In two new cases, federal courts have ruled that providers are entitled to all the documentation used by CMS and its program integrity contractors to calculate overpayments, which is a win for providers pushing back on extrapolation, an attorney said. But one court concluded that Medicare auditors aren’t required to include zero-paid claims in the “target universe” of claims, which can affect the fate of the statistically valid random sampling and extrapolation, and the other court hasn’t ruled yet on the inclusion of zero-paid claims.

They are cases of “first impression,” which means they’re the first time that federal courts have ruled providers have a due process right to compel completion of the administrative record, said attorney Stephen Bittinger, with K&L Gates, who represented the providers in the cases.

The list below appears in the Society of Corporate Compliance and Ethics’ The Complete Compliance and Ethics Manual 2024.^[1]

A final HIPAA rule on reproductive health care privacy prohibits covered entities from disclosing reproductive health care information to law enforcement agencies, with an exception.^[1] The HHS Office for Civil Rights (OCR) released the rule April 22, two days before the U.S. Supreme Court heard oral arguments on whether Idaho’s abortion ban violates the Emergency Medical Treatment and Labor Act (EMTALA)—events that have pushed abortion deeper into the compliance realm.^[2]

General use of artificial intelligence (AI) became available through OpenAI’s introduction of ChatGPT—a chatbot—on November 30, 2022. This led to broader public adoption of the technology, quickly reaching 100 million users in two months.^[1] However, the quick uptake and pace of AI development had led to concerns and calls for global generative AI regulation by the CEO of ChatGPT in 2023 during congressional testimony.^[2]

Many healthcare organizations are moving to a consolidated risk assessment, which includes compliance, internal audit, and enterprise risk management. A consolidated approach to the risk assessment process has many benefits, takes significant planning, and may be a multiyear effort.

Mergers and acquisitions (M&A) constantly occur in the healthcare industry. Organizations have varying levels of compliance involvement in the “due diligence” phase. During due diligence, a flurry of information is being shared by both organizations that are party to the transaction. Both organizations owe it to themselves to make sure the deal and the acquisition makes sense and accomplish the intended purpose of the transaction. Part of the due diligence process includes examining financial documents, contracts, employee data related to benefits and wages, and much more.

Tired of the onslaught of promotional emails promising artificial intelligence (AI) tools that deliver increased efficiency while lowering operating costs? Wondering how many more of those emails your executive team is receiving? Up with night sweats at the thought that employees are entering confidential company data into ChatGPT? Or are you spurred on by the Biden administration’s commitment to advancing the responsible use of AI in healthcare as seen in the October 30, 2023, Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (E.O. 14110)?^[1]

If the answer to these questions is yes, the time has come to put together an AI governance program.