Protect hospital revenues and build patient trust with effective compliance to the No Surprises Act federal requirements. Revise procedures related to out-of-network providers.
Continue readingWhat is information blocking and how does it relate to our patients?
Information Blocking Rule works with HIPAA’s regulatory “right of access” provisions. Patients should have access to their health information.
Continue readingStark Law and its revisions benefit patients
Recent changes to Stark aim to increase coordination of patient care, modernize, and clarify rules related to the law.
Continue readingFive tips to help providers comply with Stark
The Stark Law creates a whole set of antikickback rules that providers must understand and actively work to comply with. And with all its good intentions, the Stark Law is incredibly restrictive. In fact, even the U.S. Court of Appeals for the 4th Circuit noted that “even for the well-intentioned healthcare provider, the Stark law has become a booby trap rigged with strict liability and potentially ruinous exposure.”
The Centers for Medicare and Medicaid (CMS) and Congress have taken steps to clear up confusion and loosen the rules in some cases (See our article on exceptions for value-based care). Still, your Compliance team has a tremendous responsibility to make sure that policies match the rules and that providers understand and follow the policies.
Policies match the Stark rules
Changes to the Stark Law have been coming out practically since the law was enacted. The law, which aims to protect against kickbacks and self-referrals, has gotten complicated in the details. Congress issues amendments to help the law catch up to changing business practices. Healthcare organizations may have written policies that facilitated compliance originally. However, those may be completely out-of-date if they weren’t keeping up with the changes in the law.
For example, CMS has introduced modifications that addressed challenges with value-based care and resolve issues restricting coordinated care and health data exchange. Another modification to the law was allowing healthcare providers to accept cybersecurity tech donations from stakeholders.
While the compliance officer enforces the policies, he or she doesn’t have to live them the way those in operations do. Getting input from key stakeholders such as providers, Risk Management, and others in the C-suite can help ensure that final policies are clear. This early feedback and engagement can also help identify how the policy or regulatory changes will affect the individuals who must operate under them. Lastly, they can help identify potential operational conflicts with new policies or regulatory changes.
(See how YouCompli delivers model policies and procedures that help your organization comply.)
Providers following the Stark policies
With compliant policies in place, it’s time to help providers understand how to follow them. This is where communicating what certain key terms in a policy or regulation means in the context of the provider’s particular work becomes critically important.
Compliance officers know that “the road to success is going to run through quality of care,” says Harry Nelson, health care attorney at Nelson Hardiman. “Compliance isn’t the internal police that slows things down, but a strategic part of growth.” When it comes to making sure providers understand how to follow policies, the compliance officer has to look at the language of the policy from the providers’ perspective, not that of the compliance officer.
Here are five steps to help providers understand and follow Stark-compliant policies:
- Engage your operational leaders. Make sure the president and CEO understand the nature and intent behind Stark limitations so they can help explain and reinforce them. Give situational examples they can relate to so they understand what the key terminology means.
- Invest in training and communication. One email won’t do it with changes to Stark-related policies. Engage providers in small groups, in writing, and in person to explain nuances and answer questions about tricky scenarios. Whenever possible, use real-world scenarios to help illustrate how the regulations and policies impact them. Education and training should also be routine and ongoing with key stakeholders.
- Get feedback. Regularly check in to gather feedback from your leaders. Find out if the implemented tools and procedures are working for them, as well as to identify challenges they face. This step will help you see areas where the words on paper mean something the compliance officer had not thought of. Adapt procedures and tools if necessary.
- Encourage people to ask questions. Make sure providers and your operational leaders alike know they can use you as a sounding board for grey areas or possible violations. It’s much better if they proactively ask if a proposed arrangement is compliant. Otherwise, they may have to unwind a relationship if they find out it is not compliant.
- Promote awareness to prevent future mistakes. Once an error is made, chances are it will reoccur and lead to additional violations. As you are addressing errors, promote awareness to prevent future mistakes. For example, when you are communicating the fact that a mistake was made, go the extra step to what caused it. This will be an opportunity to find out where their confusion was and use that insight to update policies or training.
Stark compliance starts with knowing about changes to the regulations and continues with crafting policies that providers can understand and follow. Involving stakeholders in policy creation and training, and engaging tech systems to reinforce the lessons will support the long-term success of Stark-compliant policies.
Do you have the tools you need to recognize and manage regulatory change across your organization? Find out how YouCompli can help you manage and coordinate your response to regulatory change or schedule a demo.
Subscribe for blog updates
Telehealth policies and programs center on patient care
Patients and providers alike flocked to telehealth in 2020. Before the COVID-19 pandemic began, fewer than one percent of Medicare primary care visits (PCV) were conducted via telehealth. By April 2020 that number had risen to 43 percent. (See the data.)
This spike was in response to fear of spreading the virus, of course. But it was only possible because healthcare organizations worked so hard to adjust to meet the ongoing patient needs. The federal government helped by announcing a public health emergency that eased key rules.
Related: Differing state regulations make telehealth compliance more complex.
Compliance professionals worked across their organizations to make sure that everyone understood and complied with documentation, coding and confidentiality requirements. For example, compliance professionals collaborated with clinical teams to ensure telehealth workflows were HIPAA compliant. And, given the potential for abuse and scrutiny, providers who bill Medicare/CMS took extra care to document visits properly.
Telehealth has been hugely popular with patients and has led to better visit compliance, particularly for uninsured and underinsured populations. Telehealth has improved patient care by allowing convenient appointments from the comfort of home via a smartphone, tablet, or computer. Another benefit is that telehealth has the potential to expand health care access to underserved populations by eliminating traditional barriers to care such as transportation needs, distance from specialty providers, and approved time off from work. These visits were essential for patients with limited mobility. And of course, there’s the most immediate and urgent benefit of telehealth: reducing the spread of COVID-19 by limiting person-to person-contact.
The work for the Compliance team and colleagues across the organization was significant. They had to determine how to maintain confidentiality, obtain consent, and determine proper billing codes. Despite the enormity of this task, the effort seems to be worth it. Patients are reporting that telehealth helps them take better care of themselves. According to Medical Economics:
- 93% of patients would use telehealth to manage prescriptions, and
- 91% shared telehealth would help them stick to appointments, manage prescriptions and refills, and follow wellness recommendations.
Providers seem to feel that they have worked through a lot of the challenges of telehealth compliance, especially when internet connections are stable. Nicole Craig is a Family Nurse Practitioner at Children’s Rehabilitative Services in Phoenix. She says compliance guidance helps providers “know what has to be documented in the chart to protect ourselves from things such as improper billing and coding.” And, “in 2021 the billing is now different. Getting help from Compliance allows providers to bill time-based care. We have to understand the billing rules and compliance factors in order to follow them, especially during telehealth visits.”
For most PCVs, telehealth proved to be an efficient way to provide care. This method limited in-person visits to those instances where the patient needed a hands-on physical assessment or diagnostic testing.
Isabella Porter, JD, director of Compliance at District Medical Group, Inc., is confident that 2020 created a rebirth of telehealth. She also sees a new appreciation of this method of care delivery which healthcare will not abandon once the pandemic is deemed “over.” And she knows that her team will be a big part of her organization’s success. “I do believe that in the context of telemedicine during COVID-19, our Compliance department’s assistance with telehealth workflows lead to overall better patient outcomes during the pandemic,” she said.
It’s a good thing. While concern about the coronavirus will recede, providers and patients alike will want to continue some telehealth visits. Healthcare leaders will work collaboratively to ensure their organizations can continue to offer this important option.
Keep on top of regulations affecting telehealth and make sure those regulations are translated into policies and procedures that affect patient care. YouCompli customers have access to notifications about changes to regulations, resources to inform policy and procedure updates, and tools to track compliance. Contact us today to learn more.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
Subscribe to receive updates from YouCompli
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Yes, worker fatigue is a Compliance concern
How does worker fatigue affect a healthcare organization’ s level of regulatory compliance?
It turns out, employees who are not getting enough rest have a higher chance of making mistakes or performing their work at a sub-standard level. And in healthcare, this can mean increased non-compliance with facility policies and adverse effects on patient care.
Worker fatigue during a pandemic
Healthcare workers have always been at risk of fatigue, particularly with the traditionally long shifts for residents and the high stakes of patient care. The pandemic adds the unknowns of treatment, grief over lost patients, fear of catching the virus and missing family and routine. Unfortunately, this dual fatigue- at work and at home – increases the risk for errors around patient care and other highly regulated elements of healthcare.
Worker fatigue and increased mistakes
Workers who are fatigued may not have the same ability to focus on their tasks. For example, when sending a fax from the hospital to a primary care office on behalf of a patient, a nurse might type in the wrong fax number, thus sending protected health information (PHI) to the wrong person. Or worse, an employee may click on a link embedded in an email that is associated with malware and cause a breach. These are just two examples of how worker fatigue could cause compliance concerns.
Worker fatigue and decreased quality of work
Similarly, when people are fatigued or burned out, the quality of their work and judgment can decrease. For example:
- A usually conscientious employee may cut corners and not ensure a signature is obtained on a patient consent for surgery.
- A contract manager may upload a new contract but forget to obtain a required business associate agreement (BAA) form.
- A compliance audit may show that a Human Resources employee delayed scheduling flu vaccines and tuberculosis test for a group of new employees.
- A nurse may leave confidential patient information showing on a computer screen at the nurses’ station when called away to answer a nurse call light.
How Compliance can help
Helping staff stay well rested doesn’t fall just to the Compliance team, of course. But Compliance is a stakeholder and can partner with Human Resources to make sure the organization prioritizes reducing worker fatigue and supporting employees’ wellbeing.
- Compliance professionals can identify regulatory risks and help prioritize issues and develop materials for staff meetings to reinforce the need for adequate rest. Check out these CDC guides for material:
- Human Resources can create and offer support such as include peer support programs, supporting mental health paid time off, and referrals to the organization’s employee assistance (EAP) program. (An EAP is a work-based intervention program – like counseling – designed to assist employees in resolving personal problems that may adversely affect their performance.)
- Hospital administration can work with department heads to make sure shifts are scheduled in a way that allows for adequate rest.
The issue of worker fatigue is rooted in every aspect of a healthcare organization’s operation. People are passionate about their work and want to care for their team and their patients. Managers are doing their best to schedule people appropriately, but COVID has made existing staff shortages worse. A reminder from the Compliance team may help everyone in the organization take better care of themselves to ultimately deliver better care.
Keep on top of regulations affecting your organization and make sure those regulations are translated into policies and procedures that affect patient care. YouCompli customers have access to notifications about changes to regulations, resources to inform policy and procedure updates, and tools to track compliance. Contact us today to learn more.
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
Telehealth compliance considerations: looking ahead
Telehealth seems to be here to stay, even as the Coronavirus pandemic begins to recede in the United States. It’s a good time for healthcare institutions to make sure their telehealth practices hold up outside of emergency circumstances.
From a compliance perspective, that means patient privacy and technology, valid consent for treatment, visits with minors, and interstate care.
Patient privacy in telehealth
Patient privacy is just as important in telehealth as it is for in-person visits. This includes ensuring the provider conducts visits in a private space and documenting the visit in a secure medical record.
During the Coronavirus national public health emergency, the federal government has some enforcement discretion with telehealth. Regulators can choose not to impose penalties for Health Insurance Portability and Accountability Act (HIPAA) violations if they see that a provider took precautions to protect patient privacy provider. Good faith might mean using a platform like Microsoft Teams, Zoom, or WebEx and patient-specific passcodes – and still having a privacy breach. In a case like this, the regulator has the discretion not to impose fines under HIPAA.
Consents and visits with minors
Developing a process to obtain consent to treat before the first visit can help you comply with consent requirements. This may include mailing or securely emailing the consent to the patient (or parent or legal guardian) the week before the telehealth visit and having the patient send it back. This gives the provider time to answer the patient’s questions about consent for treatment.
For urgent telehealth visit, make sure there are policies in place to address telephone/verbal consent or to obtain two provider consents. If your system allows, you may be able to electronically send the consent. The patient can sign it online so you can add it to the electronic health record.
Whatever method to obtain consent your organization chooses, ensure there is a policy addressing the proper procedure and educate the team on the policy.
For telehealth visits with minors, try to follow the same process as for in-person visits. That means you should obtain the consent to treat and have it signed by a parent or legal guardian. Then have the parent or legal guardian attends the telehealth visit with the minor patient. This way diagnosis, care, and treatment plan can be discussed with the patient and the parent or legal guardian at the same time.
Crossing state lines for telehealth
Things to consider if the patient and provider are not conducting the telehealth visit in the same state:
- Licensing: Some state licensing boards have reciprocity. Some may not require an additional license in compact states while others may require a temporary or actual license to provide care in that state. This often applies to care provided via telehealth.
- Prescriptions: Can you prescribe across state lines? Avoid compliance issues by sending the prescription to a pharmacy in the provider’s “home” state. Then have the patient request a pharmacy-to-pharmacy transfer of the prescription.
- Your insurance: Does your medical professional liability (MPL) insurance provide coverage if you are out of state? How about if the patient is located outside your “home” state? Contact your MPL insurer to be certain you have coverage in the event of an out of state lawsuit.
- The patient’s insurance: What will the patient’s insurance cover for visits conducted out of the patient’s “home” state? Be sure to verify this before the patient’s telehealth visit to ensure proper billing and reimbursement for the visit and to decrease billing denials.
Considerations for adding telehealth as a service line
There are resources available for organizations considering adding telehealth as a permanent service line. YouCompli can help you understand which regulations apply to you, stay on top of changes, and manage implementation.
You can also find many free resources online:
- Foley & Lardner’s Telehealth Compliance Checklist from Foley & Lardner
- Adelade provides a free state-level telehealth regulation guide with additional compliance topics to consider
For many types of visits, patients love the option of telehealth. As providers work to be sure that they continue to deliver quality care, Compliance teams have an equally big job to be sure the systems and processes are in place to support that experience.
Keep on top of regulations affecting telehealth and making sure those regulations are translated into policies and procedures that affect patient care. YouCompli customers have access to notifications about changes to regulations, resources to inform policy and procedure updates, and tools to track compliance. Contact us today to learn more.
Denise Atwood, RN, JD, CPHRM is the Chief Risk Officer at District Medical Group (DMG), Inc., vice president of DMG Insurance Company (DMGIC), and owner Denise Atwood, PLLC.
Disclaimer: The opinions expressed in this blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
Information blocking and the Cures Act
Resources for healthcare chief compliance officers to understand the impact of the Cures Act and information blocking. Includes examples and definitions.
Continue readingCommunicating Compliance Terms in Plain English…
If you have ever been new to a particular field of the workforce, such as healthcare compliance, you know all too well that the language used by coworkers can sound foreign, like gibberish, or “alphabet soup.” As we continue to work in the field though, we too, start speaking the language. However, while that may be ok for conversing in the compliance department, it still be confusing if we are trying to communicate with, or to educate, other functional areas of the healthcare organization. Without knowing the terminology, the message we are trying to convey is unlikely to be understood when received.
Alphabet Soup
Take a look at an example of terminology just starting with the letter “A” from the Office of the Inspector General Work Plan (reference below):
- ADAP AIDS Drug Assistance Program (note this one includes an abbreviation in the definition);
- AI/AN American Indians and Alaska Natives (I, for one, was unfamiliar with this abbreviation);
- AIDS acquired immunodeficiency syndrome;
- ALF assisted living facility;
- ALJ administrative law judge;
- AMD age‐related macular degeneration (while I have heard of macular degeneration, I did not know this was a standard abbreviation);
- AMP average manufacturer price;
- ASC ambulatory surgical center;
- ASP average sales price; and
- AWP average wholesale price.
Say I am talking to another seasoned compliance professional in front of a new employee. Using the above “A” acronyms only, the conversation may sound something like this,
“Based on the billing audit, I see we are not receiving contracted AWP reimbursement under our AI/AN contract for ALF patients with AMD.”
As you can imagine, a new employee might be confused by the acronyms and terms communicated instead of using common business English. Sometimes just saying the entire word instead of the abbreviation is a good place to start, so instead of saying AWP say average wholesale price.
Repetitive Communication
In order to improve communication between seasoned compliance professionals and other members of the organization, it is important to use repetitive teaching strategies. In addition to saying the entire compliance term and the abbreviation, be repetitive and write out the compliance term in addition to the abbreviation in written communications. That way staff become more familiar with compliance terminology and it becomes a part of their daily vocabulary.
Knowledge in Practice
When it comes to any industry, including healthcare, it is easy to throw around acronyms and jargon that is familiar and efficient. However, it is important to be aware of who you are talking to, and therefore make sure they clearly understand whatever it is you are communicating. Translate and reword industry terminology in emails, policies and teaching materials where necessary in order to improve communication and understanding. Better compliance will ultimately be the result.
PRACTICE TIP:
- Regularly evaluate training and orientation materials to ensure industry specific terminology is defined and understandable.
- Utilize the youCompli system as a centralized hub for new and existing compliance processes and utilize the included model procedures throughout the various areas of your organization.
RESOURCES:
Health Care Compliance Association (HCCA) Compliance Dictionary found at https://www.hcca-info.org/publications/compliance-dictionary
Health and Human Services (HHS), Office of the Inspector General (OIG), Work Plan Appendix B: Acronyms and Abbreviations found at https://oig.hhs.gov/publications/workplan/2011/wp09-appx_b_acronyms.pdf
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
See YouCompli in Action
Easier, faster, more effective compliance is possible