Friday, December 31, 2021

Effective, HIPAA compliant communication for remote healthcare teams

The idea of remote work is not new; the transition to more flexible working arrangements has been gaining momentum for several decades, but the healthcare sector has been slow to embrace this growing trend. COVID-19 has changed that.

Siemens Healthineers argues that healthcare providers can and should integrate remote work solutions into their operations as part of their long-term strategy, not just as a short-term response to COVID-19.

There are plenty of benefits to remote or hybrid teams, but there are also communication and security issues that must be kept in mind.



Benefits of remote work


Organizations that thrive in work-from-home arrangements may see lasting benefits, even when teams return to the office setting. They may learn that they can be more flexible and remote-friendly than they thought while still maintaining standards and reaching goals.

Aside from the obvious benefits such as reduced commuting times, remote work arrangements have also been shown to increase productivity, improve employee morale, and reduce stress and burnout, thereby lowering the incidence of treatment errors.

Working remotely also increases safety. Avoiding the danger of infection from a virus such as COVID-19 is an obvious example, but other risks can also be minimized, (e.g., the risks associated with exposure to radiation during cardiovascular treatments). Expensive and time-consuming hygiene protocols can also be reduced or eliminated.



How to stay connected while working remotely


It is important to adjust for differences in the remote environment to maintain team productivity, collaboration, and company culture. Here are some things to consider.


There will be fewer face-to-face interactions and structured meetings. Replace them with predictable, scheduled check-ins.
Include social interactions in your routine to keep teams connected. Establish a culture of accountability and trust to foster stronger social bonds and better team dynamics.
Quick questions for the cube next door are no longer an option. Convert to instant messaging tools for quick questions and HIPAA compliant email for more involved conversations.



We recently covered this topic for Physicians Practice: Enabling effective internal healthcare communication with HIPAA compliant email


Using the right communication tools


For an industry as demanding and fast-paced as healthcare, mobile messaging has emerged as a particularly valuable communication tool.

Collaboration apps do a lot of good as well. Organizations across all sectors are using Slack and Microsoft Teams for remote communication. It’s easy to use these tools to increase collaboration across multiple locations and they can even act as a forum for levity and laughter during the workday.

This, once again, fosters teamwork and productivity, but it’s also a gold mine for hackers.


Security concerns


Major issues afflict platforms like Slack and Teams, as they are potentially huge sieves of electronic protected health information (ePHI). Although they can be configured for use in healthcare, they are not HIPAA compliant by default.

With one click, sensitive information can be forwarded outside the organization, either by mistake or deliberately. Because of the openness of these apps, and the ease in which you can connect other apps, there’s so much that hackers can access.

If hackers start in email, they can easily move to Teams, SharePoint, or OneDrive. Or they can start in Teams and move to email. Because the ecosystem is so tightly interwoven, it’s fairly easy to infiltrate just one and get access to all the rest. That’s why it’s so important to enable all security features available on these apps, such as requiring multi-factor authentication and adding inbound email security to your email client.



HIPAA compliant communication


Without a doubt, the first concern that comes to mind given the rise of mobile messaging across the healthcare industry is the security of transmitted patient data. HIPAA requires that covered entities and business associates acting on their behalf implement administrative, physical, and technical safeguards when transmitting or storing ePHI.

HIPAA’s Security Rule provides a helpful framework for assessing and mitigating risks associated with transmitting ePHI. It does allow covered entities to communicate electronically, such as through email or instant messaging, provided they apply reasonable safeguards when doing so.

Email or instant messaging are allowed under HIPAA if access is restricted to the appropriate parties and data integrity is maintained. Encryption is an “addressable” standard according to HIPAA, but since there is no adequate alternative to securing a message, it is de facto a requirement.


Conclusion


Sharing information freely is great and speeds up business processes and decision-making. But that same share-ability can lead to some bad outcomes as well. If you’re not protecting yourself against account compromise or takeover, then bad actors can easily infiltrate your network.


15% Off Medical Practice Supplies


VIEW ALL



Manual Prescription Pad (Large - Yellow)


Manual Prescription Pad (Large - Pink)

Manual Prescription Pads (Bright Orange)

Manual Prescription Pads (Light Pink)

Manual Prescription Pads (Light Yellow)

Manual Prescription Pad (Large - Blue)

Manual Prescription Pad (Large - White)


VIEW ALL

Thursday, December 30, 2021

Adverse actions against physicians can bring dire consequences

According to the latest data available from the Federation of State Medical Boards (FSMB), in 2017, there were 8813 actions taken by state licensing boards against physicians nationwide. Contrary to common perception, many of these Medical Board complaints did not stem from clear and unequivocal malpractice, fraud or misconduct issues.

Because state medical boards do not restrict or impede any person or entity from filing a complaint against a physician, anyone, including a disgruntled former employee, contentious business partner, or adversarial spouse filing for divorce, can trigger an investigative process which can ultimately prompt a medical board to discipline a physician. In addition, many state and federal laws mandate that hospitals, insurance carriers, law enforcement agencies, and local prosecutors report to a licensing board whenever a physician is arrested, has their hospital medical staff privileges suspended or restricted, or becomes the subject of an adverse judgment or settlement as a result of a medical malpractice lawsuit.

The importance of a response


There are serious repercussions of a medical board complaint; such a move can result in the loss of hospital and CDS prescribing privileges, specialty board certification, membership in medical associations and societies, and status as a credentialed provider for third-party payers, including Medicare. This is precisely why whenever a physician becomes the subject of scrutiny by a licensing board, a timely and vigorous response is critical. While medical licensure, in itself, is a privilege, not a constitutional right, a medical professional still maintains the right to due process, or more specifically, the right to a full and fair hearing on the merits of any claim or allegations brought by a state licensing board. Should the matter proceed to a hearing, the use of a skilled medical expert that will defend the quality of care employed by the physician and counter the expert chosen by the licensing board, is essential.



The National Practitioner Data Bank


It is important to understand that medical board discipline involves more than a hefty penalty or financial settlement. Any discipline invoked by a state licensing board is inevitably reported to the National Practitioner Data Bank (NPDB), a federal database operated by the U.S. Department of Health and Human Services, which compiles and maintains all adverse action reports against health care providers. A report to the NPDB is like a national news bulletin transmitted to the entire health care community. Physicians cannot escape the ramifications of a NPDB report. Whenever a physician applies for credentials, certification, licensure, registration or accreditation from any health care organization, that entity will likely query the NPDB, revealing the adverse report. In addition, health care organizations often perform “continuous” queries on the NPDB, which allow these organizations to regularly monitor a particular practitioner and be notified automatically whenever an adverse action against that individual is reported to the NPDB.

Hospital Adverse Actions Are Not Always “Privileged”


According to federal law, hospitals must also report any and all adverse actions against medical staff members which adversely affect the clinical privileges of that member for a period longer than 30 days.In addition, hospitals must report the acceptance of the surrender of clinical privileges, or any restriction of clinical privileges, while that physician is under investigation by the hospital relating to possible incompetence or improper professional conduct. More concerning than this “30-day rule” is an additional requirement that hospitals report to the NPDB whenever a physician agrees to surrender his privileges, or resign from the medical staff, in return for the hospital agreeing not to conduct an investigation. This rule effectively precludes physicians under investigation from making a good faith offer to “just walk away” by resigning their medical staff membership and clinical privileges in exchange for a clean slate, with no reporting to the NPDB.Instead, the physician often has no recourse but to fight the adverse action and gamble on the uncertainty of a “fair” hearing. This raises the specter of a damning NPDB report which contains charges against a physician that were upheld after a full hearing, rather than reporting only an investigation relating to allegations which were never fully vetted or proven.

The key to preventing adverse actions is to remain on guard for investigations targeting a physician’s clinical, prescribing, billing and documentation patterns. Medical providers should seek legal counsel immediately whenever it becomes evident that there may be a licensing board, hospital, credentialing, law enforcement or regulatory authority targeting them for an adverse action. Waiting too long can bring dire consequences.


15% Off Medical Practice Supplies


VIEW ALL



Manual Prescription Pad (Large - Yellow)


Manual Prescription Pad (Large - Pink)

Manual Prescription Pads (Bright Orange)

Manual Prescription Pads (Light Pink)

Manual Prescription Pads (Light Yellow)

Manual Prescription Pad (Large - Blue)

Manual Prescription Pad (Large - White)


VIEW ALL

Wednesday, December 29, 2021

Review your medical practice’s compensation methodology before the end of the year

As the end of the year approaches, physician practices need to start planning for 2022. From a legal perspective, this planning should include a review of the practice’s compensation methodology to assure compliance with Stark regulation clarifications, which will take effect January 1, 2022.

The Stark law generally prohibits a physician from referring a Medicare patient for a designated health service (DHS) to an entity with which the physician has a financial relationship, unless there is an applicable exception. DHS includes many ancillaries which are used in physician practices, such as DME, laboratory, and radiology services. Referrals within the physician practice implicate the Stark law since physicians have a financial relationship with their own practice.

Physician practices that qualify as “group practice” under Stark’s definition can take advantage of an exception to Stark known as the in-office ancillary services (IOAS) exception. Under this exception, physician practices can self-refer Medicare patients for DHS by generally meeting certain location, billing, and supervision requirements.


A key component of being a “group practice” under Stark is making sure that the group practice is allocating revenue for DHS profit in a compliant manner. This means that a physician practice must have a methodology that at all times allocates the revenue from DHS in a manner that does not reward physicians directly for their referrals. Although Stark’s DHS allocation rules have been in place for years, CMS felt that clarification of the requirement was appropriate. Among the key points CMS clarified about the profit allocation rules were the following:

1. A group practice cannot distribute profits from DHS on a service-by-service basis (also known as "split pooling"). This means, for example, that dividing up MRI DHS equally, but dividing up lab DHS based on overall profits, is not acceptable. Instead, CMS wants group practices to aggregate all revenue and expenses from all DHS service lines and then distribute that revenue using the same methodology. Popular approaches to allocate revenue and expenses within a group practice included equal distribution, based on ownership percentage, or based on overall productivity (not including the DHS).

2. A group practice can also segregate and allocate DHS profits generated by "pods" of at least five physicians and within those pods, the group is permitted to use different profit allocation methodologies. However, within each pod, groups must use the same one methodology for all DHS.


To start the process of evaluating a practice’s compensation approach, consider the following:
  • Draw a diagram of the practice so you can clearly see which physicians are rendering services in the practice and how they are organized (i.e., location, specialty, etc.)
  • Identify any groupings of five (5) or more physicians.
  • Identify the DHS being offered by the practice. This should include Medicare ancillary services only. Confirm the current DHS codes at https://www.cms.gov/license/ama?file=/files/zip/list-codes-effective-january-1-2021-issued-december-1-2020.zip. Note that some DHS are not listed based on CPT Code, but the category of the service is considered DHS, such as drugs, pathology and durable medical equipment.
  • Identify how revenue and expenses of the DHS are being allocated to physicians in the group practice. If all DHS is being allocated in a permissible manner among all physicians in the practice, the analysis is complete.
  • If DHS is being allocated in multiple different ways among the practice physician, the practice must choose a single methodology to put in place starting January 2022. If the group has identified pods of five or more physicians, a single methodology must be chosen to allocate the DHS generated by the pod. It need not be the same methodology as the remainder of the group practice as long as it is compliant.
  • If the group determines that it has been allocating DHS in a manner that is based on physician referrals, the group should take steps to bring the practice compensation approach into compliance by January 2022. The practice should then talk with counsel for guidance about reporting any Stark non-compliance. CMS has a specific Self-Referral Self-Disclosure Protocol to report identified Stark compliance issues.
  • Put in place a plan to review the group practice’s compensation approach annually. Because group “pods” can change in size over time as physicians join and leave a practice, and DHS covered by Stark changes annually, it is advisable to conduct an annual audit of the group practice’s compensation methodology.

Compliance with Stark is essential for physician practices that see Medicare patients and self-refer for DHS. The consequences of non-compliance are financially and legally significant. Talk to your health law counsel and financial advisors so that a plan can be in place before the end of the year.


15% Off Medical Practice Supplies


VIEW ALL



Manual Prescription Pad (Large - Yellow)


Manual Prescription Pad (Large - Pink)

Manual Prescription Pads (Bright Orange)

Manual Prescription Pads (Light Pink)

Manual Prescription Pads (Light Yellow)

Manual Prescription Pad (Large - Blue)

Manual Prescription Pad (Large - White)


VIEW ALL