AHA and CMS to Keep Regulatory Flexibilities in Place

COVID-19 continues to create obstacles and challenges for healthcare compliance professionals. Thriving in this environment means being agile and adaptive.

The AHA’s Requests

Last week, the American Hospital Association (AHA) asked the Centers for Medicare & Medicaid Services (CMS) to keep relaxed regulations in place. Specifically, the AHA is interested in keeping flexibility around telehealth, quality and compliance measures, and bed capacity.

The telehealth changes are ones that have been on the horizon for some time. Essentially, the AHA is asking CMS to continue to allow hospitals to provide a wide range of telehealth services, without limitations as to profession or geographic location. The AHA is also asking for flexibility on billing and payments related to telehealth to be made permanent.
More interestingly, the AHA has also asked that CMS extend regulatory relief related to some quality and patient safety regulations. These include expanding the use of verbal orders, and extending the reuse of PPE.

The AHA has also asked that CMS provide hospitals with a transition period, to allow them to more easily move from pandemic response to ordinary practice. This includes a request for temporary waivers for sanctions and penalties related to HIPAA , and flexibility on audit requirements. And, it includes a request that certain rules and requirements be delayed or suspended.

The Response From CMS

Three days after the AHA released this letter, Michael Caputo, Assistant Secretary for Public Affairs at the Department of Health and Human Services (HHS), tweeted this :


The public health emergency is currently set to expire on July 25. However, as of this writing, HHS hasn’t officially announced how long the extension will be

This means that we don’t yet know what will happen when the emergency finally does end. Will HHS give a transition period, as the AHA has requested? Will HHS continue to allow flexibility about telehealth, which they have previously indicated they would?

Staying up to date on this fluid situation is going to be a key task for compliance in the coming weeks.

See YouCompli in Action

Easier, faster, more effective compliance is possible

The Results Are In: What the Data Say About the Impact of COVID-19 on Healthcare Compliance

We keep hearing that COVID-19 changed everything, especially in healthcare. But actual data is pretty thin on the ground.

Mostly, we’ve been hearing anecdotes and stories, many of which are striking. The problem with stories is that they can be unique or unusual, and without the context of clear data, we can’t really tell.

Last week, we got some data.

In May, the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA) surveyed their audiences on the impact of COVID-19 on their organizations and their work. They received 300 responses, have collated the results, and there are some interesting trends. You can read the full survey results here.

Confirming What We Knew

Some trends are unsurprising, and confirm what we already knew. Survey respondents said they had concerns about the increased risk of compliance failures as a result of the pandemic.

  • 77% expected that there would be some increase, or a great increase, in compliance failures.

It’s also unsurprising to see that healthcare saw more of an increase in the number of inquiries being made of the compliance team.

  • 42% reported an increase in healthcare
  • 30% reported an increase outside of healthcare

Given the number of healthcare-related regulatory waivers and temporary changes that have been issued, this makes total sense.

Positively, collaboration with other departments has been largely unaffected or increased during the pandemic. Compliance is still seen as really valuable to the organization as a whole. The numbers range from 83% to 96% of respondents reporting that collaboration has stayed the same or increased (depending on department).

Differences for Healthcare Compliance

The data also show some surprising trends, specifically related to healthcare compliance.

We know that there has been a huge shift to remote work. The surprising aspect is that the shift is very different between healthcare compliance and compliance elsewhere.

  • In healthcare, 60% reported working remotely
  • Outside of healthcare, 84% reported working remotely

This gap is big, and hard to explain. Working in healthcare institutions would, presumably, increase the risk of being exposed to the virus. It would have been reasonable to expect that healthcare institutions would do as much as possible to try to get their non-clinical staff set up to work effectively off-site.

What’s even more surprising is that healthcare professionals are less likely to report that the transition to remote work has gone well.

  • In healthcare, 47% said the transition had gone better than expected
  • Outside of healthcare, 64% said the transition had gone better than expected

The survey doesn’t indicate why this is so. Speculating a little, it could be that the disruption in moving to a remote office, coupled with the sudden influx of regulatory changes, made it more difficult for healthcare compliance professionals to manage their day-to-day work. If this is true, it would also explain why healthcare institutions were less likely to transition compliance professionals to remote work.

There’s another difference between healthcare and other types of organizations, and this suggests things will be difficult for compliance professionals going forward into 2021. In relation to budgets:

  • In healthcare, 40% reported a budget reduction
  • Outside of healthcare, 31% reported a budget reduction

In short, budget reductions are coming to compliance, as they are going to come to other parts of the healthcare system. (If they aren’t already in place.) As COVID-19 related waivers and suspensions start to expire, compliance is going to have to find a way to do more with fewer resources.

See YouCompli in Action

Easier, faster, more effective compliance is possible

The New Office of Burden Reduction and Health Informatics: Implications for Healthcare Compliance

You may have heard that, last week, the Centers for Medicare & Medicaid Services (CMS) announced the creation of a new office: the “Office of Burden Reduction and Health Informatics.”

What exactly is this new office supposed to do? According to the press release from CMS, the intent is “to unify the agency’s efforts to reduce regulatory and administrative burden and to further the goal of putting patients first.”

All well and good. But what does that actually mean?

Value-Based Care

Here’s one thing that CMS says clearly. They are “committed to leveraging the significant flexibilities introduced in response to the COVID-19 pandemic as we continue to lead the rapid transformation to value-based healthcare.”

We’ve all been hearing about value-based care for years. (Here’s a piece from 2016, for example.) The pace of change hasn’t been particularly speedy, and the pandemic has disrupted most big transformative plans, especially in healthcare.

That said, the Department of Health and Human Services (HHS) is still committed to value-based care. If reducing or streamlining the regulatory environment is necessary in order to make this change happen, you can bet that HHS and CMS will do it.

What specific regulations will CMS change in order to make this happen? That remains to be seen. Recently, CMS did announce that they will be maintaining at least some of the regulatory changes related to telehealth.

Which ones? We know of one rule change that CMS has announced: the proposed physician fee schedule rule, which should come out in July, will include proposals to permanently expand coverage for telehealth services. As of this writing, the rule has not been published, and CMS has not announced details.

With that exception, however, there hasn’t been a lot of movement on specific regulations that could be helpful. In fact, our observations suggest that most regulators are moving back to business as usual. If CMS has plans to streamline regulations to enable the transformation to value-based care, they are keeping those plans very close to the vest.

Improved Review

However, CMS commits clearly to increasing the number of stakeholders – including clinicians, providers and health plans – that it engages with when assessing the impact of new regulations.

This could be a welcome change for compliance professionals, as a more comprehensive assessment of regulatory impact could result in a regulatory environment that’s a lot easier to work within. Clearer regs with reduced expectations would mean less work required by the clinical and revenue cycle staff in your organization.

And that would mean less time spent following up and trying to get staff to do the work.

Health Informatics

CMS has also committed – as indicated in the second half of the new office’s name – to further implement health informatics. The idea here is to effectively use health data in order to provide better care.

CMS gives this as a specific example: “to create new tools that allow patients to own and carry their personal health data with them seamlessly, privately, and securely throughout the health care system.”

This proposal has obvious advantages for both patients and providers. But it could cause significant headaches for compliance.

Staying in compliance with an EHR system for just one health system is challenging enough. What CMS is proposing is an EHR system that applies across all Medicare and Medicaid beneficiaries. This would be much more complicated! The HIPAA implications alone could be staggering.

So, the use of health informatics could make the work of compliance much more challenging. We can all expect that there will be more data available and being used, and more complex tools to manage it. This trend exists across almost all industries, and healthcare is not going to be an exception.

In a highly regulated environment like healthcare, however, big data and big data tools will need to be monitored very carefully. There are a lot of ways that data tools could violate regulatory requirements. If compliance professionals aren’t careful, software and other tools could be put in place that expose the organization to high levels of risk.

Staying Up to Date

As of this writing, there is limited information as to what the Office of Burden Reduction and Health Informatics will be doing for the US healthcare system. It has a broad mandate, with unclear specifics.

There is a possibility that the office will make compliance easier, by more effectively assessing the impact of regulations before imposing them. There is also a (stronger) possibility that it may make compliance more challenging, by creating wide-ranging technological systems that compliance officers will need to monitor carefully.

As new regulations are issued, and new announcements are made, we’ll be keeping you updated. youCompli customers always have access to the latest regulatory changes as they come out and will be well-positioned to adapt to the environment created by his new office.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Not All COVID-19 Regulations Are Created Equal

You’re struggling to keep up with all the regulatory changes that COVID-19 has created.

Many of these changes have been short and straightforward… but not all of them.

After analyzing one CMS reg (85 FR 27550), we created a 19-page policy document!

The reg’s primary purpose expanded the range of practitioners who can order — and thus be compensated by Medicare and Medicaid — home health services. It also covers a wide range of other revisions for testing, telehealth, medical equipment, and so on.

Our system broke the regulation down into its core requirements — that is, the pieces of the reg that healthcare compliance and clinical professionals need to know about. Then it was reassembled into this document and placed in an order that makes sense.

You can view the whole document by clicking this link.

Every change to a previous procedure is highlighted in red, and it includes hyperlinks to skip around.

Everything is written in clear language, so it’s easy to follow and implement.

Want us to do the same for your organization and the regulations you’re managing? Set up a quick meeting here and let’s get started.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Worker Fatigue and the Potential Negative Impact on Compliance

When workers get fatigued, what is the impact on compliance?

We all know that, during a normal workday, workers can get fatigued. Fatigue can come from a variety of sources, including personal and professional challenges or stressors. Mental fatigue specifically occurs when there is a need to process overwhelming amounts of new data or information.

The impact and stressors of working during a pandemic can make this worse. Mental fatigue is exacerbated because there is so much new information to cull through on a daily (sometimes more frequent) basis. Combine this information overload with rapidly changing pandemic recommendations and guidelines, and it’s no wonder that workers are becoming more fatigued.

Effects of Fatigue

Memory and performance both decline when a person is mentally fatigued, which can lead to non-compliant behaviors and actions. This happens because fatigue decreases the ability to make new, short-term memories. Lack of short-term memories prevents the formation of long-term memory knowledge. And a person simply cannot recall information which has not been transferred to long-term memory. In this way, fatigue decreases the ability to recall information – whether recently learned or already known.

For example, if the organization has not previously billed for telehealth visits, a fatigued coder may not remember the education that was provided regarding telehealth documentation requirements or the codes applied to these visits. Moreover, the coder may have difficulty recalling in-person visit codes or coding modifiers. When these effects of fatigue happen, coding compliance will decrease.

Mental and physical fatigue can affect worker performance in other ways. Think about the last time you did not get a good night’s sleep. At work the next day, all you can think about is drinking more coffee or taking a nap or going to bed early that night.

Signs of this kind of fatigue include decreased awareness or a general decrease in interest with respect to work or job tasks. Other signs of fatigue include changes in judgment or decision-making. Take, for example, an employee who is usually very engaged on the job, but unexpectedly shows up late for a scheduled meeting. During the meeting, the employee is unusually quiet and provides limited feedback. If that employee’s knowledge and feedback are necessary to make a critical compliance-related decision there would be not only a negative effect on compliance, but potentially a negative effect on the entire organization.

Compliance Fatigue

There is also a form of specific compliance fatigue – where people are overwhelmed and wearied by the numerous adherence requirements in healthcare policies and procedures and rules and regulations. This combines with mental fatigue, which inhibits the ability to remember and follow these policies and procedures, which is the cornerstone of good compliance.

Employees may know and understand policies and procedures addressing HIPAA. For example, they must use encryption when emailing protected health information (PHI) or personally identifiable information (PII) or payment card information (PCI). Similarly, in the course of their work, they must exercise heightened caution before clicking on links embedded in emails. If they are experiencing fatigue, the possibility of compliance failures increases.

As physical, mental and compliance fatigue increase the potential for job related mistakes, they conversely decrease worker compliance. The overall impact of worker fatigue can have very real and negative impact on compliance ranging from simple mistakes or lapses in judgment to catastrophic errors related to breach of PHI/PII or PCI.

Practice Tips

Encourage supervisors to regularly meet with their staff to evaluate the level of information fatigue or physical fatigue. If possible, conduct education and feedback sessions to help the team talk through fatigue challenges.

Utilize resources, such as youCompli, to assist the team in staying current with healthcare compliance related changes to guidelines, regulations and laws, and managing compliance-related workflows automatically.

Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and owner of Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.


Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.  


The Role of Compliance Professionals During a Pandemic

COVID-19 has had a significant impact on every industry in almost every country. Healthcare is, obviously, one of the most affected sectors, as the number of  ill patients is always rising, and the stock of key medical supplies and equipment is depleting daily.

In these times, it can seem like compliance is not that important. After all, this is a crisis, and lives are being saved and lost. Is compliance with rules and proper procedure really what we should be focusing on?

The answer, of course, is “yes”. In times of crisis, compliance can get lost in the shuffle, but it does not undermine the value or necessity of compliance and compliance professionals both during and after the crisis.  And when the time of crisis subsides, the challenges which remain will require skilled compliance professionals who are able to identify non-compliance and move the organization towards positive change.

To help support you in this time, we’ve put together some important information on the role compliance has to play during a pandemic. Please fill in the form below to download.

Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and owner of Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.


Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.