Are You Ready for HIPAA and HITECH Audits?

The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) is launching a pilot program this month to make sure covered entities are in compliance with HIPAA privacy and security rules and breach notification standards, according to the OCR. The OCR will perform up to 150 audits to assess HIPAA compliance.

The HITECH Act requires HHS to perform periodic audits to check for HIPAA compliance. The audits will be conducted from November 2011 through December 2012. Initially these audits will likely focus on hospitals and insurance companies, but HMEs could also be a target.

Though early audits are likely to be educational, in order to get a basic assessment of where providers stand in regards to HIPAA, that doesn’t mean there won’t be repercussions for violations. Because the privacy rule has been established since 2001 and the security rule has been established since 2003, providers can not be completely excused for missteps.

HIPAA violations can result in severe penalties (per section 1177 of HIPAA) including:

• a fine of up to $50,000, or up to 1 year in prison, or both; (Class 6 Felony)
• if the offense is committed under false pretenses, a fine of up to $100,000, up to 5 years in prison, or both; (Class 5 Felony)
• if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine up to $250,000, or up to 10 years in prison, or both. (Class 4 Felony)
• Civil fines can also be imposed by the Secretary of DHHS with a maximum is $100 for each violation, with the total amount not to exceed $25,0000 for all violations of an identical requirement or prohibition during a calendar year. (Class 3 Felony).

Since the final rule for the HITECH Act hasn’t been finalized, the OCR can only expect providers to make decent judgments about the provisions in the interim final rule.

Providers need to review where they’re at with privacy and security compliance and make any improvements. This pilot program of audits will likely be expanded (and the more violations the OCR encounters, the larger the likelihood of strict enforcement), so all providers should be aware of current practices and how to ensure compliance.

For more information about HIPAA and other healthcare audits, visit

By |2024-03-14T10:00:27-04:00June 1, 2018|Categories: Health Care Industry, HIPAA, Hitech Act, The Health Law Firm Blog|Tags: , , , , , , |Comments Off on Are You Ready for HIPAA and HITECH Audits?

Dentists: Tightened Controls on Prescribing to Medicare Part D Patients Could Affect Your Practice

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Starting June 1, 2015, Medicare Part D will no longer reimburse patients or pharmacies for prescriptions unless the dentist opts in and enrolls in Medicare, or opts out and enters into a private contract with the patient. This measure is part of a rule finalized by the Centers for Medicare and Medicaid Services (CMS). The purpose of the rule is to assist CMS in cracking down on doctors, dentists and other health care providers that are improperly prescribing drugs to Medicare patients.

Medicare Part D plans provide supplemental optional coverage for prescription medication used in dentistry, are administered by private health plans and are paid for by way of premiums. As a dentist, if you have patients with Medicare Part D, you need to choose whether to enroll as a Medicare provider or to opt out. Click here to read the final rule from CMS.

Specifics of the New Rule.

Dentists have until June 2015 to either enroll in Medicare or formally opt out. When a dentist enrolls, the government verifies his or her professional license and credentials, and checks his or her criminal history. In addition, the final rule expands rewards and incentive programs focusing on participation in activities that promote improved health, efficient use of health-care resources and preventing injuries and illness.

One new stipulation is that the federal government has the authority to expel physicians from Medicare if found to be prescribing drugs in an abusive manner or in violation of Medicare rules. In addition, CMS will be able to terminate a dentist’s Medicare enrollment if his or her Drug Enforcement Administration (DEA) certification has been revoked, or if the state licensing board has stripped his or her authority to prescribe drugs.

To read more on how abusive prescribing patterns will be determined, click here.

Enrolling Versus Opting Out.

If you enroll in Medicare Part D as a treating provider, then you are going to be subject to increased oversight and regulations, including:

– Fraud investigations;
– The minimum patient record retention increases from four to five years;
– You must be careful when denying services to Medicare recipients;
– You can’t charge Medicare for missed appointments; and
– You may have a percentage of your Medicare reimbursement withheld beginning next year if you don’t have electronic health records (EHRs).

On the other hand, if you opt out of part of Medicare, then you opt out of other parts as well, which may lead to a loss in revenue and disgruntled patients.

Examine Your Practice and Make Your Own Decision.

Your decision to enroll in or opt out of Medicare should be determined by the types of patients you treat and the services you provide. If your practice consists of patients under the age of 65, you may be unaffected by this rule. However, if you practice in an area with an older population, Medicare coverage is more likely to be part of your practice. The important point is to understand how it may or may not affect your practice’s bottom line. If you need some guidance or have questions, call an attorney experienced in representing dentists.


Will this final rule affect you? If so, how? Please leave any thoughtful comments below.

Consult With An Attorney Experienced in the Representation of Dentists.

We routinely provide deposition coverage to dentists, dental hygienists and other health professionals being deposed in criminal cases, negligence cases, civil cases or disciplinary cases involving other health professionals.

The lawyers of The Health Law Firm are experienced in both formal and informal administrative hearings and in representing dentists and dental hygienists and other health professionals in investigations and at Board of Dentistry hearings. Call now or visit our website

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.


The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1999-2015 The Health Law Firm. All rights reserved.

Go to Top