This comprehensive guide explains CMS FWA compliance requirements, who must comply, essential training mandates, and how healthcare organizations can protect themselves from costly enforcement actions.

What Is Fraud, Waste & Abuse in Healthcare?

Understanding FWA is the first step to compliance.

Fraud

Intentional deception to receive unauthorized benefits.
Examples: billing for services not provided, falsifying records, kickbacks.

Waste

Overuse or misuse of services that cause avoidable costs.
Examples: unnecessary tests, inefficient workflows, excessive supply use.

Abuse

Practices that result in unnecessary costs but are not intentional.
Examples: upcoding, improper billing, misusing procedure codes.

CMS places heavy emphasis on preventing FWA because improper billing drains federal resources and hurts patients. Training your staff to identify FWA is a core compliance requirement.

Who Is Required to Follow CMS FWA Compliance Rules?

You must comply with CMS FWA requirements if your organization:

• Bills Medicare, Medicaid, or CHIP
• Participates in Medicare Advantage (MA) or Medicare Part D
• Provides downstream, delegated, or subcontracted services for MA or Part D plans
• Handles claims, coding, billing, or documentation used for federal reimbursement

This includes:

• Medical practices
• Dental practices participating in Medicaid
• Pharmacies and outpatient clinics
• Behavioral health and allied health organizations
• Third-party billing companies and revenue cycle vendors

If you touch Medicare or Medicaid reimbursement at any point in your workflow, CMS requires your organization to maintain FWA compliance.

CMS Fraud, Waste & Abuse Compliance Requirements

1. Annual CMS FWA Training Requirements

CMS mandates initial and annual FWA training for anyone involved in federal healthcare programs. Required topics include:

• How to identify fraud, waste, and abuse
• Reporting processes and whistleblower protections
• Federal laws: False Claims Act, Anti-Kickback Statute, Civil Monetary Penalties
• CMS general compliance program expectations
• Standards of conduct and ethical behavior

Organizations must keep records of training completion for CMS and Medicare Advantage audits.

2. Written FWA Policies & Code of Conduct

CMS requires every provider to maintain and distribute written compliance policies that outline:

• Prohibited billing practices
• Documentation requirements
• Disciplinary actions for non-compliance
• Ethical standards and staff expectations
• Steps for reporting fraud, waste, and abuse

Your Code of Conduct should be accessible, reviewed annually, and part of new-hire onboarding.

3. Confidential Reporting Mechanisms

Healthcare organizations must provide confidential and anonymous ways to report compliance concerns, such as:

• Fraud hotlines
• Online reporting portals
• Direct access to the compliance officer
• Whistleblower protection policies

CMS expects a culture where staff feel safe reporting potential FWA violations.

4. Designated Compliance Officer & Committee

A CMS-compliant FWA program requires:

• A Compliance Officer responsible for oversight
• A Compliance Committee (recommended for larger organizations)

Duties include:

• Monitoring billing accuracy
• Overseeing FWA training and policy updates
• Corrective action planning
• Responding to CMS, OIG, and Medicare Advantage plan inquiries

5. Ongoing Monitoring, Auditing & Risk Assessment

A robust FWA compliance program includes:

• Regular auditing of claims and documentation
• Identifying high-risk billing patterns
• Correcting errors before they become violations
• Internal monitoring of coding accuracy
• Reviewing vendor and subcontractor compliance

CMS, OIG, and Medicare Advantage plans frequently audit providers, making proactive monitoring essential.

6. Exclusion List Screening (OIG & SAM.gov)

CMS and OIG require healthcare organizations to ensure that employees, contractors, and vendors are not excluded from federal healthcare programs.

You must screen:

• OIG LEIE (List of Excluded Individuals/Entities) monthly
• SAM.gov for federal exclusions
• State databases

Hiring or contracting with excluded individuals is a serious compliance violation and can lead to civil monetary penalties.

7. Effective Response & Corrective Action Plans

If a potential FWA issue is identified, CMS requires organizations to:

• Investigate promptly
• Document all findings
• Report violations to CMS, Medicare Advantage plans, or OIG when necessary
• Implement corrective actions (training, policy revisions, disciplinary steps)
• Prevent recurrence through monitoring and re-education

Failing to respond to known violations can result in False Claims Act liability.

Penalties for FWA Non-Compliance

Healthcare providers who fail to meet CMS FWA compliance requirements can face:

• Large civil monetary penalties
• False Claims Act lawsuits
• Exclusion from Medicare and Medicaid
• Criminal prosecution for intentional fraud
• Repayment of overbilled claims
• Loss of licensure or provider enrollment
• Reputational damage and contract termination

Even unintentional mistakes—classified as waste or abuse—can cost organizations thousands in fines.

How MedSafe Supports CMS FWA Compliance

MedSafe helps healthcare organizations implement complete CMS Fraud, Waste & Abuse compliance programs, including:

• CMS-compliant FWA training for medical and dental teams
• Policy development and Code of Conduct templates
• Monthly Exclusion List Monitoring
• Compliance officer support and oversight
• Internal audits and risk assessments
• Medicare and Medicaid enrollment assistance
• Documentation systems to support CMS and MA plan audits

Our compliance experts help reduce your risk, streamline documentation, and ensure your organization meets all CMS requirements.

Conclusion

CMS Fraud, Waste & Abuse compliance is essential for any healthcare provider that bills federal programs. By implementing strong FWA training, consistent auditing, and proactive reporting processes, your organization can reduce risk while maintaining integrity and financial stability.

Have Questions?

At MedSafe, we help healthcare organizations navigate compliance through customized training, audits, and policy development. Don’t wait for an audit to reveal a gap—take action now to protect your practice and your patients.

Contact us today to schedule a compliance review or training session.

Additional Resources:

https://www.cms.gov

The post CMS Fraud, Waste & Abuse (FWA) Compliance Requirements: A Complete Guide for Healthcare Providers appeared first on MedSafe.

Although the program has now been underway since January 2017, a recent survey indicates that more than half of healthcare providers (64%) still feel they are unprepared to meet the new requirements of the law. (1)  The positive news is that providers have the ability to pick their pace, which allows for some flexibility, transitional time, and helps practices avoid penalties.

Below are some key points practices should consider for MACRA success:

1. Pick your team- All healthcare systems and medical groups should identify a team of key leaders to head the MACRA transition.  
2. Register with CMS– The deadline for groups to register with CMS is no later than June 30, 2017.
3. Educate Staff– Meaningful and ongoing education is necessary for all staff members. MACRA training should be tailored toward each department to address varying concerns. Education tools may also be helpful such as e-learning courses. Making education convenient and accessible is key to adoption. (3)
4. Report data-  The Centers for Medicaid and Medicare Services (CMS) requires eligible clinicians to report on three performance categories for a consecutive 90-day period. Although, it is important to track data the entire year, it is only necessary to submit data for a 90-day period in order to receive a potential positive adjustment. Providers may also report just one measure to prevent the penalty. Doing nothing at all, will result in a 4% reduction in 2019 payments. (2)
5. Review current data and reporting methods– MACRA requires careful tracking and reporting. Identify current vendors and consolidate reporting methods. CMS encourages organizations to streamline their vendors to reduce the administrative burden. Only one submission mechanism for each performance category is permitted. (2)
6. Make Patient Experience the Core Focus– Patients outcomes and experience should remain the core focus.

Ultimately, MACRA success is a collective team effort within a practice or organization. Management should build a team and work with clinicians to select right measures that work best for their practice. Always keeping patients front and center of the implementation is key to success.  

References:

1. http://www.stoltenberg.com/documents/surveys/2017HITOutlookSurvey.pdf
2.  https://www.studergroup.com/resources/articles-and-industry-updates/insights/february-2017/five-tips-to-jumpstart-your-macra-strategy
3. http://www.beckershospitalreview.com/finance/the-macra-marathon-3-keys-on-training-for-success.html

The post Tips for MACRA Success appeared first on MedSafe.

The Medicare Access and CHIP Reauthorization Act (MACRA) has been finalized and will affect all providers that care for at least 100 Medicare patients or bill more than $30,000 a year. CMS made some critical revisions to the previous bill which includes a more flexible start date in the first year. Adjustments were also made to the low-volume threshold for small practices, the advanced APM was established as a standard to promote participation in value-based care models, EHR requirements were simplified, and the medical home model was established to promote care coordination. Below are five important facts to know about the final MACRA rule: 

When does MACRA begin?

• The program begins January 1, 2017, but providers who are not ready yet can begin collecting performance data anytime between January 1, 2017, and October 2, 2017. Regardless, the start date, performance data is due by March 31, 2018. Data collected in the first year will determine payment adjustments beginning Jan. 1, 2019.

What happens to providers that choose not to participate in MACRA? 

• If providers fail to send their data, they will receive a negative 4% payment adjustment in 2019. The penalty increases each year to 5% in 2020, 7% in 2021 and 9% in 2022.

What are the options for provider participation?

• The final rule includes two options for provider participation: Merit-Based Incentive Payment System (MIPS), and the Advanced Alternative Payment Model (APM). 

Have there been any changes made to MIPS?

• The Merit-Based Incentive Payment System (MIPS) is a program that determines Medicare payment adjustments. What has changed in this program from the proposed rule is that in the first year, providers will not be assessed on cost or resource use. Once MIPS has been fully implemented then payment adjustments will be based on the following four categories:
  • Quality (Physician Quality Reporting System)
  • Advancing Care Information (Meaningful Use)
  • Clinical Improvement Activities (New category)
  • Cost (Value-Based Modifier) 
• Some experts believe postponing the cost category for a year will help ease the transition for providers. 

How does the final rule affect small practices? 

• CMS has reduced the time and cost to participate, increased the availability of Advanced APMs to small practices, and are providing $20 million a year in outreach and technical support to small practices over the next five years.

For more information about MACRA: https://qpp.cms.gov/

The post The Final 5 – MACRA Rule appeared first on MedSafe.

The following items or services are DHS:

• Clinical laboratory services
• Physical therapy services
• Occupational therapy services
• Outpatient speech-language pathology services
• Radiology and certain other imaging services
• Radiation therapy services and supplies
• Durable medical equipment and supplies
• Parenteral and enteral nutrients, equipment, and supplies
• Prosthetics, orthotics, and prosthetic devices and supplies
• Home health services
• Outpatient prescription drugs
• Inpatient and outpatient hospital services

The Stark Law contains several exceptions which include physician services, in-office ancillary services, rental of office space and equipment, employment relationships, joint ventures in rural areas, ownership in publicly traded securities and mutual funds, financial relationships with hospitals, etc. Some of these are more complicated than others.

Penalties for a Stark Law violation include:

• Payment denial
• Refund of payment received
• Penalties of up to $15,000 for each violation
• Three times the amount of wrongful payment received from Medicare
• ·       Exclusion from the Medicare/Medicaid
• Payment of up to $100,000 for each attempt to circumvent the Stark Law

The following questions are helpful indicators to determine if a provider is in violation of the Stark Law:

• Are the patients in question using Medicare?
• Are any of the services in question designated health services?
• Does the entity have a financial relationship with the referral?

If the answer to any of these is “no,” the entity is not in violation of the Stark Law. If you or your medical office has a question regarding the Stark Law, contact the experts at MedSafe at 1-888-MEDSAFE or visit our website at www.medsafe.com.

References:

https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/index.html?redirect=/physicianselfreferral/

https://en.wikipedia.org/wiki/Stark_Law

The post The Stark Basics for Medical Practices appeared first on MedSafe.

What is patient engagement?

Patient engagement has become a key strategy that refers to the tools and actions taken by patients, caregivers, and healthcare providers to promote informed decision-making and behaviors to facilitate improved health outcomes. 

The importance of “patient engagement” has been widely researched and discussed with evidence supporting its significance on lowering cost and improving patient outcomes. What is interesting is that amid all of the industry buzz “patient engagement” is not a revolutionary new concept. 

In the business world, it is called “consumer engagement.” Retailers, banks, and other service related industries have all been providing their customers with information, tips and other forms of communication attempting to engage their consumers. For decades, marketers have been seeking new strategies to engage the customer, create better experiences, and strengthen brand relationships all aimed at improving outcomes. Those who don’t deliver are likely to be put out of business by those that meet this demand. There is nothing new or groundbreaking about this strategy. In fact, it is in almost every marketing and business textbook ever written. 

Perhaps the healthcare industry is finally catching up with the rest of the business world and recognizing that in order to grow and be successful in a competitive marketplace, patients need more in the way of information, quality, access, and accountability.

Technology’s role in patient engagement

Medical providers have long understood the value of having a patient engaged in their own health. While the concept of “patient engagement” may not be new, what is new is the significant role that technology is having on patient engagement. A recent survey performed by Deloitte suggests patient engagement is seeing the most growth within the use of technology.

Consumers are becoming more trusting of healthcare information online. Social media and patient portal use for healthcare data have also seen significant growth. We are living in a connected and engaged society. The internet allows us to get what we want on demand at our fingertips. Patients and consumers have started placing these same expectations on healthcare. 

Below are a few statistics from Google and PewResearch Center that further support the impact technology is having on patient engagement: 

• 4.7 billion: daily Google searches
• 1 in 20 Google searches is for health-related information
• 80% of Internet users seek online health information
• 77% of patients used a search prior to booking an appointment
• 66% of Internet users look online for information about a specific disease or medical problem
• 44% of Internet users look online for information about doctors or other health professionals

Technology and tools for patient engagement

Some of the latest technologies focused on patient engagement involve managing patient health data, managing communication with physicians, self-care at home, education, and financial management. From wearable tech and medical devices to patient portals and personal health records, all of these innovations are aimed at improving the overall patient experience. 

With the implementation of health information exchanges, electronic health records, and patient portals, patients are naturally becoming more engaged in their health. Healthcare institutions and practices should embrace and integrate these changes while seeking to adapt to this new and rapidly evolving landscape.

Of course, all of these tools are useless if the patient does not have interest in taking an active role in their health. Patient engagement requires action that must be initiated and sustained by the individual. It is also through the encouragement of the provider that patients learn to utilize tools and technology that produce improved health results. If neither the provider nor the patient is not interested in the utilization of these technologies, then no one will benefit from them. Engagement implies active involvement. All parties must be willing to participate and embrace the shift to technology, in order to achieve better outcomes and reduce costs.

What are the benefits of patient engagement?    

Research has proven that individuals, who are engaged in their health, are more likely to achieve better health outcomes.

Benefits of improved patient engagement include:

• Reduced costs: Technology such as EMR/EHR can help improve workflow through the use of shared information. This can reduce or eliminate paperwork, assure accurate information and provide patients with a better experience. Technology can reduce errors, improve scheduling, insurance, and payments.
• Increased communication: Through the use of technology, physicians and patients can communicate with one another more often and provide updates or changes on the patients’ condition.
•  Increased patient satisfaction: Through increased communication and more information regarding their health, patients are more confident regarding their condition and diagnoses. 
• Population health: Through the improvement of health-related information systems, scientist can analyze public health data that can help to identify trends and improve outcomes.

Challenges of patient engagement

For healthcare institutions and medical practices, successful patient engagement relies not just on new technology but also on a cultural shift. As the industry adapts to these changes, providers and healthcare administration must be prepared to face obstacles such as: 

• Difficulty shifting behaviors
• Different communication preferences
• Lack of health information exchanges
• Technology ease of use
• Operational and implementation challenges
• Workforce reluctance

The many benefits of new health care technology and patient engagement have been proven to outweigh the costs and challenges of implementation. However, successful adaptation and cultural shifts rarely occur without obstacles. Also, one of the biggest challenges that remain is the implementation of effective evidence-based methods of measurement for patient engagement. 

Current practices devoted to improving patient engagement show a lack of defined guidelines and confusion about what patient engagement is, how it is achieved, and how to produce meaningful outcomes. Researchers and policymakers recognize the importance of having an evidence-based measurement of patient engagement, as it is a necessary tool for planning and implementing initiatives. However, with very few studies and limited data available, there is a lack of clearly defined evidence-based guidelines available. 

While researchers and stakeholders continue to debate the most effective methods of measuring patient engagement techniques, more formalized studies are underway. In the meantime, healthcare providers will be performing their own analytics and measurements regarding their patient engagement activities.

References:

Patient Engagement Best Practices Resource Document. Retrieved from: http://www.brighamandwomens.org/Research/centers/PCERC/documents/PCERC%20Patient%20Engagement%20Best%20Practices%20Resource%20Document.pdf

How Technology Shapes Patient Engagement. Retrieved from: http://www.coretechrevolution.com/latest-news/228-how-technology-shapes-patient-engagement

Measuring patient engagement. Retrieved from: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC4376060/

Can Healthcare Effectively Measure Patient Engagement. Retrieved from:

http://healthitanalytics.com/news/can-healthcare-effectively-measure-patient-engagement

The post The Importance of Patient Engagement and Technology in Today’s Healthcare Market appeared first on MedSafe.

Healthcare-associated infections are a major, preventable, threat to patient safety and one of the leading causes of death in the United States. Approximately, 1 in 25 hospital patients has at least one healthcare-associated infection. This adds up to $33 billion in excess medical costs every year.

In efforts to increase infection control and reduce the risk of hospital-associated infections, regulatory agencies such as The Joint Commission have recommended standards of practice for hospital accreditation. Medicare has implemented financial incentives to reduce and eliminate health- associated infections. In addition, the more recent introduction of state-mandated public disclosure of infection rates has increased accountability through consumer awareness and engagement.

According to some experts, these efforts are not enough as there are currently no national standards for reporting hospital infections. Research from John Hopkins suggests the current system of reporting healthcare quality is non-standardized and haphazard. Claiming most states do not have a standardized system for the collection of data, which leads to great variation in the results making comparisons difficult if not invalid. Many believe the country would be better served by a national standard for hospital infections, and a greater transparency would help lower infection rates.

Guidelines and Protocols

Despite the debate over federal and state regulations, healthcare-associated infections are preventable and should be made a priority wherever healthcare is delivered. The Centers for Disease Control has provided guidelines to infection prevention for outpatient settings which include: hospital outpatient clinics, non-hospital clinics, physician offices, urgent care centers, surgical centers, public health clinics, imaging centers, oncology clinics, behavioral health clinics, substance abuse clinics, physical therapy and rehabilitation centers.

These CDC guidelines should apply to all patient care in any healthcare setting. http://www.cdc.gov/HAI/pdfs/guidelines/Outpatient-Care-Guide-withChecklist.pdf

Infection control protocols within physician offices and clinics should mirror these guidelines and standards. The following key points should be addressed when policies and procedures for infection control protocol are developed:

• Administration should provide financial and human resources, including equipment and supplies to maintain proper infection prevention.
• The practice should have at least one individual on staff trained in infection prevention or is regularly available to the practice.
• This staff member should be involved in the development and implementation of policies for infection prevention according to regulations and standards.
• Infection prevention policies should be re-assessed on a regular basis. 

Additional recommendations from the CDC guidelines include:  

• Administrative recommendations
• Health association infection surveillance and reporting
• Education and training of healthcare personnel
• Hand hygiene
• Use of personal protective equipment
• Cleaning, disinfection, and sterilization of medical equipment
• Respiratory Hygiene/Cough Etiquette
• Cleaning and disinfection of environmental surfaces
• Safety injection practices

For additional information:

CDC’s guidelines for infection prevention in any outpatient healthcare setting

http://www.cdc.gov/HAI/pdfs/guidelines/Outpatient-Care-Guide-withChecklist.pdf

Top CDC Recommendations to prevent Healthcare-Associated Infections

http://www.cdc.gov/HAI/pdfs/hai/top-cdc-recs-factsheet.pdf

CDC Recommended Infection Control Practices for Dentistry

http://www.cdc.gov/mmwr/PDF/rr/rr5217.pdf

The post Infection Control guidelines, who needs to follow what protocols? appeared first on MedSafe.

Knowing and understanding the principles and various sterilization methods, in addition to consistent monitoring, helps to ensure effective sterilization, patient safety, and cost-effectiveness. These same standards should apply regardless whether the patient care is being provided, in an acute care hospital, ambulatory surgical center, outpatient facility, dental or physician’s office.

Non-compliance of sterilization
What is deeply concerning is the astounding rates of sterilization non-compliance. Healthcare Associated Infections are among the leading causes of preventable deaths and the most common complication of hospital care in the United States. It has been reported, that 1 in 25 hospital patients has at least one healthcare-associated infection.

According to Joint Commission, (a non-profit organization that accredits and certifies healthcare organizations nationwide), in 2013 the non-compliance of hospitals, ambulatory and office-based surgery facilities to reduce the risk of infections associated with medical equipment, devices, and supplies was one of the top five non-compliant requirements.

Sterilization non-compliant rates in 2013

• Hospitals (46 percent)
• Critical access hospitals (47 percent)
• Ambulatory care (38 percent)
• Office-based surgery (29 percent)

Prevention of Healthcare Associated Infections
Studies have shown that with the proper education and training, health care workers increased compliance and adoption of best practices to prevent Heath Acquired Infections. The financial benefit of using these prevention practices is estimated to be $25.0 billion to $31.5 billion in medical cost savings, but most importantly would be the reduction of preventable deaths and healthcare-related infections. For more information regarding proper sterilization guidelines visit:http://www.cdc.gov/hicpac/pdf/guidelines/Disinfection_Nov_2008.pdf

What is being done now to increase compliance of sterilization and reduce Healthcare Associated Infections?
In recognition of Healthcare Associated Infections as an important issue of patient health and safety, the US Department of Health and Human Services has coordinated prevention efforts across the federal government and devised a plan and roadmap called “The National Action Plan to Prevent Healthcare Associated Infections”. This roadmap to elimination contains strategies on preventing HAIs in non-acute care hospital settings and supports further research on how to identify and control HAIs in these settings and apply evidence-based approaches for reducing HAIs. The knowledge gained from these research and demonstration projects is expected to lead to additional national objectives for HAIs. For more information visit: http://health.gov/hcq/prevent-hai-action-plan.asp

Recommendations from the ADA, OSAP and CDC:

ADA “[Chemical] indicators should be used with each load. Biological monitors should be used routinely to verify the adequacy of sterilization cycles. Weekly verification should be adequate for most dental practices.”

— American Dental Association. Infection control recommendations for the dental office and the dental laboratory (May 1996)

OSAP “The use and functioning of heat sterilizers should be biologically monitored at least weekly, or more often if the practice demands it, with appropriate spore tests. Place the spore strips or vials inside a pouch, bag, pack or cassette, and include this package as part of the normal load through a normal sterilizer cycle. Always use a control spore strip or vial (not heat processed but otherwise treated identically to the test strips or vials) with each spore test performed. Additionally, chemical indicators should be used on the inside of
each package during every sterilizer load. Accurate records of sterilization monitoring must be maintained. A chemical indicator from inside each pack may be initialed and dated for each day of patient care and kept in a file. The weekly spore test for each heat sterilization unit may be kept in the same file. Biologically monitor whenever there is a change in packaging, following equipment repair; retest after failure and when training new employees.”

— (OSAP) Organization for Safety, Asepsis and Prevention- Infection control
in dentistry guidelines (September 1997)

CDC “Proper functioning of sterilization cycles should be verified by the periodic use (at least weekly) of biologic indicators(i.e., spore tests). Heat-sensitive chemical indicators (e.g., those that change colorafter exposure to heat) alone do not ensure adequacy of a sterilization cycle but may be used on the outside of each pack to identify packs that have been processed through the heating cycle. A simple and inexpensive method to confirm heat penetration to all instruments during each cycle is the use of a chemical indicator inside and in the center of either a load of unwrapped instruments or in each multiple instrument pack; this procedure is recommended for use in all dental practices.

— Centers for Disease Control and
Prevention. Recommended infectioncontrol
practices in dentistry, 1993
(May 1993)

The post Is spore testing for the sterilization of instruments federally mandated? appeared first on MedSafe.

On June 9, 2015, the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) posted a new Fraud Alert to its website
(http://oig.hhs.gov/compliance/alerts/guidance/Fraud_Alert_Physician_Compensation_06092015.pdf) cautioning physicians who enter into compensation arrangements, such as medical directorships, that such arrangements may violate the federal Anti-kickback statute if steps are not taken to ensure that payments reflect fair market value for the bona fide services that the physician actually provides.

The post OIG ISSUES FRAUD ALERT WARNING appeared first on MedSafe.

Section 7 of the National Labor Relations Act, which is enforced by the NLRB, protects employees’ rights to engage in certain protected activities. As explained in the report, protected activities include:

• Discussing wages, hours, and other terms and conditions of employment with fellow employees as well as with nonemployees such as union representatives.

• Criticizing or protesting the employer’s labor policies or treatment of employees.

• Arguing and debating among employees about unions, management, and terms and conditions of employment.
• Communicating with the news media, government agencies, and other third parties about wages, benefits, and other terms and conditions of employment.

• Taking photographs and making recordings in furtherance of protected concerted activity.

• Going on strike.
• Engaging in concerted activity to improve their terms and conditions of employment, even if that activity is in conflict with the employer’s interests.

The report clarifies what handbook language, in the NLRB’s view, violates employees’ Section 7 rights. Highlights of the report include the following:

Confidentiality Policy

A confidentiality policy violates the Act if it specifically prohibits employees from discussing the terms and conditions of their employment or reasonably would be read to prohibit such discussions. The scope of confidential information should be defined sufficiently to make clear that “confidential information” does not include information relating to the terms and conditions of employment.

Policies Regulating Employee Conduct Toward the Company and Supervisors

Rules that specifically ban or reasonably would be interpreted to ban employees from criticizing the employer or management are unlawful, absent sufficient clarification or context. An employer may lawfully require employees to be respectful and professional to individuals other than the employer

or management. (e.g., coworkers, clients, competitors, and members of the public).

Policies Regulating Employee Conduct Towards Coworkers

Language that broadly prohibits discussions among employees of negative, inappropriate, controversial, or otherwise “inflammatory” subjects may be unlawfully overbroad absent clarification of the intent of the policy.

Policies Regulating Employee Communication with Third Parties

A handbook rule which prohibits or reasonably would be interpreted to prohibit employees from discussing terms and conditions of employment with third parties would be considered unlawful.

Policies Regulating Employee Use of Company Logos, Copyrights, and Trademarks

An employer may not prohibit employees’ use of the employer’s logos, copyrights, or trademarks for non-commercial purposes. While acknowledging that an employer’s intellectual property rights are protected by law, the NLRB takes the position that “[e]mployer proprietary interests are not implicated by employees’ non-commercial use of a name, logo, or other trademark to identify the employer in the course of Section 7 activity.”

Policies Restricting Photography and Recording

A total ban on employees’ right to take photographs or make recordings, including the use or possession of personal cameras or recording devices, is unlawful. Language should appropriately limit the scope of the prohibition so that it would not be read to prohibit taking photographs or making recordings in furtherance of protected concerted activities.

Policies Restricting Employees from Leaving Work

A rule restricting employees from leaving work is unlawful if it contains language that prohibits or would be read to prohibit protected strike actions and walkouts.

Conflict-of-Interest Policies

A conflict-of-interest rule is unlawful when it prohibits or reasonably would be read to prohibit employees from engaging in concerted activity to improve their terms and conditions of employment. This right is protected even if the activity is in conflict with the employer’s interests, such as protesting in front of the employer’s building, organizing a boycott, and soliciting support for a union while on non-work time.

The key to making sure your employee handbook will pass muster if reviewed by the NLRB is to avoid using overly broad language and to provide sufficient clarification and explanation. The NLRB will examine lawfulness of a handbook policy based on what it says as well as how it would reasonably be read by employees. Employers are encouraged to review the General Counsel’s report. It offers examples of language that the NLRB has found lawful and unlawful. It is also recommended to have legal counsel review the handbook to ensure compliance with the Act. 

The post Does Your Employee Handbook Violate Their Rights? appeared first on MedSafe.

45CFR 164.408 requires all covered entities (CE) and Business Associates (BA) to provide the Department of Health and Human Services (HHS) Secretary with notice of breaches of unsecured protected health information.  The number of affected individuals determines when the notification must be completed.

Breaches of unsecured protected health information affecting less than 500 individuals must be reported no later than 60 days after the end of the calendar year. For calendar year 2014, your breaches affecting less than 500 individuals must be reported to the Secretary at HHS by February 28, 2015.

The following is the link to the HHS reporting site. The required information is completed online and submitted directly to HHS once the form is completed.

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html

If you have any questions or need assistance in completing the HHS reporting form, please feel free to contact MedSafe.

The post Has your practice had a breach in 2014? appeared first on MedSafe.