Compliance and Ethics Week

November 2, 2022

National Compliance and Ethics Week kicks off today! This nationally recognized week was established to assist in educating workforce members on the importance of compliance and ethics. The Office of Healthcare Compliance & Privacy (OHCP) is a resource for the UConn Health community, staffed with individuals with focused areas of expertise that span the realm of healthcare compliance and privacy. We work to provide education, guidance, and assistance to the UConn Health community regarding any questions or concerns related to healthcare compliance and privacy.

Education serves as an integral part of compliance and is our first line of defense to prevent costly compliance violations. If you have not already done so, please complete the 2022 Office of Healthcare Compliance & Privacy annual training before the deadline of Tuesday, January 24, 2023. For more information regarding the training, please reference the OHCP annual training webpage.

OHCP would like to thank the UConn Health community for its ongoing commitment to compliance and privacy. Fostering a culture of compliance and respect for privacy is the responsibility of the entire UConn Health community, truly a team effort.

Do you have a healthcare compliance or privacy question or concern? Please contact us!

Patient Verification

October 21, 2022

Patient identity must be verified when scheduling, checking-in, registering, admitting a patient for service, and when responding to patient queries or requests, among other times when using or disclosing patient information. It is vitally important to identify the correct patient for many reasons, including but not limited to patient safety, protection of privacy, and proper billing.

  • Per UConn Health policy, at a minimum, verify identity using the patient’s full name and date of birth. Regulation requires the use of as many identifiers as necessary to ensure identification of the correct patient.
  • In addition to the UConn Health verification requirements, the Office of Healthcare Compliance & Privacy strongly recommends using at least one additional identifier, such as the last four (4) digits of the patient’s Social Security number (if available) or address.

Remember, patients may have the same or similar names and dates of birth. For example:

  • Many names sound the same but are spelled differently (e.g., Katherine/Catherine or Smith/Smyth).
  • Twins share a date of birth, may share a last name and may have similar first names! Minor twins, in particular, may also share an address, so using the patient’s Social Security number may be essential to accurate verification.

Also, remember:

  • Double-check to ensure the correct medical record is open for the correct patient, every time.
  • If you discover that more than one patient has the same name or other identifiers, do not disclose this information to the patient with whom you are speaking! (Do not say, “We have three other patients here with your same name!”)
  • Direct requests to change or correct patient identifying information to Patient Access or Data Integrity.

Questions or Concerns:

New AVP for Healthcare Compliance and Privacy

September 12, 2022

We are pleased to announce that Elle Box has assumed the role of Assistant Vice President for Healthcare Compliance and Privacy and the Chief Privacy Officer. Prior to joining UConn Health, Elle served as the Chief Compliance Officer and HIPAA Privacy Officer for TMC Health in Tucson, Arizona. Prior to her leadership role with TMC Health, Elle served as Director of Compliance at Merit Laboratory Partners. Elle’s background also includes work as a scientist; before entering the field of compliance, Elle worked for AEGIS Sciences as a forensic immunochemist and certifying scientist in GCMS and LC/MS-MS toxicology. She also holds a Master of Science degree in pharmacology and toxicology from Michigan State University and a Bachelor of Science in clinical laboratory science from the University of Wisconsin – Madison.

Elle’s professional and educational experience, her collaborative style, and her strong leadership skills will serve UConn Health well, and we look forward to working with her. Please join us in welcoming Elle to UConn Health!

Same Office, New Location

August 15, 2022

To accommodate our growing team, the Office of Healthcare Compliance and Privacy has expanded its location. The Healthcare Compliance team now resides in AG069. The Healthcare Privacy team resides in LM041. The new mail code is 1910. Please update your records! All office phone numbers remain the same. As always, be sure to reach out to the office with any healthcare compliance or privacy questions or concerns you have.


CMS Publishes Program Year 2021 Open Payments Data

July 12, 2022

On Thursday, June 30, 2022, the Open Payments Program published its 2021 data. In 2021, the program expanded its provider types to include:

  • Physician Assistants,
  • Nurse Practitioners,
  • Clinical Nurse Specialists,
  • Certified Registered Nurse Anesthetists,
  • Anesthesiologist Assistants,
  • and Certified Nurse Midwives,

in addition to:

  • Doctors of Medicine or Osteopathic Medicine (excluding Medical Residents),
  • Doctors of Dental Medicine or Dental Surgery,
  • Doctors of Podiatric Medicine,
  • Doctors of Optometry,
  • and Chiropractors.

The Open Payments program provides transparency into financial relationships between applicable manufacturers and group purchasing organizations (GPOs) and health care providers (physicians and teaching hospitals). The program makes the data available to the public to shed light on payments and other transfers of value that take place each year.

You can access the data at Open Payments. For compliance and audit purposes, it is important that what was disclosed under your name and what you disclosed to the University are a match.

We encourage you to check the data disclosed under your name against what you disclosed on the 2022 disclosure form and make any corrections needed as soon as possible.

NOTE: when the total of payments reported by Open Payments from a single entity is under $5,000 it is not required to report them in your annual disclosure to the University.

For more information and resources, please visit Open Payments or contact Gus Fernandez-Wolff.

Medical Student Documentation

June 27, 2022

Did you know that Medicare allows teaching physicians to utilize medical student documentation to support billing evaluation and management (E&M) services?

The following criteria must be met when billing for services documented by medical students:

  • Services must be E&M services (diagnostic and therapeutic services are prohibited).
  • Medical students may document any and all components of the E&M service.
  • E&M services must be performed in the physical presence of a teaching physician or resident.
  • The teaching physician must personally perform (or re-perform) the physical exam and medical decision-making.
  • The teaching physician must verify medical student documentation (residents are prohibited from verifying student documentation).
  • Proof of teaching physician verification should be documented using an attestation. 

Example of a Suitable Attestation

“The medical student was personally supervised by me or my resident (resident’s name) during the patient examination. I personally performed a physical exam and the medical decision-making. I made appropriate changes to the documentation and the assessment and plan based on my verification, exam, and medical decision making.”

You can find the Medicare guidance in Chapter 12 Section 100.1.1 of the Medicare Claims Processing Manual: Medicare Claims Processing Manual (

Please contact the Office of Healthcare Compliance and Privacy for further guidance.

Disposal of PHI and ePHI

May 26, 2022

Generally, Protected Health Information (PHI) is any type of Individually Identifiable Health Information held or transmitted by UConn Health or its Business Associates, in any form or media. Electronic Protected Health Information (ePHI) is PHI that is received, maintained or transmitted in electronic form. All UConn Health workforce members must safeguard our patients’ PHI, which includes ePHI.

Safeguards include protecting PHI/ePHI in connection with its disposal. For example:

  • Never place paper documents/printed materials containing patient information in trash bins, recycle bins, or other publicly accessible containers.
  • Always use a secure shredder bin. If you do not have a secure shredder bin, contact your supervisor right away!
  • Follow the procedures in the UConn Health Office of Logistics Management (OLM) Property Control Manual related to receipt, removal, storage, re-use and disposal of hardware and electronic media.
  • Destruction of X-ray film is handled by OLM through the use of a Business Associate.
  • Red Bag Waste must be placed in regulated medical waste bins and incinerated using secure methods.
  • Certain documents and other materials containing PHI may be subject to record retention requirements. Generally, copies are not subject to these requirements. Contact the Office of Healthcare Compliance and Privacy (OHCP) or the Office of the General Counsel (OGC) for guidance.

      For more information please review  Policy 2008-01- Disposal of Protected Health Information (PHI) and Disposal and Re-use of Hardware and Electronic Media Containing Electronic Protected Health Information (ePHI)

      Questions? Contact the Office of Healthcare Compliance and Privacy – we are here to help!



      Defense Against Cyber Attacks and Privacy Breaches

      March 20, 2022

      Cybersecurity attacks are on the rise and healthcare organizations like UConn Health are often targets. Cyber-attacks can corrupt devices, disable networks and allow bad actors to access patient and employee information. Quite simply, successful cyberattacks put patient safety and privacy at significant risk. We must all work together to lower this risk for our patients and all of UConn Health.

      “Phishing” is the most common type of cyberattack. In this scheme bad actors will send you an email and “trick” you into opening an attachment or clicking a harmful link, allowing them to imbed viruses in your device and gain access to all of the data anywhere in your email account. Some viruses will then send phishing emails that look like they’re from you to other individuals at UConn Health. The cycle repeats and the damage multiplies.

      To help prevent phishing attacks, look for emails that contain:

      • An urgent message that asks for your quick reply
      • A plea for help or financial assistance for a person, cause, campaign, or organization
      • Offers that sound too good to be true
      • Misspelled words and poor grammar
      • Mismatched email address information – look at the email address, not just the sender – make sure the display name matches the email address
      • Generic signature lines – make sure you can verify that the name and contact information are credible
      • Unexpected requests regarding personal information – be wary of clicking links or answering questions from contacts that you didn’t initiate
      • Unsolicited attachments

      Strong security of your work and personal devices can also deter the theft of UConn Health’s data.

      Remember to:

      • Use strong passwords and change them often
      • Create different passwords for different computers
      • Use 2-factor authentication when available
      • Install and update antivirus software frequently, including personal devices and networks

      If you receive an email that looks suspicious, click the “Report Phish” button in the upper right corner of your screen. Please contact the Help Desk or IT Security for phishing or security questions and the Office of Healthcare Compliance and Privacy for privacy-related questions or guidance.

      Compliance Training Due Tomorrow

      March 11, 2022

      Have you completed the 2021 Annual Compliance Trainings? In consideration of the extraordinary circumstances of the public health crisis and challenges faced by our workforce, the deadline for the training was extended to Tuesday, March 15, 2022.

      The following three (3) trainings are due tomorrow (3/15):

      • 2021 Healthcare Compliance Training
      • 2021 HIPAA Privacy Training
      • 2021 Security Awareness Training

      You can access the training by logging into the Saba Learning Center. Any outstanding training can be found under My Learning.

      Compliance training is a key component of the University’s compliance program and is required by law and University policy. Courses are designed to educate the UConn Health community on identifying, preventing, and detecting incidents of non-compliance.

      Please make every effort to complete any outstanding courses by tomorrow (3/15) to avoid disciplinary action. Thank you for your attention and support of the compliance program at UConn Health.

      Contact the Office of Healthcare Compliance and Privacy with any questions.

      Safeguarding Protected Health Information (PHI)

      February 14, 2022

      The Health Insurance Portability and Accountability Act (HIPAA) requires that UConn Health have appropriate safeguards in place to protect the privacy of protected health information (PHI). Here are some helpful hints for protecting PHI:

      • Don’t leave paper records that contain PHI unattended. Use a shredder bin to dispose of paper PHI.
      • Physically secure electronic devices that contain ePHI when not in use to prevent unauthorized access.
      • Don’t discuss PHI in high traffic areas, such as the cafeteria, elevators, and hallways.
      • The same HIPAA rules apply when you are working at home as they do in the office. Make sure PHI is not visible or heard by others in your home.

      If you have any questions, need guidance, or have a privacy concern, please contact The Office of Healthcare Compliance and Privacy.