Skip to main content

Relias Media has upgraded our site!

Please bear with us as we work through some issues in order to provide you with a better experience.

Thank you for your patience.

All Access Subscription

Get unlimited access to our full publication and article library.

Get Access Now

Interested in Group Sales? Learn more

AHC Media New Logo Transparent

Compliance Mentor - August 2016

HIPAA Update

Health System Agrees to Largest Settlement to Date

In the largest settlement of its kind, Illinois healthcare system Advocate Health agreed to pay $5.5 million and develop a corrective action plan to settle HIPAA violations due to data breaches. The violations include data protection violations related to electronic protected health information (ePHI) that have occurred over the past three years.

According to the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR), the massive settlement was due to the extent and duration of the hospital system’s noncompliance with data security laws, and the number of patients affected. The security lapses affected four million patients and included patient names, insurance information, credit card numbers, addresses, clinical information, and dates of birth.

The investigations began in 2013 when Advocate Health submitted three breach notifications to OCR, including a breach that involved unauthorized access to 2,000 patient records by a third-party billing partner, and another that included theft of desktop computers containing four million patient records from an Advocate administrative office. The OCR investigation revealed Advocate Health did not conduct a thorough assessment of risks and vulnerabilities in the system; did not implement policies and procedures; failed to implement reasonable safeguards involving an unencrypted, stolen laptop; and did not ensure that third-party business associates would provide safeguards for ePHI.

“We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI is secure,” said OCR Director Jocelyn Samuels in a statement. “This includes implementing physical, technical, and administrative security measures sufficient to reduce the risks to ePHI in all physical locations and on all portable devices to a reasonable and appropriate level.”


Fraud Penalties Have Nearly Doubled

Ensure Compliance with Anti-Kickback Laws

For the first time in 20 years, penalties for violations of anti-kickback laws have nearly doubled, due to terms in the Bipartisan Budget Act of 2015. The act called for penalty fines to adjust for inflation by August 2016.

The penalty for each false claim will go from a minimum of $5,500 to $10,781. The maximum per each false claim increased to $21,563 from $11,000 for each individual false claim. Most cases allege thousands of claims and the civil money penalties can quickly add up to millions of dollars.

According to the U.S. Department of Justice’s Fraud Section Year in Review 2015, 225 convictions, and 11 corporate resolutions and pleas resulted in fines and penalties of almost $4 billion. Two-thirds of lawsuits came from corporate whistleblowers, while other cases are settled with no penalties.

Restraint and Seclusion Horizontal Email Banner

Banner Health Suffers Year’s Largest Data Breach

3.7 Million Patient Records Breached

In yet another case of healthcare organizations falling prey to hackers, Banner Health announced a cyberattack recently occurred on servers that process food and beverage payments and contain patient records. The records and credit card information of up to 3.7 million patients, insurance plan members, doctors, and other providers were compromised in the largest healthcare data breach of 2016.

Compromised information includes patient names, addresses, and birth dates; physician names, dates of service, and clinical information; health insurance information; and Social Security numbers. At Banner Health food and beverage locations, credit card holder names, card numbers, expiration dates, and verification codes used between June 23 and July 7 were compromised.

At press time, Banner Health officials did not know the scope of patient records compromised and how far back the records go. There have not been any reports of the hackers using the stolen information. Banner Health is offering free one-year credit monitoring services.

Medicare Readmission Penalties Hit All-time HighLife Safety Code Email Banner Vertical

2,597 Hospitals Forfeit $528 Millions

Beginning Oct. 1, hospitals and other Medicare patient providers will lose a collective $528 million in readmissions and quality of care penalties.

Fiscal year 2017 will see about the same number of hospitals penalized – 2,597 – as last year, but the average maximum penalty will increase to its lifetime high of 3%. In all, more than half of the nation’s hospitals will be penalized on high 30-day readmission rates and quality measures such as heart attack, pneumonia, heart failure, COPD, total knee replacement surgery, and total hip replacement. A new measure of coronary artery bypass graft surgery has been added for FY 2017.

About 1,400 hospitals are exempt from penalties, including hospitals in Maryland, critical access hospitals, children’s hospitals, Veterans Administration hospitals, and psychiatric facilities.

Now with Even Better Pricing!

The Latest and Greatest CMS Nursing CoPs

Sign Up →
CMS Medical Records: What You Need to Know Sign Up →
Give Falls the Slip: CMS, DNV & TJC Hospital CoPs & Standards Sign Up →
1 & 7
EMTALA Update 2016: Deficiencies, Problematic Standards and Practitioner Liability Sign Up →
Infant and Pediatric Abductions: Prevent the Unimaginable Tragedy Sign Up →
Safe Injection Practices and IV Push Guidelines: Compliance with CDC and CMS Standards Sign Up →
Restraint and Seclusion: CMS, DNV, & TJC Guidelines and Standards Sign Up →
Discharge Planning: CMS Worksheet & Standards Sign Up →


APN 20% off offer code image_APNM20_V2 EM Report Study Guide 2017 Mastering CMS Survey