CMS’ Missive to Skilled Nursing Homes: You’ve Got 30 Days

Crackdown on Social Media Abuses Begins Sept. 4, 2016

MyHIPAA Guide is Ready with a Plan to Help Nursing Homes Meet Deadline

Aug. 15, 2016 -- In an unprecedented memo to state survey and credentialing agencies, the Centers for Medicare & Medicaid Services directed state survey teams to begin enforcing privacy policies and procedures to protect patients from social media abuses. The memo cited recent media reports of social media abuses. Some of those reports detail horrific examples of nursing home residents on public display, sometimes partially or fully naked. Incidents often involve patients with dementia -- with staff members taking photos or video of demeaning scenes, and then sharing them with friends.

In its memo, issued on Aug. 5, 2016, CMS orders state survey teams to review nursing home policies and procedures related to social media abuses beginning Sept. 4, 2016, and continuing until all skilled nursing homes have been inspected. The memo points out that staff training alone is not enough, and that compliance must include plans for implementing daily practices that protect residents’ privacy. The memo defines “staff” as employees, consultants, contractors, volunteers and others who provide care services to residents.

In January 2016, MyHIPAA Guide, of Akron, Ohio, and Pedagogy Inc., of Troup, Texas, began working on a training and compliance program with special emphasis on social media abuses. Currently, two accredited online courses are available:

Responsibilities for Managing HIPAA Compliance offers training for managers putting compliance plans in place, and Social Media Rules for Nurses and Healthcare Providers educates staff on how abuses often happen, and how they can be prevented.

A bulk packages of seats in the two courses comes with a compliance service offering, called A Nursing Home’s Total Privacy Plan, offered by MyHIPAA Guide. This Total Privacy Plan gives nursing homes a complete compliance management program, including social media guidelines, a secure online whistleblower service, posters, monthly training webinars, and regular news updates on privacy requirements. 

The classes may also be purchased separately through Pedagogy.  Discounts are available for bulk purchases.

To learn more about social media abuses in nursing homes, click here.


Total Privacy Plan


Contact Diane Evans at This email address is being protected from spambots. You need JavaScript enabled to view it. for more details about A Nursing Home's Total Privacy Plan, or Capra Dalton at This email address is being protected from spambots. You need JavaScript enabled to view it. for information about purchasing courses separately.

Or sign up now to begin the work of getting compliant and staying compliant.

About MyHIPAA Guide: MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis to stay compliant. Visit, read about us in Crain’s Cleveland Business, or check out our guest viewpoint in the June issue of Compliance Today.

About Pedagogy Inc: Pedagogy offers nationally accredited online continuing education (CEU/CNE) courses and in-services for nurses, certified nursing assistants, CNA's, and other healthcare professionals.

Browse Pedagogy's class catalog to see all course descriptions and curriculum by subject category; courses may be purchased individually on the Pedagogy website.


10 Step HIPAA Plan

  • Step 1: Make Sure you Must Comply with HIPAA +

    What's Inside:
    Lists of who is generally covered and who is not, plus contact for inquiries.
  • Step 2: Designate Team Leaders +

    What's Inside:
    • 7-page HIPAA basics
    • 62-page guide to security and privacy of ePHI
    • Compliance Charter Template
  • Step 3: Develop Security Policies & Procedures +

    What's Inside:
    Templates for Security Policies and Procedures
  • Step 4: Conduct a security risk analysis +

    What's Inside:
    • Guides
    • Short videos
    • Interactive quizzes on risk assessment and contingency preparation
    • 10 common myths

    Interactive tutorial – 156 questions with fill-able PDFs for Windows or iPad. All material from federal sources.
  • Step 5: Develop an action plan +

    What's Inside:
    • 11-page overview on ePHI for small practices
    • 4-page Q&A addresses email with patients
    • Checklists

    Toolkit on 45 implementation specifications
  • Step 6: Reduce Risks of a Breach +

    What's Inside:
    • Overview of expectations
    • Annual Work Plan Template
  • Step 7: Train the Team +

    What's Inside:
    • Form for reporting breach notification
    • Links to details on the notification process and what constitutes a breach.
    • Suite of Training Materials
  • Step 8: Customize Privacy Notices +

    What's Inside:
    FOR ALL:
    • Privacy notice templates to help achieve meaningful consent, in English & Spanish.

    • Professionals' guide covering 2013 updates on communications.

    • Electronic toolkit with patient education and meaningful consent sample materials.
  • Step 9: Execute Business Associate Agreements +

    What's Inside:
    • Sample Business Associate Agreement (BAA) provisions
    • Suite of BA Management Tools
  • Step 10: Verify Compliance with HIPAA +

    What's Inside:
    • Tip sheets
    • Short videos
    • Overviews

    • 94-page guide on the EHR incentive program
    • Beginners' toolkit on reporting to the government

    All from federal sources.
  • 1

Peek inside the guide

This presentation will quickly show you the most important tools available to subscribers.