Today, there are two vital areas of physician practice which demand compliance plans:  Fraud and Abuse and HIPAA. We have spent many hours creating two documents that can help physician practices create or  update their existing plans.. (They also have guidance of use to other types of providers.) We call them “Compliance Plan Development Protocols”. We help our clients craft their own compliance plans. We review compliance plans and make suggestions regarding improvements and updating. We help clients assess whether their plans are working, using attorney-client privilege. We do not believe in or make available a canned plan for either topic. We think they are more dangerous than helpful. But any medical practice without a compliance plan for each of these issues  is simply being foolhardy in this day and age.


It has been twenty years since the Health Insurance Portability and Accountability Act (“HIPAA”) was signed into law, and sixteen years since the first regulations governing HIPAA were published. Since that time, HIPAA and its regulations have been modified extensively, adding new, complex requirements for compliance.

Although many physicians and physician practices are aware of their duties under HIPAA’s Privacy Rule (the first set of regulations published in 2000), many have not kept up with the additional requirements posed by the Security Rule, the Breach Notification Rule, and the so-called “Omnibus” Rule. Beginning in 2012, the Department of Health and Human Services’ Office of Civil Rights (“OCR”) began to take notice of the fact that physicians and physician practices were not meeting their requirements under HIPAA. With the first enforcement action against a small practice, resulting in a $100,000 fine against a cardiac surgery group, the OCR effectively put small physician practices on notice: you can no longer afford to ignore these issues. Furthermore, the OCR is now conducting audits of physician practices and their business associates to determine whether they are compliant with HIPAA’s requirements, including the need to conduct a security risk analysis, designate individuals responsible for ensuring HIPAA compliance within the group, and develop policies and procedures to address ongoing compliance obligations.

These requirements may seem daunting, even bewildering, in their extent and complexity. Our new “HIPAA Compliance Plan Development Protocol” can help make sense of the myriad requirements a physician practice faces under HIPAA. This 63-page document see Table of Contents addresses the requirements of the Privacy Rule, the Security Rule, and the Breach Notification Rule. It includes sample Business Associate Agreement language, as well as links to resources from both the government and private organizations, all of which can help your practice confront its HIPAA obligations.

We work with our clients to help draft HIPAA compliance plans. Dan Shay takes the lead on this work. We review existing compliance plans to make suggestions to improve and update their plans. We provide consultation on successes and pitfalls in compliance plan implementation, all under attorney-client privilege. No practice can afford to fly without the parachute that a compliance plan provides.

Our HIPAA Compliance Plan Development Protocol, like our “Fraud and Abuse Compliance Plan Development Protocol”  click here is available for $250 prepaid by credit card to non-clients, and is available to clients at a discounted rate of $175. If you buy both, we offer a discounted rate of $450.If you are a client, to buy both is $300.

If you are not a client, you may purchase the HIPAA Protocol, or both, by clicking here. If you are a client, please call us at 215-735-2384 to confirm your status as a client and provide us with your credit card.


The need for a vibrant, updated, functional compliance plan in any medical practice is greater than ever. Given the many enormous false claims settlements, the first Stark settlement over internal compensation formulas and the voluntary repayment regulations, the context for compliance plans is decidedly different from fifteen years ago when we first offered our Physician and Medical Practice Fraud and Abuse Compliance Plan Development Protocol. Our document has now been completely revised. It is designed to help physician practices develop, update and maintain a meaningful compliance plan, specific to their circumstances. For practices that already have a compliance plan, as you can see from the Table of Contents, this 46 page document addresses much more than billing and documentation issues. Most compliance plans need to be tweaked and updated to reflect the breadth of the voluntary repayment rules, the new enrollment environment, and the potential for quality-based and reporting-based fraud and more. This document can give you some ideas. It also has an Exhibit with links to 10 compliance relevant websites, 2 books, 52 articles and 6 teleconferences.

Our Protocol is for sale for $250 prepaid by credit card to non-clients.  Click Here

To our clients, we offer a discounted rate of $175. If you are a client, please call 215-735-2384 to confirm your status as a client and to give us your credit card number.