DOJ Says “Knock on Our Door Before We Knock on Yours”

By Elizabeth E. Hogue

On March 7, 2024, the U.S. Department of Justice (DOJ) announced a new pilot program that includes financial incentives for whistleblowers to report violations. The new pilot program will be launched later this year following a process to develop and implement the pilot, which is expected to take ninety days.

The DOJ likens this new program to “the days of ‘Wanted’ posters across the Old West” in the sense that law enforcement has historically benefited by offering rewards for tips and information. When whistleblowers help the DOJ discover significant misconduct, they may benefit financially from monies recovered.

The goals of the pilot program are to:

  • Produce more evidence for successful white-collar criminal prosecutions
  • Impose more significant penalties on wrongdoers
  • Aid in prosecution of large-scale misconduct

Here are some details:

  • The core principle is that when individuals help DOJ identify significant misconduct that is otherwise unknown to DOJ, they may qualify to receive a portion of any resulting recoupments.
  • Payments to whistleblowers will be available only when:
    • All victims are properly compensated before whistleblowers
    • Whistleblowers provide truthful information
    • Information provided by whistleblowers is not already known to the DOJ
    • Whistleblowers are not involved in criminal activity
    • No other relevant financial disclosure incentive exists

The DOJ says that it expects the pilot program to increase the likelihood that employees will decide to report misconduct to the DOJ without first notifying companies that employ them. This result will significantly decrease benefits to companies that decide to self-report because the benefits of self-reporting are available only then the government does not already know about the misconduct. This incentive may produce a race to the DOJ by employers and their employees reminiscent of races to the courthouse. 

These incentives also underscore the importance of making it clear in Compliance Programs that employees and contractors are required to report alleged misconduct to their employers/partners first before they tell outside third-parties. Certain woe will come to companies that ignore these allegations or, God forbid, retaliate against potential whistleblowers. 

The DOJ and other fraud enforcers are generally enamored with whistleblowers and the information they provide. They are perhaps even more enamored with encouraging companies to self-report.

©2024 Elizabeth E. Hogue, Esq. All rights reserved.

No portion of this material may be reproduced in any form without the advance written permission of the author
 

Implementing HIPAA Security Rule: A Cybersecurity Resource Guide

NAHC

The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) announced the publication of the final version of Special Publication (SP) 800-66 Revision 2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource GuideThis revised publication, a collaborative effort between NIST and OCR, includes resources for HIPAA covered entities (most health care providers, health plans and health care clearinghouses) and their business associates to help their understanding of the HIPAA Security Rule, drive compliance with the law and bolster security. This is the latest action in this work for HHS, who released a Department-wide Cybersecurity strategy for the health care sector in December of 2023, and voluntary performance goals to enhance cybersecurity across the health sector in January 2024.

The publication provides an overview of the HIPAA Security Rule, strategies for assessing and managing risks to electronic protected health information (ePHI), suggestions for cybersecurity measures and solutions that HIPAA covered entities and business associates might consider as part of an information security program, and resources for implementing the Security Rule. Specific topic areas include:

  • Explanations of the HIPAA Security Rule’s Risk Analysis and Risk Management requirements.
  • Key Activities to consider when implementing Security Rule requirements.
  • Actionable steps for implementing security measures.
  • Sample questions to determine adequacy of cybersecurity measures to protect ePHI.

In addition to the publication itself, NIST has also provided supplementary content on its website to further assist HIPAA covered entities and business associates with strategies to improve their cybersecurity in specific areas including:

  • Telehealth/Telemedicine
  • Mobile Device Security
  • Ransomware & Phishing
  • Medical Device Security
  • Cloud Services
  • Internet of Things Used in Healthcare
  • Application Security
  • Supply Chain

NIST also updated its Cybersecurity and Privacy Reference Tool (CPRT). The CPRT shows HIPAA Security Rule regulations with links to additional NIST tools

OCR also maintains information on its website to assist regulated entities with their obligations to protect ePHI including HIPAA Security Rule Guidance Material and Cybersecurity Guidance Material.
 

NHPCO and We Honor Veterans Welcome CMS Clarification Regarding Medicare Hospice Benefit for Dually Eligible Veterans

The Centers for Medicare & Medicaid Services (CMS) recently issued Change Request 13523, which updates the Medicare Benefit Manual to clarify that a Veteran beneficiary who elects hospice services under the Medicare benefit may still receive services that are not included in the hospice plan of care and are furnished and paid under the beneficiary’s VA benefits, in addition to hospice services. This is a much-needed clarification that NHPCO and WHV have advocated for to help ensure eligible Veterans get the best possible care with access to the full suite of benefits to which they are entitled. It is also an important demonstration of how concurrent care can optimize the patient experience.
 

NEW! Hospice Model Election Statement

NHPCO

A revised CMS Hospice Model Example Election Statement was recently posted for provider use. NAHC and NHPCO met with staff at CMS last week and asked to have the Right to Request “Patient Notification of Hospice Non-covered Items, Services, and Drugs” section updated to reflect the current timeframe for supplying the election statement addendum. CMS changed the timeframe in 2021 to allow hospices to supply the addendum within 5 days from the date of request if requested within the first five days of hospice care and within 3 days if requested later in the course of care but had not updated the model election statement.

We also shared that there is some confusion about the Representative signature.  CMS revised both sections in the new model form. CMS will also be making some updates to the Model Example of “Patient Notification of Hospice Non-Covered Items, Services, and Drugs”, referred to more commonly as the Election Statement Addendum. Stay tuned to NAHC Report for notification of its posting.

Hospices that use the CMS model election statement or use the language from the model statement in their own customized election statement can begin using the form/revised language immediately for newly enrolling patients. NAHC encourages providers to make these updates as soon as possible as we anticipate the Medicare Administrative Contractors (MACs) and other audit contractors will soon be looking for these updates for new admissions. We are reaching out to the MACs to see if there is a specific date after which they will expect to see the new form/language in use. 

There is not a need to have currently enrolled patients sign a new election statement, although hospices can provide existing patients with the new statement if they’d like to do so; however, it should not have any impact on the patient’s effective date/start of care date for the Medicare hospice benefit.
 

Hospice Regulatory & Compliance Updates (Week of 03/17/24)

NHPCO

Change Healthcare Updates Timeline for Cyberattack Recovery

In February, Change Healthcare experienced a cyberattack that disrupted several of its network and system operations. Change Healthcare recently updated its timeline for restoring operations in response to a cyberattack, stating that electronic payment functionality will be available beginning March 15 and connectivity to the claims network and software would be reestablished on March 18. In response to this attack and its adverse impact on our nation’s healthcare system, on March 5, the U.S. Department of Health and Human Services released a statement providing instructions to providers impacted by this incident.

Hospice Medical Director and Administrator Reporting Instructions

Last month, the CMS MLN Connects newsletter clarified “that hospice and skilled nursing facility medical directors and administrators are always considered managing employees for Medicare provider enrollment purposes. You must report all current managing employees. If you haven’t reported a medical director or administrator, report them now.” This newsletter suggests that hospices should report any missing hospice medical director or administrator as soon as possible and should not wait for Medicare revalidation. Hospices can obtain information about the Change of Information process for reporting their medical director and administrator on the CMS enrollment website
 
More Articles...
<< first < Prev 11 12 13 14 15 16 17 18 19 20 Next > last >>

Page 12 of 346