July, 2020 » YouCompli

Improving Your Reputation: How to Help Your Healthcare Organization See the Compliance Department in a Positive Light

When the compliance team visits another department, staff responses are usually the same: we must have done something wrong.

This isn’t the response that you want. The compliance department and staff should be seen as approachable, working in a collaborative fashion to make the organization more successful. If the compliance department only comes in to run audits and give “constructive” feedback, then compliance will quickly become known for negativity and criticism.

Collaboration

It is important to collaborate with other departments and incorporate a holistic organizational approach. This means valuing what other team members have to offer with regards to compliance in the organization. It can be easy for compliance professionals to make black or white statements regarding compliance with a specific regulation or policy. After all, it’s there in writing — in black and white.

But, other teams can sometimes bring to light another perspective. There may be gray areas in the written requirements or overall process and addressing these could benefit the organization without compromising compliance.

Or, compliance professionals could demonstrate openness to evaluating how requirements and regulations are impacting specific operational workflows. For example, when evaluating a compliance process for telehealth visits related to obtaining consent, the operations leader should be given an opportunity to work with compliance in developing the process.

In-Person Education

One approach to improving collaboration with other departments is to conduct in-person education and question and answer (Q&A) sessions. Ask all department leaders if you can have ten (but no more than fifteen) minutes at their next staff meeting to introduce the compliance team and to solicit compliance-related topics and questions. Before the meeting, make sure to get the department leader to provide two to three compliance-related topics that would be of interest to their team. Prepare a short slide presentation to use in the meeting — typically, one slide per topic and one Q&A slide at the end.

During the meeting, make sure to leave at least five minutes for compliance Q&A. Listen to the staff questions and solicit information on challenges or knowledge gaps related to compliance, so follow up can be done with the that department or team.

Follow-Up Education

Follow up should be timely (within three to four weeks) and can be done a few different ways: short videos, posts on the internal intranet or website, email education, or additional in-person follow up education. There are several excellent (and free) applications available online where you can create short, two- to three-minute compliance videos that can then be distributed to staff.

Follow-up education could also be done by email if the topic and question and answer lends itself to an email response. For example, if staff ask a question about HIPAA’s application to texts or emails, it would be fairly easy to find a one-page summary on the application of HIPAA to texts and emails and attach that to an email.

Volunteers

Another way to improve collaboration would be to have compliance staff volunteer to participate in organization committees not directly related to compliance. For example, compliance professionals could join the policy committee or the activities committee. In this way, the compliance team can develop positive relationships with others in the organization, in an open and approachable way.

Practice Tip:

Reach out to at least 3-4 departments before the end of the year to schedule and conduct in-person meet and greets with a focus on compliance education.
Utilize services such as youCompli to stay current on compliance topics and regulations to present during your meet and greet meetings.

Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and owner of Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.

Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.

See YouCompli in Action

Easier, faster, more effective compliance is possible

HIPAA How to risk management

How Do We Modernize Compliance?

Times change and compliance, like all businesses and business operations, needs processes that keep up. However, there are a lot of challenges that we as compliance professionals face when it comes to modernizing our practice. Modernizing compliance means adapting or incorporating requirements, adherence methods and technology to align with current times or requirements.

For example, this could mean learning to effectively audit electronic, instead of paper, health records. Many compliance professionals have also had to adapt to working with a remote workforce, such as billing and coding professionals, as formerly onsite staff have been transitioned out, in favor of a contracted workforce for a third-party company.

With these, and many other, challenges in mind, how do we proactively modernize compliance?

Enterprise Risk Management Planning

One way is to ensure compliance is part of the organization’s enterprise risk management (ERM) plan and business strategy. It is commonly, but incorrectly, believed that an ERM plan only involves the risk management department. An effective and comprehensive ERM plan has to include human capital, operational, financial and strategic domains, as well as addressing legal, regulatory and compliance related domains and issues.

For example, HIPAA or cyber breaches involving PII or PHI can have significant risk to the organization, including reputational, regulatory and financial consequences. Evaluating these compliance-related risks should be part of the ERM planning process, as should the development of strategies in the ERM to mitigate or manage these risks.

Compliance and Education Plans

Another way to modernize compliance is to ensure compliance and education plans are informative, yet easy to understand and follow. Gone are the days where the compliance plan can be over 30 pages long and written in a dense format with little white space. Let’s be honest: other than people in the compliance department, most employees won’t read a 30-page regulatory document which consists of nothing but text.

Compliance Plan

The compliance plan should be developed and laid out in an easy to read format. Graphs and other graphical elements should be included to aid in engagement and learning. And, when including the regulatory language, also include a clear, concrete example of how that applies to the employee.

For example, we all know that HIPAA requires staff to maintain patient privacy. While at work, this includes conversations — so we should not be discussing patients or patient information with co-workers in the elevator or bathroom. Similarly, if a person calls asking about a patient, staff must check the registration or admission system to ensure the patient wants their admission shared with callers or visitors.

If you really want your employees to follow the compliance plan, then craft it with that as your intent. Get two to three volunteers from other departments to review and edit the document with you so you ensure you met your goal to educate employees and modernize the compliance plan.

Education Plan

Education plans need to be developed that align with the compliance plan, but also must be informative and fresh. Employees are no longer interested in sitting down for a half-day session of watching PowerPoint presentations. Select annual mandatory compliance education modules that are engaging and can be completed in 10-15 minutes at one time. Ensure the format is varied with some reading, videos and multiple-choice options which enhance learning. Try incorporating in-person education throughout the year so that your co-workers are updated on any compliance policy updates or regulatory changes. But keep the education to around 10 minutes at a time in an easy to understand and engaging format, so employees see compliance as a resource instead of a department that only delivers bad news or wastes their time.

Data Analytics Processes

To modernize compliance, it is also important to create agile and contemporary data analytics processes. We can’t track all healthcare related regulations on paper or spreadsheets anymore. There are simply too many requirements to follow and too many changes to track.

The COVID-19 pandemic is a perfect recent example. Governors from many states were executing executive orders (EO) on a frequent basis to address COVID-19 related matters. These executive orders addressed such topics as whether elective surgery could or could not be performed, what restrictions were lifted with regards to telehealth visits, and what professional licensing requirements were relaxed. For organizations who have facilities in multiple states, tracking EO alone would be an incredible burden in a paper- or spreadsheet-driven department.

And, regardless of EO, there can be compliance issues related to telehealth visits and the ability to bill for those visits. For example, if a provider tries to deliver an annual Medicare visit via telehealth from California for a new patient in Connecticut.

Technology and Automation

It probably goes without saying, but modernizing compliance fundamentally includes incorporating the use of current technology and automation tools to assist with regulatory compliance and education. There are a number of electronic learning systems which automate compliance education assignment and monitoring. These systems allow compliance professionals to assign required annual training, as well as remedial education, by employee type (nurse, doctor, coder, food service, volunteer, therapist, information technologist, etc.).

There are also a variety of internet-based due diligence platforms to ensure potential vendors and contractors are appropriately vetted before the organization does business with them. And, there are many systems available that track regulatory changes and regulatory activity within your organization. There’s no longer a good reason to not explore the options, and see which tools are a good fit for your department and organization.

Practice Tip:

Depending on the size of your organization, get 3-6 volunteers to review and provide input on your compliance plan and compliance education materials.
Evaluate current technology and automation platforms such as youCompli to help meet your organization’s compliance needs.

See YouCompli in Action

Easier, faster, more effective compliance is possible

HIPAA regulatory change management risk management

Emergency Preparedness Revisited

Emergency preparedness has always been one of the top concerns of hospital administrators and medical staff, but never has it been more critical. As the the coronavirus pandemic continues to impact the United States, and facilities are struggling to maintain levels of personal protective equipment (PPE) and ventilators, administrators and compliance professionals should also review the updated federal emergency preparedness requirements, published by the Centers for Medicare and Medicaid Services (CMS) in the Federal Register on September 30, 2019.

We previously blogged about these requirements in 2017, but the requirements have changed in the past few years. Here are the four core elements of a hospital’s emergency preparedness plan to handle natural and man-made disasters — and a look at how they are impacted by last year’s final rule revision by CMS:

Risk Assessment and Planning

Commonly referred to as the emergency plan, CMS requires such a strategy to be developed and then updated at least once a year. It is based on certain risk assessments and uses an “all-hazards” approach that focuses on hospital capacities and capabilities, care-related emergencies, equipment and power failures, communication interruptions (including cyberattacks), and interruptions to water, food, and medication supply chains.

A major change to this element involves hospital climate control and power. Facilities are no longer required to heat and cool the building evenly. However, safe temperatures are to be maintained in areas deemed necessary to protect patients, other people in the facility, and provisions stored in the facility during the course of an emergency, as determined by a risk assessment. If a hospital is unable to maintain safe temperatures, it should follow an established plan for a timely relocation/evacuation that avoids patient exposure to harmful conditions. Additionally, hospitals are required to have an essential electric system with a generator that complies with the NFPA 99 – Health Care Facilities Code.

Like before, the plan must include strategies for addressing emergency events and include a process to work in conjunction with local, tribal, regional, state, and federal emergency preparedness officials. But the key change to the all-hazards approach — and this is crucial in light of recent events — is that all participating hospitals must be prepared for emerging infectious disease (EID) threats, such as the coronavirus. EIDs may require modification to standard facility protocols to protect the health and safety of patients and personnel, such as isolation and PPE usage.

Communication Plan

This element received additional fine-tuning. Participating hospitals still must develop a communication plan that complies with local, state, and federal laws and the plan must be reviewed and updated annually. It should now also include the names and contact information of key hospital personnel for local, tribal, regional, state, and federal emergency preparedness officials. And, it should detail how patient care is coordinated within the facility, across healthcare providers, and with local and state public health departments and emergency management systems.

Policies and Procedures

Hospital policies and procedures still must be based on the emergency plan, risk assessment, and the communication plan, and must be reviewed and updated at least once a year. They should address a broad range of topics and situations, including subsistence needs (water, food, medical supplies) of patients and staff, emergency staffing strategies, tracking the location of on-duty staff and patients during emergencies, sheltering-in-place plans, and patient relocation/evacuation plans.

Training and Testing Program

This revised element the result of an additive process. Program development is based on the emergency plan, the risk assessment, the communication plan, and the policies and procedures. As before, the final rule states the program must detail who needs to be trained, describe the frequency of training, how knowledge is assessed, and document how the training was conducted.

During the course of normal events, hospitals are required to annually conduct a mock disaster drill that is either a full-scale, community-based or individual facility-based exercise. In addition, hospitals must also hold a discussion-based tabletop exercise with its senior staff to discuss hypothetical emergency scenarios and reassess policies and procedures. But recent years have not been normal.

Along with the coronavirus outbreak, many parts of the country have suffered from an increase in natural disasters or mass shootings. The final rule revision acknowledges this wide spectrum of emergencies. If there is an event that activates a hospital’s emergency plan, that facility is exempt from holding its annual mock disaster drill for one year following the incident, provided it has written documentation. If a hospital activates its emergency plan twice in one year, it is exempt from both the mock disaster drill and tabletop exercise for one year following the actual events. Again, written documentation of these events and procedures is required.

Maintain Compliance with CMS

Being compliant with the September 30, 2019 final rule is a requirement for your facility’s Condition of Participation (CoP) / Condition for Certification (CfC) with CMS. Failure to comply, even during a pandemic, could thus have significant impact on your organization. The youCompli compliance management software is a powerful tool to help mitigate risk and enable your hospital to effectively implement these, and many other, regulatory requirements. The software is easy to use and quick to deploy, and can be a powerful means to drive efficiencies through your compliance department.

See YouCompli in Action

Easier, faster, more effective compliance is possible

regulatory change management

For Hospitals, Climate Change Compliance Pays. Literally.

Hospitals nationwide are trying to recover from what AHA president Rick Pollack calls a “triple whammy.” Between “increased expenses incurred in…caring for the COVID patients,” “the decreased revenues” from “having shut down regular operations in terms of scheduled procedures,” and “the increased number of uninsured,” it’s probably no surprise that, according to AHA estimates, US hospitals are losing as much as $50 billion a month.

What is surprising, though, is how hospitals are offsetting some of those losses — to the tune of tens or hundreds of thousands of dollars a year — with significant savings from climate change sustainability. In principle, this boils down to cutting waste — wasted food, wasted paper, red bag waste, wasted electricity — and associated disposal costs.

Climate change regulations are complex, and are likely to change over time, as climate change becomes a more serious issue for regulators. Establishing a program now that fits within existing regulations, has potential to grow, and will support the hospital’s budget needs — all without violating other compliance requirements — is a significant win for compliance professionals.

As these examples show, there are opportunities now to reduce your climate risk, save money, and stay compliant:

Reduced Consumption

In Wisconsin, Gundersen Health System reduced food waste by more than 80%, saving more than $150,000 over five years.
They also found that cutting electricity waste was as easy as changing a light bulb – actually, lots of light bulbs. Retrofitting six buildings’ light fixtures cut electric bills in half, saving 4.4 million KwH and about $265,000 a year. And those are only the direct savings. Replacing incandescent bulbs or CFLs with LEDs produces highly directional lighting. They use 75% less energy and last 25 times longer. They also cut air conditioning costs, because while incandescents give off 90% of their energy as heat, and fluorescents about 80%, LEDs give off next to none.
Ascension Healthcare saved $53.3 million over 7½ years by reducing energy use in its 141 healthcare facilities in 20 states.
When Minnesota-based Health Partners went paperless in 2014, their more than 90 hospitals and clinics cut paper use by 8% and saved more than $700,000 over three years. (Before you follow their example, though, you should know which paperwork can go digital and which must be filed in hard copy to comply with federal and state regulations.)
In Olympia, Washington, Providence St. Peter Hospital decreased water consumption by 58%, saving a total of $2,510,479 on water. What’s more, they earned another $1 million in utility rebates under a state water reduction incentive program. Accomplishing this was as simple as finding and fixing leaks, replacing single-pass refrigeration units, calling a vendor to turn off an unneeded cooling pipe, and installing dual-flush toilets and slowing sinks’ faucet speeds in 165 patient rooms.
By cutting energy consumption by 23% per square foot in its 12 hospitals and almost 400 sites of care, Advocate Health Care saved $23 million over seven years. And by reprocessing instead of discarding medical devices, they save another $2.1 million annually.

ORs and Medical Waste

ORs account for 20-30% of a hospital’s total waste, up to 60% of its medical waste, and about a third of its expenses. By lowering the number of air exchanges per hour (ACH) from 25 to 20 (the federal and state required minimum) between surgical procedures, the Cleveland Clinic saves $250,000 a year.
Health Partners’ waste reduction and recycling program has diverted 793,000 pounds from the ORs of all its hospitals.
By removing 91,753 pounds of instruments from the reprocessing cycle, Dartmouth Hitchcock Medical Center saved almost $1.5 million.
Seattle’s Virginia Mason Medical Center cut supply costs by over $3 million in three years by switching to reprocessed medical devices.

Implications for Compliance

Selling these savings to the executive board is easy. Savings like these don’t just go once to your bottom line. They stay there, year after year. What’s more, they can increase your property value by as much as eight times your investment. Reducing energy use can also earn you federal tax reductions and refunds, state matching grants, and electric utility rebates.

From a compliance standpoint, the obvious concern is whether implementing these changes to green your organization will have negative impacts on your exposure to compliance risk. And that’s a big challenge to overcome. What you need is a way get clear insight into what regulations require, and what environmentally-focused options are available.

See YouCompli in Action

Easier, faster, more effective compliance is possible

revenue cycle

COVID-19 Testing: New Federal Clarifications for Employers

You’ve probably heard of recent federal legislation affecting insurance coverage for COVID-19 testing and related services, such as the Families First Coronavirus Response (Families First) Act and the Coronavirus Aid, Relief, and Economic Security (CARES) Act.

The federal government has taken steps to require certain kinds of insurance plans to provide coverage for testing (and related services) without cost-sharing, prior authorizations, or other medical management requirements.

New Guidance Issued

On June 23, three federal departments — the Department of Health and Human Services (HHS), the Department of the Treasury, and the Department of Labor — issued a second round of guidance on implementing these provisions.

The Centers for Medicare & Medicaid Services (CMS) has published an FAQ specifically related to the Families First Act which contains some useful information related to this guidance. (Click here to read the full document.)

CMS has confirmed that the Families First Act does not require employers and insurers to pay for COVID-19 testing that is not used for diagnostic purposes. This includes back to work purposes or general screening. And there are no exceptions for the uninsured or those receiving Medicaid coverage.

In the case of diagnostic testing, the law allows for quite a broad range of coverage. Tests must be approved by HHS (which includes tests approved by the Food and Drug Administration (FDA) on an emergency or temporary basis). But as long as one of these approved tests is ordered by an attending health care provider, “where medically appropriate for the individual,” then insurers must pay for it. And that’s even if there are multiple tests ordered.

COVID-19 Tests Not Covered

However, for tests that are not for diagnostic purposes, things get more complicated. If employers require their employees to have clean COVID-19 tests before returning to work, there are basically two options, neither of which insurance is required to help with under this legislation:

Pick up the tab for testing themselves, or
Ask employees to either cover it (which can be very expensive) or line up at one of the free public testing sites.

Implications for Compliance

As with most of the regulatory changes related to the pandemic, the devil is in the details here. Staying up to date on the latest guidance and clarification is the only way to be sure that you are providing the correct information to the rest of your organization.

See YouCompli in Action

Easier, faster, more effective compliance is possible

regulatory change management

AHA and CMS to Keep Regulatory Flexibilities in Place

COVID-19 continues to create obstacles and challenges for healthcare compliance professionals. Thriving in this environment means being agile and adaptive.

The AHA’s Requests

Last week, the American Hospital Association (AHA) asked the Centers for Medicare & Medicaid Services (CMS) to keep relaxed regulations in place. Specifically, the AHA is interested in keeping flexibility around telehealth, quality and compliance measures, and bed capacity.

The telehealth changes are ones that have been on the horizon for some time. Essentially, the AHA is asking CMS to continue to allow hospitals to provide a wide range of telehealth services, without limitations as to profession or geographic location. The AHA is also asking for flexibility on billing and payments related to telehealth to be made permanent.
More interestingly, the AHA has also asked that CMS extend regulatory relief related to some quality and patient safety regulations. These include expanding the use of verbal orders, and extending the reuse of PPE.

The AHA has also asked that CMS provide hospitals with a transition period, to allow them to more easily move from pandemic response to ordinary practice. This includes a request for temporary waivers for sanctions and penalties related to HIPAA , and flexibility on audit requirements. And, it includes a request that certain rules and requirements be delayed or suspended.

The Response From CMS

Three days after the AHA released this letter, Michael Caputo, Assistant Secretary for Public Affairs at the Department of Health and Human Services (HHS), tweeted this :

Enough already. @HHSGov expects to renew the Public Health Emergency due to COVID-19 before it expires. We have already renewed this PHE once. Learn more here: https://t.co/QsWSaP6X2D

— Michael R. Caputo (@SpoxHHS) June 29, 2020

The public health emergency is currently set to expire on July 25. However, as of this writing, HHS hasn’t officially announced how long the extension will be

This means that we don’t yet know what will happen when the emergency finally does end. Will HHS give a transition period, as the AHA has requested? Will HHS continue to allow flexibility about telehealth, which they have previously indicated they would?

Staying up to date on this fluid situation is going to be a key task for compliance in the coming weeks.

See YouCompli in Action

Easier, faster, more effective compliance is possible

HIPAA