When voluntary disclosure for overpayments is an option rather than an obligation, the provider may encounter diverse opinions among its decision-makers. Some may express a desire to bring the potential problem to the attention of the government and attempt to resolve the matter quickly without incurring criminal penalties, civil fines, or exclusions.
Behavioral health facilities and professionals experience some unique challenges when it comes to handling PHI and patient requests. The following article offers tips for handling those challenges and scenarios to consider.
The application of attorney-client privilege is somewhat more complicated in situations where the client is a corporation. Although corporations are entitled to the same protection of confidentiality as noncorporate clients, the application of the privilege often turns on which corporate officials and employees sufficiently personify the corporation as a client.
In many companies, the compliance officer is the first to become aware of a potential compliance problem that could lead to civil or criminal liability. A best practice is to give the compliance officer the authority to conduct internal investigations.
OCR enforces the HIPAA Privacy, Security, and Breach Notification rules. Failing to properly manage and oversee remote access to and the protection of health information can be costly, as the following three cases demonstrate.
In addition to physical and technical safeguards, the HIPAA Security Rule requires covered entities and business associates to implement administrative protections, including workforce training and management.
