Highlights from the 2020 HFMA and NEHIA Compliance & Internal Audit Conference

By | December 14, 2020

By Amber Fecik, Manager, Deloitte & Touche LLP and Amelia Abba, Manager, Deloitte & Touche LLP

The HFMA MA-RI Chapter teamed up with the New England Healthcare Internal Auditors (NEHIA) organization last week to put on NEHIA’s annual Compliance and Internal Audit Conference.  The conference was attended by more than 140 participants and was a great success!  Thank you to all who participated!

Highlights from the conference included:

  • Keynote speaker Shawn Mullen, a former FBI agent, shared his experiences in directing and investigating healthcare fraud cases. Key takeaways included:
    • It is estimated that anywhere between 3% to 10% of all healthcare expenditures can be attributed to fraud.
    • The major difference between fraud and abuse is intent. Fraud is defined as intentional misrepresentation of facts, whereas abuse is defined as actions inconsistent with accepted medical or fiscal practice.
    • Healthcare fraud schemes have become increasingly sophisticated, but there are still an abundance of blatant schemes that involve billings with no related services.
    • Emerging trends include COVID-19 Fraud, Pharmacy Fraud (including Internet Pharmacy and Drug Diversion), Physical Therapy Fraud (e.g., massages instead of physical therapy) and Home Health Agency Fraud

Presentation by Shawn Mullen, Director, Special Investigations Unit, MetroPlus Health Plan


  • Timothy Stark, Investigator for the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR), provided an informational overview on areas of emphasis for HIPAA compliance. Key takeaways included:
    • Based on the HHS February 2020 bulletin on Health Insurance Portability and Accountability Act (HIPAA) and COVID-19, the fundamentals of how patient information can be shared under HIPAA have not changed, as patient data must be protected appropriately even in times of emergency.
    • Certain popular communication applications, like FaceTime or Skype, are permissible for providing telehealth and will not incur HIPAA penalties; however other applications, such as Facebook Live, are not.
    • The importance of having Business Associate Agreements (BAAs) in place with applicable vendors and contractors was highlighted. Generally, a BAA is not required for telehealth provided over zoom.
    • Beginning this year, the OCR now allows for HIPAA complaints to be filed online instead of by mail. This has led to a significant uptick in the number of complaints the office has received, to the tune of 28,000 complaints expected this year.

Presentation by Timothy Stark, Investigator, U.S. Dept. of Health and Human Services Office for Civil Rights (OCR)


You can view Shawn and Timothy’s full presentations here: https://www.ma-ri-hfma.org/december-2-and-3-2020-meeting-handouts/

We hope everyone that was able to attend enjoyed the conference.  We look forward to seeing everyone next year!