HIPAA Compliance among items to be scrutinized in upcoming HRSA Federally Qualified Health Center (FQHC) Audits
At the Ohio Association of Community Health Centers (OACHC) Annual Conference today, Jacki Leifer of Feldesman Tucker Leifer Fidell presented about Federally Qualified Health Center (FQHCs) in the “Hot Seat” and the need for them to be compliant in their governance and operations. About 90 people attended the presentation so this was obviously a topic of interest.
Recently, the Office of Inspector General (OIG) has turned its attention to the effectiveness of federal agencies. We have previously written about their displeasure with the HHS Office of Civil Rights for their deficiencies in HIPAA enforcement. They also faulted the Health Services and Resources Administration (HRSA) regarding its oversight of FQHCs. Consequently, per Ms. Leifer, HRSA is getting tougher. Ms. Leifer warned that audit failures may have serious consequences and she shared stories of findings costing health centers hundreds of thousands of dollars.Recently HRSA released its latest Visit Guide, effective March 3, 2014, detailing their methodology for Operational Assessments. The assessment is an audit of the health center’s compliance with the 19 program requirements. Ms. Leifer strongly encouraged all FQHCs to do a mock visit in preparation.
Hot button, high risk areas include Services (#16: Scope of Project and #2 Required & Additional Services), Governance (#17 Board Authority and #17 Board Composition) and Management and Finance (#7 Sliding Fee Discounts, #10 Contractual/Affiliation Agreements and #11 Collaborative Relationships).
Eagle Consulting notes that Health Centers get a little relief on #8 Quality Improvement / Assurance Plan. While this requirement still specifies that confidentiality of patient records must be maintained, it omits some of the HIPAA Privacy specifics included in previous Visit Guides. However, Health Centers should be aware that the Meaningful Use regulations, and the State Meaningful Use audits, are scrutinizing HIPAA items, specifically the meaningful use risk analysis (a HIPAA Security requirement). So we don’t recommend neglecting this area.
Health Centers should be aware that the OIG receives over 500,000 tips regarding suspected compliance, fraud and abuse. Possible sources of complaints include disgruntled employees or contractors with inside knowledge. An effective and ongoing compliance program is essential.
