Culture – Written in Sand Rather Than Set in Stone

We hear a lot about culture these days.  It seems every business management guru says the culture of the organization is the foundation for everything that happens.  I tend to agree with that statement; without a solid culture, the organization can often function more like a ship without a rudder, or a child chasing the […]

Compliance New Year’s Resolutions

As we turn the page on what can only be described as a “one of a kind” year we have a tremendous opportunity to look back at 2020 and really evaluate how the compliance program performed, and where 2021 might provide some opportunities to improve, change direction or re-tool the program. The pandemic forced providers […]

Dynamic and Evolving

In June 2019, when the Criminal Division of the Department of Justice, (DOJ), updated its guidance document on how prosecutors are to evaluate an organization’s compliance program, (Evaluation of Corporate Compliance Programs), one theme comes through loud and clear.  Compliance policies, procedures and controls should never become stale or stagnant.  Rather, the DOJ takes the […]

The Sequence is Important

Compliance program, policies, procedures, Code of Conduct

As I write this blog post I am watching the crew working on the road in front of my office. It has been a long 5 months, yes COVID has impacted us, but we have also been unable to get into our office parking lot due to a complete reconstruction of First Street where our […]

Dust Off the Code of Conduct and Bring It Back to Life

Most every compliance program has a document called the Code of Conduct, Code of Ethics or some other title that indicates the organization’s “commitment” to doing the right thing. Typically the document was drafted when the compliance program was first developed, and likely has not received much attention since then. It may be printed in […]

Honey, have you seen my HIPAA goggles?

I recently wrote a newsletter article on the importance of walking through the organization with “HIPAA Goggles” on as a way to see potential HIPAA issues that may be overlooked as we go about our jobs on a daily basis. Our brains typically call to our attention things that are different or out of place; […]

The Role of Documentation in the HIPAA Program

Providers spend a lot of time talking about how to improve the quality and timeliness of service documentation but there is another type of documentation that deserves our attention as well. Without proper and sufficient documentation it is nearly impossible to maintain an effective HIPAA program. If a provider experiences a breach that impacts more […]

We have a Compliance Officer, that’s all we need, right?

By now most organizations are aware that they need a compliance program and a person who is designated as the Compliance Officer, but HIPAA requires every organization to also designate a Privacy Officer and a Security Officer. In many organizations the Compliance Officer tends to wear all the hats but it is important to consider […]

“Alexa, Stop the Hackers!”

As we have seen in recent weeks, hackers have become very comfortable intruding in on our personal lives by exploiting the dozens of devices we have connected to the internet. There is even a podcast that hacks into in-home security cameras when the show is on the air and talks to the homeowners. I suppose […]

Change Your Thinking to Change Your World

A common frustration for many providers is the fact they keep dealing with the same types of HIPAA issues over and over. It seems no matter what type of training staff receive they continue to have conversations in public places, post photos on social media or leave protected health information out where it can be […]

Encryption is Your Best Insurance

On November 5, 2019 the Office of Civil Rights announced a settlement with the University of Rochester Medical Center where URMC agreed to pay $3 Million Dollars to the OCR and take “substantial corrective action” to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA).  It was alleged the actions of URMC […]

The Art of Writing a Good Policy

The world of health care does not suffer from a lack of policies. Most organizations have dozens or even hundreds of policies addressing everything you can imagine. Each time something happens or there is an adverse event, the natural reaction is to develop a new policy so the next time the situation arises the organization […]