Effective use of the HHS OIG Exclusions List
The HHS OIG Exclusions List is a database of individuals and organizations that are prohibited from participating in federal health care programs, and healthcare providers participating in federal healthcare programs are advised to regularly check the HHS OIG Exclusions List to avoid penalties for non-compliance with §1128 of the Social Security Act. This article answers the following: What is the HHS Office of Inspector General? What is the HHS OIG Exclusions List? How is the OIG Exclusions List populated? Why check the OIG list for exclusions? What are the penalties for engaging excluded entities? How can providers mitigate the risk of a penalty? What other lists should be checked for exclusions? Conclusion: The importance of regularly checking for exclusions Addendum: Synonyms for the HHS OIG Exclusions List What is the HHS Office of Inspector General? The HHS Office of Inspector General (OIG) is a team of investigators, auditors, analysts, attorneys and cybersecurity specialists within the Department of Health and Human Services (HHS). The team’s roles are to investigate and...
Effective HIPAA Policy Management
HIPAA policy management has the objective of ensuring that policies and procedures implemented to comply with HIPAA are current, accessible, and applied consistently across the organization. Effective management of HIPAA policies is one of the most constructive ways in which organizations can support HIPAA compliance by ensuring policies and procedures are applied consistently across the organization. HIPAA covered entities and business associates must develop, implement, maintain, and review policies and procedures with respect to Protected Health Information (PHI) that are designed to comply with all applicable standards, implementation specifications, and other requirements of the HIPAA Administrative Simplification Regulations. In addition, organizations must provide HIPAA training on policies and procedures that are relevant to workforce members’ roles, and ensure all workforce members are aware of policies and procedures implemented to support compliance with the HIPAA Security Rule. Further training is also required when there is a material change to a policy or procedure....
What Does HIPAA Compliance Mean?
HIPAA compliance means complying with all applicable standards, requirements, and implementation specifications of the HIPAA Administrative Simplification Regulations in order to safeguard the privacy of Protected Health Information (PHI) and ensure the confidentiality, integrity, and availability of PHI created, received, maintained, or transmitted electronically. This general explanation of what does HIPAA compliance mean can be interpreted differently depending on an organization’s functions within the healthcare or health insurance industries, on a workforce member’s role, and on a patient’s perspective – notwithstanding that regulatory agencies can also have their own interpretations on terms used throughout HIPAA such as “applicable”, “reasonable and appropriate”, and “flexibility of approach”. Consequently, this guide to what does HIPAA compliance mean looks at the general explanation from several angles. It discusses who needs to be HIPAA compliant, who needs HIPAA compliance (the two answers are not the same), and what does it mean to be HIPAA compliant in a challenging...
Memorial Hospital and Manor Agrees to Settle Ransomware Class Action Lawsuit
Memorial Hospital and Manor, a small rural hospital in Bainbridge, Georgia, has agreed to settle a class action lawsuit that was filed in response to a November 2024 ransomware attack and data breach. The ransomware attack was detected on November 2, 2024, when access was prevented to its EMR system, email, and website. The hospital alerted patients to the attack via its Facebook account on November 3, 2024, and issued notification letters to the affected individuals on February 7, 2025. The breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 120,085 individuals. Names, Social Security numbers, dates of birth, health insurance information, medical treatment information, and medical histories were compromised in the attack. The first of several class action lawsuits was filed on February 10, 2025, by plaintiff Morgan Wade in the District Court for the Middle District of Georgia, Albany Division, and a further 9 class action lawsuits were filed by affected patients. The lawsuits were consolidated into a single complaint –...
HIPAA Rules and Regulations
The HIPAA rules and regulations are the standards and implementation specifications adopted by federal agencies to streamline healthcare transactions and protect the privacy and security of individually identifiable health information. This guide explains why the HIPAA rules and regulations exist, what they consist of, and who they apply to. In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) with the objective of reforming the health insurance industry. Due to concerns that the cost of the reforms would be passed onto plan members and employers, and that this would negatively impact tax revenues, Congress added a second Title to HIPAA – “Preventing Health Care Fraud and Abuse; Administrative Simplification”. The provisions in Title II were intended to neutralize the cost of the reforms. The measures introduced to prevent health care fraud and abuse gave HHS’ Office of Inspector General more resources to identify fraud and abuse in the healthcare industry, increased the civil and criminal penalties for violations of the Social Security Act, and...



