As a compliance officer, it’s time to go back through your compliance documentation over the past two years. How are you going to unwind from these changes
Continue reading
How providers stay in compliance as demand for telehealth surges. How healthcare providers are preparing for the regulatory changes that will come with the end of the public health emergency.
Continue readingFeatured speakers: Craig Bennett, Vice President and Chief Compliance Officer, Boston Medical Center; Rachel Lerner, Esq., General Counsel & Chief Compliance Officer, Director, Center for the Prevention of Elder Abuse and Neglect, Hebrew SeniorLife; Maria Palumbo, Chief Compliance & Privacy Officer, Lawrence General Hospital. Moderated by Larry Vernaglia
Bennett, Lerner and Palumbo addressed the Massachusetts Health and Hospital Association’s Healthcare Legal Compliance Forum in December 2021. (Read a summary.) This recap of their remarks looks at how their Compliance teams responded to COVID and have continued to partner with their organizations to manage regulatory change. It also looks at regulatory changes they are planning for in 2022. To access the full session recording, please contact the Massachusetts Health and Hospital Association.
The panel reflected on their organizations’ initial response to COVID. “All of us had to pivot on a dime,” said Bennett. “We hadn’t had an opportunity to plan for it. Instead, we worked daily that first quarter to make sure we were as compliant as we could possibly be.” He was part of a team that looked at various waivers, platform security, privacy and other issues affected by the public health emergency to provide care safely.
Lerner had a similar experience. “We immediately convened interdisciplinary committee so we could make changes quickly. Telehealth was really new territory for us, and we had to look at our outpatient medical practice, and home- and community-based care,” she said. “Tracking COVID 19 waivers was a team sport between Legal and Compliance. We broke down some silos, and that may be one good lasting benefit of this experience.”
Palumbo and her colleagues focused on creating templates and consistency for documentation to make things as straightforward as possible for clinicians. That included having them track their patient contact time in minutes rather than defaulting to 20-minute increments. “We’re auditing these processes now to be sure we’re prepared when it gets looked at externally.”
Palumbo illustrated how healthcare organizations had to respond to the specific needs of their communities. “Our population tends not to have computers or printers at home,” she said. It wasn’t enough to deliver COVID test results to the portal, because people needed printed results to return to work or school. Without a printer, they were stuck. “We were like the take-out line at a restaurant – we not only have to contract with the state to provide nine-lane testing, we also have a multiline drive up for picking up your covid test results because people need that hard paper.”
Bennett reflected on the tremendous amount of change and adaptation healthcare staff managed over the past two years. “I have to commend all hospital staff in being able to pivot and not missing a beat,” he said. His organization paused or reprioritized certain issues, but they maintained a focus on complying with regulations. That meant checking in with people regularly. That helped him assess whether people were getting the support and resources they needed related to their work. He expects to continue looking for ways to support staff. “We’ll continue to try to add flexibility to meet the needs of our staff and the needs of our patients and organization.”
Palumbo, too, is working to meet people where they are at. She recently “camped out in the cafeteria,” she said. “I couldn’t believe the results: About 350 people came to talk to me, including residents, physicians, surgeons, nurses, case managers, and housekeeping staff.” They asked about patient privacy and other compliance issues. “So much came up during COVID but we didn’t stop to work through everything or stop to talk to each other. I’ll try to do that at least once a quarter.”
Palumbo walked through some upcoming regulatory changes she’s watching. This included the Medicare Final Physician Fee Schedule and noted that the Appropriate Use Criteria changes are delayed until the January first that follows the end of the pandemic. She encouraged everyone to understand the documentation requirements for using nurse practitioners for some portion of care as well as the changes to billing for surgeon and ICU provider time.
New rules also allow audio-only telehealth visits for behavioral health as long as the patient wants it and the physician documents it properly.
Lerner continues to address privacy concerns related to COVID testing and contact tracing. “We were working so hard to limit the spread of the disease in our senior living facilities,” she said. “It was hard to navigate contact tracing and privacy.” Now she is addressing cybersecurity insurance requirements, for her own organization and making sure vendors have sufficient insurance. “Moving to remote workforces and telehealth, the cybersecurity exposure is higher than it’s ever been,” she said. “For instance, people working from home might want to print documents, but we have to keep them from printing PHI at home or mailing things insecurely when someone can’t come pick it up.”
Lerner said she spends a lot of time looking at regulatory changes to understand their implications to her organization. “It can take us a long time to decide ‘does this apply to us?’ And then figure out what to do with it. Then we have to figure out what to do with that information in bits and pieces. It is certainly a complex, ever-changing universe on that front.” She spoke of Compliance’s key role in knitting together all that information to help the organization act on it and integrate it into daily processes.
YouCompli sponsored MHA’s 2021 Healthcare Legal Compliance Forum. We provide a complete solution to help healthcare compliance organizations manage regulatory change. Find out more about YouCompli.
A good Compliance department doesn’t need to be huge with a lot of people and formal processes,” Callahan said. “A good department is one that has a real effect when they ask leadership to make a change.
Continue reading
If you have ever been new to a particular field of the workforce, such as healthcare compliance, you know all too well that the language used by coworkers can sound foreign, like gibberish, or “alphabet soup.” As we continue to work in the field though, we too, start speaking the language. However, while that may be ok for conversing in the compliance department, it still be confusing if we are trying to communicate with, or to educate, other functional areas of the healthcare organization. Without knowing the terminology, the message we are trying to convey is unlikely to be understood when received.
Alphabet Soup
Take a look at an example of terminology just starting with the letter “A” from the Office of the Inspector General Work Plan (reference below):
Say I am talking to another seasoned compliance professional in front of a new employee. Using the above “A” acronyms only, the conversation may sound something like this,
“Based on the billing audit, I see we are not receiving contracted AWP reimbursement under our AI/AN contract for ALF patients with AMD.”
As you can imagine, a new employee might be confused by the acronyms and terms communicated instead of using common business English. Sometimes just saying the entire word instead of the abbreviation is a good place to start, so instead of saying AWP say average wholesale price.
Repetitive Communication
In order to improve communication between seasoned compliance professionals and other members of the organization, it is important to use repetitive teaching strategies. In addition to saying the entire compliance term and the abbreviation, be repetitive and write out the compliance term in addition to the abbreviation in written communications. That way staff become more familiar with compliance terminology and it becomes a part of their daily vocabulary.
Knowledge in Practice
When it comes to any industry, including healthcare, it is easy to throw around acronyms and jargon that is familiar and efficient. However, it is important to be aware of who you are talking to, and therefore make sure they clearly understand whatever it is you are communicating. Translate and reword industry terminology in emails, policies and teaching materials where necessary in order to improve communication and understanding. Better compliance will ultimately be the result.
PRACTICE TIP:
RESOURCES:
Health Care Compliance Association (HCCA) Compliance Dictionary found at https://www.hcca-info.org/publications/compliance-dictionary
Health and Human Services (HHS), Office of the Inspector General (OIG), Work Plan Appendix B: Acronyms and Abbreviations found at https://oig.hhs.gov/publications/workplan/2011/wp09-appx_b_acronyms.pdf
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
We can all agree that 2020 was a year filled with surprises. The emergence of COVID-19 brought restrictions, which made the business of healthcare even more challenging. But then came the saving grace: telemedicine!
Even though telemedicine has been around in some form since the 1900s, its popularity exploded during the midst of the pandemic. With millions of people stuck indoors due to government lockdowns, health care providers turned to telemedicine options to provide desperately needed health care.
According to Doximity, a social media networking service for medical professionals, only 14 percent of Americans utilized telemedicine before the pandemic. But since the outbreak, telemedicine usage skyrocketed by 57 percent. Among patients suffering from chronic conditions, the number of virtual care visits increased by a staggering 77 percent!
The increase in telemedicine accessibility also means healthcare providers can potentially face compliance issue pitfalls, which could land them in trouble with the United States government. Before COVID-19 became a household name, Medicare and Medicaid upheld strict rules regarding payment for telemedicine services. For instance, reimbursement for telemedicine services was limited to patients residing in areas of the country with limited healthcare.In an attempt to slow the spread of COVID-19, government payors loosened these restrictions.
Unfortunately, telehealth services’ widespread use brought an uptick in COVID-19 related scams that specifically target healthcare providers offering this service. Such illegal activity caught the attention of the Department of Justice (D.O.J.).
A primary focus of the D.O.J. is a government agency that mostly focuses on telehealth arrangements that implicate the Anti-Kickback Statute. The statute forbids transactions designed to corrupt medical judgment by rewarding referrals for Medicaid and Medicare services. In the past year, more than $4.5 billion in false claims were connected to telemedicine. And over 100 healthcare professionals were charged with submitting fraudulent claims to Medicare, Medicaid, and private insurance companies.
New changes to the Stark and Anti-Kickback Statutes that were long in the works took effect on January 19, 2021. The regulation updates are designed to eliminate regulatory and administrative barriers that hindered movement towards a value-based health care system. The updated rules also offer healthcare providers more flexibility to coordinate and improve patient care while maintaining safeguards against overutilization and inappropriate incentives.
The Stark Exceptions finalized three new exceptions for value-based arrangements between healthcare providers and payor systems like Medicaid and Medicare. These exemptions are solely based on the quality of delivered patient care instead of the volume of services. For example, healthcare providers face at least a 10 percent financial risk for failure to achieve value-based goals. In comparison, the Anti-Kickback Statute requires at least a 5 percent financial risk for value-based arrangements.
Physicians’ practices should express caution when offering telemedicine services to steer clear of trouble with the government. As with traditional in-person healthcare, it’s best to avoid doing business with third-party companies that give money in exchange for referrals.
Here are a few guidelines physicians should consider avoiding getting on the D.O.J.’s naughty list.
Physicians considering telemedicine should also consider the following tips to stay compliant.
Practicing Telemedicine Across State Lines.
Usually, state governments require practicing physicians to conduct telemedicine sessions within the state they are licensed. But in some states, this stipulation is relaxed due to COVID-19 to make healthcare more accessible. But physicians must contact their state’s medical board for updated information concerning this topic.
Informed Consent.
Healthcare providers are still expected to obtain consent before providing telehealth services. Besides requesting written or verbal consent from patients, providers should make patients aware of the risks and benefits of receiving telehealth services.
Use Caution When Prescribing Medication.
Because of COVID-19, the Drug Enforcement Administration (D.E.A.) allows registered practitioners to use prescribed medication to patients via telemedcicine technology. Physicians must adhere to the following conditions:
Only time will tell whether or not telemedicine will continue to grow in the upcoming months. But doctors should continue to use caution when using this technology to serve the public.
Compliance departments, generally speaking, guide staff and boards of directors to comply with the requirements, laws and regulations that govern the organization’s business. They also monitor for compliance via internal audits. Risk departments, on the other hand, address ways to mitigate risk to an organization through such activities as the evaluation and purchase of insurance policies. Given the broad nature of the scope of these two departments within the organization, when is compliance and risk collaboration permissible?
Possible collaborations
Collaborations to vet and evaluate permissibility
Goal
All organizations should work to develop a culture where permissible collaborations between compliance and risk occur. They should also make certain that staff feel comfortable calling the compliance or risk department with potential concerns while ensuring the staff not crossing any lines when it comes to compliance or risk department confidential matters or conflicts of interest.
PRACTICE TIP:
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
YouCompli enables the compliance officers to assign ownership and oversight of tasks to different department heads, functional leaders, or specialists. The solution prompts users to accept, reject, or reassign the task by a stated deadline. Manage the rollout and accountability of new requirements with the best workflow in the business.
Impact of Risk Liabilities
Unmanaged or poorly managed risk can cause devastating effects to the organization from a reputational and financial perspective.
An extreme example of financial risk, coupled with nationwide reputational risks, was the Tylenol case in the 1980’s. The New York Times describes how, in 1982, Extra-Strength Tylenol capsules were tampered with and laced with potassium cyanide. Seven people in the Chicago area died and copycats caused several more deaths across the U.S. As a result of those incidents, tamper-resistant packaging was created and implemented so over-the-counter products, such as Tylenol, could not unknowingly be laced with a poison which could cause injury or death.
Despite the fact that the manufacturer had not introduced the poison, this event led to huge financial and reputational liability for McNeil Consumer Healthcare, the makers of Tylenol. On just the financial side, this cost a considerable amount of money due to decreased sales and increased advertising costs.
As this example demonstrates, financial and reputational risk for an organization in the healthcare field can have disastrous consequences that threaten to bankrupt or put the organization out of business. If the event or incident is sufficiently egregious, the organization could also face loss of accreditation or state licensure. If this happens, they may also lose Medicare and Medicaid contracts.
Risk Mitigation
Proactive risk mitigation strategies include transfer of risk, through such vehicles as contracts and insurance, and early reporting of incidents or events by staff.
Transfer of risk in contracts in typically done with indemnity or hold harmless clause. Transfer of risk via insurance is done by ensuring the organization has adequate coverages and retentions to meet the organization’s needs.
The intent of an indemnity clause is to transfer the risk of financial loss from one party to the agreement to another party to the agreement. Generally, this is financial losses or expenses caused by contract breach or default, negligence, or misconduct by one of the parties.
Hold harmless language in the contract states one party will not hold another party responsible for potential risks or damages. Hold harmless clauses can be unilateral and apply to just one of the parties to the contract or can be bilateral and apply to both parties to the contract. Typically, bilateral hold harmless language is preferred for healthcare organization contracts because each party will assume their own risk and not sue the other party to the contract for the risk which was assumed.
Early reporting by staff is crucial in order to ensure that appropriate action, discussion, documentation and reporting takes place. Most importantly, this is necessary to ensure that risk mitigation strategies can be implemented to eliminate or decrease risk to the organization.
PRACTICE TIP:
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
YouCompli enables the compliance officers to assign ownership and oversight of tasks to different department heads, functional leaders, or specialists. The solution prompts users to accept, reject, or reassign the task by a stated deadline. Manage the rollout and accountability of new requirements with the best workflow in the business.
Risk is an important concept for compliance professionals working in the healthcare space to understand. After all, there are many times where risk and liability have crossover to compliance.
For example, in response to a suspected email or electronic health record breach, compliance and risk professionals will need to work together. This work will include:
And so on.
Generally speaking, healthcare compliance professionals should have a good working knowledge of organization risks and liabilities, as well as risk mitigation strategies.
This raises two important questions:
Areas of risk for a healthcare organization are vast, and can involve injury to persons, property and reputation. Several areas of risk include:
These include near misses, which are mistakes which almost make it to the patient, as well as events or incidents that do make it to the patient, causing the patient to experience an unanticipated outcome such as a longer hospital stay, disability or death.
For example, a nurse may realize before giving a vaccine to a child that the adult vaccine and dose was drawn up in the syringe instead of the pediatric vaccine and dosage. This would be a near-miss. Along those same lines, a mistake occurs if the adult vaccine dose is actually administered to the child and an allergic reaction occurs.
These include such things as business interruption or supply chain issues. Business interruption incidents may include fire, flood, or pandemic. If the electronic medical record system goes down, and staff have to chart by hand on paper, this would be a business interruption. Supply chain issues can occur due to higher than normal demand or decrease in output by the manufacturer. If an organization cannot obtain needed supplies – such as hand sanitizer or surgical masks – that would be an example of a supply chain issue.
These typically involve lawsuits filed against the organization. Most commonly, lawsuits result from allegations of inappropriate employment practices or medical negligence or malpractice. For example, if a child had an allergic reaction after receiving an adult dose of a vaccine and unfortunately passed away, the parents may file a lawsuit alleging medical malpractice or negligence on behalf of the organization, the provider or the nurse who administered the incorrect vaccine.
Insurance risks generally stem from a lack of adequate or appropriate insurance coverage or failure to transfer risk. Insurance risks can also connect to legal risks, which can stem from contracts with inadequate risk transfer or failure to conduct due diligence to vet the vendor. In the case of a pandemic, healthcare and other organizations may not have realized that pandemics and resulting business closures may be excluded from their business interruption insurance policy.
These encompass the inability to hire, contract or retain appropriately trained staff. A lack of ICU level nurses causing staffing shortages would be an example. Human capital risks can also include professional board or licensing complaints against the organization’s doctors, nurses, therapists, or other licensed staff.
Reputational risks are often forgotten or invisible to an organization until a bad event happens and it is announced to the public – at which point it is too late.
Reputational risk used to be limited to bad publicity which was published in print or reported on television. However, with the increased acceptance and use of social media, reputational risks are more far-reaching than the local newspaper or evening news program, and could potentially have national reach and negative impact on the organization . A newspaper may not run a story about a child who received an incorrect vaccine, but the child’s mother could post to Facebook or other social media platforms that the organization and providers are terrible and not to be trusted.
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and owner of Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
YouCompli enables the compliance officers to assign ownership and oversight of tasks to different department heads, functional leaders, or specialists. The solution prompts users to accept, reject, or reassign the task by a stated deadline. Manage the rollout and accountability of new requirements with the best workflow in the business.