against Ukraine to build future cyber defenses should these same cyber-attacks be used against us.  There is no better time than now to assess your overall network system security, and user password hygiene before the storm potentially heads back this way.

What you can do

Discuss cyber threats with your IT team or managed service provider. The Cybersecurity and Infrastructure Security Agency (CISA) provides security updates and free resources. With a high threat level, now is the perfect time to update your HIPAA Security Risk Analysis.

Need more HIPAA help? MPA can help with t he HIPAA Security Risk Analysis.

Read More

Topics: HIPAA, security, compliance

    Privacy Policy           Terms of Use