Healthcare Apps-How Much Privacy Do You Really Have?
By Susan Walberg, JD MPA CHC
Healthcare apps have become increasingly prevalent, with people using them for counting steps, monitoring their calories, or linking to various medical devices, to name just a few examples. Since the COVID outbreak, however, and the explosion of telehealth as a healthcare option, these apps have proliferated at an insane rate. As of 2020, there were 325,000 healthcare apps on the market, with more coming all the time.
Important Update: FTC Clarifies Health Breach Notification Rule- Healthcare Apps and Vendors Are Included
According to the Statement, the Health Breach Notification Rule ‘Helps to ensure that entities who are not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) nevertheless face accountability when consumers’ sensitive health information is compromised.” The Breach Notification Rule is not new, but this clarification is, and signals likely enforcement of a rule that has largely gone unenforced to date. The push to regulate apps came from Congress, and further legislation is likely.
Healthcare Apps and Data Privacy/Security Risks
Since the COVID outbreak and the explosion of telehealth as a healthcare option, these apps have proliferated at an insane rate. As of 2020, there were 325,000 healthcare apps on the market, with more coming all the time.
Whether you are a consumer who uses such apps, or a provider who wants to develop an app for patients to use, it’s important to understand some of the privacy and security risks that may accompany the use of such tools, and what to watch out for.
HIPAA, COVID, and Your Privacy
Although HIPAA (The Health Insurance Portability and Accountability Act of 1996) has been around for a long time, the COVID epidemic has spawned a slew of misunderstandings, disinformation, and erroneous claims about the law’s reach and impact.
Telemedicine: Fraud and Abuse During the COVID Pandemic
Telehealth or ‘virtual’ visits have increased over 11,000% when the pandemic-related changes by CMS were implemented, according to Medicare data for March/April of 2020. Previous reviews of telehealth services by the OIG revealed a 31% error rate, and this was well before such services became easier to provide. Given those high numbers, it isn’t surprising this is a high-risk issue.
Unfortunately, loosening the regulatory requirements opened the door to fraud by dishonest providers, telemedicine companies, and others.
The Department of Justice Issues New Guidance for Evaluating Compliance Programs, including Mergers and Acquisitions
By Susan Walberg, JD MPA CHC
As Private Equity companies and healthcare organizations move to grow or consolidate practices and organizations, one area of due diligence that is often overlooked is the evaluation of the compliance program and the compliance risks that are the natural result of a deficient program.
Coronavirus: 5 Compliance Issues to Watch
For those of us who are responsible for compliance, there are many new challenges, issues, and questions that arise as this situation rapidly unfolds. In addition, the federal government has been providing daily briefings which often announce new changes. Just this week they announced a willingness for providers to work across state lines. The Centers for Medicare and Medicaid Services, (CMS) has been issuing various waivers to states, which can be found on the CMS page under the Medicaid section.
As I think about this as a compliance person, and listen to the briefings, I see a few key topics that will generate questions and that people need to understand.
Merging or Growing Practices: Top 4 Compliance Issues to Consider
There is a lot of activity in the healthcare space these days. Venture capital companies getting involved with various lines of healthcare, smaller practices merging or growing, adding lines of business or services…it is easy to overlook certain compliance issues, especially those that aren’t usually top of mind anyhow.
On Being Grateful for the Bad Guys
We have all known them; that boss who walks around at 4:55 on a Friday afternoon looking for that ‘slacker’ who left a few minutes early, or who criticize any ‘out of the box’ ideas in order to maintain control. The manager who micro-manages employees and stifles creativity, who finds ways to intimidate independent thinkers and who actually punishes those who dare to offer unsolicited suggestions, even if it’s to benefit the organization. You know who I’m talking about, you’ve probably worked with some version of this person at least once.
Retaliation: More Common Than You Think
Retaliation is one of my favorite topics, not because I like the act of retaliation (of course!), but because it is so often misunderstood and I think it’s critical to provide education on this issue. No matter where I go, retaliation is relevant, and usually if I give a talk on this subject I will get pulled aside afterwards by someone with a story or question.
What You Don’t Know CAN Hurt You: Small Practice Compliance Challenges
As I have worked with a variety of physician practice groups and other smaller healthcare organizations, I have seen repeatedly that there are compliance gaps that can become expensive if left unattended.
The Opioid Epidemic: Key Tips for Providers to Reduce Risks
The opioid epidemic is in the news every day. State and federal regulators and law enforcement regularly investigate cases of drug diversion, ‘pill mills’, opioid over-prescribing, and even deaths from overdoses. Although most of those cases involve deliberate and knowing actions by providers, patients, drug companies, and other bad actors, the enforcement landscape has created a worrisome reality for physicians and other prescribers who are trying to take care of patients with chronic pain.
Why Leadership Teams Need Compliance
Compliance has become part of the landscape, especially in highly regulated industries like healthcare. If you ask any leader in the field of healthcare why you must have a compliance program, they will likely reference government laws, such as the Affordable Care Act, or will state that it is important for keeping the organization out of trouble.
Retaliation: What You Need to Know
Retaliation is one of those things that everyone knows is prohibited. If you are a leader, you know it’s not acceptable to punish an employee for reporting a concern. If you are an employee, you may fear losing your job if you speak up or ’cause trouble’. The problem, however, is that many people don’t really understand all of the things that can constitute retaliation or which activities by employees are actually protected.
When Do You Need an Interim Compliance Officer?
There are a number of occasions when an organization has the need to work on their compliance program; in many instances the first reaction is to start trying to hire someone to fill the role. Although ultimately the organization should have a full-time person, there may be occasions where it makes sense to take a step back and bring in an interim Compliance Officer.
Five Tips for Effective Leaders
If you have ever been in a leadership role, or worked in the corporate office of a large organization, you have undoubtedly encountered resistance from various departments, divisions, or individuals, whether passive or overt.
Whistleblowers: They may not be who you think they are!
The word ‘whistleblower’ conjures up images of Enron or other head-line grabbing stories where an employee is awarded millions of dollars for reporting some egregious action by their employer, who callously ignores the reports of wrongdoing in the search for profits.
Compliance Investigations-When Culture is the Issue
As a compliance professional, conduct- ing investigations is an essential part of the job. We are tasked with pre- venting and detecting wrongdoing, whether it’s violations of laws, regulations, or internal policies and procedures. Sometimes, however, we come to the end of our investigation and that there was no actual “violation” committed, but there is a discernable culture problem in the organization.