Compliance

The U.S. Dept. of Health & Human Services Centers for Medicare and Medicaid Services (CMS) published a memo (Ref:  S&C: 16-33-NH) Aug. 5, 2016, to state nursing home survey agency directors related to protecting resident privacy and prohibiting mental abuse related to photographs and audio/video recordings by nursing home staff. The memo is a response to recent media reports regarding inappropriate posting to social media of pictures of nursing home residents – namely a disconcerting report by ProPublica detailing 47 incidents in which workers shared photos or videos with friends or the public – these incidents involved both mistreatment of residents and inadvertent disclosure or patient health information. Within 30 days of the memo, surveyors are to implement changes to address these issues.

Backing up electronic health record data may become an important aspect of complying with and mitigating risk under the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) if the U.S. Health and Human Services Office of Civil Rights (OCR) heeds legislators’ recommendations.

Employers often misconstrue the terms “non-exempt employee” and “hourly employee,” leading them to believe the terms are interchangeable. But, not all non-exempt employees are necessarily hourly employees. The Fair Labor Standards Act (FLSA) allows employers to pay their non-exempt employees on a salary basis as long as they meet minimum wage and overtime mandates. Paying certain non-exempt employees on a salary basis may prove a useful tool as healthcare institutions weigh changes in employee compensation practices necessitated by new FLSA regulations (previously discussed).

On April 29, 2016, the Joint Commission released an update (“Update”) providing for the use of text messaging to submit orders for patient care, treatment, or services to the hospital or other health care settings for all accreditation programs. Back in 2011, the Joint Commission believed that the technology necessary to secure contents of a text message, verify the identity of the person sending the message, and retain the original message within the medical record were not readily available, and, therefore, prohibited the use of text messaging to submit orders. However, this has changed as reasonably accessible technology has been developed which mitigates the security and record retention risks the Joint Commission previously identified. In the Update, the Joint Commission said, “effective immediately, licensed independent practitioners or other practitioners in accordance with professional standards of practice, law and regulation, and policies and procedures may text orders as long as a secure text messaging platform is used and the required components of an order are included.”

On April 27, 2016, the Department of Health & Human Services Centers for Medicare & Medicaid Services (CMS) released its proposed rule regarding models for tying professional reimbursement to quality. While this may be great news for providers who enjoy the challenges of tracking and reporting data, these challenges are going to cause problems (namely, reimbursement reductions) for some providers. Regardless of whether providers think this is good or bad, providers should start looking at the proposed regulations now because, as proposed, quality-based payments will be a fact of life for all physicians, mid-levels, CRNAs and groups effective Jan. 1, 2019. The regulations will be published in the May 9, 2016, Federal Register. The comment period will officially start at that time and run through 5 p.m. on June 27, 2016.

A new ordinance went into effect April 4, 2016, which prohibits many employers in Austin from asking job applicants about their criminal histories until they’re well into the hiring process. The Fair Chance Hiring Ordinance, colloquially known as the “Ban the Box” measure, will forbid most employers from considering an applicant’s criminal record until after making a conditional offer of employment. Thus, Austin employers must evaluate whether the ordinance will affect their operations and, if so, what steps they need to take to alter their hiring processes and related guidelines.

On Feb. 12, the Department of Health and Human Services’ (“HHS”) Centers for Medicare & Medicaid Services (“CMS”) published its final rule regarding reporting and returning Medicare overpayments. This final rule comes nearly four years after its proposed rule regarding the reporting and return of Medicare overpayments that left the provider community nervous and uncertain about when an overpayment would be considered “overdue” under CMS’s vague 60-day standard.

When governing information, it works well to identify and bundle rules (for legal compliance, risk, and value), identify and bundle information (by content and context), and then attach the rule bundles to the information bundles. Classification is a great means to that end, by both framing the questions and supplying the answers. With a classification scheme, we have an upstream “if-then” (if it’s this kind of information, then it has this classification), followed by a downstream “if-then” (if it’s information with this classification, then we treat it this way). A classification scheme is simply a logical paradigm, and frankly, the simpler, the better. For day-to-day efficiency, once the rules and classifications are set, we automate as much and as broadly as possible, thereby avoiding laborious individual decisions that reinvent the wheel.

Recent remarks made by the Centers for Medicare & Medicaid Services (“CMS”) Acting Administrator Andy Slavitt at a healthcare conference indicated that CMS will be ending the “meaningful use” electronic health record (“EHR”) Incentive Program in 2016, five years ahead of its original final end date of 2021. Acting Administrator Slavitt did not elaborate on the specifics of what will replace meaningful use, but stated it would likely be tied to the implementation of the Medicare Access and CHIP Reauthorization Act of 2015 (“MACRA”) and would include various streamlined quality reporting programs. MACRA emphasizes a new Merit-Based Incident Payment System and alternative payment models, and according to Acting Administrator Slavitt, this new law warrants a new streamlined regulatory approach to EHR as well.

My New Year’s resolutions will likely be broken early and often in 2016. My consequences are mostly non-monetary: a few more pounds, a little less savings, and not winning the triathlon in my age group. Your consequences, as a HIPAA-covered entity or business associate, for not complying with the Privacy and Security Rules could be much greater, and could put you into serious debt to the HHS Office of Civil Rights (OCR). Therefore, we propose that you resolve now to become fully HIPAA compliant in 2016.

OCR delivered an early holiday gift, wrapped in the Director’s Sept. 23, 2015, report to the Office of Inspector General. In that report, she disclosed that OCR will launch Phase 2 of its HIPAA audit program in early 2016, focusing on noncompliance issues for both covered entities and business associates.

So, grab that cup of hot cocoa and peruse this review of 2014-2015 HIPAA enforcement actions, which should help identify noncompliance issues on which OCR will focus in 2016.