Anesthesia Compliance Consultants

Providing compliance education and services
to anesthesia providers, hospitals and billing companies


Compliance and HIPAA Training

We specialize in providing Anesthesia Compliance and HIPAA training to anesthesia professionals using our web-based education platform. Choose from the courses listed below or allow us to create a program tailored specifically to your organization, type of practice or company.

We offer the following courses in an online setting:

  • Anesthesia Compliance
  • Anesthesia HIPAA Privacy
  • Anesthesia Compliance and Privacy
  • Anesthesia Evaluation and Management Coding
  • Fraud, Waste and Abuse Training

We provide online group training. We will educate your company on anesthesia compliance and HIPAA Privacy. Contact us for more information and group rates.


Compliance Plans

ACC will assist with the creation of a compliance plan for your organization. Our team of experienced professionals crafts compliance plans consistent with regulatory, medical, billing and coding standards.

“We understand anesthesia: we have stood in your shoes.”


Latest News

New HIPAA Penalties from HHS

Posted on May 13, 2019 in Billing, HIPAA

Direction from HHS on Penalties

 New HIPAA Penalties are now available from the Department of Health and Human Services after it published a notice on April 30th.    Of interest, HHS is exercising its discretion in how it applies its regulations on the assessment of Civil Monetary Penalties (CMPs) under HIPAA. Currently HHS applied the same cumulative annual limit to the four categories of violations.

Pending further rule making HHS will now apply different cumulative annual CMP limits.  This will be instead of the maximum $1.5 million for each level of violation. This is a reduction in the maximum limit, scaling down based on the level of culpability. Consequently, HHS will use the new penalty structure until further notice.  It is important to understand the new HIPAA Penalties from HHS.

Read about Data Breaches

Four Categories

Based on four categories of culpability HHS has provided covered entities and business associates with a whole new structure for penalties.  In mostcases the amount of penalty will be significantly less than what we have experienced in the past.

First, for a category of no knowledge the minimum penalty is now $100, and the annual limit will be $25,000 down from $1.5 million.

Secondly, for a reasonable cause $1,000 is the minimum and $100,000 for an annual limit down from $1.5 million.

Next, willful neglect with a correction it would be $10,000 as a minimum and $250,000 for annual limit.

Finally the highest is for Willful neglect with no correction with $50,000 as a minimum with an annual limit of $1,500,000.

This new guidance changes significantly the penalty structure for HIPAA violations and must be considered and understood by covered entities and business associates who deal with protected health information.

To read this important notice on new HIPAA Penalties from HHS, visit the Federal Register using the link below.

Read More

Fraud, Waste and Abuse

Posted on May 7, 2019 in Billing, Compliance, Medicare Fraud

Fraud, Waste and Abuse

Our Compliance Tip

We have heard much about Fraud, Waste and Abuse in the news lately and are aware the government has their eyes on the Anesthesia profession.   As providers of medical care we must be very familiar with these concepts. 

The Fraud, Waste and Abuse program has become very important and it is mandatory for healthcare professionals including Anesthesia Providers to understand the concepts.

Why It Is Important

Most important of all, the reason for this new required program is to help practitioners become aware of the significant problem we have today in terms of Medicare Fraud and Abuse.  Medicare abuse costs taxpayers billions of dollars and puts beneficiary’s health and welfare at risk.  In 2011 the US lost 3-10 % or $82-$272 billion annually due to healthcare fraud and abuse.

Fraud, and Intentional Action

Fraud is an intentional action that results in a benefit to the perpetrator.  The intention must be present for an action to be found to be a fraudulent activity.  In healthcare this may occur when services are not rendered or given in a matter claimed and they are intentionally billed.   A violation of the anti-kickback statute that results in reimbursement to the group can result in a false claims allegation by the OIG.  

Other actions can lead to allegations of false claims such as retention of overpayments, billing for services not provided or medically unnecessary, or up coding a claim, which uses a higher code than that which indicates the service rendered. An example of up coding is using a code with a higher amount of base units than that performed.  Unbundling services breaks apart elements into separate items of a service that we normally bill together.  There have been cases where an anesthesiologist unbundled provision of oxygen and basic monitoring from basic anesthesia care to bill for them separately. 

Examples of Fraud

Examples of fraud that show intent to defraud include: documenting a service that did not occur, upgrading the physical status, submitting documentation for reimbursement that you know is not correct and creating false documentation to support a higher level of service. 

What is Abuse

Primarily the term abuse means practices that are not consistent with medical, business or financial standards that result in waste of funds for reimbursement.  The government often links this with fraud.  

As an example of abuse is billing non-covered services as covered services, reporting duplicate charges on a claim, charging excessively for services, and improper billing that results in payment by a government program when another payer is responsible.

Most important of all CMS requires all providers to know how to combat fraud and abuse.  Providers must also learn how to keep their organizations from engaging in abusive practices that hurt the Medicare program.

Read More

Reasonable Safeguards for Anesthesia Providers

Posted on Mar 29, 2019 in Uncategorized

Reasonable Safeguards for Anesthesia Providers
Data Security is part of HIPAA

Protecting  PHI

Reasonable Safeguards for PHI are precautions that a prudent person must take to prevent a disclosure of Protected Health Information.  To protect all forms of PHI: verbal, paper, and electronic, provides must apply these safeguards.  They help prevent unauthorized uses or disclosures of PHI.  In addition safeguards must be part of every privacy compliance plan.  Organizations must share this with all members of the organization.

Safeguards for Verbal PHI

Apply Reasonable Safeguards for PHI to all of your verbal disclosures of Protected Health Information. When you work with a patient, first determine who is with the patient before discussing PHI.  Secondly do not assume the patient permits disclosure of their PHI just because family or a friend is in the room with them. Ask who is with the patient and if the patient permits disclosure.  Finally you may ask the persons to leave the room providing the patient an opportunity to object.

Paper PHI

In addition, reasonable safeguards for PHI must apply to the use of all paper products to prevent these from reaching the wrong person.  Providers must dispose of all paper products that have PHI in a shredder once no longer used.  Personnel must make every effort to give the patients summary to the correct patient.  When a paper patient summary is given to a patient, every effort must be made to give it to the correct patient.

Electronic PHI

Password protect all computers in order to protect electronic PHI.  Employees must only use the computer medical accounts to which they are assigned.   One must consider the use of encryption of any email or texts that contains ePHI.

Use of Reasonable Safeguards for PHI Prevent Violations

In conclusion the use of reasonable safeguards may be the difference between an Office for Civil Rights finding of a privacy violation or a finding that an incidental disclosure occurred.   The latter is secondary to a permissible disclosure, and not a violation. Reasonable safeguards protect PHI and help prevent you from violating patient privacy.

Read More

Encryption of ePHI as a Safeguard

Posted on Feb 27, 2019 in HIPAA, Uncategorized

Encrypting cPHI may help your program
Encryption for ePHI

HIPAA Security Rule

The decision to use encryption of ePHI as a safeguard depends on several factors.  The HIPAA Security Rule allows safeguarded electronic PHI transmission. After a careful analysis of their system, an organization may decide that Encryption of ePHI as a safeguard is in their best interest.  The healthcare provider may then decide to use encryption as the means of protection of sensitive ePHI. 

They defined the encryption standard as an addressable requirement and can be confusing.  Consequently, if it is a reasonable and appropriate safeguard for the protection of ePHI it should be implemented. The entity may determine it is the best safeguard in its risk management of the confidentiality integrity and availability of ePHI.  Consequently, an organization should consider the use of this and implement it in its management of ePHI.  Eventually, the entity must document this in the plan.

No Specific Requirements

When they enacted the Security Rule they recognized the rapid advances in technology. Consequently, it would be very difficult to give guidelines that change regularly. For this reason, they chose not to require specific safeguards.  It is up to the organization to do a careful risk assessment.   Based on this they may create the appropriate mechanism to protect ePHI.  Presently the use of encryption of ePHI is an effective tool.  It is a good safeguard for the safe transmission of email and texts through the cloud.  In many cases this has become the standard for the transmission of sensitive data in healthcare and in the business world.

Alternative to Encryption

A health care provider may determine that encryption isn’t reasonable and appropriate based on its security risk assessment.   They may then present their alternative to protect ePHI.  They may also decide to do neither and determine the standard may otherwise be met.  The provider should document its reasons for its decision.

For More Information

Read More

Permissible Disclosures to Law Enforcement

Posted on Jan 23, 2019 in HIPAA

Permissible Disclosures to Law Enforcement

Disclosures to Law Enforcement

Sometimes it is hard to determine what are the permissible disclosures to law enforcement. For example, HIPAA permits disclosures to law enforcement in certain situations. It is reasonable to disclose if a signed authorization from the patient or their legal representative exists .

When to Respond

The HIPAA Rule permits disclosures when required by law. This may be necessary to respond to subpoena’s and court orders with specific requirements.  In addition this may be necessary to investigate a crime, to locate a missing person and to prevent serious threats to public health and safety.  State law requires reporting for reports of child and adult abuse and neglect, and to report certain injury and disease. The law requires it in response to an enforcement official’s request for information about a victim or suspected victim of a crime.

State Law

Besides considering the federal HIPAA law, review state law because it may be more protective than HIPAA. If that is the case the entity must follow state law. It is important for your organization to know what are the permissible disclosures to law enforcement.

This is your HIPAA ABCs brought to you by HIPAA Associates.  Contact us for more information on this important topic and HIPAA training for you and your company.  Follow us on Facebook and Twitter.

Read More