HIPAA IT Compliance Guide

“What exactly are the many ongoing effects of the federal Health Insurance Portability and Accountability Act (HIPAA) on health information technology (HIT)?” asks Lori Beerman in channelinsider’s Managed Services.

“What is HIPAA? To address the emerging role of health care technology, Congress passed HIPAA in 1996. The U.S. Department of Health & Human Services (HHS) codified the following primary HIPAA rules between 2000 and 2013 to implement and refine the law’s requirements:

  1. Privacy Rule
  2. Security Rule
  3. Final Omnibus Rule (includes Enforcement Rule)”

Read the guide.




Circuit Court Judge Charged with Falsifying Evidence

Circuit Court Judge Julie A. Introcaso was arrested today on several felony and misdemeanor charges, was released in Indepth New Hampshire.

The charges consist of:

  • Two class B felony counts of falsifying physical evidence
  • Two class A misdemeanor counts of tampering with public records or information
  • One class A misdemeanor count of unsworn falsification

Read the article.




Corporate Transparency Act: New Requirements to Disclose Ownership Information to the Federal Government

“The Corporate Transparency Act (CTA) became a law on January 1, 2021, and it has significant implications for many new and existing United States and foreign business entities,” report Matthew J. Ertman and Max Brunner in The National Law Review.

“The law will impose completely new, time-consuming and expensive compliance requirements on normal small business enterprises, even though it is expressly targeted to combat “money laundering, the financing of terrorism, proliferation financing, serious tax fraud, human and drug trafficking, counterfeiting, piracy, securities fraud, financial fraud, and acts of foreign corruption …” There are significant penalties, including fines and imprisonment, for willful failures to report according to the CTA. This article provides an executive summary of what you need to know to be ready for the CTA.”

Read the article.




Banner Health to Pay OCR $200K for HIPAA Right of Access Failures

“The Department of Health and Human Services Office for Civil Rights reached a $200,000 civil monetary penalty and a corrective action plan with Banner Health, to resolve potential violations of the HIPAA Privacy Rule Right of Access standard,” reports Jessica Davis in Health IT Security’s HIPAA and Compliance News.

“The Arizona-based healthcare system is one of the largest in the US, with more than 30 hospitals and a range of primary care, urgent care, and specialty facilities. The settlement covers more than 74 covered entities included under the Banner Health umbrella.”

“Announced as an enforcement priority in 2019, the OCR RIght of Access Initiative is designed to support the right of patients to access their medical records in a requested format and in a timely fashion, for a reasonable fee. While required under HIPAA, data shows many providers fail to meet the privacy rule requirements.”

Read the article.




Pilgrim’s Pride Settles Price-Fixing Lawsuit for $75M

“Tyson Foods separately struck an agreement to settle with the group of chicken buyers to settle price-fixing claims, but did not disclose the amount … Tyson reportedly did not admit wrongdoing in the settlement, which is still subject to court approval, reports Lillianna Byington in Food Dive.

“Pilgrim’s Pride agreed to pay $75 million to chicken buyers to settle price-fixing claims, according to an 8-K filing with the U.S. Securities and Exchange Commission. The amount will be reflected in Pilgrim’s upcoming Q4 earnings.”

“This settlement comes just months after Pilgrim’s agreed to pay a $110.5 million fine as part of a plea deal with the U.S. Department of Justice’s antitrust division in the price-fixing investigation.”

Read the article.




HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security

“The HIPAA Safe Harbor bill amends the HITECH act to require the Department of Health and Human Services to incentivize best practice cybersecurity for meeting HIPAA requirements,” reports Jessica Davis in Health It Security’s News.

“The Senate unanimously passed the legislation without amendment on December 19.”

“The legislation directs HHS to take into account a covered entity’s or business associate’s use of industry-standard security practices within the course of 12 months, when investigating and undertaking HIPAA enforcement actions, or other regulatory purposes.”

Read the article to learn more.




2021 Corporate Compliance & Litigation Outlook for Manufacturers

“In late 2012, we created the Manufacturing Law Blog with the goal of providing our manufacturing clients with a holistic approach to the unique issues facing manufacturers that operate globally. Starting in 2016, we made sure our first three posts of the year are dedicated to providing a yearly outlook from our different vantage points,” posts Jeffrey White in Robinson+Cole’s Manufacturing Law Blog.

This article addresses corporate compliance and litigation issues that manufacturers will face in 2021.

Read the article.




After Top Staff Exodus, Texas AG Seeks $43M for Google Suit

“The mass exodus of Texas Attorney General Ken Paxton’s top staff over accusations of bribery against their former boss has left the Republican seeking $43 million in public funds to replace some of them with outside lawyers to lead a high-profile antitrust lawsuit against Google,” reports Jake Bleiberg from the Associated Press in ABC News’ U.S. News.

“Former Paxton aides told The Associated Press that before they reported him to the FBI in September and began resigning, the lawsuit against the search engine giant was set to be handled internally by what is one of the largest state attorney general’s offices in the U.S.”

“The outside lawyers’ contracts put a price tag on the fallout from Paxton’s deputies accusing him of crimes in the service of a wealthy donor who employs a woman with whom the attorney general allegedly had an extramarital affair. It remains to be seen how much taxpayers will ultimately shell out under the complex deals.”

Read the article.




Compliance Checkup: Year End 2020 – No Looking Back

“We often think of 20/20 vision in the context of great eyesight. But this analogy about perspective is especially meaningful in health care. If there is one good thing about the year 2020, it is that it has given us many opportunities to have great perspective. And while we’d love to forget it and not look back, we would be remiss if we did not try to use our new perspective as we forge ahead,” writes Nicole M. Thorn in Brouse McDowell’s Health Care.

This post shares, from a legal perspective, some priorities you may want consider for 2021.

Read the article.




HIPAA 2021 – What Can We Expect?

“… public health issues dominated 2020 and with the country’s attention focused on COVID-19 testing, status, transmission and care, HIPAA went mainstream. Health information became critical not only for health care providers, but for all manner of businesses, employers, property owners, and the national media. HIPAA – or more often than not ‘HIPPA’ – was frequently touted in the news and on social media as the reason why COVID-related information could or could not be shared. As we head into 2021 with the pandemic raging on, the vaccination program underway, and a new administration taking over, here is a look at what we expect for ‘HIPPA’ in 2021,” write Dianne J. Bourque, Ellen L. Janos and Michelle L. Caton Mintz’ Insights Center.

Read the article.




IRS Fishing Expedition Is Successful and Raises Important Attorney-Client Privilege Concerns

“The attorney-client privilege is one of the bedrocks of the legal profession,” write James Dawson and Kevin E. Packman in Holland & Knight’s Insights.

“It permits communications between a client and an attorney to remain privileged. The U.S. Supreme Court has stated that by assuring confidentiality, the privilege encourages clients to make ‘full and frank’ disclosures to their attorneys, who are then better able to provide candid advice and effective representation. Upjohn Co. v. United States, 449 U.S. 383, 389 (1981). On the other hand, courts sometimes view the attorney-client privilege as preventing full disclosure. As a result of these conflicting views, the attorney-client privilege ‘protects only those disclosures necessary to obtain informed legal advice which might not have been made absent the privilege.’ Fisher v. United States, 425 U.S. 391, 403 (1976).”

This article discusses Taylor Lohmeyer Law Firm P.L.L.C. v. United States and the prior decision.

Read the article.




Insurance Lawyer’s Alleged Ripoff Scheme

“The Florida Bar has filed its fourth complaint against Miami-Dade County attorney Scot Strems, alleging that Strems and the Strems Law Firm (SLF) engaged in a pattern of duplicitous behavior and subterfuge to enroll property owners into legal services,” reports Michael Carroll in Florida Record’s Attorneys & Judges.

“In October, a court referee appointed by the state Supreme Court recommended that Strems be suspended from the practice of law for two years, as well as a one-year probationary period, over the filing of multiple property owner claims that critics say drive up premium costs for all the state’s homeowners.”

“The latest complaint, which was filed with the Florida Supreme Court on Nov. 24, alleges that Strems and his firm engaged in a series of actions involving deceit and solicitation through third parties, whom the Florida Bar refers to as “Strems Consultants.” Strems’ actions violated eight of the bar’s ethics rules, according to the complaint.”

Read the article.




Measuring Compliance Training Effectiveness

“Since at least 2017, the Department of Justice (DOJ) has emphasized the need for a determination of compliance training effectiveness. In the 2020 Update, it stated under the section entitled ‘Form/Content/Effectiveness of Training’ the following questions, How has the company measured the effectiveness of the training? Have employees been tested on what they have learned? How has the company addressed employees who fail all or a portion of the testing? Has the company evaluated the extent to which the training has an impact on employee behavior or operations?”posted FCPA Compliance & Ethics in their blog.

“No company executive would ever say a company does not need to conduct compliance training. However, compliance training is just one part of the overall compliance program. It is not the entire program. The compliance program is designed to (1) prevent compliance violations and (2) protect the company when a compliance issue occurs.”

Read the article.




Avoiding “Contextual Compliance” in the Year of COVID and Beyond

“Despite 2020 being an unprecedented and challenging year for business, the government has not slowed down its record-breaking enforcement actions,” discuss Tiffany N. Bracewell, Abigail A. Hazlett and Christen Tuttle in Troutman Pepper’s Insights.

“In late October, the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a $3.3 billion settlement with banking giant Goldman Sachs for violations of the Foreign Corrupt Practices Act (FCPA) — shattering Airbus SE’s $2.09 billion record breaker from only February. Goldman became the first American company to hold the top spot in more than a decade. Pursuant to a deferred prosecution agreement and a subsidiary’s guilty plea, Goldman admitted to using a third-party intermediary to bribe high-ranking government officials in Malaysia and the Emirate of Abu Dhabi, ultimately resulting in $6.5 billion in underwriting business for the firm. Notably, that scheme was detected — and objected to — by Goldman’s compliance organization, to no avail.”

Read the article.




Dykema’s 5th Annual Definitive Conference For Dental Service Organizations

The 5th Annual Definitive Conference for Dental Service Organizations sponsored by Dykema will be at the Omni Dallas Hotel on July 18–20, 2018.

In a release, the firm said the event presents an opportunity to learn about current best practices in the areas of legal, regulatory, compliance, tax, consumer finance, billing, operations, M&A, financial reporting and other industry-specific issues. It is an immersive event for practice owners, executives, investors and in-house counsel.

“If you are new to DSOs or would like to expand or improve your current organization, this event offers solutions for various levels of your organization,” the firm said.

More information.

 

 

 




Compliance Training: Effective Enough to Avoid the Headlines?

NAVEX Global has produced a new ethics and compliance benchmark report that provides key statistics to measure and prove the value of educating employees on the right topics.

The report can be downloaded from the company’s website.

Most companies are using compliance training to teach employees about respect, ethical behavior and legal requirements. Yet companies continue to make headlines for bad employee behavior, NAVEX Global says on its website.

In the 2017 Ethics & Compliance Training Benchmark, NAVEX Global collaborated with an independent research firm to deliver data that answers questions like:

  • What are the typical employment law training courses provided?
  • What issues threaten training effectiveness?
  • How are organizations aligning training with risk?
  • How often, and on what topics, are boards training on?

The report also gives guidance on rigorous methods to use such as maximizing data from hotlines, measuring changes to behavior and more.

Download the report.

 

 




Webinar: HIPAA and the Compliance Officer

MentorHealth will present a webinar, HIPAA and the Compliance Officer, addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur.

The 90-minute event will be Wednesday, August 9, 2017, 10 a.m. PDT (1 p.m. EDT).

The webinar also will address major changes under the Omnibus Rule and any other applicable updates for 2017. Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.

On its website, MentorHealth says the primary goal is to ensure everyone is well educated on what is myth and what is reality with this law.

“I will uncover myths versus reality as it relates to this very enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors,” says instructor Brian Tuttle. “I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK! In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).”

Topics will include:

  • Do you have an affective HIPAA compliance program?
  • New laws and funding mean increased risk for both business associates and covered entities
  • HIPAA Omnibus – Do you know what’s involved and what you need to do?
  • What does Omnibus mean for covered entities and business associates?
  • Why should you be concerned?
  • Court cases that are changing the landscape of HIPAA and patient’s ability to sue

“It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to what we need to do as compliance officers,” according to Tuttle. “You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.”

Speaker Profile
Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting.

Register for the webinar.

 

Join Our LinkedIn Group

 




Webinar: The Future of Whistleblower Hotlines Revealed

Hotline - phone - operator - call centerNavex Global will present a complimentary webinar on the company’s annual Ethics & Compliance Hotline Benchmark Report, a tool compliance professionals around the globe reference every year to help measure their program and highlight areas for improvement.

The event will be Tuesday, March 21, 2017, beginning at 10 a.m. Eastern time. Anyone who registers but can’t attend the live event will receive a link that will provide access to the recording at a later date.

Navex studied more than 936,000 anonymized reports from their clients’ intake systems, analyzed the data and interpreted the trends.

This webinar will address questions such as:

  • Are the number of reports increasing or decreasing?
  • What’s happening with case closure times?
  • Are retaliation reports being substantiated within the organization at higher rates?
  • How do open door reports impact the data?

Register for the webinar.




Management Needs to Own Core Programs

By Patty P. Tehrani
Lawyer and Founder of Policy Patty Toolkit

So much focus right now on the new administration in place. Not to mention the rampant speculation about what they will do about various financial regulations and how dramatically this landscape is expected to change. As if this were not enough, your company has a new Chief Executive Officer (CEO). She has requested a meeting with you, the General Counsel, to meet to discuss your ethics, risk and compliance programs to learn more about them. She also wants to get your insights on what she and management should do to avoid the common pitfalls highlighted in recent corporate scandals.

As an experienced lawyer, this is welcome news. You know that a company’s governance, risk and compliance programs (“core programs”) should be promoted by management to truly be effective. You are all too familiar with recent headlines regarding the lack of management focus on a company’s core programs resulting in poor company culture and irreparable systemic failures. Often these scandals involve management that has delegated ownership for their company programs and most definitely ignorant to the risks and issues involving them. Most end up with dire consequences – share price plummets, employees lose morale and leave, customers leave, and overall the brand and reputation diminish. And while your company’s prior management did a good job to promote your core programs more can still be done.

This article provides key considerations to help you prepare for your meeting with your CEO.

Note: You can define management however you deem fit for your company. This can include boards of directors where appropriate and your business leaders such as the chief executive officer, president, chief financial officer, the heads of product/business lines as well regional divisions for global companies.

Preparing for Your Meeting

You decide that the focus of your meeting will be on management ownership of your core programs. To prepare for your meeting, you want to make an outline of discussion points. As a starting point, you want to note what ownership does not mean, which can be delegated to the subject matter experts. That is – the development, implementation, and maintenance of a core program which can be delegated to the subject matter experts – Legal, Risk or Compliance departments (as well as others). Next and most importantly, you list how management can own these programs. In doing so, you want to make sure that you underscore the benefits. To help your discussion consider the following points:

• Tone at the Top – Management should set an effective “Tone-at-the-top” to communicate their commitment to core programs and to promote the need for them.

  • Formal and documented adoption of a program (e.g., notice from management to all employees that they have approved a core program).
  • Regular communication from management on a program (e.g., management messages on your programs via training, company websites, inclusion in town halls, or periodic reminders on program requirements to name a few).

• Embed in the Business and Culture – Management should lead efforts to incorporate program requirements and risks into the company’s overall business strategy, processes, and operations. Taking an integrated approach will lead to better overall performance and ultimately your bottom line by avoiding different and possibly conflicting business and control requirements.

  • Unintegrated program risks and vulnerabilities may affect the ability of a company to fulfill its business strategies and objectives.
  • Failed or deficient programs may result in costly disruptions to core business activities leading to harmful breakdowns in business operations and ultimately the company’s viability.
  • Jeopardizing the company’s continuity and integrity increases the potential for reputational damage — in the market, among shareholders, and with business partners.

In addition, a core program should not be viewed in isolation of a company’s core values, mission, and culture. Management should align a core program with a company’s core values, mission, and culture to reap tangible benefits.

  • A strong program provides important benefits including safeguards for weak or absent controls, and integral to an open environment of trust, accountability, and integrity – all ingredients that benefit productivity and the bottom line.
  • While every company is unique, there are a few universal program outcomes/objectives that it every company would benefit from:
    • an enhanced culture of trust, accountability, and integrity;
    • process for prevention, detection, and management of issues;
    • protection (to the extent possible) from negative consequences, and detection of non-compliance;
    • defined escalation measures for non-compliance and material issues; and

• Accountability – Management should foster a culture of accountability to help the success of a core program. Accountability requires management to know what the material issues are with a core program and how to act on them promptly.

  • Escalation – A defined escalation process to alert management is critical to management accountability. This is particularly important when the company is getting close to (or crossing) a risk or challenge that prevents the achievement of a material program objective or deliverable or runs afoul of a legal, regulatory or business requirement.
  • Monitoring – Program processes and results should be monitored and measured on a regular basis. If done properly, monitoring measures keep regulators happy during reviews, but more importantly keep management informed and accountable.

Robust monitoring and reporting results can be used to:

  • facilitate management response to program issues and challenges;
  • help company’s gauge progress of objectives and how they are contributing to the success of the company’s strategy;
  • improve program components from time-to-time; and
  • prevent, detect, and respond to identified malfeasance in the future.

Note: Be mindful of matters that may warrant referral or reporting to the relevant governmental agency or regulator following presentation to management.

o Access – Management should ensure key areas have access to them to ensure timely, proper and informed responses to program issues.

  • Key program administrators and messengers – Legal, Compliance, Risk Management, Operations, Human Resources, Audit, Information Technology – need unrestricted access to management to help them respond to the issue/challenge.
  • Responsibility – Management should also be prepared to go so far as to take the blame for a material failure involving a core program. Consider when a company CEO publicly acknowledges responsibility for a company failure, everyone takes notice – employees, investors, business partners and industry regulators.
  • Support – Management should support program leaders and administrators so that they have the authority and sufficient resources to: 1) manage a program on a day-to-day basis; and 2) maintain them in the event of regulatory and operational changes, varying and possibly increasing risks.

You’ve drawn your outline together and ready to discuss with your CEO. You know that by working together, management and program administrators can help ensure a core program not only contributes to the improvement of the company’s governance practices but the success of its company’s strategy as well.

Join Our LinkedIn Group

 




IRS Rolls Out New Compliance Campaigns for Large Businesses

Banking - taxes - moneyThe Internal Revenue Service’s Large Business and International division is taking a new approach to tax compliance, with a series of 13 campaigns aimed at cracking down on tax evasion, reports Accounting Today.

Reporter Michael Cohn writes that the IRS division is moving toward issue-based examinations and a compliance campaign process in which it decides which compliance issues present enough of a risk that they require a response.

Those responses, known as “treatment streams,” could include examinations and letters to achieve the IRS’s tax compliance objectives, leveraging IRS expertise in various compliance issues, Cohn explains.

Some of the areas considered will be tax credits for advanced energy projects, people who withdraw from or are denied entry to the Offshore Voluntary Disclosure Program, TV broadcasters and channels who claim film production tax credits for distributing shows produced by third parties, and micro captive insurance.

Read the Accounting Today article.

 

Join Our LinkedIn Group