Medicare Compliance & Reimbursement

Providers can deal with possible HIPAA violations through 3 retaliatory methods.

Preparing your plan of action for a potential violation just got a little easier.

In the March 25 Federal Register, the Centers for Medicare & Medicaid Services lays out steps to take if someone claims you have breached the Health Insurance Portability and Accountability Act. Effective April 25, if CMS decides to investigate a complaint, it will first request that the provider voluntarily submit one of the following within 30 days:
   A statement demonstrating compliance.
   A statement setting forth the basis for its disagreement with the allegations.
   A corrective action plan.

Watch out: Providers that fail or refuse to provide information could get slapped with a subpoena. If investigators find a violation does exist, the provider could be looking at civil money penalties, CMS says.

If a provider cooperates, that will most likely mean periodic reports to CMS, allowing staff to be interviewed and supplying additional documents and materials.

Note: Even if CMS rejects an accuser's complaint, the agency says it may "continue its investigation."

The Bottom Line: As the security deadline approaches, providers should get all personnel hip to the practice's disaster plan. To read more, go to www.access.gpo.gov/su_docs/fedreg/a050325c.html.