AccuCare Home Health Services Pays $20,000 Fine for Employing Excluded Individual

Posted by Steve Alder

The Department of Health and Human Services Office of Inspector General (HHS-OIG) has agreed to a $20,000 settlement with AccuCare Home Health Services to resolve allegations that the home healthcare provider employed an individual on the HHS-OIG exclusions list and billed services provided by that individual to federally funded healthcare programs.

AccuCare Home Health Services is a Mesa, Arizona-based provider of home health care services, specializing in skilled nursing, physical therapy, occupational therapy, speech therapy, and medical social services. According to HHS-OIG, AccuCare Home Health Services was discovered to have employed a home healthcare aide who was not permitted to participate in any federally funded healthcare program, and billed products or services provided by that individual to federal health care programs. The alleged violation was settled with a $20,000 financial penalty.

Healthcare organizations must ensure that a check is conducted of the HHS-OIG List of Excluded Individuals and Entities (LEIE) prior to onboarding a new employee. Regular checks must also be conducted on all employees, since individuals may be added to the LEIE after their employment commences. The HHS’ Office for Civil Rights imposes relatively few financial penalties for HIPAA violations; however, when it comes to HHS OIG compliance, there is a much greater risk of a financial penalty if violations are identified. HHS-OIG regularly imposes significant financial penalties for claiming for items and services provided by excluded individuals and companies, submitting false claims, and violations of the Stark Law and the Anti-Kickback Statute. In addition to a financial penalty, there is a risk of being added to the HHS exclusion list, which will prohibit an individual or company from participating in federally funded health care programs.

On November 12, 2025, HHS-OIG announced that William Mangan, DO (Dr. Mangan) of Okemos, Michigan, had agreed to be excluded from participating in federally funded healthcare programs for a period of 10 years in connection with False Claims Act violations. Dr. Mangan was investigated by HHS-OIG in connection with allegations that he ordered genetic tests, durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) that were not reasonable or medically necessary and submitted claims to federally funded health care programs. Dr. Mangan claimed that he had evaluated patients and falsely certified that the ordered products were medically necessary when he failed to perform an adequate review.

Individuals can face severe penalties for knowingly causing products or services to be billed to federally funded healthcare programs when they are on the HHS-OIG exclusion list. Erik X. Alonso, 55, of Miami, Florida, had been convicted of conspiracy to commit health care fraud in 2015 for offenses in the Southern District of Florida. As a result of the conviction, Alonso was placed on the exclusion list and was fully aware that he was prohibited from participating in work that was billed to federally funded healthcare programs. In March 2022, Alonso started working for a telehealth mental health provider in New Hampshire and provided services to patients in the state that he knew would be billed to Medicaid. Alonso caused New Hampshire Medicaid to pay approximately $173,998.83 based on false and fraudulent claims. The healthcare fraud was discovered, and Alonso entered a guilty plea to one count of healthcare fraud and is awaiting sentencing. He now faces up to 10 years in jail.

The post AccuCare Home Health Services Pays $20,000 Fine for Employing Excluded Individual appeared first on The HIPAA Journal.

Bill Introduced to Repeal Proposed OSHA Heat Standard for Indoor and Outdoor Workplaces

Posted by Steve Alder

Rep. Mark Messmer (R-IN) has introduced a bill that seeks to repeal safety and health legislation introduced by the Biden administration to protect Americans against heat injury and illness in both indoor and outdoor work settings. Rep. Messmer introduced the Health Workforce Standards Act of 2025 on November 20, 2025, to repeal the Occupational Safety and Health Administration’s  (OSHA) Heat Injury and Illness Prevention in Outdoor and Indoor Work Settings proposed rule. The bill is co-sponsored by 23 Republican representatives in 16 U.S. states and is supported by more than two dozen industry organizations.

OSHA’s proposed standard applies to most employers in the general industry, construction, maritime, and agriculture sectors where OSHA has jurisdiction, and requires them to implement a plan to evaluate and control heat hazards in the workplace and protect their workers from hazardous heat. Rep. Messmer claims that OSHA’s proposed rule would impose impracticable and unnecessary requirements on residential construction employers, noncompliance with which would attract excessive financial penalties.

Rep. Messmer said the sweeping and unworkable heat standards were fast-tracked by the Biden administration, and these heavy-handed regulations are likely to crush innovation, increase costs, and undermine productivity. The proposed rule would require almost all American businesses and institutions to follow rigid, one-size-fits-all, federal workplace standards based on predetermined temperature thresholds, regardless of industry, climate, or existing safety protocols.

“The Biden Heat Rule was never about safety, but was rather, unsurprisingly, focused upon expanding federal bureaucratic control over hard-working Americans,” said Rep. Messmer in a press release announcing the bill. “My Heat Workforce Standards Act empowers employers to maintain safe and realistic workplace standard parameters which allow for both their workers and the business to thrive.”

Rep. Messmer maintains that if OHSA’s proposed rule is implemented, there would be redundant and egregious regulation requirements in all 50 states, with little variance considered for industry-specific outdoor and indoor heat variables and differences in climate. Employers who already had heat injury prevention measures in place would not be recognized, and it would remove state governments’ ability to create targeted heat rules specific to their climate and local industries.

“Needless to say, California, Florida, and Michigan are miles apart when it comes to heat, and heat hazards in construction are very different from the hazards in manufacturing or agriculture. That is why any standard intended to prevent and reduce heat-related injuries must be flexible and keep workers safe in ways that best address their unique environments and challenges,” Tim Walberg, House Education and Workforce Committee Chairman, said. “The Biden-Harris proposed heat rule does not have that much-needed flexibility, which is why this bill is a necessary step in protecting workers and preventing federal overreach so we can help workers earn a living and get home safe.”

The post Bill Introduced to Repeal Proposed OSHA Heat Standard for Indoor and Outdoor Workplaces appeared first on The HIPAA Journal.

Threat Actors Time Attacks to Coincide with Periods of Reduced Vigilance

Posted by Steve Alder

Thanksgiving weekend is just a few days away, and while many healthcare employees will be enjoying time off work, it will be a particularly busy time for cybercriminals. Many hacking and ransomware attacks occur over Thanksgiving weekend when staffing levels are lower, and fewer eyes are monitoring for indicators of compromise.

The high level of ransomware attacks during holiday periods has recently been confirmed by the cybersecurity firm Semperis, which reports that in the United States, 56% of ransomware attacks occur on a weekend or holiday, and 47% of ransomware attacks on healthcare organizations occur during these times when staffing levels are reduced.

“Threat actors continue to take advantage of reduced cybersecurity staffing on holidays and weekends to launch ransomware attacks. Vigilance during these times is more critical than ever because the persistence and patience attackers have can lead to long-lasting business disruptions,” said Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor.

The Semperis 2025 Ransomware Holiday Risk Report is based on an analysis of responses to a detailed global ransomware survey of 1,500 IT and security professionals conducted in the first half of the year by Censuswide. The survey suggests that ransomware groups research their targets and time their attacks to coincide with material corporate events such as mergers, acquisitions, IPOs, and layoffs, and exploit the organizational disruption and reduced security focus during these events. “Organizations are under intense pressure to sustain operations while transforming their form and protocols during an IPO or merger, and cannot afford downtime, making them more likely to pay quickly to restore operations,” said Inglis. “During these times, it is critical to remain vigilant and situationally aware that bad actors may be lurking, looking to plant ransomware.”

In healthcare, 96% of organizations maintain a security operations center, with 80% managing it in-house and 20% outsourcing to a third-party vendor. During weekends and holiday periods, 73% of healthcare organizations reduce their SOC staffing levels by 50% or more, and 5% of organizations said they eliminate their SOC staffing entirely on weekends and holidays. The main reasons given for reducing or eliminating staffing levels were to improve work/life balance (63%), because the organization was closed during holidays and weekends (43%), and 36% of respondents said they did not expect an attack to take place.

Smaller organizations were the most likely to cut or eliminate SOC staffing levels on weekends and during holiday periods because they thought they would be unlikely to be attacked. While reducing staffing levels to give employees weekends and holidays off is all well and good, there is no time off for hackers. If internal staffing levels are to be reduced, there must be adequate monitoring, staff on call, or a third-party vendor providing cover.

There has been a marked increase in organizations bringing their SOC in-house, which is up 28 percentage points from last year, which has coincided with a 30% percentage point increase in below 50% staffing levels during holidays and weekends to maintain a better work/life balance. The reason for the shift in bringing SOCs in-house was not explored in the study, but there could be several factors at play.

“Being able to see what’s happening might enable organizations to pivot and adapt faster based on changing operations, business needs, and regulatory reporting requirements,” Courtney Guss, Semperis Director of Crisis Management, said. “The ROI of outsourcing also seems to be shifting as AI begins to handle some Tier 1 work, leaving the more complex work for SOC analysts.”

The survey also probed respondents on their identity infrastructure and the methods used for protection. The majority (90%) scan for vulnerabilities, although only 38% have vulnerability remediation procedures, and only 63% automate recovery. Concerningly, 10% of respondents said they do not have an identity threat detection and response strategy.

One of the most effective ways to defend against ransomware attacks is by tightening identity systems, most commonly Active Directory, Entra ID, and Okta,” former Australian Prime Minister Malcolm Turnbull said. “These are the digital keys that determine who can access what within an organization. In nearly every major ransomware incident, weak or compromised credentials have been the initial entry point. Strengthening identity systems is therefore not just good practice but a critical line of defense.

The post Threat Actors Time Attacks to Coincide with Periods of Reduced Vigilance appeared first on The HIPAA Journal.