Lobbying Affiliate: MML&K Government Solutions
{ Banner Image }

Healthcare Law Blog

Comprehensive Healthcare law services.
It's kind of our bag.

Contact Us

250 Character(s) Remaining
Type the following characters: november, tango, november, niner

* Indicates a required field.

Categories

McBrayer Blogs

Related Blogs

Showing 14 posts in Audit.

OIG and CMS Audits Present New Round of Compliance Concerns for Healthcare Providers

Since the beginning of the Public Health Emergency, Centers for Medicare and Medicaid Services (“CMS”) and the Centers for Disease Control and Prevention (“CDC”) data reflect over 44 million COVID-19 cases, 3 million COVID-19 related hospitalizations, and 720,000 COVID-19 deaths. COVID-19 has placed enormous stress on our healthcare system. Federal and state responses to COVID-19 have woven a complex and complicated safety net by easing regulatory requirements through waivers and funneling billions of dollars to providers among many other actions.  Just as the pandemic may finally be easing, federal focus on use of COVID-19 resources promises to increase healthcare providers’ stress.  More >

HIPAA and “Meaningful Use” Audits: Issues to Consider and How to Prepare

As more and more providers adopt electronic health records (“EHRs”) systems (and with new regulations concerning their required use for purposes of Medicare billing for chronic care management, their popularity can only continue to grow), a myriad of compliance issues continue to surround them. To that end, the federal government has stepped up auditing programs to ensure compliance with HIPAA/HITECH as well as making sure taxpayer money has been invested wisely through the Meaningful Use program. The bent of these audit programs is clearly along the lines that applicable covered entities and business associates should be preparing with a “when” mindset, rather than “if,” as these audits are going to happen. More >

Preparing for Round Two, Continued

Earlier this week, information about OCR Phase 2 HIPAA audits was provided. Today, let’s take a look at how to prepare if your entity is selected for an audit:

  • Confirm that a recent comprehensive Risk Assessment has been completed and documented.
  • Confirm that all action items identified in the Risk Assessment have received attention and have been completed (or are in the process of being completed).
  • Verify that policies are up-to-date, including breach notification procedures, notice of privacy practices, and responses to patient requests.
  • Ensure that a current list of business associates (and their contact information) is readily available.

Because Phase 2 does not consist of on-site visits, there will not be an opportunity for dialogue with auditors. Therefore, it is crucial to ensure that documentation alone shows a complete picture of an entity’s compliance efforts. All documents should be carefully reviewed, dated, and signed before turned over to an auditor. While providing extraneous information is not recommended, it is important to double-check that all requested and necessary information is submitted.

Phase 2 audits set to occur in 2016 will focus on the Security Standard’s encryption and decryption requirements, facility access controls, breach reports and complaints. It is never too early to start considering what protocols, training, and procedures will need to be implemented in anticipation of a possible audit related to these items.

In the event you are selected for a Phase 2 audit and have any questions about your responsibilities or what you can do to ensure a smooth process, contact a McBrayer healthcare attorney today.

Services may be performed by others.

This article does not constitute legal advice.

Are You Ready for Round Two?

In February 2014, the Health and Human Services Office of Civil Rights (“OCR”) announced its plans to send pre-audit surveys to between 550 and 800 entities during the summer in preparation for Phase 2 HIPAA compliance audits. After collecting information from those surveyed, OCR will select about 400 of those entities for actual HIPAA audits. Those audits will begin this fall – which is quickly approaching. More >

DOJ Intervenes In Case Involving ACA’s 60-Day Overpayment Rule

Recently, the Department of Justice (“DOJ”) intervened in a qui tam whistleblower suit in the US District Court for the Southern District of new York, which involves Continuum Health Partners and several Mount Sinai-related hospitals. United States ex. Rel. Kane v. Continuum Health Partners, Inc. et al, (Civil Action, No. 11-2325(ER)). While DOJ intervention in whistleblower cases is not unusual, this case is significant because the DOJ’s complaint specifically alleges that the defendants failed to return Medicaid overpayments within 60 days, as required by the Affordable Care Act (“ACA”). The case is one of the first to explore the issues and interpret the requirements of the 60-Day Rule. More >

FINALLY SOME RELIEF TO PROVIDERS—CMS ORDERED TO NO LONGER APPLY A COMMON RULE OF THUMB WHEN AUDITING

Health care providers are always at risk of a payor audit, and contracted auditors seem to be more aggressive now than ever. While MIC, MAC, and ZPIC audits as well as pre-payment reviews of late have become more efficient with the use of rules of thumb to flag specific codes commonly misapplied, the U.S. District Court of Vermont’s ruling in Jimmo v. Sebelius puts the brakes on such fishing expeditions.   In holding that, in the case of skilled nursing services, there is no “improvement standard” and claims should be reviewed on a case by case basis, the court has limited CMS in its ability to apply arbitrary standards in denying reimbursement for covered services. More >

All Eyes on Hospice Care

In 2013, the Department of Justice (“DOJ”) and Office of Inspector General (“OIG”) charged the nation’s largest for-profit hospice chain, Vitas Innovative Hospice Care (“Vitas”), with false Medicare billings, inappropriately admitting patients with “aggressive marketing tactics,” and misleading patients and families about Medicare hospice benefits. This suit is just one of many recently filed against hospice providers, indicating that they are being watched keenly by enforcement authorities and government agencies. More >

A New HIPAA Security Risk Assessment Tool For Your Compliance Arsenal

On Friday, the U.S. Department of Health and Human Services (HHS) announced a new security risk assessment (“SRA”) tool for small and medium size healthcare providers. The downloadable tool (available for free here) is a self-contained, independent application that is available for Windows and iOS platforms. The SRA works by asking a series of in-depth questions about the provider’s activities and facilities. The “yes” or “no” answer format for each question reveals whether corrective action is needed in a particular area. Additional resources in the SRA help providers understand the risks associated with the use, disclosure and storage of protected health information. The SRA offers providers the opportunity to generate, update and document assessment materials and corrective action plans through the SRA; documentation is especially important for audit purposes. More >

Secure Text Messaging in a HIPAA World? Part II

Earlier this week, I referred to mobile applications such as TigerText and Doc Halo which are being touted as a method of “HIPAA-compliant” texting. These apps allegedly secure protected health information (PHI) sent via text message to ensure providers’ compliance with HIPAA privacy law. Covered entities must realize, however, that the use of these apps alone is not sufficient to pass a HIPAA audit. While HHS has not banned the texting of patient information, it has made clear that an organization should approve it only after “performing a risk analysis or implementing a third-party messaging solution that incorporates measures to establish a secure communication platform that will allow texting on approved mobile devices.” More >

Secure Text Messaging in a HIPAA World?

Texting is becoming an increasingly acceptable form of communication in the business world, but can it be relied upon in the health care industry? There are numerous advantages to texting in the fast-paced world of health care. In an environment where time is of the essence, voicemails and pagers can slow down providers’ care and fail to convey adequate information. A text, on the other hand, is both immediate and can be detail-specific. In addition, texting can involve more than one sender and/or receiver in a closed-loop conversation, and, unlike through the paging system, a sender can be notified when the message has been read by the receiver(s). Text messaging can not only improve an entity’s efficiency, but it can also serve as a way to easily connect with patients, thereby improving quality of care. More >

Lexington, KYLouisville, KYFrankfort, KYFrankfort, KY: MML&K Government Solutions