Georgia's Trusted Healthcare
& Medical Provider Attorneys

DCH’s “Engagement Process” Now Official

DCH Policy As of July 2015, the Department of Community’s Health’s “Engagement Process” became an official part of its Policy and Manual, section 402.5(b).

The “Engagement Process” offers providers an opportunity to discuss findings of an audit or other proposed adverse action and to possibly resolve the matter prior to any request for an Administrative Review during an Engagement Conference.

However, we strongly advise you to contact an attorney prior to requesting an Engagement Conference to help ensure the best possible outcome. 

Here is what you need to know:

  • PURPOSE: The purpose of the Engagement Conference is to discuss a proposed adverse action “with the goal of informally resolving the matter.”
  • WHO INITIATES: You. A provider may request an Engagement Conference following receipt of Initial Findings of Notice of Proposed Adverse Action letter
  • PROVIDER TIME DEADLINE: This request must be in writing within seven (7) calendar days of receipt; and submitted to Engagement@dch.ga.gov.
  • DCH TIME DEADLINE: The Engagement Conference must be held with twenty-one (21) calendar days of the receipt of the Request.
  • WAIVER: If you do not participate in the Engagement Conference and fail to provide the Department prior written notice of your absence, you waive your right to an Engagement Conference. Notice should be submitted to Engagement@dch.ga.gov. This waiver does not preclude you from requesting an Administrative Review.
  • SETTLEMENT:“The Engagement Conference is considered settlement talks, and therefore, is not admissible in any pending or future proceeding, including Administrative Review or Administrative Hearing.” This includes conduct during conferences, notes, and correspondence.
  • ACCEPTANCE/REJECTION: You have seven (7) calendar days from the date of the Conference to accept or reject the offer in writing.
    • Acceptance must be in writing and waives your right to an administrative review.
    • If you reject the offer, you have the Right to Request an Administrative Review pursuant to Policy and Procedures Manual Sections 402.6 and 505.

Remember to print a copy of any communication you have with DCH and always ask for a “read receipt” when you send an email to DCH.

If you have received a Proposed Adverse Action from the Department, please contact Kimberly Sheridan at ksheridan@jeylaw.com or 678-708-4703 for assistance.

More Providers Audited for HIPAA Compliance – Are You Ready?

The number of entities audited for HIPAA compliance has increased. Are you prepared if OCR comes knocking on your door?

Under the HITECH Act, the Department of Health and Human Services is required to conduct periodic audits to ensure that entities are complying with HIPAA. Phase 1 audits concluded in 2012. Now OCR has released information on Phase 2 and more audits are set to begin around October of this year.

HIPAA Covered Entities and Business Associates selected for audits will be asked to quickly produce policies and procedures, executed business associate agreements and other HIPAA-related documentation so that it can be reviewed by OCR to determine if any deficiencies exist. OCR has noted that it intends to focus on the deficiencies identified through Phase 1 audits. These include lack of proper policies and procedures, presence of security risks, failing to conduct a security risk assessment, and failing to have business associate agreements on file.

Small providers should also take note—according to OCR, small providers tended to have more deficiencies than larger providers. OCR has also revealed other details regarding the 2nd audits, OCR will be conducting the audits internally. They have also increased the number of entities to be audited to 400 entities, 350 of which will be Covered Entities and the remaining 50 will be Business Associates. Some of the audits will focus on the Privacy Rule, others on the Breach Notification Rule, and the remainder will focus on compliance with the Security Rule.

If your organization is a covered entity or business associate under HIPAA you want to make sure that you are prepared in case you are one of the entities subject to an audit this Fall. Steps you will want to take include:

  • Have all your HIPAA policies and procedure updated and on file
  • Make sure all your Business Associate Agreements reflect the 2013 changes to the HIPAA Rules and have those agreements properly executed and on file
  • Conduct a security risk assessment if you have not already and ensure that security risks are addressed
  • Engage an experienced healthcare law firm to proactively help you review the aforementioned items to help you identify any potential deficiencies

To view OCR’s Presentation on Phase 2 Audits, click here: OCR Audits Phase 2 by Linda Sanches, Senior Advisor for Health Information 

For more information contact DJ Jeyaram at dj@jeylaw.com or Danielle Hildebrand at dhildebrand@jeylaw.com