February 2018 Takeaways
Tear out this page and keep for reference, or share with a colleague. Visit hcca‑ info.org for more information.
Prepare now: Getting the most out
of the Compliance Institute
by Adam Turteltaub (page 21)
» Plan out your schedule for sessions before you go.
» Register early to avoid the crowds.
» Be sure to take advantage of the
» Don’t let work back at the office distract you too much
from the learning onsite.
» When you get back, make a list of key ideas to
follow up on.
The top government enforcement
priorities in healthcare: View from
by Scott R. Grubman (page 26)
» Fraud and abuse enforcement in the healthcare
industry continues to be a top priority for the federal
» Both the federal and state governments have focused
their resources to fight the opioid epidemic, including
investigating potential fraud and abuse related to
» Compounding pharmacies have remained a focus of
the DOJ in both civil and criminal investigations and
» The DOJ and private whistleblowers continue to
focus on hospice providers, leading to several large
settlements in 2017.
» Large pharmaceutical companies are under scrutiny
by federal authorities for violations of the False
EMTALA and the challenges of treating
behavioral health patients in crisis
by Catherine Greaves and
Kristin Roshelli (page 32)
» Hospitals need carefully developed policies and
procedures that address their EMTALA obligations.
» Emergency department staff need EM TALA training.
» Detailed and complete documentation of EM TALA
obligations is essential.
» Multiple modes of transport are available when
transporting behavioral health patients but each mode
carries associated risks and benefits.
» Hospitals should be familiar with CMS’s interpretations
of its EM TALA regulations, The Joint Commission
standards addressing patients boarded in the
Emergency department, and prior EMTALA
Exclusion checks: Making the search
by Andrew T. Wampler (page 40)
» Penalties for contracting with excluded parties can
» Excluded parties are identified in a database called the
List of Excluded Individuals and Entities (LEIE).
» Searches for excluded parties are critical
» Providers should verify the results of all LEIE searches.
» Providers should document and maintain all
SAMHSA publishes final rule revising
42 CFR Part 2
by Michael D. Bossenbroek (page 45)
» The final rule is the first substantive revision to 42
CFR Part 2 (Confidentiality of substance use disorder
patient records) since 1987.
» The final rule is in part an effort to modernize Part 2
in light of significant technological and regulatory
changes in the healthcare industry.
» In the final rule, Substance Abuse and Mental Health
Services Administration (SAMHSA) also announced
that it was issuing a Supplemental Notice of Proposed
» Whether the final rule goes far enough to modernize
Part 2 and address all stakeholder concerns remains
to be seen.
» Part 2 programs must review and revise Part 2 consent
forms, consider revising their policies and procedures,
and do further training based on the various changes
coming from the final rule.
Getting comfortable with
by Alan Wilemon (page 52)
» Continuous improvement has been used with great
success in other industries for a long time.
» These techniques are not a magic fix all, but they are
effective when used properly.
» An in-depth and tedious training is not required to
benefit from many of these principles.
» The identification and elimination of waste are basic
tenets of continuous improvement.
» Projects have a much better chance at success when
they are truly managed.
Writing specific policies for the Seven
Elements, Part 1: Elements I and II
by Scott Robinson (page 56)
» CMS’s Compliance Program Guidelines are purposely
general in nature to allow Sponsors to tailor their
compliance programs to their own organization.
» Sponsors should create policies and procedures
around the seven elements of an effective compliance
program in a manner or level that is most comfortable
» Policies and procedures should include the guidance
CMS provides in the Guidelines.
» The policies and procedures should be distributed to
all employees when they are created, when they are
updated, and annually thereafter.
» Do not forget to distribute the policies and
procedures to your temporary employees, volunteers,
board members, C-suite management, and
Maintaining HIPAA compliance as OCR
modernizes: Two questions to ask
by Jay Lechtman (page 61)
» Privacy breaches — and OCR investigations — continue
» OCR’s modernization efforts for breach reporting
provide healthcare organizations an opportunity to
think about updating and improving their own HIPAA
» Integrating privacy reporting with other incident
reporting activities and systems can improve
» Look at your current privacy reporting, risk
assessment, and affected party notification processes
to determine where you can automate.
» Don’t rely on manual processes to document critical
HIPAA compliance activities.
Post-acute care compliance issues,
Part 2: Home health and hospice
by Todd J. Selby and Robert W. Markette, Jr.
» New Conditions of Participation (CoPs) require home
health agencies (HHAs) to implement many changes
to patient rights and to use an objective, data-driven
approach for the Quality Assurance and Performance
Improvement (QAPI) requirement.
» Providers must prepare for the new CoPs based upon
the wording of the regulations, but be prepared to
adapt to the final interpretive guidelines when issued.
» The Office of Inspector General (OIG) has identified
vulnerabilities in payment, compliance, oversight, and
quality of care concerns, which can have significant
consequences both for beneficiaries and the
» Hospice providers are under increasing scrutiny, a
world home health has known for many years.
» Private equity investors interested in investing in post-acute care businesses must understand that there are
several compliance issues to consider when evaluating
any of these assets.
Digitally protecting patient information
by Eric Anderson (page 68)
» A survey shows that 66% of executives believe digital
health innovations are unclear.
» Digital technologies help healthcare providers protect
and secure patient information.
» Real-time verification of patient demographic and
insurance information supports compliance.
» Avoid delays when using technologies that enable
patients to sign consent forms.
» Cloud solutions offer added protection against theft of