insightsArticles

Read this article if you are a compliance officer, risk manager, or healthcare administrator in an ambulatory care practice, federally qualified health center, or rural health center and have responsibility for developing your organization’s workplace violence prevention program or complying with state reporting requirements.

Did you know workplace violence is increasingly prevalent in the healthcare industry? If your organization doesn’t have a plan, it might be time to consider one. This article addresses the definition and types of workplace violence, regulations, plan elements, and other considerations. 

Workplace violence in healthcare by the numbers 

Data from the US Bureau of Labor Statistics shows that prior to the COVID-19 pandemic, the incidence rate of nonfatal workplace violence to full-time healthcare workers was 10.4 per 10,000 in comparison to an all-worker rate of 2.1 per 10,000. In 2018, healthcare workers accounted for 73% of all nonfatal workplace injuries and illnesses due to violence.

Post-pandemic, the Bureau of Labor Statistics reported that healthcare and social assistance workers experienced the highest counts and annualized incidence rates for workplace violence of any private industry sector over the two-year period from 2021 – 2022. There were 41,960 total nonfatal cases of workplace violence requiring days away from work, job restriction, or transfer in the healthcare and social assistance industry over this time, accounting for 72.8% of all cases in private industry over the two-year period. These cases occurred at an annualized incidence rate of 14.2 cases per 10,000 full-time workers.

How is workplace violence defined?  

In its 2024 Comprehensive Accreditation Manual for Behavioral Health Care and Human Services Glossary, The Joint Commission (TJC) defined workplace violence as, “Any act or threat occurring in the workplace that can include any of the following: 

• Verbal, nonverbal, written, or physical aggression 
• Threatening, intimidating, harassing, or humiliating words or actions 
• Bullying 
• Sabotage 
• Sexual harassment 
• Physical assaults 
• Other behaviors of concern involving staff, licensed practitioners, patients, or visitors”    

How is workplace violence classified? 

The Institute for Healthcare Improvement (IHI) is a leading, globally recognized, nonprofit healthcare improvement organization that has been applying evidence-based quality improvement methods to meet healthcare challenges for more than 30 years. In its Framework for Standardized Data Collection of Workplace Violence Incidents in Health Care, the IHI classifies workplace violence incidents into five distinct categories: 

• Type 1: The offender has no connection to the workplace or its employees. 
• Type 2: The offender is a customer or patient associated with the workplace or its staff. 
• Type 3: The offender is a current or former employee of the organization. 
• Type 4: The offender maintains a personal relationship with employees but has no ties to the workplace itself. 
• Type 5: Violence motivated by ideological, religious, or political beliefs targeting a healthcare facility, its personnel, or property. This type is carried out by extremists or groups driven by their convictions. 

Have you developed a workplace violence prevention program? 

Key aspects of your healthcare organization’s or practice group’s program should include: 

• Conducting an environmental risk assessment 
• Contacting local law enforcement to build or enhance relationships 
• Performing trend analysis of reported incidents by site, location on the premises, day of week/time of day, and classification type    
• Obtaining feedback from staff: What do they consider to be reportable? This will help you develop meaningful training
• Recognizing staff champions while building the program  
• Testing your reporting system 
• Providing staff training, soliciting anonymous feedback, and identifying any unresolved questions  
• Identifying program gaps and developing remediation strategies 
• Keeping executive leadership and the Board regularly informed about the program and emerging trends or needs 

Which states require employer-sponsored workplace violence prevention programs? 

Two factors have led states to establish requirements for healthcare organizations to develop workplace violence prevention programs. The first reason for state action: There has been no corresponding action by the federal Occupational Safety and Health Administration (OSHA). Secondly, the proposed Workplace Violence Prevention for Health Care and Social Service Workers Act has not been enacted by Congress.  

As of January 2026, 20 states require mandatory workplace violence prevention plans or workplace safety* plans. These are Arizona, California, Connecticut, Illinois, Hawai’i, Kentucky*, Louisiana, Maine*, Maryland, Minnesota, Nevada, New Hampshire, New Jersey, New York, Ohio, Oregon, Texas, Vermont, Virginia, and Washington. 

In addition, seven states now require mandatory reporting of workplace violence incidents to a designated state agency. These states are California, Connecticut, Maryland, Montana, North Carolina, Oregon, and West Virginia.

BerryDunn can help 

Has your healthcare organization developed a workplace violence prevention plan? If yes, has it been reviewed recently? How do you train your staff to respond when a situation escalates? How do you analyze incidents? Do you have questions about your healthcare organization’s compliance with state requirements for submitting its plan?  Does your state require you to submit incident reports to a designated state agency? 

Our healthcare compliance team can help. We incorporate deep, hands-on knowledge with industry best practices to help your organization manage compliance and revenue integrity risks. Learn more about BerryDunn’s healthcare compliance consulting team and services. 

Additional resources for workplace violence prevention planning: 

• Boord J., Weckman A., Martinez N. Framework for Standardized Data Collection of Workplace Violence Incidents in Health Care, Boston: Institute for Healthcare Improvement; 2025. (Available at ihi.org) 
• US Bureau of Labor Statistics: Injuries, illnesses, and fatalities

As we previously wrote about, on February 20, 2026, the US Supreme Court invalidated tariffs imposed under the International Emergency Economic Powers Act (IEEPA).

Last week, the US Customs and Border Protection (CBP) announced a new process that allows importers to request refunds of those tariffs. We'll walk through how to actually claim refunds, what to expect from the process, and where complications can arise.

About the CAPE tariff refund system

CBP’s new system, called CAPE (Consolidated Administration and Processing of Entries), is an added functionality accessed through the existing ACE (Automated Commercial Environment) Portal, which most importers already use for customs reporting.

How to request a tariff refund

To submit a refund claim, importers should take the following steps:

• Confirm that your importer information and ACE Portal account are active and up to date.
• Ensure you are enrolled in ACH Refund (required to receive refund payments).
• Note: If you do not already have an ACE Portal account, be aware that setting one up can take several weeks.

Refund requests are submitted by filing a CAPE Declaration in the ACE Portal. This declaration is a spreadsheet‑style (.CSV) file listing entries eligible for refunds of IEEPA tariffs. Each declaration can include up to 9,999 entries, with additional filings required for larger volumes. CBP provides guidance on how to prepare and submit this file.

Which imports qualify for tariff refunds?

At this time, refund claims are only available for:

• Unliquidated entries
• Entries liquidated within the past 80 days

Other types of entries are currently excluded from the CAPE process. CBP has indicated that future system expansion may allow for the submission of additional types of claims beyond the above. Importers are encouraged to consult with their customs broker or advisor(s) to determine whether any of their imports fall into excluded categories and whether additional steps are needed to protect refund claims.

How long does the refund process generally take?

Once a CAPE Declaration is submitted:

• The invalid IEEPA tariffs are removed.
• Duties are recalculated as if those tariffs never applied.
• Refunds including 6% interest are automatically calculated.
• Payments are made via ACH, generally within 60 – 90 days after acceptance of the CAPE Declaration.

How BerryDunn can help

Our dedicated audit, tax, and consulting professionals understand the impact of tariffs and can assist with developing strategies for refunds as they become available. Learn more about our team and services.

In today’s increasingly digital environment, cybersecurity has become a critical concern for nonprofit (NFP) organizations. While many NFPs operate with smaller teams and tight budgets, they still handle sensitive information—donor records, payment data, client demographics, and sometimes even health‑related or financial assistance files. Unfortunately, cybercriminals recognize this and often view NFPs as soft targets with valuable data. Because community trust is so important, a cybersecurity incident can create financial and reputational hurdles for an organization. The good news, however, is that strong cybersecurity safeguards do not always require major capital investments. With strategic planning and a focus on essential controls, even the most resource‑constrained organizations can significantly reduce cyber risk.

The cyber threat landscape for nonprofits 

NFPs face a wide variety of cyber threats, many of which exploit human error or outdated systems. Phishing attacks remain the most common, often leading to credential theft or unauthorized access to email accounts. Business Email Compromise (BEC) schemes, which can trick employees into sending fraudulent payments or sensitive data by impersonating trusted email addresses, can be particularly damaging for smaller organizations with smaller internal control structures. Beyond causing operational slowdowns, a breach can make donors and other stakeholders more cautious and raise understandable questions. 

Practical, low‑cost cybersecurity strategies 

Despite limited budgets, NFPs can meaningfully enhance their cybersecurity position by focusing on high‑impact, low‑cost strategies. 

Strengthening governance is a key first step. Establishing basic cybersecurity policies—such as acceptable use, password standards, and incident response—creates a foundation for consistent practices across employees and volunteers. Free frameworks, like the NIST Cybersecurity Framework resources, designed originally for government use, but applicable to many organizations, provide a helpful starting point, including a Quick Start Guide for small businesses.

Next, NFPs can maximize the value of technology they already own. Many cloud platforms commonly used in the sector, such as Microsoft 365 and Google Workspace, include built‑in security features at no extra cost. Enabling multifactor authentication (MFA), automatic software updates, and email filtering tools can significantly reduce the likelihood of a successful cyberattack. Removing unused accounts and reviewing permissions helps ensure attackers don't exploit dormant access. We recommend a formal user access review at least annually for small organizations and quarterly for medium-sized organizations or if there is higher turnover at a small NFP. 

Because many cyber incidents stem from unintentional mistakes, training is one of the most cost‑effective defenses. Free or low‑cost cybersecurity awareness programs can be incorporated into onboarding for staff and volunteers. Regular reminders about phishing, safe browsing, and password practices—combined with simple processes for reporting suspicious activity—create a culture of security without significant expense. 

Data protection is another essential component. Tracking where sensitive data resides and limiting access to only those who need it helps reduce exposure. Continuously testing that cloud-based backups are working effectively can ensure critical information is recoverable in the event of a ransomware attack or system failure. We recommend testing data backups at least quarterly, especially with your cloud vendors, to help ensure their responsibilities around data are being upheld.  

Finally, NFPs can leverage outsourced support and community resources. Many managed service providers offer NFPs pricing, and state or local government programs sometimes provide free cybersecurity assessments or monitoring tools. These partnerships allow small organizations to access expertise they may not be able to hire internally. 

The path to cost-effective cybersecurity 

Effective cybersecurity is achievable—even for NFPs with limited resources. By focusing on governance, human awareness, existing technology, and targeted use of outside support, NFPs can build a resilient security foundation without heavy financial investment. With the right culture and controls in place, organizations can protect their data, safeguard their reputation, and continue advancing their mission with confidence.

BerryDunn can help 

We help organizations understand their cybersecurity risk environment and translate threats into leadership-ready insights. Our consultants guide you in identifying actionable next steps, gaining engagement and buy-in from key decision-makers. With deep experience across sectors, we deliver practical cybersecurity solutions tailored to your systems and compliance needs. Learn more about our team and services. 

For many people, charitable giving is deeply personal, motivated less by tax considerations and more by values and a connection to a cause or organization. While tax benefits are rarely the primary reason people give, understanding how charitable contributions may affect your taxes remains important. 

Tax benefit for charitable giving 

Generally, a tax benefit for charitable giving was only available to taxpayers who itemized their deductions. In 2017, with the passing of the Tax Cuts and Jobs Act, the standard deduction was increased and the state and local tax (SALT) deduction was capped at $10,000. These changes made it more beneficial for some taxpayers to shift from itemizing their deductions to taking the standard deduction. This shift essentially removed the federal tax benefit for charitable giving for such taxpayers. For some, this put charitable giving on the sidelines, either by reducing giving, not giving to qualified public charities, or simply not keeping track of their giving. 

2026 charitable tax benefit with standard deduction 

Beginning in 2026, a permanent change expands the charitable tax benefit to taxpayers who take the standard deduction. Under the One Big Beautiful Bill Act, non-itemizers may now claim an above-the-line charitable deduction up to $2,000 for married taxpayers filing jointly (or $1,000 for single filers).  

To qualify to take this deduction, a few requirements must be met: 

• The donation must be cash 
• The donation must be made to a qualified public charity 
• The donation cannot be a contribution to a donor-advised fund 

Some important reminders: 

• Documentation is a must. Acknowledgment letters are a good form of documentation. 
• Verify the organization you are donating to is a qualified public charity. One common mistake some taxpayers make is assuming online crowdfunding fundraisers are qualified public charities.   
• Remember to provide your charitable giving information to your tax professional.   

Admittedly, the change is modest, not transformational, but it does broaden the number of taxpayers who benefit from donating to charity. It is important to keep in mind that each individual taxpayer’s situation is unique. State tax implications must also be considered, as not all states follow federal tax law.  

BerryDunn can help 

Our seasoned tax professionals partner with you to offer practical, accessible guidance and to develop a detailed strategy that supports your unique needs. We excel at tax strategy and solutions, placing an emphasis on building long-term relationships. Our deep expertise spans a full range of tax concerns, tax services, and consulting to support individuals, businesses, and nonprofit organizations. Our consultants are specialists in their industry, working closely with their colleagues across the firm to deliver integrated, comprehensive solutions. Learn more about our team and services.

Read this if you are a chief financial officer or controller at a community bank.

On April 23, 2026, the federal banking agencies—the Office of the Comptroller of the Currency, the Federal Reserve, and the Federal Deposit Insurance Corporation—issued a final rule revising the Community Bank Leverage Ratio (CBLR) framework. The changes are intended to encourage broader adoption of the CBLR framework while maintaining strong capital standards for qualifying community banks.

What are the key changes under the final rule? 

Lower CBLR requirement 

• Threshold lowered from 9% to 8% 
• Likely increase in community banks that qualify for the simplified CBLR framework rather than the more complex risk‑based capital rules

Expanded grace period 

• Grace period for banks that temporarily fall out of compliance with the CBLR qualifying criteria extended from two quarters to four quarters, provided the bank maintains a leverage ratio above 7% 
• Institutions may remain in the CBLR framework while reestablishing compliance or transitioning back to the risk‑based capital framework

Limits on repeated grace period use 

• Grace period use is limited to no more than eight quarters during the prior five-year (20‑quarter) period to preserve safety and soundness 
• Institutions exceeding the threshold must immediately comply with risk‑based capital requirements if they again fall out of CBLR compliance

The final rule is effective July 1, 2026.

Why does this matter for community banks?  

Regulators expect these changes to reduce regulatory burden, provide banks with additional balance sheet flexibility, and increase capacity for community lending—while keeping capital levels consistent with well‑capitalized standards. For banks currently near the prior 9% threshold or concerned about short‑term capital volatility, the revised framework may make the CBLR a more practical and sustainable option. 

Key takeaways

• Broader CBLR adoption: The lower qualifying threshold means more community banks can opt into the simplified CBLR framework. 

• Grace period expansion: Banks have a longer runway to recover from temporary shortfalls without needing to revert to the risk-based capital framework. 

• Grace period restrictions: Limitations have been added to avoid reliance on grace period use. 

• Compliance relief: The changes are meant to ease compliance burden while facilitating consistent capital levels.  

BerryDunn can help

Our dedicated audit, tax, and consulting professionals understand the financial services industry and its challenges and are committed to helping you meet and exceed regulatory requirements. We partner with you to bring tailored approaches to fit your needs and operations and provide guidance on best practices and recommendations that make sense for you. Learn more about our services and team. 

Read this if you’re a CEO, CFO, or a compliance officer at a Federally Qualified Healthcare Center (FQHC).

FQHCs that expend $1 million or more in federal awards in a fiscal year (FY) must have single audits conducted. Single audit reports must be submitted to the Federal Audit Clearinghouse (FAC) within 30 days of receiving the auditors’ reports or within nine months after the audit period ends, whichever comes first. 

New single audit requirements 

Effective October 1, 2025, the Health Resources and Services Administration (HRSA) expanded its delinquent audit process for FQHCs that have failed to complete their single audits and submit the corresponding reports within the designated time frame. Prior follow-up was generally limited to confirming the health center had engaged a CPA firm (via a signed engagement letter) and documenting the expected audit completion date. If health centers fail to complete their single audits and submit the corresponding reports within the designated time frame, they may face additional actions, such as: 

• Drawdown restriction 
• Reimbursable drawdown restriction 
• Withholding a percentage of federal funds 
• Suspending federal funds 
• Termination of grant

Delinquent audit follow-up 

HRSA’s Division of Financial Integrity (DFI) sends monthly emails to health centers that are delinquent in submitting their single audit report to the FAC. This email includes: 

• Notification of which FY audits are delinquent 
• Request for expected submission date 
• Request for an electronic copy of the auditor engagement letter 
• A reminder that follow-up emails will continue until all delinquent audits are accepted by the FAC 

To provide guidance to FQHCs, the DFI conducts technical assistance sessions for health centers that are past due in submitting their audits. 

A new 120-day grant condition letter 

HRSA will email all health centers with multiple years of noncompliance about a new 120-day grant condition regarding audit requirements. This email will outline the following: 

• Health centers have 15 days to notify HRSA and confirm receipt if audits have already been sent to the FAC, or to submit a corrective plan for any deficiencies. 
• If the audits or the plans are not submitted within 15 days, a 120-day grant condition will be applied to all HRSA grants requiring submission of the most delinquent grants to the FAC. 
• Continued noncompliance will result in suspensions of all HRSA grants for 30 days. 
• Additional actions, such as termination, may result if the most delinquent audits are not submitted before the 30-day suspension ends. 

This process will continue until all outstanding audits are submitted to the FAC. 

How BerryDunn can help 

With this tightening of federal oversight, health centers need to prepare by implementing proactive monitoring and strategic planning to ensure compliance and avoid administrative delays.  Our CPAs, business and cost reporting consultants, and IT professionals are singularly focused on supporting community health centers. Our team is comprised of respected industry leaders and professionals with comprehensive credentials. With expert guidance, we help you mitigate risk, gain regulatory confidence, and enhance operational integrity. Learn more about our services and team.  

Over my nearly 40 years in public safety, I have seen a dramatic evolution in how public safety handles the ‘paperwork’ side of the job. My career started with punch cards and carbon paper forms in triplicate, moved on to electric typewriters, and eventually, I rode the digital wave as computers, computer software, and various peripherals sought to obliterate pen and paper from our daily lives. I have gone from green screens to graphical interfaces, from floppy disks to CDs and thumb drives, and now, even servers are disappearing as everything seems to be migrating to the cloud. The pace of change has been incredible, and honestly, it has been at times daunting, while also life changing.

In the early days of the digital reformation, back in the mid-1990s, I remember being both excited and a little bit resistant as computer-aided dispatch (CAD) and records management systems (RMS) started making their way into the public safety space. Back then, the technology was still in its infancy—brand new, expensive, and just starting to find its footing in our world. But even in those early days, it was already beginning to reshape how we did business, and I had no way of knowing how significantly those changes would eventually change our operational world.

Forty years might sound like a long time, but the truth is, real momentum in public safety tech has only picked up in the last 20 years. In reality, when it comes to meaningful innovation in law enforcement, the past five to 10 years have been game changing. Tools like body-worn cameras, and now artificial intelligence, are not just new gadgets; they are fundamentally transforming how we operate.

Despite the great strides we have made in developing a myriad of technology-based applications, public safety organizations still face major challenges in finding and implementing CAD and RMS solutions that truly meet their unique operational needs. Although the market is flooded with more software vendors than ever before, and rapid advancements in technology in the last five years have produced a flood of “latest and greatest” solutions, many of these products still fall short of delivering comprehensive functionality and essential analytics across the platform, both of which are cornerstones of operational success.

While a handful of vendors claim to offer “fully customizable” platforms that can be modified to align with our organization’s unique requirements, those promises do not ensure a perfect fit, and many are so cost prohibitive that the organizations who need them the most abandon those options because of fiscal constraints. Even for those organizations who invest in top-tier systems, they still frequently hear a familiar refrain from their teams when asked about the software: “It sucks.”

Honestly, I get it. I have seen systems on the market today that any reputable and knowledgeable tech consultant would deem archaic, considering the level of technology capabilities within the space. Some systems offer just the bare minimum in terms of functionality— at an affordable price—which the overall operational and inefficiency costs cannot offset. Conversely, I have seen top-tier platforms—systems with robust capabilities that can meet or even exceed our needs—that fail to perform at an optimal level.

So why is it that time and again, we still hear the same frustrated utterance from end users:

“This system sucks.”

Why does it seem like so many of our staff members feel this way, and how did we end up in this condition?

Based on my many years of public safety experience and now as part of a national public safety consulting group, I find there are two primary reasons why staff are frustrated with their existing systems:

First, the current system is either homegrown or outdated and cannot meet organizational needs. Though perhaps it was once a top-tier product, technology has advanced, leading to several issues:

• The vendor now promotes a newer product and no longer supports the old one.
• The platform or company was acquired and the product's standing diminished under the new vendor.
• The system is simply too old to remain capable.

Second, we find that poor implementation is to blame:

• Instead of leveraging the new technology to improve various efficiencies, the new system is configured to essentially replicate the agency’s existing processes and workflows, without an assessment of the efficiency or effectiveness of those processes.
• Critical routing, review, and quality assurance processes were not configured properly, resulting in data challenges and inefficiencies.
• Implementation did not leverage cross-system integration and interfaces in an optimal manner.

If the first example is accurate, then your staff are likely correct; you probably need a new system. If they are wrong, however, you may exhaust significant time, resources, and expenses unnecessarily. If the system does not need replacing, but instead, it simply needs to be adjusted to meet your operational needs, this could be a less costly path to pursue, and one that could be accomplished much more quickly.

With that said, how do you know the difference?

How the organization fails their system

When your CAD/RMS is not meeting your needs, the organization needs to ask a critical question from an objective perspective: Is it really the system that sucks, or is it possible that the organization is failing the system.

Organizations can unintentionally pave the way for problems by overlooking key steps and creating a situation where even the most capable system struggles. Not because the technology is flawed, but because of how it is managed and supported internally. Many vendors—with good intentions—will miss critical system architecture and design elements, which diminish the value of the technology implemented. This can occur for several reasons, such as:

1. The organization did not do their due diligence during the evaluation phase. The organization may have rushed the selection process or failed to fully understand what the system could and could not do. Critical features or services they assumed were included may have been left out in the final contract, leading to costly surprises later.
2. The organization did not invest enough people, time, and effort in configuration, implementation, and training. While it seems easy to try to implement a new system with in-house resources, this often leads to problems down the line. Resources are rarely fully dedicated to a project—the project is an ancillary duty. However, these are foundational steps, and cutting corners here almost always leads to long-term issues.
3. The system was never implemented to its full capacity. Organizations often stop short of leveraging all the tools and features available to them, even though the system has the features built in. Whether due to lack of time, lack of training or expertise, resistance to change, or internal silos, the result is the same: underutilization.
4. Instead of addressing system issues head-on, the organization created workarounds. These temporary fixes often become permanent problems, undermining the system’s effectiveness.

How the system is failing the organization

In some cases, the organization may not be to blame, and in those cases, it is the system that is not supporting the organization’s needs. The list that follows provides a distinguishing perspective. When one or more of these circumstances exists, it becomes clear that these are not just minor hiccups or inconveniences, they are fundamental shortcomings. This is the moment of realization, where the perception becomes reality that “the system sucks.” The point where you understand the problems go beyond minor deficiencies, user error, or inadequate organizational support. Sometimes, these gaps cannot be bridged, no matter how much effort, training, or workarounds you throw at them. In these cases, it is not that the organization dropped the ball; it is that the system itself is failing to deliver.

The platform simply lacks the necessary capabilities or support to meet the organization’s needs, and no amount of internal process improvement, reconfiguration, or updates will ever change that. This is where you need to recognize that the problem is rooted in the technology, and overcoming these deficiencies may not be possible without moving on to a new solution.

1. The system lacks critical functionality: First and foremost, the platform fails to deliver essential features needed for day-to-day operations. It truly does not have the capabilities built into the system to meet operational needs. What once satisfied the organization’s needs, now struggles to support its expanding operations and evolving demands. The platform lags behind modern technology standards and user experience expectations.
2. Integrations and interfaces do not work or were never implemented: Promised integrations or interfaces either malfunction, underperform, or were never fully deployed.
3. Promised future features never materialized: Vendors often fail to deliver on “roadmap” commitments, leaving key features perpetually “in development.”
4. The system became a secondary product after acquisition: Following a corporate acquisition, the system or platform is deprioritized by the new vendor, receiving minimal updates or innovation, or is decommissioned altogether.
5. Customer support is ineffective: Support is slow, unresponsive, or unable to resolve issues in a timely or satisfactory manner.

So, where do you go from here? It may be time to evaluate where you are and where you want to go.

This assessment tool is a valuable and proactive step toward making well-informed decisions about your organization’s future CAD/RMS technology needs. Through this quick assessment of your current system, you will gain insight into whether investing in a new platform is justified or if strategic improvements to your existing system could address your operational needs.

After examining both sides, you should have a clearer picture about whether your organization is failing the system, or the system is failing your organization (or in some cases, both may be true). This is where a critical evaluation should begin, and a deeper understanding of where you should focus your efforts needs to be determined. It is possible that now is the time to start looking for a new system—then again, maybe not. Going through an evaluative process can help you determine whether investing in your current system is the right choice, and that decision could result in substantial cost and time savings to your organization.

Key takeaways 

• Differentiate between system limitations and implementation challenges before pursuing replacement 
• Assess how workflows, training, and governance affect CAD and RMS performance 
• Avoid treating system replacement as a default solution to user frustration 
• Use objective evaluation criteria to support defensible technology decisions 
• Plan next steps based on operational needs rather than assumptions 

A checklist to help you assess your CAD or RMS environment

Deciding whether to replace or optimize a CAD or RMS system requires more than gut instinct—it requires a structured, objective review of how your system is actually being used.

To support that process, we’ve created a practical checklist that helps public safety and local government organizations:

• Identify whether performance issues stem from system limitations or implementation challenges
• Evaluate workflows, training, governance, and system administration
• Clarify which features and integrations are underused or misaligned
• Document findings to support defensible technology decisions

Download the CAD/RMS system assessment checklist to guide your internal conversations and planning.

How BerryDunn can help

BerryDunn helps public safety and local government organizations evaluate, optimize, and plan for their CAD and RMS environments. Our team brings objective insight and deep operational experience to help agencies make informed technology decisions that align systems, processes, and people. Learn more about our team and services. 

A new federal executive order aimed at eliminating fraud, waste, and abuse signals a clear shift for healthcare and not-for-profit organizations that receive federal funds. While oversight of federal programs is nothing new, this order formalizes a cross-agency task force and raises expectations around documentation, internal controls, and accountability, particularly for organizations that participate in Medicaid, Medicare, and federal grant and assistance programs.

The message is straightforward: organizations that rely on federal dollars should expect closer scrutiny and should act now to strengthen their compliance posture.

What the new federal executive order means for healthcare and nonprofit organizations

The executive order establishes a task force charged with identifying and reducing fraud, waste, and abuse across all federal benefit, assistance, and grant programs. Importantly, it applies broadly across federal agencies and explicitly includes:

• Federal grants
• Federal assistance programs
• Programs administered directly by federal agencies
• Programs jointly administered with states, such as Medicaid

This means the implications extend well beyond traditional healthcare billing audits. Federally Qualified Health Centers (FQHCs), hospitals, clinics, and not-for-profit organizations that participate in programs such as Head Start, WIC, housing assistance, and other federal grants are all within scope.

Why increased federal oversight matters for federally funded programs now

Federal administrations have long emphasized fraud prevention, but this executive order elevates coordination and enforcement.

Organizations should expect:

• Increased audit activity and agency oversight
• More restrictive language in grant agreements and program participation terms
• Heightened focus on eligibility verification and allowable use of funds
• Greater scrutiny of internal controls and documentation practices

In short, regulators are looking not just at whether policies exist, but whether organizations can prove through documentation that controls are working in practice.

Why documentation and compliance evidence are critical under federal grant oversight

A recurring theme of the executive order is documentation. Policies alone are not enough. Organizations must be able to demonstrate that their controls are consistently followed and supported by evidence.

Key documentation expectations include:

• Evidence of review and approval for grant drawdowns and funding requests
• Documentation supporting patient or beneficiary eligibility
• Proof that expenses charged to grants are allowable and appropriate
• Clinical documentation that supports Medicare and Medicaid billing

For healthcare providers, this reinforces a familiar principle: if it is not documented, it did not happen. The same standard increasingly applies across grant and assistance programs.

Internal controls requirements for federal grants and healthcare programs

The executive order effectively raises the bar on internal controls. While written policies remain important, regulators are focused on whether organizations are applying those controls consistently and correctly.

Strong internal control environments include:

• Clear segregation of duties
• Defined review and approval processes
• Documented evidence of oversight
• Ongoing monitoring and periodic reassessment

For example, if an organization’s policy states that grant drawdowns require supervisory approval, there should be clear documentation showing who reviewed and approved each request.

Controls must be embedded in daily operations, not treated as paperwork exercises.

Subrecipient monitoring risks for federal grants and assistance programs

Organizations that pass federal funds to subrecipients face additional exposure under the executive order. If you receive a grant and distribute funds to partner organizations to meet program objectives, you retain responsibility for compliance.

That includes ensuring subrecipients:

• Follow comparable internal controls
• Maintain adequate documentation
• Meet eligibility and allowability requirements

In practice, this means organizations must actively monitor subrecipients instead of assuming compliance. Weak controls or documentation at the subrecipient level can still result in findings for the primary grant recipient.

Penalties and risks of noncompliance with federal grant and program requirements

The risks associated with inadequate documentation and controls are significant. Depending on the severity of findings, organizations may face:

• Repayment of federal funds
• Financial penalties or damages
• Loss of program eligibility
• Termination from federal programs or grants

In many cases, organizations act as intermediaries, passing federal dollars to beneficiaries. If eligibility documentation is insufficient, the organization, not the beneficiary, bears responsibility for repayment and penalties.

Beyond financial impact, losing eligibility to participate in a major federal program can threaten an organization’s long-term sustainability.

How healthcare and nonprofit organizations should prepare for increased audits

This executive order does not introduce entirely new requirements. It reinforces what organizations should already be doing. However, it creates urgency.

Now is the time to:

• Review and update policies and procedures
• Assess whether controls are implemented consistently in practice
• Identify gaps caused by staff turnover or process changes
• Strengthen documentation standards across programs
• Revisit subrecipient monitoring processes

For many organizations, this is an opportunity to “kick the tires” on compliance programs and make sure documentation aligns with how work actually gets done.

Preparing for increased federal audits, enforcement, and oversight

The federal government is signaling that more oversight is coming. Organizations should expect tighter controls, increased reviews, and less tolerance for undocumented processes.

Preparing now by reinforcing internal controls and documentation can help organizations reduce risk, protect critical funding streams, and demonstrate compliance when auditors come knocking.

The takeaway is clear: it is time to dot the i’s, cross the t’s, and make sure every federal dollar received is fully supported.

Key takeaways

• Federal oversight is increasing. A new executive order establishes a cross-agency task force focused on fraud, waste, and abuse across federal grants, assistance programs, and jointly administered state programs.
• Healthcare and not-for-profits are squarely in scope. Organizations participating in Medicare, Medicaid, FQHC programs, and federal grants or assistance programs should expect heightened scrutiny.
• Documentation matters more than ever. Policies alone are not enough. Organizations must be able to show documented evidence that controls are consistently followed in practice.
• Internal controls must be operational—not theoretical. Review, approval, eligibility verification, and monitoring processes must be embedded in day-to-day operations and supported with clear audit trails.
• Subrecipient compliance is your responsibility. Grant recipients remain accountable for ensuring subrecipients maintain adequate controls and documentation.
• The financial risk is real. Noncompliance can result in repayment of funds, penalties, loss of program eligibility, and the disruption of critical revenue streams.
• Now is the time to act. Organizations should review and update policies, assess control effectiveness, and address gaps before increased enforcement activity begins.

About BerryDunn

BerryDunn is a full-service assurance, tax, and advisory firm serving healthcare organizations and nonprofits nationwide. We work with hospitals, health systems, federally qualified health centers (FQHCs), and mission-driven organizations to navigate complex regulatory, financial, and operational environments.

Our teams bring deep experience in healthcare and nonprofit audits, compliance, and governance, along with specialized grant consulting services that help organizations strengthen internal controls, manage federal funding responsibly, and remain audit-ready. Through a practical, collaborative approach, BerryDunn helps organizations protect critical funding streams and sustain their mission.

Read this if you are a CEO, CFO, COO, or a revenue cycle or payer contracting executive at a provider, medical practice, or hospital that would like to leverage federal health transparency contracted rate data to negotiate better rates. 

Did you know that the contracted rates paid by commercial payers—to you and your competitors—are publicly available? In compliance with federal price transparency requirements, commercial insurers publish detailed, machine‑readable files containing negotiated rates for every provider, CPT code, and plan. These aren’t estimates or survey data—they’re the actual contracted rates, confirmed by providers who have compared them against their own EOBs. 

So why isn’t the data being leveraged? The files are massive—more than 1.5 petabytes of new data published every month, which is the equivalent of roughly 24,000 fully loaded iPhones' worth of raw data. This scale makes it nearly impossible for patients or clinicians to download or analyze the information. Payers and savvy providers, however, can. 

This leads to a simple question: Do you have the data to guide your next negotiation, or are you making decisions based on assumptions?

How transparency data can support contract discussions 

For providers with the necessary technology to leverage these files, pricing transparency has fundamentally changed the balance of information in payer negotiations. Every tax ID's contracted rates—down to routine codes like 99213—are visible in the published files. Regardless of your payment methodology (i.e., fee schedule, percent of charge, DRG), the files disclose the method and the exact rates. 

Your negotiation counterpart can already see how your rates compare to others in your market, how far above or below Medicare you're paid, and where you sit relative to the highest-paid providers in your geographic market. Gaining access to this data and understanding how to interpret the information can put you on a more level playing field.

Available data in transparency files 

These files from insurer transparency portals contain a wealth of data you can leverage for your next negotiation and development of organizational strategy. They typically include: 

• Pricing from 176+ commercial insurers, including all four national carriers (United, Cigna, Aetna, Anthem), the full BCBS ecosystem of 46 plans and 100+ regional payers 
• 10,000+ insurance plans across all 50 states 
• 4 million+ healthcare providers and organizations 
• All billable code types (i.e., CPT, HCPCS, J-codes, MS-DRG, Revenue Codes, NDC) 
• Historical data from August 2023 onward, refreshed monthly 

With the right resources and support, this raw data can be transformed into clear, usable intelligence—not spreadsheets measured in terabytes, but interactive tables and visualizations that decision-makers can act on. 

Practical applications: From data to strategy 

1. Data-enabled, expert-supported contracting
Transparency data enables providers to benchmark their reimbursement against the entire local market—not just anecdotal peers or outdated surveys. 

Using market-level analytics, providers can: 

• See the full distribution of rates as a percentage of Medicare. 
• Identify the highest-paid providers in their market. 
• Understand exactly where their own contracts fall—clearly highlighted within the market. 

This turns negotiations from opinion-based discussions into fact-based strategy. Instead of asking for "more," providers can demonstrate precisely where their rates fall short of market norms and justify targeted counterproposals with objective data. 

However, rate is not the only important contract factor. While rates determine how much you are paid, contract language determines whether, when, and under what conditions you are paid. Strong contract language protects your organization from provisions like unilateral fee schedule changes without written agreement, unreasonable denials and appeal rights, and unfair audit and recoupment policies. 

2. Organization-wide strategic insight 
Pricing transparency isn't just for managed care teams. Hospitals and practices are using this data for: 

• Market intelligence: Identifying competitors with unusually high or low rates, and spotting acquisition or partnership opportunities.
• RCM validation: Confirming payer remittances automatically match contracted amounts. 
• IDR support: Establishing Qualified Payment Amount (QPA) benchmarks using real in-network rates. 
• ACO analysis: Assessing the reimbursement impact of ACO participation. 

For independent practices, this insight is especially critical. Independent providers are key to a healthy, competitive healthcare market, but only when they're negotiating on equal footing.

3. Community transparency and trust 
Transparency data also supports the broader organizational mission of accountability to the communities you serve. 

Understanding how rates vary across markets allows organizations to: 

• Explain pricing differences clearly and confidently. 
• Align reimbursement strategy with access and sustainability goals. 
• Participate more meaningfully in local and regional healthcare discussions. 

When providers understand their own data, they're better positioned to lead—rather than react—to transparency. 

Transparency data in action: A real-world example 

In one dermatology practice, transparency data revealed that routine office visit codes were reimbursed well below market, despite strong outcomes and patient demand. Armed with objective benchmarks, the practice entered negotiations with clear targets tied to the top quartile of local rates. The result was not just improved reimbursement, but a clearer long-term contracting strategy aligned with the practice's growth plans.

BerryDunn can help 

In the next five to 10 years, transparency data is likely to become widely accessible and lose some of its strategic power. Once everyone has it, payers will have no choice but to adopt different contracting strategies. Until then, providers who use this data have a meaningful edge. 

With industry-leading contract expertise, BerryDunn can help you build a strategy that improves both your rates and your contract positions. If your organization is considering using transparency data, our structured approach will provide you with: 

• Visibility into what payers see: The same rate data your counterpart already has 
• Confidence at the negotiating table: Backed by market benchmarks, not guesswork 
• Strategic clarity: Visibility across contracting, growth, and revenue integrity 

To help organizations get started, BerryDunn offers a complimentary sample of market data and a support discussion. Learn more about our services and team.