Skip to Main Content

To address evolving threats and regulatory challenges, OCR has issued proposed modifications to the Security Rule, introducing stricter security controls, mandatory encryption requirements, and a shift away from “addressable” implementation specifications. While these changes aim to improve data security, they also introduce new compliance burdens that could be challenging for many regulated entities. 

As we find ourselves in a fast-moving, strong business growth environment, there is no better time to consider the controls needed to enhance your IT security as you implement new, high-demand technology and software to allow your organization to thrive and grow. Here are five risks you need to take care of if you want to build or maintain strong IT security.

In light of the recent cyberattacks in higher education across the US, more and more institutions are finding themselves no longer immune to these activities. Security by obscurity is no longer an effective approach—all institutions are potential targets. Colleges and universities must take action to ensure processes and documentation are in place to prepare for and respond appropriately to a potential cybersecurity incident.

Who has the time or resources to keep tabs on everything that everyone in an organization does? No one. Therefore, you naturally need to trust (at least on a certain level) the actions and motives of various personnel. At the top of your “trust level” are privileged users—such as system and network administrators and developers—who keep vital systems, applications, and hardware up and running.

Law enforcement, courts, prosecutors, and corrections personnel provide many complex, seemingly limitless services. Seemingly is the key word here, for in reality these personnel provide a set number of incredibly important services.

Best Practices for Educating Your Financial Institution’s Board of Directors on Cybersecurity

According to Cybersecurity Ventures, cybercrime will account for $6 trillion annually by 2021—that’s more than the global trade of all major illegal drugs combined.  Data breaches and other information security events adversely impact organizations through significant losses in revenue, erosion of customer trust, substantial remediation costs, increased insurance premiums, and more.

With the rise of artificial intelligence, most malware programs are starting to think together. Fortinet recently released a report that highlights some terms we need to start paying attention to:

Texting has become a simple, convenient, and entrenched component of our everyday lives. We use it with family, friends, coworkers—and clients. My wife and I text to coordinate day care pickup and drop off of our kids every day.

Of course, we’re all suffering from “data breach fatigue.” But some breach announcements carry considerably more risk to the victim than others. For example, if I had received a letter saying a credit card of mine had been compromised, the end result would be simple:

People love the idea of being able to conveniently charge their phones without a cable or having to hunt for a plug. Free charging stations are popping up everywhere.

On July 4, 2025, the One Big Beautiful Bill Act (OBBBA) was signed into law. This article summarizes relevant key provisions that impact tax-exempt organizations. 

Expansion of §4960 excise tax 

Internal Revenue Code (IRC) Section 4960 imposes a 21% excise tax on exempt organizations that pay over $1 million in compensation to their five highest-paid employees. The provision also taxes excess parachute payments.  

For tax years beginning in 2026, under the OBBBA this excise tax now applies to all earners of a nonprofit receiving over $1 million in compensation, rather than just the five highest-paid employees. Importantly, this change is retroactive and requires organizations to look at any employee or former employee who was employed during any taxable year beginning after December 31, 2016. The exclusion from this tax for employees providing medical services continues to apply. 

Excise tax on investment income of private colleges and universities under IRC §4968 

IRC Section 4968 imposed an excise tax of 1.4% on net investment income of private colleges and universities that have at least 500 tuition-paying students and at least $500,000 in endowment assets per student. 

Under the OBBBA, for tax years beginning after December 31, 2025, a tiered tax regime has been created dependent on an institution’s “student adjusted endowment” for private colleges and universities that have at least 3,000 tuition-paying students and at least $500,000 in their student-adjusted endowment. The rates are: 

  • 1.4% for endowments of at least $500,000 but less than $750,000 

  • 4% for endowments of at least $750,000 but less than $2 million 

  • 8% for endowments of at least $2 million per student 

Charitable giving for corporations and individuals 

The OBBBA has added several provisions in the realm of charitable contribution deductions for both corporations and individuals, which could impact amounts received by nonprofit organizations in the form of charitable giving. 

For corporations, the OBBBA establishes a 1% floor for charitable contributions, further limiting the charitable contribution deduction amount a corporation can claim for tax purposes. The 10% ceiling for these deductions remains. 

For individuals who itemize deductions, the OBBBA establishes a cap on the overall itemized deductions that can be claimed by high income taxpayers. The OBBBA also creates a 0.5% floor for charitable contribution deductions, meaning that individuals who itemize would be entitled to claim a charitable contribution deduction only if they contribute in excess of 0.5% of their charitable contribution base (AGI before deductions for charitable giving). 

For non-itemizers, the OBBBA provides a tax deduction of $1,000 for single taxpayers and $2,000 for joint filers for charitable contributions, starting in 2026. 

Additional tax changes 

  • The use of funds in IRC Section 529 plans has been expanded to cover homeschooling costs, purchase of curricular and online educational materials, tutoring, standardized testing fees, and education-related therapies for students with disabilities. The measure would also cover tuition, fees, and supplies associated with obtaining postsecondary credentials through recognized vocational and certificate programs.  

  • The OBBBA has made the tax treatment of moving expenses permanent. Thus, employee-incurred moving expenses are not tax-deductible, and any moving expenses reimbursed by the employer are taxable compensation to the employee. 

  • The Paid Family and Medical Leave tax credit has been permanently extended, and enhancements by OBBBA have been made to the credit. 

  • $5,250 (to be adjusted annually for inflation) in employer payments of student loans as educational assistance payments have been permanently extended through the OBBBA. 

There were a few proposed provisions specific to the nonprofit sector that were ultimately not included in the final version of the OBBBA, such as the revival of the UBI parking tax as well as increases in the excise tax rate on net investment income for private foundations. However, some of these provisions could potentially be reintroduced in subsequent legislation as Congress looks to find additional sources of revenue. 

BerryDunn’s team of professionals serves a range of nonprofit organizations, including but not limited to educational institutions, foundations, behavioral health organizations, community action programs, conservation organizations, and social services agencies. We provide the vital strategic, financial, and operational support necessary to help nonprofits fulfill their missions. Learn more about our team and services. 

Article
OBBBA is now law: What it means for nonprofits

In today's rapidly evolving business landscape, boards of directors are more than just stewards of governance—they are the strategic compass guiding an organization toward enduring success. As the challenges facing companies grow increasingly complex, from disruptive technological trends to shifting societal expectations, the board's role has never been more critical.  

This series is designed to empower board members with the insights and tools necessary to navigate change with confidence. Our experts, each a leader in their respective fields, will share real-world examples, practical frameworks, and actionable advice in a Q&A format, and lessons learned from their personal and professional journeys.   

Human Resources: Onboarding new hires and bridging generations   

For the latest installment of our board leadership series, BerryDunn’s HR Generalist, Maddie Stevens, shares insights on onboarding, engaging, and fostering connections for new employees, as well as leveraging generational gaps in the workforce.   

Q: What trends or challenges do you see impacting the future of your field, and how are you preparing to address them?   

A: Managing information overload and ensuring that employees feel engaged are common challenges when working with new hires. To prevent information overload, we are constantly auditing our new hire process, reviewing the who, what, where, and why for every communication. It is important to be mindful of what needs to be communicated on day one versus what can wait until week two, week three, etc. This is why we strongly rely on an 8- to 12-week onboarding plan.   

Q: How do you help new hires build relationships with their team members and other departments, as well as understand and integrate into company culture during the onboarding phase?   

A: We start by creating opportunities for connections. During orientation, new hires have the opportunity to connect online with several different employees on the operations side of the firm, including HR, IT, Payroll, Accounting, and Well-being. We facilitate virtual social connections and networking events for employees to attend, which include workout classes, employee resource groups, book socials, a monthly new hire social, and a coffee break where we talk about what we are reading, watching, and listening to. These are available to all staff—regardless of whether they are in-house or remote.  

 Another method we use to help facilitate connections is by publishing a monthly new hire announcement, which incorporates photos, LinkedIn profiles, and biographical information to introduce each new hire. To integrate new employees into the BerryDunn culture, we pair each with an onboarding partner. The partner’s role is to make the new hire feel welcome, track their progress, and serve as an advocate and resource during the first eight weeks of employment.  

Q: What metrics do you use to measure the success of an onboarding program, and how do you collect feedback from new hires?   

A: Our team measures the success of our onboarding program with metrics from online surveys at the end of an employee’s first week. We also conduct 90-day, six-month, and one-year surveys. The surveys include questions related to engagement such as:   

  • I have met senior leaders in my practice/department.  

  • I feel connected to my team.  

  • I am satisfied with my relationship with my supervisor/reviewer.   

We also ask questions to help ensure employees feel informed, including:   

  • Is there anything from your onboarding experience we should change/add to help new hires get acclimated?  

  • I feel confident about describing the services my group provides.  

  • What additional information or training would be helpful during your first six months?  

We track response rates and share monthly results with the BerryDunn leadership team and those involved with the onboarding program. Having a team that is committed to the success of an onboarding program is essential.  

Q: What role does efficiency and automation play in your onboarding process, and where do you believe it is most effective or inefficient?   

A: Employees have the same efficient online onboarding process regardless of whether they start at an office or remotely. This includes our benefits enrollment, informational sessions, and compliance training. We're always looking for ways to be more efficient with tasks, as many of those related to onboarding are manual (i.e., sending the same email communication, creating calendar invites, preparing agendas). We currently use automation for launching surveys based on an employee’s start date and for sending an occasional mail merge when it comes to bigger orientation classes like intern orientation.  

Q: How can organizations ensure that employees from different generations are equally comfortable with digital tools and platforms?   

A: It's important to make sure there are digital resources available for any learning style. The first resource we provide for new employees is an IT session at the end of their first day. This provides the opportunity to have an expert available to help with any day-one struggles, as well as an overview of different software. We also have articles and videos in our online resource center and our technology training center that provide self-service materials for different platforms.    

Q: How do you suggest companies customize their employee engagement strategies to meet the diverse needs of different generations and what advice would you give employers struggling to bridge generational gaps within their teams?   

A: Companies can tailor their employee engagement strategies to meet the diverse needs of different generations by offering different opportunities to support various interests and to meet others. One recommendation for those who are struggling to bridge generational gaps within their teams is to focus on communication and collaboration. Encouraging both can help provide a sense of belonging and understanding. Another recommendation is to reach out to your HR team for ideas to help bridge generational gaps.   

About Maddie  

Maddie Stevens is an HR Generalist at BerryDunn, based in Maine. She is certified as both a SHRM-Certified Professional (SHRM-CP) and a Professional in Human Resources (PHR). Maddie’s interest in HR developed through an internship her senior year of college, ultimately inspiring her to pursue her MBA with a focus on HR. Studying for her SHRM-CP exam while in graduate school solidified her interest in the field and helped her gain confidence. Maddie believes professional growth comes from a willingness to explore new opportunities, seek out informal informational interviews, and job shadowing. She is motivated by fulfilling work, which is often when she can improve a process. Maddie appreciates receiving feedback and collaborating with others to figure out how to improve a process. She holds a bachelor's degree in marketing and tourism & hospitality from the University of Southern Maine and an MBA in Human Resource Management from Thomas College. 

BerryDunn partners with organizations to create work environments where business success and personal growth coexist and where people are confident knowing their workplace positively contributes to their well-being. We take a comprehensive approach to our workforce and well-being work, considering how business needs, organizational capacity, and the employee experience work together to drive your business forward. Learn more about our workforce and well-being team and services.   

Article
Board leadership series: Onboarding new hires and bridging generations

Anyone involved in international operations, finance, or compliance should pay attention to duty drawback—here’s why.  

This article is the last in a series to help businesses navigate trade strategies amidst tariff changes.

Tariffs remain a significant cost factor for US importers and exporters. Understanding and leveraging trade programs is more critical than ever. One underutilized but highly valuable strategic tool is duty drawback.  

With global supply chains in flux and tariffs remaining a significant cost factor for US importers and exporters, understanding and leveraging trade programs is more critical than ever. One such underutilized but highly valuable program is duty drawback—a strategic tool that can return up to 99% of duties paid on imported goods that are later exported. 

What is duty drawback? 

Duty drawback is a US Customs and Border Protection (CBP) program that allows companies to claim refunds on duties, taxes, and fees paid on imported merchandise that is subsequently exported, destroyed, or used in the manufacture of exported products. This includes: 

  • Unused merchandise drawback: Re-exported goods 
  • Manufacturing drawback: Goods incorporated into exported items 
  • Rejected merchandise drawback: Goods returned to the seller or destroyed 

Why it matters now more than ever 

As tariffs remain a volatile component of trade policy, businesses paying duties on goods that eventually leave the US are leaving money on the table if they’re not filing for drawback. With the passage of the Trade Facilitation and Trade Enforcement Act (TFTEA), CBP has modernized the drawback process, expanded eligibility, and simplified recordkeeping—making it more accessible for businesses of all sizes. 

Key considerations 

To take advantage of duty drawback, companies must: 

  • Maintain detailed records of import and export transactions 
  • Meet strict timelines (generally within five years of import) 
  • File through the CBP’s Automated Commercial Environment (ACE) 
  • Ensure that exported products can be traced to the original imports 

While the potential refunds are substantial, the compliance and documentation requirements can be complex. 

How our firm can help 

At BerryDunn, we help clients uncover and realize significant cost savings through strategic deliveries such as duty drawback programs.  

Don’t overpay on tariffs 

In an environment of evolving trade regulations and escalating duty costs, duty drawback offers a rare opportunity to recover sunk costs and strengthen your competitive edge. 

Let’s talk strategy 

Contact us to explore how a proactive drawback strategy can benefit your business. We’ll help you connect with the experts to turn complexity into clarity—and duty into dollars. 

Read the other articles in our series about tariffs.  

Article
Unlocking savings with duty drawback

Read this if you’re a CFO, billing manager, or revenue cycle professional at an FQHC or RHC. 

On July 1, 2025, Federally Qualified Health Centers (FQHCs) and Rural Health Clinics (RHCs) transitioned from cost report-based to claim-based Medicare reimbursement for influenza, pneumococcal, COVID-19, and Hepatitis B vaccines. This important policy change enables real-time payment, improving cash flow and making vaccine administration more financially viable for health centers and clinics.

Importantly, while the billing method is changing, reimbursement for these vaccines remains based on reasonable cost principles. Health centers and clinics must still track vaccine-related costs and report them in the annual Medicare cost report, which will be used to reconcile reasonable costs to the payments received through claims processing. 

Why the change matters 

Prior to the change, Medicare reimbursed FQHCs and RHCs for vaccines and their administration through the annual cost report and they were not allowed to be billed and reimbursed when the services were provided.  

As a result, health centers and clinics had to cover both the vaccine and administration costs upfront, potentially waiting up to 18 months or more for reimbursement due to the timing of cost report submissions and Medicare contractor settlement processes.   

This delay posed a significant challenge for FQHCs and RHCs, which typically operate with tight cash flow and limited working capital. 

Real-time payments improve cash flow 

The July change allows FQHCs and RHCs to bill Medicare for vaccines and their administration on a claim-by-claim basis. Health centers will now receive payment shortly after submitting the claim, rather than waiting for year-end cost report settlements to come through.  

Claims must include: 

  • CPT or HCPCS codes for each vaccine administered 

  • Corresponding administration codes 

  • Other billable services rendered during the visit, if any 

Notably, vaccines and administration can be billed regardless of whether a face‑to‑face encounter with a provider occurs. Services provided by qualified staff, such as nurses, are billable even without a provider visit on the same day. 

Accurate and timely claim submission will be critical to support compliant reimbursement and minimize processing delays or denials.  

New reimbursement for Hepatitis B vaccines 

Effective January 1, 2025, Medicare began allowing FQHCs and RHCs to be reimbursed for Hepatitis B vaccines and their administration. This is a change from prior policy, which did not permit payment for these vaccines in these settings.  

From January 1 through June 30, 2025, reimbursement for Hepatitis B vaccines will occur via the cost report, the same as the other reimbursable vaccines. Health centers and clinics should accumulate and report these costs accordingly when filing their 2025 cost report. Starting July 1, 2025, Hepatitis B vaccines will transition to claim-based reimbursement, joining influenza, pneumococcal, and COVID-19 vaccines in the new billing structure. 

Making on-site vaccinations financially feasible 

The long delay in Medicare reimbursement for vaccines has led some health centers and clinics to refer Medicare beneficiaries to local pharmacies for their vaccinations. With this regulatory change, providing vaccines on-site becomes much more viable, both financially and operationally. 

Medicare reimbursement will be as follows: 

  • 95% of the Average Wholesale Price (AWP) for the vaccine itself 

  • A fixed administration fee per dose, per the Medicare Physician Fee Schedule 

For most FQHCs and RHCs, claim-based reimbursements are comparable with amounts received through the cost settlements, with the key difference of quicker cash payment.  

What about the reconciliation process? 

Because vaccine reimbursement remains cost-based, FQHCs and RHCs must continue to track and report vaccine costs in their Medicare cost reports. The real-time payments received through claims will be reconciled against the actual reasonable costs reported annually.  

If total claim-based reimbursements exceed reasonable costs calculated in the cost report, the excess reimbursement will be required to be repaid to Medicare with the submission of the cost report. For most health centers and clinics, this variance is expected to be minimal. However, larger clinics with high vaccination volume could experience larger variances. Periodically throughout the year, FQHCs and RHCs should compare the vaccine acquisition price to the AWP and if acquisition prices are less than AWP, consider the need to complete an interim cost settlement and establish a reserve for amounts due to Medicare. 

A win for FQHCs, RHCs, and patients 

Real-time reimbursement reduces administrative burden, improves financial predictability, and enables health centers and clinics to better manage care for Medicare patients. Offering vaccines in-house enhances convenience, increases vaccine uptake, and improves public health outcomes.  

Health centers and clinics are better positioned to integrate vaccination into routine care, eliminating the need to refer patients elsewhere and strengthening continuity of care. 

How BerryDunn can help 

As the healthcare landscape evolves, FQHCs and RHCs must adapt to policy changes while continuing to meet the needs of their communities. BerryDunn’s healthcare consultants work closely with FQHCs and RHCs to: 

  • Streamline operations and billing workflows 

  • Ensure compliant claim submission 

  • Plan strategically for cost report reconciliation 

  • Integrate best practices for financial and operational performance 

Whether you need support implementing these changes or optimizing broader business strategies, BerryDunn is here to help. Learn more about BerryDunn’s team and services. 

Article
Real-time Medicare reimbursement for vaccines at FQHCs and RHCs: What you need to know

Artificial Intelligence (AI) applications in healthcare have become ubiquitous and pervasive, and their adoption is accelerating. A recent American Medical Association survey disclosed physicians’ confidence in AI’s advantage for patient care is on the rise and their enthusiasm for its use is increasing.  

AI applications in healthcare 

AI applications have proved beneficial in a variety of ways in healthcare settings, including: 

  • Managing hospital operations and patient flows 

  • Assisting with resource allocation 

  • Automating administrative tasks  

  • Reducing clinicians’ repetitive tasks 

  • Assisting in clinical decision-making 

  • Detecting disease states 

  • Aiding in clinical documentation 

Considerations for AI adoption 

This era of widespread AI-based application adoption represents a new phase of AI and presents new questions and challenges for healthcare organizations.  

A 2023 Center for Connected Medicine KLAS survey of healthcare systems disclosed only 16% have a system-wide policy for governance of AI usage. Organizations need to consider issues of data protection and privacy, patient consent, physician oversight and review, integration of workflows, and equitable access.  

Healthcare organizations should stay current on the emerging and evolving regulatory framework. For example, the US House bill (H.R. 1) passed in May 2025 proposes to block states from regulating AI models, shifting to federal oversight. It will warrant close monitoring, as the ultimate outcome will undoubtedly impact organizational compliance efforts.   

AI oversight 

Oversight is essential when implementing AI. We recommend that organizations consider forming AI committees composed of executives, information technology officers, legal advisors, clinicians, and cybersecurity specialists. These committees should establish and review institutional policies surrounding: 

  • Patient privacy 

  • Security measures, including encryption, secure storage, and security audits 

  • Physician review of AI-based diagnoses and clinical decisions 

  • Patient consent for use of their data, data sharing among applications, risks/benefits of AI-based applications 

  • Staff education surrounding application use 

  • Workflow integration with EHRs 

  • Adoption of new applications 

  • Clinician review of AI-generated notes and ambient listening technology documentation 

BerryDunn’s healthcare compliance team incorporates deep, hands-on knowledge with industry best practices to help ensure your operation is compliant and efficient. Learn more about BerryDunn’s team and services. 

Article
AI Implementation Challenges: A Physician's Perspective