Breaking Compliance News Blog

Helmets, Hoverboards, Chicken Farms: HIPAA training shouldn't be boring

Posted by Margaret Scavotto, JD, CHC on 8/11/22 11:15 AM

 

A surgeon tweeted a selfie of himself operating on a patient while wearing a bike helmet.

A dentist texted a video of himself extracting a tooth while standing on a hoverboard.

A nursing home contracted with a chicken farm for medical records shredding services.

No, I’m not making these up. They actually happened. These are all potential HIPAA violations.

And they show that HIPAA TRAINING DOES NOT HAVE TO BE BORING.

Which of the following will your staff more likely remember?

  1. HIPAA stands for the Health Insurance Portability and Accountability Act, or
  2. A surgeon tweeted a selfie of himself operating on a patient while wearing a bike helmet. This is a potential HIPAA issue – what if patient information, or the actual patient, was visible in the background? Selfies and patient care are a bad idea.

Definitely #2. It is more memorable, which makes it a much more effective. Why? It provides opportunities for discussion. Employees do not need to know what HIPAA stands for. Honestly, I’m not even concerned if employees spell it: HIPPA instead of HIPAA. If an employee spells it HIPPA but understands what may be potential privacy risks, training is successful. All of our clients and webinar attendees like this type of real-world training.

Let us make your HIPAA training memorable

nathan hoffman-1

MPA mines news stories, enforcement actions, and client experiences (don’t worry – we always keep them anonymous).. These real-world and memorable scenarios are what we put in our HIPAA training:

  • Training tailored to healthcare Privacy Officers, Security Officers, board members, and employees.
  • Training that is fun and interactive. We play everyone’s favorite interactive HIPAA game: “Is it a breach?!”
  • Live zoom training, and also recorded trainings that you can add to your learning management system.
If you would like to make your HIPAA training more memorable and helpful, respond to this email or give me a call.

 

Read More

Topics: Training and Education, HIPAA

“That’s so cute!” (if there’s a HIPAA authorization)

Posted by Margaret Scavotto, JD, CHC on 6/14/22 11:17 AM

 

Are you on TikTok?
 
I’m not (although I hear it’s worth it for the air fryer recipes).
 
But everyone else is, including an increasing number of healthcare professionals and healthcare providers.
 
Social media use increased during the early pandemic days as a way to connect with the world from inside locked down facilities. It also brings a healthy dose of levity.
 
For example:
  • A nursing home’s videos of residents enjoying therapy dogs Floyd and Loki went viral on TikTok. 
  • Last Thanksgiving, one nursing home’s TikTok video of the administrator dressed as a Thanksgiving turkey went viral. 
  • In a Scotland nursing home, a 102-year-old resident ‘s daily exercise dance routine – done with two nurses – was posted to TikTok. In the video, the resident and two of his caregivers are seen dancing. The home claims the videos “have been a great way to get the residents up and moving, and they’ve loved taking part.”
I love these videos! They are so cute. And they are okay to use – IF the patients signed a valid HIPAA authorization before the videos were taken.
 
Without a HIPAA authorization, the cute factor fades, and we are left with a potential HIPAA breach to investigate.
 
Thinking of going viral? Have fun – but make sure everyone involved understands the HIPAA consequences.

What you can do:

Read More

Topics: Training and Education, HIPAA, Social Media, security, privacy

Last Chance: Sign up for MPA's Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 6/7/22 12:03 PM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

Subscribe to MPA’s Compliance Newsletter and Stay on Top of Compliance

Posted by Margaret Scavotto, JD, CHC on 5/25/22 8:45 AM

MPA scours OIG, DOJ, FBI, OSHA, & OCR updates so you don't have to.

We summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Read MPA’s News Report to stay current with compliance news and developments. Then, forward the News Report (or excerpts) to your Board, Compliance Committee, and management team, to keep them informed with little effort. MPA’s clients use the News Report to find ideas for compliance and HIPAA training, and identify areas where policies or audits are needed.

This month’s issue includes:

  • A summary of the 33 OIG health care fraud enforcement cases announced last month
  • Examples of False Claims, Kickback, opioid, and state enforcement from last month
  • Items added to the OIG Work Plan  
  • The latest OIG Advisory Opinion
  • OSHA update
  • Four new HIPAA enforcements, including a dentist who told a patient to "Get a life" in response to an online review
  • The end of multiple COVID-19 PHE waivers for SNFs
  • The DOJ's first settlement under its Civil Cyber-Fraud Initiative
  • Biden's Cyber Incident Reporting Act, which will require health care providers to notify CISA of cyber incidents within 72 hours
  • Telehealth for 151 more days
  • ... and more!
  • You can read a sample report here

Price: $25/month

Cancel any time.

Subscribe today

 

Read More

Topics: Training and Education, compliance

Sign up for MPA's Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 5/19/22 8:45 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

Sign up for MPA's Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 5/4/22 8:15 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

Download MPA's Free HIPAA Resource Guide!

Posted by Margaret Scavotto, JD, CHC on 4/26/22 9:00 AM

HIPAA has been around for years -

but that does not mean complying with HIPAA is easy.

The rules are long, and require a lot of policies. The Security Rule requires a HIPAA Security Risk Analysis - a task that is interdisciplinary, comprehensive, and detailed. Plus, HIPAA guidance and risks are continually changing - and so should your HIPAA training.

MPA's goal is to make HIPAA easier.

We hope this HIPAA Resource Guide provides some practical, step-by-step tools to help you evaluate, implement, or upgrade to a robust HIPAA compliance plan.

Contents:

  • HIPAA In a Nutshell
  • HIPAA Checklist
  • The Top 5 Social Media Posts Your Privacy Officer Fears Most
  • Tackling Social Media
  • How to Conduct a HIPAA Security Risk Analysis
  • Physical Safeguards
  • Technical Safeguards
  • Administrative Safeguards
  • Breach Notification
  • MPA Can Help
  • About Margaret
  • About Scott

Download now!

Read More

Topics: Training and Education, HIPAA

Subscribe to MPA’s Compliance Newsletter and Stay on Top of Compliance

Posted by Margaret Scavotto, JD, CHC on 4/20/22 8:45 AM

MPA scours OIG, DOJ, FBI, OSHA, & OCR updates so you don't have to.

We summarize enforcement trends and deliver the latest compliance and HIPAA developments to your inbox with our Monthly Compliance News Report.

Read MPA’s News Report to stay current with compliance news and developments. Then, forward the News Report (or excerpts) to your Board, Compliance Committee, and management team, to keep them informed with little effort. MPA’s clients use the News Report to find ideas for compliance and HIPAA training, and identify areas where policies or audits are needed.

This month’s issue includes:

  • A summary of the 33 OIG health care fraud enforcement cases announced last month
  • Examples of False Claims, Kickback, opioid, and state enforcement from last month
  • Items added to the OIG Work Plan  
  • The latest OIG Advisory Opinion
  • OSHA update
  • Four new HIPAA enforcements, including a dentist who told a patient to "Get a life" in response to an online review
  • The end of multiple COVID-19 PHE waivers for SNFs
  • The DOJ's first settlement under its Civil Cyber-Fraud Initiative
  • Biden's Cyber Incident Reporting Act, which will require health care providers to notify CISA of cyber incidents within 72 hours
  • Telehealth for 151 more days
  • ... and more!
  • You can read a sample report here

Price: $25/month

Cancel any time.

Subscribe today

 

Read More

Topics: Training and Education, compliance

Have You Trained Your Board On Compliance This Year?

Posted by Margaret Scavotto, JD, CHC on 4/6/22 8:30 AM

 

Your Board is responsible for compliance failures. And, board members can be held personally liable for financial losses caused by those compliance failures.

In other words, your Board is ultimately responsible for your compliance program.

Does your Board know this?

Board Responsibility

The OIG has said: “every Board is responsible for ensuring that its organization complies with relevant Federal, State, and local laws.” 

And, the OIG Compliance Program Guidance for Nursing Facilities, Footnote 4, explains that corporate directors can be personally liable for compliance failures: “Recent case law suggests that the failure of a corporate director to attempt in good faith to institute a compliance program in certain situations may be a breach of a director’s fiduciary obligation. See, e.g., In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 970 (Ct. Chanc. Del. 1996).”

The Caremark lawsuit established that the Board has:

A duty to attempt in good faith to assure that a corporate information and reporting system,

  • which the Board concludes is adequate, exists,
  • and that failure to do so under some circumstances, may...render a director liable for losses caused by non-compliance with applicable legal standards

Keeping Your Board Informed

The Board has a big job with respect to compliance. This means that on-going board training and education should be on every Compliance Officer’s task list as a standing item. Annual training is not enough and can be accomplished with MPA put together an outline of what this might look like:

Need Help? MPA Can:

  • Train your board by Zoom
  • Provide written education for your board
  • Do you need training topics? Purchase a subscription to MPA’s Compliance Newsletter. Once a month, MPA provides a summary of OIG, DOG, FBI and OCR enforcement updates as well as recent compliance and HIPAA news stories. You can read a sample report here

Read More

Topics: Board Involvement, Training and Education, compliance

Earn CEUs with MPA's FREE Compliance Webinars!

Posted by Margaret Scavotto, JD, CHC on 4/5/22 8:15 AM

 

 

Sign up for MPA's FREE Compliance webinars:

All webinars are 11:00 a.m. CST - 12:00 p.m. CST and are presented by Margaret Scavotto and Scott Gima.

 

April 6, 2022: Compliance Lessons from Ted Lasso

1.2 CCB CEUs

“Taking on a challenge is a lot like riding a horse, isn’t it?”

"You know what the happiest animal on Earth is? It's a goldfish. You know why? It's got a 10-second memory."

"If the Internet has taught us anything, it's that sometimes it's easier to speak our minds anonymously."

 

Ted Lasso, the Apple TV series that has earned a host of Emmys and Golden Globes, has become a household staple. For most of us, it’s a 29-minute mental break when our work is done for the day. But America’s favorite soccer coach also brings us some priceless compliance lessons. Leading a compliance program through and beyond a pandemic isn’t too different from leading a downtrodden soccer team in England: it’s challenging and requires continuous sources of motivation.

SIGN UP

 

May 11, 2022: Affordable Care Act Compliance Programs for Nursing Homes

1.2 CCB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; and a pandemic. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.

SIGN UP

 

The Compliance Certification Board (CCB)® has approved this event for up to 1.2  live CCB CEUs based on a 50-minute hour. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

    Privacy Policy           Terms of Use