The enforcement of white-collar crime laws in the healthcare sector is likely to expand under the Biden administration, particularly regarding fraud associated with the billions of dollars in grants Congress allocated to hospitals and other health providers for pandemic relief.
The federal government’s fraud and abuse enforcement priorities are shifting in response to COVID-19. Risk managers should be ready to adapt their compliance programs in response to the changing risks.
The Department of Health and Human Services Office for Civil Rights has issued waivers and notices of enforcement discretion for several issues related to Health Insurance Portability and Accountability Act compliance, but healthcare organizations still must be careful to comply with the privacy law even during the pandemic.
The Executive Office for United States Attorneys recently announced that because of the COVID-19 pandemic, the U.S. Department of Justice (DOJ) has temporarily halted enforcement actions and the collection of civil penalties. The original period ran through May 31, but DOJ said it may extend the period.
The Office for Civil Rights has issued waivers and notices of enforcement discretion for several issues related to Health Insurance Portability and Accountability Act compliance, but healthcare organizations still must be careful to comply with the privacy law even during the pandemic.
CMS also drops routine surveys to focus on coronavirus
April 2, 2020
Responding to respirator shortages during the outbreak of novel coronavirus, the Occupational Safety and Health Administration has issued a memorandum allowing “enforcement discretion” by compliance officers citing the Respiratory Protection standard (29 CFR § 1910.134).
Law enforcement requests for blood alcohol levels are legally complex for ED providers. A Supreme Court ruling states no warrant is needed to draw blood from unconscious patients suspected of driving intoxicated.
The Office for Civil Rights usually has much less patience and understanding when the covered entity or business associate has not adopted required HIPAA policies and procedures, has not properly trained and retrained its employees (no less often than once per year), failed to conduct required periodic enterprise-wide risk assessments, or failed to investigate and report a breach timely.
Responding to subpoenas is a routine task for risk managers and general counsel, but just because it is routine doesn’t mean it should be taken lightly. There are right and wrong ways to respond, and your actions at this early stage of potential litigation can affect the outcome later.