Kusserow on Compliance: Even the FBI has been a victim of cyber-attacks

The FBI confirmed that least three of its websites were hacked

Records of thousands of officers and federal agents stolen

Hackers have put the data up for free download.

As health care entities struggle to guard their data against cyber-attacks, the seriousness of the need was underscored by the fact that even the FBI has trouble protecting its systems. A group of hackers has exploited the flaws of at least three FBI-affiliated websites and leaked thousands of federal and law enforcement agents’ personal details, according to TechCrunch. The hackers infiltrated multiple websites run by the FBI National Academy Association that promote law enforcement training. The sites also support graduates of the FBI Academy through local chapters.  Three of the sites were breached and the “personal information has been obtained to be sold on the web.”

The hackers announced they were able to break into the pages and download the contents, which they then uploaded on their own website. In all, they were able to steal around 4,000 unique details. Those include member names, job titles, email addresses (some personal, some government-owned), physical addresses, as well as phone numbers. The hackers also said they have over a million pieces of information on federal agents and are planning to publish more data from hacked government websites in the future. Seeing as this is far from the first security breach to affect federal workers, the government and organizations linked to its agencies may want to think of more ways to beef up their security measures.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS announced updates to nursing home ratings

CMS announced updates in April 2019 to Nursing Home Compare and the Five-Star Quality Rating System. Its purpose is to provide tools for consumers to compare quality between nursing homes. This comes in advance of the November 28, 2019 deadline for skilled nursing facilities and nursing homes to have implemented an effective compliance and ethics program as a condition of participation in the Medicare and Medicaid programs. The new tools announced have been created to help consumers, their families, and caregivers compare nursing homes and identify areas they may want to ask about when looking at nursing home care. Nursing Home Compare has a quality rating system that gives each nursing home a rating between 1 and 5 stars and those with 5 stars are considered to have above average quality and nursing homes with 1 star are considered to have quality below average. There is also a separate rating for each of the following three factors:

 

  1. Health Inspections include findings on compliance to Medicare/Medicaid health and safety requirements from onsite surveys conducted by state survey agencies at nursing homes.
  2. Staffing Levels are the numbers of RNs available to care for patients in a nursing home at any given time.
  3. Quality Measures for care are based on resident assessment and Medicare claims data.

 

The April 2019 changes include revisions to the inspection process, enhancement of new staffing information, implementation of new quality measures, and lifting of the “freeze” on the health inspection ratings instituted in February 2018 to hold up the star rating score until all nursing homes were surveyed at least once under the new survey process. In April, users of the site will be able to see the most up to date status of a facility’s compliance, which is a very strong reflection of a facility’s ability to improve and protect each resident’s health and safety. CMS is also setting higher thresholds and evidence-based standards for nursing homes’ staffing levels, recognizing that nurses have the greatest impact on the quality of care nursing homes deliver. As such, CMS is assigning an automatic one-star rating when a Nursing Home facility reports no RN is onsite. In April 2019, the threshold for the number of days without an RN onsite in a quarter that triggers an automatic downgrade to one-star will be reduced from seven days to four days. The new Update includes:

 

  • changes to the quality component to improve the identification of quality differences among nursing homes, raising expectations for quality, and incentivizing continuous quality improvement;
  • adding measures of long-stay hospitalizations and emergency room transfers;
  • removing duplicative and less meaningful measures;
  • establishing separate quality ratings for short-stay and long-stay residents; and
  • revising the rating thresholds to better identify the differences in quality among nursing homes making it easier for consumers to find the information needed to make decisions.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Top initiatives for compliance programs in 2019

In the 2019 survey of health care compliance professionals, compliance professionals were asked about their initiatives for improving their program this year. The responses can be categorized in three tiers. The major focus for respondents was risk identification and mitigation—three of the four highest ranked selections deal with this area. The second tier—earning the third and fifth rankings—involved issues related to HIPAA compliance. The four items at the bottom of the list related to independent assessment compliance program effectiveness: effectiveness evaluation and gap analysis, arrangements with physicians, and compliance knowledge surveys. The third tier included four items, including use of independent parties for gap analysis, effectiveness evaluations, arrangements review, and surveying. The following are the results in descending order:

  1. Working with program managers to improve ongoing monitoring of their risk area (57 percent)
  2. Building a more robust ongoing auditing program (51 percent)
  3. Enterprise-Wide Regulatory Risk Assessment (34 percent)
  4. HIPAA Privacy and Security Assessment (43 percent)
  5. HIPAA Security/Cyber-Security Compliance Evaluation (31 percent)
  6. Independent Compliance Program Effectiveness Evaluation (22 percent)
  7. Independent Compliance Program Gap Analysis (14 percent)
  8. Independent Compliance Review of Arrangements with Physicians (9 percent)
  9. Independently developed/administered Compliance Knowledge Survey (6 percent)

Also noteworthy is the fact that approximately one quarter of those participating in the survey passed on answering this question, either because they have not yet developed a plan, had it approved, or don’t have annual work plans.

For more information regarding results of the Survey, contact Richard Kusserow, CEO, Strategic Management (rkusserow@strategicm.com).

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Huge fraud schemes involving telemedicine and DME

– Charges against two dozen people involving over $1.2 billion

 – Administrative Action against 130 DMEs submitting $1.7 Billion in claims

The DOJ announced charges against 24 defendants—including the CEOs, COOs, and others associated with five telemedicine companies, the owners of dozens of durable medical equipment (DME) companies, and three licensed medical professionals—associated with health care fraud schemes involving more than $1.2 billion. CMS and the Center for Program Integrity (CPI) have taken adverse administrative action against 130 DME companies that had submitted over $1.7 billion in claims and were paid over $900 million. The scheme involved payment of illegal kickbacks and bribes by DME companies in exchange for the referral of Medicare beneficiaries by medical professionals working with fraudulent telemedicine companies for back, shoulder, wrist, and knee braces that were medically unnecessary.

The DOJ alleges those charged with paying doctors to prescribe DME either without any patient interaction or with only a brief telephonic conversation with patients they had never met or seen. The proceeds of the fraudulent scheme were allegedly laundered through international shell corporations and used to purchase exotic automobiles, yachts, and luxury real estate in the United States and abroad. Some of the defendants obtained patients for the scheme by using an international call center that advertised to Medicare beneficiaries and “up-sold” the beneficiaries to get them to accept numerous “free or low-cost” DME braces, regardless of medical necessity. The international call center allegedly paid illegal kickbacks and bribes to telemedicine companies to obtain DME orders for these Medicare beneficiaries. The telemedicine companies then allegedly paid physicians to write medically unnecessary DME orders. Finally, the international call center sold the DME orders that it obtained from the telemedicine companies to DME companies, which fraudulently billed Medicare. Collectively, the CEOs, COOs, executives, business owners and medical professionals involved in the conspiracy are accused of causing over $1 billion in loss.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.