The Department of Health and Human Services Office of Internal General (OIG) recently published this video on their website after entering into a Corporate Integrity Agreement with eClinicalWorks for $155 million dollars.  The OIG is showcasing this settlement as an example to other Electronic Health Record (EHR) vendors.  eClinicalWorks, on the other hand, is moving forward as dominant player in the EHR space and admitting no wrong.

What is the take away for physicians? Be certain that you have business procedures and compliance training in place to protect your business.

  • The matter of healthcare fraud is being taken seriously.  In addition to fulfilling their duty to protect the public, the work of the OIG offers a large source of revenue for the government.  Take time to Review the OIG’s workplan each year.  Here is the OIG’s 2017 Workplan.
  • Be sure that all your employees (including you) are up to date on the required annual compliance training and mandate that employees notify you of any known activities that may be considered out of compliance.
  • Your EHR or other Practice Management Software vendors are at risk of Fraud and Abuse audits.  Even if they aren’t found guilty of actual fraudulent activities, the cost to defend such a case can be financially harmful and impact the ability to support your business.  So, know your healthcare software partners well.  Look to the purchase agreement to protect your business on the front-end of a purchase by making certain that you are able to get your data if you need to make a switch in vendors.

Mike DeVries is a CERTIFIED FINANCIAL PLANNER ™, Enrolled Agent,  and a Certified Healthcare Business Consultant focusing on helping healthcare professionals. If you would like to learn more about becoming a client, contact Mike at

002 Healthcare Compliance Update with Bryan Roberts [Podcast]


Computerized Compliance Plans and Staff Training

Staying up to date on Healthcare Compliance is crucial for physicians and dentists managing a practice.  While compliance isn’t always the most entertaining topic, you don’t want to bury your head in the sand about the rules and regulations that govern healthcare practices today – the cost of doing so can be major.  In this episode of the Doctors Business Management Show,  I speak with Bryan Roberts from Healthcare Compliance Pros about:

  • Overall Healthcare Compliance Matters
  • HIPAA Omnibus Update – What Doctors need to consider
  • How to handle patient communications – E-Mail and Texting
  • Compliance Audits – What’s happening and how to prepare for an audit
  • Credentialing your Medical Assistants for purposes of Meaningful Use

Bryan Roberts provides insight into what is occurring in the business of healthcare and offers up tips and resources to…help doctors mind their own business.

To obtain a sample “Bring Your Own Device” policy that is discussed in the Podcast – Click Here

To learn more about Healthcare Compliance Pros checkout this Video – Click Here.  You can also view HCP’s website – Click Here

If you would like to learn more about Compliance Plans and Training Modules for your Practice – Click Here 

Do you have questions regarding Healthcare Compliance that you would like discussed on a future episode of the Business Management Show?  Please submit your questions or topical suggestions in the comments section below.

Mike DeVries is a CERTIFIED FINANCIAL PLANNER ™, Enrolled Agent,  and a Certified Healthcare Business Consultant focusing on helping healthcare professionals. If you would like to learn more about becoming a client, contact Mike at

New Medicare Regulations impact Dentists

The words Compliance, Rules, Regulations and Guidelines on color

The Centers for Medicare and Medicaid Services (CMS) issued a final ruling, which requires healthcare providers, including dentists, who treat Medicare beneficiaries to either enroll in Medicare or opt out in order to prescribe medication to their qualifying patients with Part D drug plans.  Dentists will need to take action on this requirement by June 1, 2015.

Not many dentists are enrolled in the Medicare program because the plan only covers a limited set of dental procedures.  I don’t see any advantages, at this point, for a dentist to enroll in the program.  The government, however, has a different prospective.  CMS projects that regulations, such as requiring providers to enroll, will save the federal government an estimated 1.6 billion dollars over the next 10 years.  Based upon perceived cost savings, the government is working to gain a foothold in the door of Dentistry, which will bring about additional regulations and increase the costs of doing business as a Dental professional.

The new regulations offer up a couple of business obstacles to the doctor opting out of the Medicare program:

  • A doctor that chooses to opt out of the Medicare program will be subjected to a 2-year waiting period before they can get back into the program.
  • Patients or pharmacies may not receive Medicare reimbursement of the prescriptions that an “opt-out” doctor prescribes. This will be the biggest issue for dentists who decide to opt out.  Dentists will not see an impact until after they opt out and patients begin to complain of not being reimbursed for the prescriptions ordered.  Or, the dentist may find pharmacies will not accept their prescriptions because they have opted out.

The American Dental Association has voiced a concern over this legislation, but CMS moved forward anyway.  Even though the implementation of this new regulation will not take place until next year, I think dentists would do well to begin planning for the effects of this legislation.

  • Start by looking at the demographics of your practice.  How many of your patients would be affected if you were to opt out of the Medicare plan?
  • If you were to participate with Medicare, how would this impact your billing practices and required compliance programs?
  • Begin to investigate this further.  Educate yourself, educate your staff, and educate your patients who may be affected by the choice you make.  Good communications will provide for an easier transition.
  • Consider establishing an alliance with physicians and pharmacists in your area that also treat your patients.  Should you opt out of the Medicare program and find yourself with unhappy patients, having a friendly physician on your side may prove beneficial.

Over the past several years, we have seen government regulations and compliance become a bigger factor in running a healthcare business. In fact, healthcare is fast becoming a very regulated business.  It is second, only, to the financial industry.  Doctors and other healthcare professionals who wish to run a profitable business will need to make healthcare compliance a regular component of their business.  As your business advisor, we continue to stay attuned to the regulations that affect you and look for ways to help you mind your own business.

Mike DeVries is a CERTIFIED FINANCIAL PLANNER ™, Enrolled Agent,  and a Certified Healthcare Business Consultant focusing on helping healthcare professionals. If you would like to learn more about becoming a client, contact Mike at

Are you and your Business Associates HIPAA compliant and ready for the September 23 deadline?

Are you ready for the September 23 Omnibus enforcement deadline? How about your Business Associates? Are they ready?

As the date approaches, an error that many business associates are making is thinking that compliance can be achieved with a simple checklist.

“One of the biggest mistakes is that business associates consider this as just another regulation, another checklist, and as a result, they think they can just whip something up overnight to satisfy compliance,” says Andrew Hicks, director and healthcare practice lead at the risk management consulting firm Coalfire.

The truth is that compliance with the HIPAA Omnibus Rule is not as easy as they may think and cannot be done overnight; it takes lots of planning and a lot of understanding of what the requirements are,” he adds.

Even at this late date, many business associates and subcontractors don’t realize they must comply with HIPAA as a result of the Omnibus Rule. They may be “far removed” from the healthcare industry and lack understanding of the sensitive data they possess as a result of their relationships with covered entities, he says. “As a result they don’t have knowledge about the regulations and they may not know how to interpret the regulations or implement the required controls,” he says in an interview with Information Security Media Group.

In a recent survey of business associates, Coalfire found that only 40 percent were aware of their new responsibilities under the HIPAA Omnibus Rule. Even more worrisome is that less than half of the companies surveyed reported they believed they were in compliance.

At this point, one of the most important tasks that business associates need to accomplish is to understand where all the protected health information they have is stored, including databases, mobile devices, thumb drives and all possible places PHI might reside. Otherwise, the information cannot be protected.

“They should perform a risk analysis, which is the number one requirement of the HIPAA Security rule,” Hicks adds. “This will allow them to identify where their gaps are in controls, where they’re not compliant, where they have residual risks and to really identify a remediation roadmap for really gauging their compliance efforts moving forward.”

If you or your organization needs help with assuring that your business associates or subcontractors are compliant please contact us and ask about our business associate audit products.


Employee Notice Regarding Health Insurance Options

Many provisions of the Affordable Care Act that will expand access to health coverage become effective beginning in 2014.  Included in these provisions is health insurance coverage that will be offered through a Health Insurance Marketplace. Open enrollment for this “Marketplace” health insurance coverage, available for Individuals and employers of small businesses, will begin October 1, 2013.

This past May, the Department of Labor issued regulations that you provide your employees with a 2 page notice informing them of their health insurance options by October 1, 2013.  I suspect that many independent physician and dental offices are not ready to meet this obligation with their employees.  To assist you with this, I have provided an executive summary, copies of model notices provided by the Department of Labor, and the technical notice issued by the DOL in the following link:

I suspect that being a healthcare provider and offering good medical or dental care to your patients is your goal each day when you arrive at your office.  Taking the business hassles out of Healthcare and keeping you in the business of caring for your patients is mine.

Keep Practicing on Purpose.

Complying with the New Omnibus Rule

The final omnibus rule, which makes changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), goes into effect March 26 and covered entities must be in compliance by September 23.  The final rule was published in the Federal Register January 25th and contains the most changes to the HIPAA privacy and security rules since they were first implemented.  These statutory changes were included in a section of the American Recovery and Reinvestment Act of 2009 known as the Health Information Technology for Economic and Clinical Health (HITECH) Act.  This rule also finalizes changes required by the Generic Information Nondiscrimination Act of 2008.

Medical and Dental offices need to assess their compliance to these rules, which not only enhances a patient’s privacy rights and protections, but also strengthens the ability of the Office for Civil Rights (OCR) to enforce the established regulations, regardless of whether the patient health information is being held by a health plan, a healthcare provider or one of the physician or dentist’s business associates.  For starters, you may need to modify your Business Associate Agreements and Notice of Privacy Practices.  You should also evaluate the way you assess whether improper use or disclosure of personal health information should be considered a breach that would trigger official notification requirements spelled out in the rule.  Tackling the challenging task of mapping out responsibility for carrying out your compliance work is more important now than ever before.

Assign Responsibility

  • Map out the privacy and security protocols and “tag” each with a person whom will be responsible for seeing that it is done and carried out in your business
  • While the procedures may be defined, also make sure that your documentation of each for your business is complete and up to date
  • Look to build efficiencies into your process by utilizing computerized systems

Set Priorities

  • Focus on identifying all documentation and processes where changes need to be made, which includes privacy notices, policies, procedures, forms and documents
  • Establish staff training as a top priority
  • Determine who your business associates are and update your Business Associate Agreement with them

Good News

We are now offering assistance in helping you meet your compliance requirements and are excited to provide you with Healthcare Compliance Assistance (click here to download a flyer).  If you take advantage of this offer before the regulated deadline you will have the VMDE Healthcare Team and Compliance Pros available to help you with the tasks you need to accomplish to achieve compliance with the new HIPAA Omnibus Rule.

Reporting for Unclaimed Property – Update

I recently had a client contact me about a check that had been issued to a participant in their retirement plan which had not been cashed – “My investment company said that I needed to file some report regarding this check, can you help me?”

I wrote a post a few years ago on the subject of the State of Michigan’s Unclaimed Property Reporting that discussed the filing requirements.  While many of our clients are now reporting, I’m sure that this is still a law that many overlook.  Given the recent notice sent out be the State of Michigan, I thought I would post an update:

Beginning in 2011, changes to the Uniform Unclaimed Property Act, mandate a new due date to file the unclaimed property holder report as well as a shortened dormancy period for most property types.  Every business or government entity incorporated in Michigan must report to the Michigan Department of Treasury abandoned property belonging to owners where there is no known address.

Medical and Dental practices will have unclaimed property from time to time resulting from normal business operations.  The retirement plan distribution check noted above is just one example.  Others would include – uncashed payroll checks, payments to vendors, and patient refund checks.  Based upon the dormancy period, the business would have the obligation to report and submit this payment to the State of Michigan assuming the original owner could not be found.  Taking the effort to find the person and contacting them regarding their outstanding matter seems to be the best “first step”, in my opinion.  However, if you can’t find the person, then you need to file with the Michigan Department of Treasury.  They have recently changed the compliance rules and here is what you need to know:

  • New date for reporting Unclaimed Property is July 1.
  • Dormancy periods for most property types have been shortened to three years (payroll items are one year).
  • A 25% penalty may be levied for those failing to comply, in addition to being responsible for interest charged on the amount you were holding.
  • Those voluntarily reporting the preceding four years are exempt from the penalty

To obtain additional information on filing requirements, forms, or to utilize available software go to this link –