Breaking Compliance News Blog

Thank goodness we didn't get struck by lightning

Posted by Margaret Scavotto, JD, CHC on 3/7/23 7:15 AM

When it rains, we don’t walk around saying “Oh, no! I’m so worried I might get struck by lightning. I better stay inside all day and change my whole day around.”

Nobody says that. When it rains, I DO hear people saying “It’s raining – this is so good for my garden.” Or the grass or the flowers. Or the basil plants.

Why? Because the odds of getting struck by lightning are LOW. The odds of the rain nurturing plants, however, is HIGH. It’s pretty much guaranteed.

Why, then, when we talk about compliance with leadership and the board room, do we tend to focus so much on penalties?

Yes, penalties are a very important reality and leadership does need to know about them. This is especially important for board members, who have a fiduciary duty to ensure an organization’s compliance program is functioning properly, so as to avoid penalties from the DOJ and the OIG.

But the truth remains that the likelihood of receiving a penalty is relatively low (this of course assumes that your organization is diligently operating a compliance program and trying to do the right thing. I think it’s safe to say that if you are reading this blog, you likely fall into that category). So perhaps the focus of our compliance messaging should be less on lightning, and more on helping the flowers grow?

How has your compliance program helped your organization this year?

Odds are, your compliance program bears good news.

Did your hotline encourage employees to report potential false claims internally, so they could be self-reported? Did this hotline call possibly avoid a whistleblower situation?

Did routine compliance audits find a documentation issue – so you could correct it before it became a widespread problem?

Maybe the compliance department collaborated with the HIPAA Security Officer to run a ransomware and phishing campaign, educating employees about potentially hazardous emails and links. As a result, the Compliance Officer and Security Officer received dozens of calls from employees reporting suspicious emails and links that potentially contained ransomware or malware. Can you put a price tag on potentially avoiding a costly ransomware attack?

Did your quality assurance program reduce adverse events? Lower the amount of pressure ulcers? Improve patient care? Did that lead to an increase in census? Higher patient satisfaction? Positive perception in the community?

Perhaps your annual employee compliance survey shows a more supportive workplace due to a recent compliance education effort, and that employee turnover has also decreased.

What else did compliance do? Did compliance boost the bottom line? Make it easier for employees to do their jobs? What processes did compliance improve? How did the compliance department contribute to your organization’s culture? Make your company a better place to work? A better place to receive care?

Once you have taken a moment to tally up everything your compliance program has done for your organization this year, ask a second question:

Who did you tell?

Did you tell your managers, so they can see how the compliance department is working for them?

Did you share the good news with your staff?

I repeatedly hear from compliance officers who have trouble getting money in the budget for compliance. So I ask them: What has compliance done for you lately? A lot, I bet. Who have you told? Did you share the good news with  your senior leadership and board? (Or the president, or CEO, or whomever else is at the helm of your organization?) They are in charge of the budget. Do they know that investments in compliance have yielded greater advances in quality care, patient satisfaction, employee satisfaction, billing accuracy, occupancy, and more.

Because if you don’t tell anyone, no one will know how powerful your compliance effort really is. Spend more time on the good news, and less time talking about lightning.

Read More

Topics: compliance

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 2/14/23 9:15 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST and are presented by Margaret Scavotto and Scott Gima

 

Plan a Successful Compliance Week in 2023

February 22, 2023

90 minutes

1.8 CCB CEUs
1.5 NAB CEUs

Your compliance program is only as strong as the culture behind it - and the knowledge and buy-in of your team. It takes year-round activities and awareness to support that culture. In this webinar, we will discuss approaches to plan a fun and engaging Compliance Week for your staff. Whether it's been a year since you held Compliance Week - or whether compliance has been back-burnered during the pandemic and your culture needs a boost - it's time to schedule a Compliance Week!
 
Learn how to plan a Compliance Week that includes employee feedback, and reinforces compliance as a positive force in your organization.

SIGN UP

This program has been approved for Continuing Education for 1.5 total participant hours by AB/NCERS—Approval #20240221-1.50-A90033-DL.

 

SNF Compliance Update

April 19, 2023

90 minutes

1.8 CCB CEUs

1.5 NAB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; a pandemic; and, as of October 24, 2022, enforcement via CMS survey. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.
 
In this webinar, we will discuss the status of compliance and ethics programs for nursing homes; review other reasons to comply (DOJ, OIG, OCR, etc.); walk through a step-by-step process to implement or review your program; and identify best practices for a compliance program that lasts.
 

This program has been approved for Continuing Education for 1.5 total participant hours by NAB/NCERS—Approval #20240418-1.50-A90034-DL

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 ive CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

Compliance Lessons from Game Night

Posted by Margaret Scavotto, JD, CHC on 2/8/23 7:30 AM

 

When my family gets together, we play games.

Specifically, we play Cards Against Humanity: Family Edition.

In this game, one person selects a black card with a question or incomplete phrase. Everyone else selects a white card, with words or a phrase to complete the question or phrase on the black card. The person with the black card selects the funniest white card/black card combination, and the person who put down that white card is the winner.

The last time we played, someone chose a black card that said: “What really killed the dinosaurs?”

And the top white card for this round said: “Moving to Ohio.”

Other worthy contenders were: “Famous peanut scientist George Washington Carver”; “Math”; “The gym teacher”; and “Getting sucked into a jet engine.”

But, “Moving to Ohio” was the clear winner. These things don’t go together. I’m not a paleontologist, but I can tell you that at the time of the dinosaurs’ extinction, Ohio definitely did not exist. And yet, this nonsensical combination won the game. People laughed. Some people laughed so hard they cried. One person laughed so hard that s/he fell out of a chair.

This can happen at work too. And it can be a good thing.

When bad combinations add up to a win:

Compliance education and… The bathroom

Compliance is serious business. Surely it has no place in the bathroom?

Until the day it makes perfect sense to bring compliance into the bathroom.

A healthcare provider client was struggling to change staff behavior related to social media. They tried posting reminders and flyers by the time clock. The problem? The wall around the time clock was plastered with posters, many of which have not changed in years. Nobody read the posters.

So arose the idea to combine two things that seemingly do not go together: Compliance education, and the bathroom. Compliance reminders were posted in the bathroom stalls. IT WORKED. We know people read the flyers because the Compliance Officer began receiving lots of questions about the content of the posters. There’s nothing else to read in there – your posters will get a read. We also put posters over drinking fountains and on microwaves.

Don’t be afraid to think outside the box, to try new ideas, and even to try nonsensical combinations once in a while. It just might work.

Read More

Topics: compliance

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 2/2/23 11:33 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST and are presented by Margaret Scavotto and Scott Gima

 

Plan a Successful Compliance Week in 2023

February 22, 2023

90 minutes

1.8 CCB CEUs
1.5 NAB CEUs

Your compliance program is only as strong as the culture behind it - and the knowledge and buy-in of your team. It takes year-round activities and awareness to support that culture. In this webinar, we will discuss approaches to plan a fun and engaging Compliance Week for your staff. Whether it's been a year since you held Compliance Week - or whether compliance has been back-burnered during the pandemic and your culture needs a boost - it's time to schedule a Compliance Week!
 
Learn how to plan a Compliance Week that includes employee feedback, and reinforces compliance as a positive force in your organization.

SIGN UP

This program has been approved for Continuing Education for 1.5 total participant hours by AB/NCERS—Approval #20240221-1.50-A90033-DL.

 

SNF Compliance Update

April 19, 2023

90 minutes

1.8 CCB CEUs

1.5 NAB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; a pandemic; and, as of October 24, 2022, enforcement via CMS survey. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.
 
In this webinar, we will discuss the status of compliance and ethics programs for nursing homes; review other reasons to comply (DOJ, OIG, OCR, etc.); walk through a step-by-step process to implement or review your program; and identify best practices for a compliance program that lasts.
 

This program has been approved for Continuing Education for 1.5 total participant hours by NAB/NCERS—Approval #20240418-1.50-A90034-DL

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 ive CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

*Free Issue* MPA’s Compliance and HIPAA News Reports

Posted by Margaret Scavotto, JD, CHC on 1/26/23 12:03 PM

Read More

Topics: Training and Education, compliance

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 1/18/23 8:15 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST and are presented by Margaret Scavotto and Scott Gima

HIPAA Security Update

January 25, 2023

90 minutes

1.8 CCB CEUs

Healthcare is the #1 target of cyber-attacks, and the threat continually increases. Your HIPAA security program is your defense, and the key to maintaining continuity of care. In this webinar, we will illustrate why the HIPAA Security Risk Analysis is the best way to identify and reduce security risks and prevent cyber-attacks. We will also address the 2021 HITECH amendment’s Recognized Security Practices for covered entities and business associates: what providers can and should implement, and how doing so can yield favorable results after a breach. This webinar will also cover new and emerging risks from the Office for Civil rights, news coverage, and best practices.

SIGN UP

 

Plan a Successful Compliance Week in 2023

February 22, 2023

90 minutes

1.8 CCB CEUs
1.5 NAB CEUs

Your compliance program is only as strong as the culture behind it - and the knowledge and buy-in of your team. It takes year-round activities and awareness to support that culture. In this webinar, we will discuss approaches to plan a fun and engaging Compliance Week for your staff. Whether it's been a year since you held Compliance Week - or whether compliance has been back-burnered during the pandemic and your culture needs a boost - it's time to schedule a Compliance Week!
 
Learn how to plan a Compliance Week that includes employee feedback, and reinforces compliance as a positive force in your organization.

SIGN UP

This program has been approved for Continuing Education for 1.5 total participant hours by AB/NCERS—Approval #20240221-1.50-A90033-DL.

 

SNF Compliance Update

April 19, 2023

90 minutes

1.8 CCB CEUs

1.5 NAB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; a pandemic; and, as of October 24, 2022, enforcement via CMS survey. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.
 
In this webinar, we will discuss the status of compliance and ethics programs for nursing homes; review other reasons to comply (DOJ, OIG, OCR, etc.); walk through a step-by-step process to implement or review your program; and identify best practices for a compliance program that lasts.
 

This program has been approved for Continuing Education for 1.5 total participant hours by NAB/NCERS—Approval #20240418-1.50-A90034-DL

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 ive CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 1/11/23 10:40 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST and are presented by Margaret Scavotto and Scott Gima

HIPAA Security Update

January 25, 2023

90 minutes

1.8 CCB CEUs

Healthcare is the #1 target of cyber-attacks, and the threat continually increases. Your HIPAA security program is your defense, and the key to maintaining continuity of care. In this webinar, we will illustrate why the HIPAA Security Risk Analysis is the best way to identify and reduce security risks and prevent cyber-attacks. We will also address the 2021 HITECH amendment’s Recognized Security Practices for covered entities and business associates: what providers can and should implement, and how doing so can yield favorable results after a breach. This webinar will also cover new and emerging risks from the Office for Civil rights, news coverage, and best practices.

SIGN UP

 

Plan a Successful Compliance Week in 2023

February 22, 2023

90 minutes

1.8 CCB CEUs
1.5 NAB CEUs

Your compliance program is only as strong as the culture behind it - and the knowledge and buy-in of your team. It takes year-round activities and awareness to support that culture. In this webinar, we will discuss approaches to plan a fun and engaging Compliance Week for your staff. Whether it's been a year since you held Compliance Week - or whether compliance has been back-burnered during the pandemic and your culture needs a boost - it's time to schedule a Compliance Week!
 
Learn how to plan a Compliance Week that includes employee feedback, and reinforces compliance as a positive force in your organization.

SIGN UP

This program has been approved for Continuing Education for 1.5 total participant hours by AB/NCERS—Approval #20240221-1.50-A90033-DL.

 

SNF Compliance Update

April 19, 2023

90 minutes

1.8 CCB CEUs

1.5 NAB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; a pandemic; and, as of October 24, 2022, enforcement via CMS survey. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.
 
In this webinar, we will discuss the status of compliance and ethics programs for nursing homes; review other reasons to comply (DOJ, OIG, OCR, etc.); walk through a step-by-step process to implement or review your program; and identify best practices for a compliance program that lasts.
 

This program has been approved for Continuing Education for 1.5 total participant hours by NAB/NCERS—Approval #20240418-1.50-A90034-DL

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 ive CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

Did you brush your teeth?

Posted by Margaret Scavotto, JD, CHC on 1/10/23 8:30 AM

My kids sometimes ask me why they have to brush their teeth every day. Or put away their dirty laundry EVERY DAY. We did that yesterday, Mom. Isn’t that enough? Come on.

This always prompts a conversation about habits, and what happens when we skip them.

If we skip brushing our teeth once, we are likely to skip brushing our teeth again. And again. And again. Until not brushing our teeth becomes the habit.

Until…. It’s time to go to the dentist. If we’ve skimped on brushing, we might not get that sticker. No Dora the Explorer toothbrush. Nope, you’ve got cavities. That means TWO trips to the dentist. For grown-ups, who always have the most fun, it could mean a root canal or an impacted tooth – maybe even THREE trips to the dentist.

You know where I’m going with these oral hygiene horror stories.

How are your compliance habits?

Compliance is a routine. It’s not a one-and-done job. There are annual, quarterly, monthly, weekly, and daily tasks.

What happens if we forget to log a compliance complaint? Just one. Or two? What does that do the integrity of our documentation? How will we defend questions or concerns about this complaint at a later date? How will it impact the data we have available to identify complaint trends? How can we prove we handled this complaint?

What happens if we forget to do our HIPAA walk-through audit this quarter? And maybe next quarter, because things are still really busy? How long have employee passwords been left up on post-it notes for visitors to see? How long have the water cooler patient conversations gone unchecked? What are we missing that we haven’t even thought about?

What happens if we skip our weekly compliance rounding, when we walk the halls and interact with employees? How many interactions do we miss? How many employees stop recognizing us – and think a little less about compliance?

The biggest habit of all is, of course, a semi-annual visit to the dentist. In the compliance world, this is your annual compliance program review. If we have been keeping up compliance habits, that annual review will find more successes to celebrate (Dora the Explorer toothbrushes for everyone!) If, however, we have let those habits fall by the wayside, we might need to fill some cavities in the next year. Or worse – conduct a root canal.

At the dentist’s office and in the compliance department, habits matter. Skipping them can have a big impact. Focus on the habits that keep your compliance program effective and commit to them. And do not, under any circumstances, make a habit of skipping the annual compliance program review.

So I ask you: Are you regularly brushing your teeth?

Read More

Topics: compliance

The Rackspace ransomware attack – How safe is your cloud?

Posted by Scott Gima on 12/20/22 10:40 AM

What is Rackspace?

Rackspace Technologies is a tech company that provides cloud-based servers, data storage and data backup services.

What Happened?

On December 2, 2022, at 2:49 a.m. EST, Rackspace posted a message stating that customers that used their hosted exchange email servers did not have email access. The Hosted Exchange services include mailboxes (up to 100GB), Microsoft Outlook, Outlook Web Access, mobile device synchronization, anti-spam and anti-virus protection.

On 12/6, Rackspace indicated that they suffered a ransomware attack.

Rackspace has not yet indicated when email service will be restored to their clients. In the meantime, email accounts and domains are being migrated to Microsoft 365. This temporary solution only provides access to new emails. Clients currently have no access to existing emails.

Rackspace has not reported the number of impacted customers. It has been speculated that the number of small and medium sized customers may be in the thousands.

Why is this Important?

In the old days, Microsoft Outlook and Office programs were installed on your company’s server. Email Exchange Servers were also physically located within your company. All emails, email attachments, documents, and spreadsheets were also stored on the server or on your desktop. Today, companies like Rackspace and Microsoft provide these applications with data storage in the cloud.

The Rackspace incident provides a sobering example that cloud applications and cloud stored data are not as safe as you think. Rackspace customers lost the ability to receive and send emails. According to news reports, many customers have email after Rackspace moved them over to Microsoft 365. But there is an ongoing concern of archived email data loss once email service is restored. Think about the impact to your organization and your job tasks if you lost the ability to send and receive emails, plus access to all of your old emails, both sent and received. My guess is that you will come to the same conclusion as me – the impact would be significant if not catastrophic.

Impact?

Loss of email typically means lost revenue. What is your organization’s tolerance to downtime? In other words, how long can you go without email? These are questions that need to be posed to each department. The loss of access to the EHR is the #1 issue, but that can be handled by going old school with paper documentation. The impact on other departments must be reviewed in detail.

Let’s start with the business office. Is there enough cash if billing Medicare, Medicare Advantage, Medicaid and private pay stops or takes longer than normal? What about follow-up of unpaid claims? Referrals? Communication with referring hospitals is typically handled by email. How do you review payor eligibility? How will you recruit staff for open positions without receiving email notifications from recruiting websites? Background checks and review of exclusion lists? The list goes on and on.

All of us are heavily dependent on emails to do our daily tasks. The temporary loss of being able to send or receive emails for a week or two is tolerable, but the tipping point may well be the possible loss of old emails and attachments.

What to do?

I reached out to Scott Wolff, President and Director of IT Operations at LanServ, Inc., a managed service provider (MSP) in St. Louis, and asked him: What do companies need to do to limit their email downtime and prevent the loss of archived (old) emails and attachments? Here is a list of recommendations from Scott W:

Read More

Topics: HIPAA, security, compliance

Compliance Lessons from Mistletoe, the Elf on our shelf

Posted by Margaret Scavotto, JD, CHC on 12/19/22 10:40 AM

 
A few years ago, we begrudgingly began participating in the Elf on the Shelf tradition.
 
I say begrudgingly because, while the Elf brings a lot of merriment, it’s also a lot of work for parents. And, something about the tradition feels a little too much like playing a trick on the kids.
 
Nevertheless, the Elf joined our household in 2020. The pandemic and virtual school were upon us, and we needed some joy, ASAP. We also got a puppy during this time (if you are wondering how things were really going). The kids named the Elf Mistletoe. But the story we told our kids about Mistletoe strays from tradition.
 
The original Elf on the Shelf story tells children that Santa sent the Elf to sit on their shelf and keep an eye on the kids. If the kids are good – or bad – the Elf will report this news back to Santa at the North Pole, and that will, understandably, impact the children’s gifts under the tree. The original Elf tale also warns kids to never, ever touch the Elf – or the Elf will lose its magic.
 
Yikes! That’s a lot to worry about. Aren’t the holidays supposed to be fun? Especially for kids?
 
So we changed the story. In our house, Mistletoe comes to spread holiday cheer. She comes to celebrate that the kids were good this year, and to bring a little magic into the season. We also told the kids that the Elf does not lose her magic if they touch her. We compared that legend to “step on a crack and you’ll break your mother’s back.” It’s not going to happen. Because inevitably, a kid will touch the Elf out of burning curiosity and then spend the night in tears (rather than sleeping).
 
Is your Elf celebrating or scaring?
 
Much like my family decided to take control over the narrative surrounding Mistletoe the Elf, the compliance department has choices when it comes to its compliance messaging.
What kind of message does your compliance program convey?
 
Does your compliance department focus on the penalties and punishments looming if people slip up? Do you send a lot of emails or post a lot of reminders featuring the words “Don’t” and “No”?
 
Or does your compliance department focus on helping your team do their jobs in a way that honors the compliance program – and celebrating the successes along the way? Maybe you use more words like “Remember” and “Here’s a tip!”
 
I want my kids to smile when they see the Elf every year, rather than feel a sense of impending doom. Compliance officers also want to be well received. Is your compliance message as inviting as you’d like your compliance culture to be?
 
Read More

Topics: compliance

    Privacy Policy           Terms of Use