Friday, May 29, 2015

8 Common Supervisor Mistakes

Eight Common Supervisor Mistakes

Sometimes it seems as though there are a thousand ways supervisors and managers, although well-intentioned, can make misjudgments and end up with employee lawsuits. Here are 8 major, but common, errors to discuss while training your managers and supervisors.

1. Making unlawful pre-employment inquiries
Inappropriate questions during interviews and other pre-employment contacts are a primary source for claims of discrimination. The courts generally assume that if you asked a question, you intended to use the answer as a factor in your hiring decision. Therefore, any questions about or references to protected categories like sex, age, race, national origin, or religion, can later be used against you in court in a discrimination claim.
To the extent possible, standardize the application and interview process. Ask all applicants fundamentally the same questions. Keep questions objective and focused on the job requirements and the skills necessary to perform the job.
2. Delivering “dishonest” evaluations
Many managers and supervisors avoid the discomfort of delivering a review that indicates poor performance and instead cop out with a “satisfactory” rating. As a result, many legitimate actions taken against an employee based on poor performance can be questioned because the performance reviews are positive. So it’s important to be honest with performance evaluations. That’s easier when there are clear standards; if they are not met, just say so.
3. Too vague in discipline and performance write-ups
Similarly, and again to avoid unpleasantness, managers and supervisors will often write something on performance evaluations like “needs improvement.” That’s too vague. Does that mean the employee does a great job, but there’s always room for a little improvement, or does that mean that the employee is terrible? Or how about “talked to Sally about her performance and behavior.” And then we’ve got judgment words like “lazy.” Again, too vague. Offer documentation and documented examples of behavior.
4. Making rash disciplinary decisions
Maybe you will ultimately determine that firing is the appropriate thing to do, but getting angry and making an impulsive decision isn’t the way to do it. First of all, an angry tirade, especially if in public, gets those “I’m going to sue” juices flowing. Second, you should never fire without carefully reviewing the circumstances with HR.
5. Making uninformed responses to medical leave requests
Few supervisory situations are as frustrating and challenging as dealing with employee requests for medical leave, particularly since it may involve FMLA, ADA, and/or workers’ compensation. It’s never convenient, but managers and supervisors have to curtail any frustration and respond professionally. The basic rule for managers and supervisors should be to contact HR when employees are going to take leave that might involve any those three reasons.
6. Not knowing and not enforcing policies
Supervisors and managers are the front line for interpreting and enforcing the company’s policies. But if they don’t know the policies and their associated responsibilities, they’ll be begging for lawsuits. For example, imagine a supervisor telling an employee that he or she does not have time to listen to a claim of unwelcome harassment, or safety issues, or potential NLRB violations.
Regularly review your policies with all supervisors and update them on all changes before the policies are distributed to employees. Managers have an obligation, as unreasonable or impracticable as it may be, to be aware of and understand the policies and laws that apply to their workplace.
7. Letting problems fester
With bad behavior, it’s always tempting to ignore the problem in hopes that the behavior will improve on its own. But you know that’s not going to happen. And, unfortunately, as time goes by, you appear to be condoning the behavior. “You’ve known he was doing this for six months, and you did nothing, and now suddenly it’s a firing offense?
8. Making “Side Agreements”
Managers under stress may be tempted to make “side agreements,” that is agreements that either go against policy or are promises that likely won’t be kept. Sometimes, these agreements are directly contrary to law and policy; for example, employees can’t waive their right to overtime or pay for hours worked—even if they agree, even if they are eager to do a little work on the side. And three problems arise:
·         It’s illegal behavior and there will be subsequent lawsuits.
·         Employees will be left feeling that agreements haven’t been honored.
·         There’s unequal treatment, so others who didn’t get the special treatment or privilege may sue.

(BLR website)

Wednesday, May 27, 2015

10 Steps to Protect PHI

10 Steps for Protecting Patient Data

With increasing numbers of access points to protected health information under attack, the healthcare industry continues to be plagued with damaging breaches. Just last week, CareFirst BlueCross BlueShield announced a hacking that compromised the information of more than a million of its members.

A Ponemon Institute report released in May found that over 90 percent of healthcare organizations have been breached in the last two years and the breaches are a growing $6 billion annual epidemic that is putting millions of patients and their information at risk.

Although employee negligence and lost/stolen devices continue to be primary causes of data breaches, one of the major findings of the recent report is that criminal attacks are now the leading cause of breaches in healthcare. While criminal attacks are often referred to as cyber-attacks, they can also include malicious insider threats.

The study also reveals that most healthcare organizations are still woefully unprepared to address the rapidly changing cyber threat environment and lack the resources and processes to protect patient data. However, Rick Kam, the chair of the PHI Protection Network, a cross-industry collaboration of vendors formed to help expedite the adoption of PHI best practices, believes there are some critical strategies healthcare organizations can employ for protecting patient information.

“Probably the best place to start is really to do a risk assessment,” says Kam. “It needs to be front and center as the starting place to help decide and prioritize where—for the most part—a very limited IT security budget might be allocated. What the risk assessment will do is identify those assets and systems where PHI lives.” He sees this as an inventory of where an organization’s patient information exists, not only internally in a hospital or clinic, but also with external business associates and partners that are involved in managing that data.  

Specifically, the PHI Protection Network recommends 10 steps necessary to protect patient data:
        Demand organizational leadership engagement. Workforce training and safeguards alone will not be effective. Organizational leadership must embrace and champion compliance as it would any other component of the organization’s value chain. Leadership must visibly and actively foster a culture of compliance throughout the organization by setting expectations and holding all workforce members accountable to the same standards.
        Find and identify your data. Organizations need to know where their data lives, where it travels, and in what form (encrypted, identified, de-identified, etc.).
        Control PHI workflow and minimize necessary workforce access. Organizations must find ways to better control PHI workflow within the organization, and movement outside the organization. This not only includes safeguarding it from impermissible uses and disclosures, but also will require integration of HIPAA with other health information protection activities to ensure a single point of control within the organization.
        Assess risks. Organizations must have solid processes in place for assessing risk with new systems, devices, services and partners, and determine how best to use their power as purchasers to weed out those that don’t meet best security practices.
        Prioritize third-party vendor management. Organizations will need help with third-party vendor management to strengthen oversight and review processes. Smaller business associates are particularly vulnerable since they may not have as many resources to devote to security and compliance, and may be more likely to experience a data breach.
        Get proactive. The healthcare industry needs to take a proactive stance when it comes to regulations to protect patient health information. Companies that go above and beyond baseline protection requirements will be seen as industry leaders, and patients will choose to use their services over others.
        Make privacy an integral part of new technology adoption. The pace at which new technology is being introduced into the healthcare industry is increasing with thousands of new health-related mobile applications available this year. But there is little evidence that patient privacy or security features are being considered.
        Measure to improve. You can’t manage what you can’t measure. The healthcare industry needs to get better at determining key metrics to continuously measure and improve security postures.
        Look for “non-standard” systems as potential PHI data stores. In particular, voicemail systems, customer service call recording systems, and closed-circuit television systems could all potentially be storing PHI, but may not be as carefully safeguarded as traditional IT systems such as EHRs and patient billing.
        Instill a culture of security. Remember every employee is a guardian of the patient’s data.

(SourceMedia website)

Tuesday, May 26, 2015

Medicare Overpaid Hospital $11.5 Million

Hospital Received $11.5M in Medicare Over-payments

Florida Hospital Orlando may have received more than $11 million in over-payments from Medicare from January 1, 2011, through June 30, 2012, according to a recently released Office of the Inspector General (OIG) audit report.

During the audit period, Medicare paid the hospital approximately $647 million for 79,750 inpatient claims and more than 343,000 outpatient claims. The audit itself focused on more than $80 million paid by Medicare to the hospital for nearly 11,000 claims that the OIG identified as being at risk for billing errors. Auditors then focused on a random selection of 215 inpatient claims, according to the report.

The hospital failed to comply with Medicare billing requirements for 94 of the 215 selected claims, which resulted in over-payments of more than $493,000. The auditors attributed the errors to the hospital’s lack of adequate controls to prevent incorrect Medicare billing.

Based on the result of the 215 claims selected for the audit, the OIG estimated the hospital received more than $11 million in over-payments during the audit period. The OIG recommended the hospital refund to Medicare $11,512,530 in estimated over-payments and strengthen its controls to ensure full compliance with Medicare billing requirements.
Florida Hospital Orlando disagreed with the OIG’s findings. The hospital contended that it did not improperly bill 70 of the 94 improper claims the OIG identified in its audit. The hospital also objected to the lack of clarity in the OIG’s findings and the OIG’s use of sampling and extrapolation to calculate the over-payment.
After receiving the hospital’s comments and objections, the OIG maintained its findings and recommendations.
(Becker’s Website)

Thursday, May 21, 2015

The High Cost of Stark Law Violations

Physician Self-Referrals or Stark Law Violations

The Stark Law generally prohibits physicians from referring patients for Designated Health Services to facilities in which the physician or an immediate family member has a financial interest.

A “financial interest” is defined broadly to include an ownership interest, investment interest, or compensation arrangement.  It covers both direct relationships and indirect benefits, such as when a hospital provides a physician with below-market rent for office space.

The Designated Health Services (DHS) covered by the Stark statute include: 
  • Clinical laboratory services
  • Physical therapy services
  • Occupational therapy services
  • Outpatient speech-language pathology services
  • Radiology and certain other imaging services
  • Radiation therapy services and supplies
  • Durable medical equipment and supplies
  • Parenteral and enteral nutrients, equipment, and supplies
  • Prosthetics, orthotics, and prosthetic devices and supplies
  • Home health services
  • Outpatient prescription drugs
  • Inpatient and outpatient hospital services

The Stark law also prohibits anyone from billing Medicare or Medicaid for services provided as a result of a self-referral.  Any such claim for reimbursement is considered a “false claim” under the False Claims Act.

Several exceptions to the general rule exist, including physician services, in-office ancillary services, ownership in publicly traded securities and mutual funds, rental of office space and equipment, and bona fide employment relationships.

Examples of Stark Law Violations

Part-Time and Consulting Contracts with Referring Physicians
A jury has found that Tuomey Healthcare System in Sumter, S.C., violated the Stark Law by paying doctors in ways that rewarded them financially for referring patients to the hospital.  The jury found that more than 20,000 Medicare claims were tainted by the illegal compensation arrangements.  

Incentive Payments to Doctors
Freeman Health System agreed to pay $9.3 million to resolve allegations that it knowingly provided incentive pay to physicians who referred patients to the hospital system.  The settlement resolves claims by the U.S. government that such incentive payments violated the False Claims Act and the Stark Law.  

Physician Office Leases
HCA Inc. agreed to pay $16.5 million to settle claims that it violated the False Claims Act and the Stark Statute by entering into favorable leases with physicians who referred patients to the hospital. The whistleblower who brought the case will receive 18.5% of the settlement as a reward, or more than $3 million.

Wednesday, May 20, 2015

Medical Identity Theft on the Rise

Study Finds 22% Increase in Medical Identity Theft

Medical identity theft has been on the rise for some time. In fact, the Ponemon Institute found a 21.7% increase in medical identity theft incidents between its 2014 survey and its “Fifth Annual Study on Medical Identity Theft” released in February 2015. All respondents to the survey were victims of some form of identity theft, while 86% were victims of medical identity theft.

The study found that medical identity theft can cost the insured party a considerable amount of money. More than half (65%) of those responding to the Ponemon Institute’s survey revealed that they paid an average of $13,500 to resolve the crime. These costs are typically related to paying a healthcare provider, repaying the insurer for services obtained by the thief, or paying for identity protection or legal counsel.

Respondents listed reimbursement for costs associated with preventing future damages as the action most important following a medical identity theft incident. Victims who sought to resolve medical identity theft crimes spent an average of 200 hours doing so, according to the study.

Just 37% of respondents reported that their healthcare providers informed them of ways to prevent medical identity theft. More than half (67%) of those respondents said they do not feel confident that these measures will keep their records secure.

However, half of all respondents agree or strongly agree that they would find another provider if they were not confident in the security practices of a provider. Similarly, 47% said if they would find another provider if their records were stolen or they were concerned about record security.

HIM-HIPAA Insider Website,

Tuesday, May 19, 2015

Safety in Oral Exchange of PHI

HIPAA Reminder – Privacy and Oral Communications

Oral communications at your practice are extremely important but are often overlooked and forgotten.  They can be a confusing issue but need serious attention.

The Privacy Rule applies to individually identifiable health information in all forms. Coverage of oral or spoken information ensures that information retains protections when discussed. If oral communications were not covered, any health information could be disclosed to any person, so long as the disclosure was spoken.

Providers and health plans understand the sensitivity of oral information. For example, many hospitals already have confidentiality policies and concrete procedures for addressing privacy, such as posting signs in elevators that remind employees to protect patient confidentiality.

Reasonable safeguards for orally exchanging PHI include:
  • keeping a distance between the public and the people you’re speaking to
  • stepping into a room with a door
  • lowering your voice
  • using the handset instead of the speakerphone

The Privacy Rule is not intended to prohibit providers from talking to each other and to their patients. It is understood that overheard communications are unavoidable. These are considered to be incidental disclosures.

For example, in a busy emergency room, it might be necessary for providers to speak loudly in order to ensure appropriate treatment. The Privacy Rule is not intended to prevent this appropriate behavior. The following practices are permissible, if reasonable precautions are taken to minimize the chance of inadvertent disclosures to others who might be nearby such as using lowered voices:
  • healthcare staff may orally coordinate services at hospital nursing stations
  • nurses and other healthcare professionals may discuss a patient’s condition over the phone with the patient or a provider
  • staff may call outpatient’s names in waiting areas
  • healthcare professionals may discuss a patient’s condition during training rounds in an academic or training institution

These are all considered to be incidental disclosures under HIPAA. HIPAA is not meant to impede the quality of our healthcare. Its intent is to improve our quality of care.


Monday, May 18, 2015

5 Areas Requiring Bio-Hazard Labels

Five Areas that Require OSHA Bio-hazard Labeling

The Blood-borne Pathogens Standard outlines the regulations for bio-hazard labeling and color-coding. Three signals can alert you to the presence of a bio-hazard or bio-hazardous waste: the word “bio-hazard”, the bio-hazard symbol, or the fluorescent orange or orange-red color-coding.

These five areas are ones to watch for bio-hazard labeling in your facility:
       Regulated medical waste containers and other containers
      According to OSHA, warning labels must be affixed to:
     Containers of regulated waste,
     Refrigerators and freezers containing blood or other potentially infectious material; and
     Other containers used to store, transport or ship blood or other potentially infectious materials.
     Containers of blood, blood components, or blood products that are labeled and have been released for transfusion,
     Individual containers of blood or other potentially infectious materials that are placed in a labeled container during storage, transport, shipment or disposal, or
     Regulated waste that has been decontaminated.
       Sharps Containers
Sharps containers must also be labeled or color-coded in accordance with the requirements of the Blood-borne Pathogens Standard.
       Contaminated Laundry
The Blood-borne Pathogens Standard also requires contaminated laundry to be placed and transported in labeled or color-coded bags. When a facility utilizes Universal Precautions in the handling of all soiled laundry, alternative labeling or color-coding is sufficient if it permits all employees to recognize the containers as requiring compliance with Universal Precautions.
When a facility ships contaminated laundry off-site to a second facility which does not utilize Universal Precautions in the handling of all laundry, the facility generating the contaminated laundry must place such laundry in labeled or color-coded bags or containers.
Specimens of blood or other potentially infectious materials must be placed in a container which prevents leakage during collection, handling, processing, storage, transport, or shipping. The container for storage, transport, or shipping must be labeled or color-coded and closed prior to being stored, transported, or shipped.
Equipment that may become contaminated with blood or other potentially infectious materials shall be examined prior to servicing or shipping and shall be decontaminated as necessary, unless the employer can demonstrate that decontamination of such equipment or portions of such equipment is not feasible, according to OSHA. A readily observable bio-hazard label shall be attached to the equipment stating which portions remain contaminated.
Ensure that you have bio-hazard labeling or color-coding, as necessary, in these five areas and in other areas of your facility that fall under the guidelines of OSHA’s Blood-borne Pathogens Standard 1910.1030.  In practice, most facilities typically use BOTH bio-hazard labeling AND color-coding in most cases.

Wednesday, May 13, 2015

How to Respond to an OCR Audit

Responding to an OCR Audit

The Office for Civil Rights (OCR) has not issued much information on the upcoming HIPAA audits, so it’s up to individual organizations to interpret what to expect and how to prepare. However the OCR has indicated that the audits will be conducted by OCR personnel rather than by a third party, unlike the 2012 pilot program. Also unlike last time, the audits will be more heavily weighted toward desk audits, with onsite audits occurring on a case-by-case basis.
According to information in presentations from Department of Health and Human Services personnel, here is what audited entities need to be aware of:
        A data request will specify content and file organization, file names and any other document submission requirements.
        Only requested data submitted on time will be assessed.
        All documentation must be current as of the date of the request.
        Auditors will not have the opportunity to contact the entity for clarification or to ask for additional information, so it is critical that the documents accurately reflect the program.
        Submitting extraneous information may increase the difficulty for the auditor to find and assess the required items.
        Failure to submit a response to requests may lead to a referral for regional compliance review.
        Document submission will be a time-consuming task, so gathering necessary evidence up front will minimize disruption to day-to-day operations.
Once an organization receives notification, it should start gathering information immediately. If subsequently chosen to submit to an audit, participants will only have a short time to respond. The following provides basic steps for a strategic OCR audit plan:
        Gather a team.
Privacy and security officials should be assigned to a task force responsible for handling audit requests. It’s also a good idea to notify internal or external legal counsel to keep them on stand-by should guidance be necessary.
        Follow guidelines on how to respond.
The OCR will provide specific instructions on how and when to respond. The OCR will not look favorably on a delayed response, and if unrequested documentation is submitted, it can be used in all observations and findings. Some of the areas the OCR audits will cover include:
1.      Risk analysis.
2.      Evidence of a risk management plan (e.g. list of known risks and how they are being dealt with).
3.      Policies and procedures and descriptions as to how they were implemented.
4.      Inventories of business associates and the relevant contracts and BAAs.
5.      An accounting of where electronic protected health information (ePHI) is stored (internally, printouts, mobile devices and media, third parties).
6.      How mobile devices and mobile media (thumb drives, CD’s, backup tapes) are secured and tracked.
7.      Documentation on breach reporting policies and incident response policies and procedures.
8.      A record of security training that has taken place.
9.      Evidence of encryption capabilities.
       Question findings if they appear to be inaccurate. Historically, the OCR has allowed organizations to respond to observations and findings. Organizations that have documented all compliance decisions will fare better when trying to defend their position. There are many areas where HIPAA lacks specific direction; the ability to demonstrate a thoughtful and reasonable approach (in writing) will tend to be viewed favorably.

By preparing up front and responding in a timely fashion, most OCR audits should progress fairly smoothly. For organizations that have instituted a reasonably compliant security program, there may be little or no follow-up. If there are a significant number of observations and findings, an organization may be subject to voluntary compliance activities, or a more in-depth compliance review. Should an in-depth review uncover significant issues, additional corrective action must be taken and/or fines may be imposed.

(HIMSS website)

Tuesday, May 12, 2015

Using Reference Checks Effectively

5 Tips for Effective Reference Checks

There are many reasons why you should check the references of prospective employees. Often, applicants’ resumes and application forms are incomplete or even contain misrepresentations that could lead to a bad hiring decision. So, if you check references, you can help eliminate undesirable applicants, identify the best candidate, reduce turnover and training costs, and even prevent liability for negligent hiring.

At a minimum, carefully conducted reference checks can help ensure that your hiring decisions are more informed. Generally, reference checks should be made before the offer of employment is extended so that you have as much information about a candidate as possible. However, it may be difficult to get a reference-giver to provide helpful information because of their fears of defamation claims and restrictive corporate policies allowing only the release of a former employee’s name, rank, and serial number.  The following five strategies can help your organization conduct effective reference checks:

1. Insist that every applicant sign a release.

Never check references before obtaining the candidate’s written permission to do so. Consent is a strong defense to defamation and other tort (wrongful act) claims an applicant may bring, and it also generally is required under the Fair Credit Reporting Act before an employer can use a third party to conduct checks. To protect further against applicant lawsuits, the consent form also should include language that releases the organization and its agents, as well as former employers and reference givers, from any legal liability that may result from the checks.

2. Get job-related information from applicants.

Before conducting reference checks, request that applicants provide background documentation such as old pay stubs, business cards, job descriptions, and performance appraisals. These items can be used to verify information provided in resumes, application forms, and interviews and can help identify specific issues to follow up on in reference inquiries.

3. Minimize reference resistance.

Expect reference sources to be guarded, or even defensive, since so many organizations try to limit potential legal exposure by releasing only the “name, rank and serial number” of former employees. To facilitate the process, fax or mail the signed consent and release to the reference giver. When calling references, the interviewer can help break the ice by briefly sharing information about himself, the organization, and the job the candidate has applied for. Some employers even ask an applicant to contact referrers first to help ensure that they can actually get through to them.

4. Keep questions pertinent.

To obtain relevant and consistent information on applicants, develop a reference check form with a list of standard questions and require its use for all checks. At a minimum, the form should cover the basics including dates of employment, positions held, and pay rates. In addition, it should contain open-ended questions about skills, qualifications, strengths, weaknesses, work habits, and suitability for the position. The form also should include specific questions about performance issues and disciplinary actions, eligibility for rehire, and reasons for leaving.

5. Document responses, even if limited.

Keep an accurate written record of all your reference discussions to support your hiring decisions and to help protect against negligent hiring, defamation, and other legal claims. And, if the reference giver refuses to provide any information, document the request and the lack of cooperation.

Of course, reference checks are just one of many tools that you need to make a good hiring decision. You also should verify other information on a candidate’s resume or application (such as educational history pertinent to the job) and consider performing additional background checks (such as criminal, credit, and driving checks) if the nature of the job warrants these checks. In addition, you may want to conduct skills testing to further evaluate a candidate’s abilities. All of these steps will help you make more effective hiring decisions.

Friday, May 8, 2015

14 Questions for RAC Self Audits

RAC Self-Auditing

Here are 14 simple questions that will give you peace of mind regarding your RAC self-audits.

Randomly select 10 Medicare patient records then apply these simple questions to each record: 
1.      Are the services and supplies proper and needed for diagnosis and treatment of the diagnosis?
2.      Do any charges appear to be “unbundled”?
3.      Does the procedure code correctly describe the service provided?
4.      Are the HCPCS and/or CPT codes updated and correct?
5.      Are the E and M codes used appropriate and does the documentation support their use?
6.      Are the modifiers used properly?
7.      Were the correct and updated ICD-9-CM codes linked to the diagnoses and procedure code(s)?
8.      Is the place of service appropriate?
9.      Are there duplicate services rendered on the same date?
10.  Does the documentation support the services billed?
11.  Is the medical record clearly written, accurate and complete?
12.  Is there any evidence of “intentional deception”?
13.  Did the billing provider actually render the service?

14.  Were all billed services actually rendered?

Friday, May 1, 2015

Required HR Posters

Employers Are Required to Post These Notices

To maintain legal compliance, employers must advise employees of many of their rights—and several of these notices must be made in the form of a publicly visible posting or notice.

The list of required notices is long, and it depends on who the employer is. For example, public employers have different requirements than private employers. Large businesses have more requirements than small businesses. In short, there is no one-size-fits-all answer for what’s necessary, so this list is comprised of the notices that the majority of employers will be required to post. Evaluate your unique situation to see which of these will apply to you, and don’t forget to check local and state laws to see what additional requirements you may be subject to.

All postings are available on the HCSI website, except where noted.

        FLSA-Required Postings
The FLSA requires employers to post federal minimum wage requirements. The Wage and Hour Division of the Department of Labor (DOL) also requires employers to post about special minimum wages for disabled workers.
        OSHA-Required Postings
The federal Occupational Safety and Health Administration (OSHA) requires employers to post a notice about job safety and health protection. This is the “OSHA Job Safety and Health: It’s the Law” poster, which advises employees of their rights.
        EEOC-Required Postings
The poster “Equal Employment Opportunity is the Law” must be posted by any employer that is subject to EEO and nondiscrimination laws. This poster covers the nondiscrimination rights of employees and applicants based on Title VII of the Civil Rights Act, the Americans with Disabilities Act (ADA), the Age Discrimination in Employment Act (ADEA), the Equal Pay Act, and the Genetic Information Nondiscrimination Act (GINA).
        FMLA-Required Postings
Any employer covered by the Family and Medical Leave Act (FMLA) must post a notice outlining employee FMLA rights and responsibilities.
        USERRA-Required Postings
The Uniformed Services Employment and Reemployment Rights Act (USERRA) requires employers to provide notice to any employees entitled to USERRA rights. They can do so with a conspicuous poster or by other means, as long as the full text is provided to anyone who is entitled to the rights and benefits of USERRA.
Other Required Notices or Postings
        The Employee Polygraph Protection Act of 1988 (EPPA) makes it illegal in most cases for an employer to submit an employee or applicant to a lie detector test.
        For employers that participate in the E-Verify program, they must post a notice of such, visible to employees and applicants. The E-Verify participation poster is available here:
Posters can be downloaded and printed from our website in the Updates/News section under Employment Law (HR)