On May 18, 2017, Compliagent's CEO, Nick Merkin, was interviewed on ABC News about the Wanna Cry virus and cyber-security. Click here to learn more about protecting your IT data: https://youtu.be/Nf5RZAUVQ6s.
On April 20, 2017, the Office for Civil Rights (OCR) announced that the Center for Children’s Digestive Health (CCDH) paid $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy rule. The settlement was initiated as a part of a compliance review following an investigation of a business associate, FileFax, Inc. FileFax stored records containing protected health information (PHI) for CCDH.
The investigation by the OCR revealed that the parties began sharing PHI since 2003 but neither party could produce a signed Business Associate Agreement (BAA) prior to October 2015.
The OCR has been reinforcing BAA requirements and has issued settlements with providers totaling $23 million in 2016. The Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) paid $650,000 as a settlement in 2016 as a result of lacking necessary BAAs. CHCS provided services to six skilled nursing facilities and the OCR received notification from each facility that a mobile device was stolen, potentially compromising 412 individuals' information. CHCS was found to have lacked the necessary BAA and did not conduct an accurate and thorough risk assessment of the potential risks and vulnerabilities of electronic protected health information (ePHI).
A BAA is not optional under HIPAA rules and regulations. If you have a vendor who performs certain functions involving PHI/ePHI you must have a signed BAA in place to comply with the requirements under OCR.
On April 24, 2017 Compliagent's Paige Pennington and Nick Merkin delivered the 2017 SNF Regulatory update on Physician Contracting in SNFs and The New Final Rule at the 2017 SNF Bootcamp in Downtown Los Angeles. Other presenters included Cassie Dunham from the California Department of Health, as well as other government and industry experts.
CMS issued a new Self-Referral Disclosure Protocol (SRDP) Form that provides a streamlined and standardized format for disclosing actual or potential violations of the physician self-referral law. The SRDP Form will reduce the burden on providers and suppliers submitting disclosures to the SRDP and facilitate our review of the disclosures.
Use of the form is mandatory effective June 1, 2017. Parties submitting self-disclosures to the SRDP are encouraged, but not required, to use the SRDP Form now. Visit the SRDP webpage to learn more.
Compliagent's CEO, Nick Merkin, Guests on a Special Episode of Healthicity's Podcast Series Entitled, "An Attorney Talks Compliance."
Nick Merkin, CEO of Compliagent, chats with compliance expert CJ Wolf from his office in sunny California about compliance from an attorney’s perspective.
Merkin explained why it’s so important for organizations to see compliance from an attorney’s perspective. And how his unique point of view provides an additional layer of protection from compliance violations. In this compelling interview, Merkin explains how organizing compliance functions is, “worth its weight in gold.”
Tune in to this podcast, An Attorney Talks Compliance, to find out how to:
Focus Compliance on Processes and Infrastructure
Organize Compliance Functions to Protect Against Litigation
Mitigate Legal Liabilities That Might Arise in Healthcare
Click here to listen and
OIG and HCCA Release Jointly-Prepared "Measuring Compliance Program Effectiveness: A Resource Guide"
On March 27, 2017 the OIG and HCCA released jointly-prepared guidance as to measuring the effectiveness of your organization's compliance program. How effective is your compliance program?
Get your copy here: https://oig.hhs.gov/compliance/101/files/HCCA-OIG-Resource-Guide.pdf.
On March 1, 2017, a Florida federal court imposed more than $347M in treble (three times) damages following a jury trial in a False Claims Act case. The four defendants operated 53 skilled nursing facilities and allegedly submitted false claims to Medicare and Medicaid.
The whistleblower for the case was a former nurse at two of the facilities . The particular allegations involved submitting false claims and fraudulent records to substantiate the false claim asserting that patients needed and received more care than was necessary.
Read more here: http://blog.providertrust.com/blog/false-claims-act-court-triples-whistleblower-damages
Memorial Healthcare System reported to OCR that the PHI of 115,143 patients had been impermissibly accessed by its employees and impermissibly disclosed to affiliated physician office staff. This information consisted of the affected individuals’ names, dates of birth, and social security numbers.
Read the Resolution Agreement and Corrective Action Plan, as well as OCR's Press Release concerning the settlement here:
New Attorney General Issues First Formal Guidance on the Evaluation of Corporate Compliance Programs in Federal Fraud Investigations
On February 8th, the U.S. Department of Justice (DOJ) issued new guidance on how the DOJ will evaluate corporate compliance programs during fraud investigations in determining whether to bring charges or negotiate settlements. The new guidance, which can be found on agency’s website as the “Evaluation of Corporate Compliance Programs,” lists 119 “sample questions” that the DOJ Fraud Section finds relevant to its analysis.
The questions are organized into the following categories:
Analysis and Remediation of Underlying Conduct
Senior and Middle Management
Autonomy and Resources
Policies and Procedures
Training and Communications
Confidential Reporting and Investigation
Incentives and Disciplinary Measures
Continuous Improvement, Periodic Testing and Review
Third Party Management
Mergers & Acquisitions