CMS Urged to Recoup and Audit EHR Incentive Payments

Posted on June 29, 2017 by BSW

According to a report released by the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) on June 12, 2017, the Centers for Medicare and Medicaid Services (CMS) overpaid an estimated $729 million in Medicare electronic health record (EHR) incentive payments to participating providers. (The full report is available at https://oig.hhs.gov/oas/reports/region5/51400047.asp). The OIG reviewed whether CMS’ oversight of the Medicare EHR incentive program was sufficient and whether eligible professionals (EPs) nationwide met Medicare incentive payment program requirements and received appropriate incentive payments. Alarmingly, the OIG urged CMS to recoup and audit these incentive payments based on its findings. Participating EPs and hospitals should be cognizant of the ramifications of CMS’ recommendations, including the potential for an audit and recoupment. Continue reading →

Recent $400K HIPAA Settlement with FQHC Highlights Importance of HIPAA Security Management Process

Posted on May 1, 2017 by BSW

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), recently entered a $400,000 Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement with Metro Community Provider Network (MCPN), a federally-qualified health center (FQHC). The settlement serves as a stark reminder that all covered entities, including FQHCs, must meet the HIPAA Security Rule requirements and that OCR is continuing to step up enforcement efforts in this area. Continue reading →

First Ever HIPAA Enforcement Action for Delay in Breach Reporting

Posted on January 27, 2017 by BSW

A delay in timely breach notification may now cost you. The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently entered a settlement with Presence Health for untimely reporting a breach of unsecured protected health information (PHI). Presence discovered that its operating room schedules containing PHI for 836 individuals were missing on October 22, 2013. Under the HIPAA Breach Notification Rule, breaches like this which involve >500 individuals are required to be reported to the individuals, prominent media outlets and OCR without unreasonable delay and in no case later than 60 days. Presence did not report the breach to OCR until January 31, 2014, approximately 100 days after discovering the breach. OCR’s investigation concluded that Presence failed to notify, without unreasonable delay and within 60 days of discovering the breach, each of the 836 individuals, the media and OCR. Presence agreed to pay $475,000 to settle the potential violations.

The Press Release and Resolution Agreement are available on the OCR website.

Written by: Jacob Simpson

OIG Releases Updated Guidance on IRO Independence and Objectivity for Performing Corporate Integrity Agreement Reviews

Posted on August 24, 2016 by BSW

The U.S. Department of Health and Human Services Office of Inspector General (OIG) released today, August 24, 2016, an updated guidance on the OIG’s views on the applicable independence and objectivity standards for Independent Review Organizations (IROs) that perform reviews required under Corporate Integrity Agreements (CIAs), such as claims reviews and cost report reviews. The OIG has previously issued guidance in 2004 and 2010 to reflect updated standards and the additional types of IRO reviews included in CIAs. This OIG guidance released today is to reflect the 2011 revisions to the GAO accounting standards. Continue reading →