Did you know that in December 2017, the United State Government Accountability Office (GAO) conducted a study on Medicare and Medicaid fraud risks? The Centers for Medicare and Medicaid Services (CMS), an agency within the Department of Health and Human Services (HHS), provides health care for over 145 million Americans with annual expenditures of roughly $1.1 trillion. GAO has designated the 2 largest CMS programs (Medicare and Medicaid) as high risk, “partly due to their vulnerability to fraud, waste, and abuse.” They estimate that in FY2016, there were roughly $95 billion in improper payments made.
Did you know that the American Recovery and Reinvestment Act created a tiered penalty for Health Insurance Portability and Accountability Act (HIPAA) violations? While most HIPAA infractions are not due to willful neglect (rather inadvertent error and/or oversight), instances of repeated willful neglect that is not corrected can result in fines of up to $50,000. Individuals can be prosecuted for deliberately acquiring or disclosing a person’s health information.
At CSI we have instituted internal controls and compliance procedures around fiscal management and have prioritized protecting client information. HIPAA training has been established as a required training for staff and a Corporate Compliance Committee has been formed, comprised of a number of senior staff and led by Martha Bassett, CSI’s Internal Auditor/Corporate Compliance Officer. The committee’s work includes assessing and monitoring compliance risks, guiding compliance policies and training, and promoting compliance and ethics throughout CSI. The agency also has a compliance hotline number, which is an anonymous phone line for any questions or for reporting possible compliance matters. Beyond managing the possible financial risks involved in the protection of client information, CSI wants to ensure each client’s privacy is protected because it is their right and it is the right thing to do.
Thankfully, incidents of HIPAA infractions at CSI are few and far between. However, it is important to know what to do if you think there may be instances where client data may be at risk (i.e. lost/stolen, viewed by non-CSI employees). This includes client information contained on phones, laptops, files, and other methods as well as client information that is not properly discarded. Any instances or questions about breeches of client information or suspected fraud/waste should be reported to Martha Bassett at (firstname.lastname@example.org), email@example.com, or firstname.lastname@example.org. The compliance hotline number can also be used (860-231-2204).