Fax Scam Alert

January 17, 2023

The healthcare industry continues to be targeted by numerous scams. Recently, some UConn Health clinics received fake fax orders for medical supplies and equipment. The orders appear to come from a legitimate company, are directed to the patient’s correct provider, and may contain accurate patient identifiers. The scammers often call the clinics before the order is faxed and again to check the status of the order. They will claim that the provider or the patient requested the supplies or equipment, and the caller will request provider signature on the order.

We can combat these scams by asking:

  1. Does the call feel right? If not, hang up and report the call.
  2. Did the provider or patient request these items? Check with the provider and patient.
  3. Is this a known company and regular workflow? If not, hang up and report the call.
  4. If this is a known company, do the phone and fax numbers match the numbers we have in our systems? Contact the company through a trusted and known contact method if the call is questionable.

Above all, do not respond to the fax or provide the callers with any information until you have verified the caller’s identity and authority to receive the information.

Any time you have doubts, please feel welcome to contact IT Security, or, if your issue is not addressed, you can reach Interim CISO Dennis at, CIO Rick at, or AVP Rob at, or the Office of Healthcare Compliance & Privacy at 860-679-7226 or for assistance – we are here to help!


Welcome New Team Members

The Office of Healthcare Compliance and Privacy is pleased to welcome both Lisa Frigo and Paige Sullivan to our team.

Lisa joins our team as a Compliance Specialist. She has fifteen years of experience in health care including providing direct patient care, managing clinical services, and supporting compliance programs. Lisa has worked in a variety of healthcare settings including academic medical centers, physician practices, community hospitals, and healthcare insurance companies.

In her new role, Lisa will provide guidance, education, and monitoring regarding new or changing Federal and State regulations.

Paige joins our team as a Medical Auditor. Paige is a registered nurse with eight years of experience providing direct patient care – most recently, in UConn Health’s Department of Dermatology. Paige has previous experience with inpatient and pediatric patient care at academic medical centers. She has also worked in military health care.

In her new role, Paige will be auditing and monitoring institutional risk areas for compliance with Federal and State regulatory requirements. In addition, she will be developing provider education and making process improvement recommendations aimed at reducing institutional compliance risk.

Please join us in welcoming both Paige and Lisa and wishing them success in their new roles at UConn Health. We are thrilled that they have joined our team!

No Surprises Act

December 15, 2022

The No Surprises Act intends to prevent patients from receiving unexpected bills for out-of-network care in emergency and select non-emergency settings. These requirements:

  • Prohibit balance billing (billing a patient for the difference between the total cost of services being charged and the amount the insurance pays) for out-of-network emergency services and out-of-network non-emergency services provided at in-network facilities
  • Require health plans to cover emergency services without prior authorization, regardless of whether the provider is in or out-of-network
  • Require the health plan to cover the services as if they were in-network when emergency services are rendered by an out-of-network provider
  • Require uninsured individuals receive a “good faith estimate” of total expected charges for a service before they receive the service
  • Require providers to display public notices regarding the Act’s balance billing restrictions
  • Prohibit out-of-network providers to balance bill the patient for non-emergency services rendered at an in-network facility.

The Act does not apply when patients are insured through government programs such as Medicare, Medicaid, or Tricare.

The regulations governing the No Surprises Act were issued over a fourteen-month period via two Interim Rules and one Final Rule. Due to the fragmented rule-making, providers faced significant challenges in interpreting and implementing the Act’s requirements. As a result, the Office of Healthcare Compliance and Privacy would like to thank the UConn Health Clinical Business Services and the Epic Revenue Cycle Departments for their work in implementing the Act’s many requirements.


Work Issued EMR Access

Do not access your own medical records using your work-issued credentials in UConn Health electronic health records (EHR).

UConn Health takes its HIPAA Privacy and Security obligations seriously, including its obligations to track and respond to patient requests for protected health information (PHI).

UConn Health Workforce members who are patients of UConn Health have the same rights of access as patients who are not Workforce members, and UConn Health expects that all patients, employed or not, access their records via MyChart or by completing a Patient Request to Access Medical Records form through the office of Health Information Management (HIM). UConn Health Workforce members are prohibited from accessing their own medical record using work-issued EHR access.

Also remember: HIPAA prohibits accessing the records of co-workers, family members, or others unless necessary to do your job (e.g., direct patient care or patient registration).

Violations of UConn Health policy and/or HIPAA Privacy requirements may result in recommendation of disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, and/or other applicable policies.


Compliance and Ethics Week

November 2, 2022

National Compliance and Ethics Week kicks off today! This nationally recognized week was established to assist in educating workforce members on the importance of compliance and ethics. The Office of Healthcare Compliance and Privacy (OHCP) is a resource for the UConn Health community, staffed with individuals with focused areas of expertise that span the realm of healthcare compliance and privacy. We work to provide education, guidance, and assistance to the UConn Health community regarding any questions or concerns related to healthcare compliance and privacy.

Education serves as an integral part of compliance and is our first line of defense to prevent costly compliance violations. If you have not already done so, please complete the 2022 Office of Healthcare Compliance & Privacy annual training before the deadline of Tuesday, January 24, 2023. For more information regarding the training, please reference the OHCP annual training webpage.

OHCP would like to thank the UConn Health community for its ongoing commitment to compliance and privacy. Fostering a culture of compliance and respect for privacy is the responsibility of the entire UConn Health community, truly a team effort.

Do you have a healthcare compliance or privacy question or concern? Please contact us!

Office of Healthcare Compliance and Privacy team

Patient Verification

October 21, 2022

Patient identity must be verified when scheduling, checking-in, registering, admitting a patient for service, and when responding to patient queries or requests, among other times when using or disclosing patient information. It is vitally important to identify the correct patient for many reasons, including but not limited to patient safety, protection of privacy, and proper billing.

  • Per UConn Health policy, at a minimum, verify identity using the patient’s full name and date of birth. Regulation requires the use of as many identifiers as necessary to ensure identification of the correct patient.
  • In addition to the UConn Health verification requirements, the Office of Healthcare Compliance and Privacy strongly recommends using at least one additional identifier, such as the last four (4) digits of the patient’s Social Security number (if available) or address.

Remember, patients may have the same or similar names and dates of birth. For example:

  • Many names sound the same but are spelled differently (e.g., Katherine/Catherine or Smith/Smyth).
  • Twins share a date of birth, may share a last name and may have similar first names! Minor twins, in particular, may also share an address, so using the patient’s Social Security number may be essential to accurate verification.

Also, remember:

  • Double-check to ensure the correct medical record is open for the correct patient, every time.
  • If you discover that more than one patient has the same name or other identifiers, do not disclose this information to the patient with whom you are speaking! (Do not say, “We have three other patients here with your same name!”)
  • Direct requests to change or correct patient identifying information to Patient Access or Data Integrity.

Questions or Concerns:

New AVP for Healthcare Compliance and Privacy

September 12, 2022

We are pleased to announce that Elle Box has assumed the role of Assistant Vice President for Healthcare Compliance and Privacy and the Chief Privacy Officer. Prior to joining UConn Health, Elle served as the Chief Compliance Officer and HIPAA Privacy Officer for TMC Health in Tucson, Arizona. Prior to her leadership role with TMC Health, Elle served as Director of Compliance at Merit Laboratory Partners. Elle’s background also includes work as a scientist; before entering the field of compliance, Elle worked for AEGIS Sciences as a forensic immunochemist and certifying scientist in GCMS and LC/MS-MS toxicology. She also holds a Master of Science degree in pharmacology and toxicology from Michigan State University and a Bachelor of Science in clinical laboratory science from the University of Wisconsin – Madison.

Elle’s professional and educational experience, her collaborative style, and her strong leadership skills will serve UConn Health well, and we look forward to working with her. Please join us in welcoming Elle to UConn Health!

Same Office, New Location

August 15, 2022

The Office of Healthcare Compliance & Privacy has relocated. The team now resides in AG069. The new mail code is 1910. Please update your records! All office phone numbers remain the same. As always, be sure to reach out to the office with any healthcare compliance or privacy questions or concerns you have.

New Location hanging sign

CMS Publishes Program Year 2021 Open Payments Data

July 12, 2022

On Thursday, June 30, 2022, the Open Payments Program published its 2021 data. In 2021, the program expanded its provider types to include:

  • Physician Assistants,
  • Nurse Practitioners,
  • Clinical Nurse Specialists,
  • Certified Registered Nurse Anesthetists,
  • Anesthesiologist Assistants,
  • and Certified Nurse Midwives,

in addition to:

  • Doctors of Medicine or Osteopathic Medicine (excluding Medical Residents),
  • Doctors of Dental Medicine or Dental Surgery,
  • Doctors of Podiatric Medicine,
  • Doctors of Optometry,
  • and Chiropractors.

The Open Payments program provides transparency into financial relationships between applicable manufacturers and group purchasing organizations (GPOs) and health care providers (physicians and teaching hospitals). The program makes the data available to the public to shed light on payments and other transfers of value that take place each year.

You can access the data at Open Payments. For compliance and audit purposes, it is important that what was disclosed under your name and what you disclosed to the University are a match.

We encourage you to check the data disclosed under your name against what you disclosed on the 2022 disclosure form and make any corrections needed as soon as possible.

NOTE: when the total of payments reported by Open Payments from a single entity is under $5,000 it is not required to report them in your annual disclosure to the University.

For more information and resources, please visit Open Payments or contact Gus Fernandez-Wolff.

Medical Student Documentation

June 27, 2022

Did you know that Medicare allows teaching physicians to utilize medical student documentation to support billing evaluation and management (E&M) services?

The following criteria must be met when billing for services documented by medical students:

  • Services must be E&M services (diagnostic and therapeutic services are prohibited).
  • Medical students may document any and all components of the E&M service.
  • E&M services must be performed in the physical presence of a teaching physician or resident.
  • The teaching physician must personally perform (or re-perform) the physical exam and medical decision-making.
  • The teaching physician must verify medical student documentation (residents are prohibited from verifying student documentation).
  • Proof of teaching physician verification should be documented using an attestation. 

Example of a Suitable Attestation

“The medical student was personally supervised by me or my resident (resident’s name) during the patient examination. I personally performed a physical exam and the medical decision-making. I made appropriate changes to the documentation and the assessment and plan based on my verification, exam, and medical decision making.”

You can find the Medicare guidance in Chapter 12 Section 100.1.1 of the Medicare Claims Processing Manual: Medicare Claims Processing Manual (

Please contact the Office of Healthcare Compliance and Privacy for further guidance.