Archive for the ‘Compliance’ Category

Guest Post: Are You Preparing to Fail Healthcare Compliance in 2018?

December 19th, 2017 by Tim Feldman and Darci L. Friedman

A 2018 roadmap to healthcare compliance should focus on cybersecurity, vendor management and telehealth.

As the year winds down, we see numerous lists of priorities healthcare organizations should focus on in the coming year. However, if you are looking to those end-of-year lists for guidance on what your organization should pay attention to in 2018, you are already behind. If you do find yourself playing catch-up, drafting your 2018 compliance work plan is the best place to start.

As the roadmap for your compliance efforts throughout the year, your annual work plan should indicate key high-risk areas. The Office of Inspector General (OIG) of the Department of Health & Human Services (HHS) has indicated that developing an annual compliance work plan is integral to the administration of an effective compliance program (Measuring Compliance Program Effectiveness – A Resource Guide).

The annual work plan and compliance program administration are but one portion of what is required for an organization to have a robust and effective compliance program. The required elements of a compliance program are the following:

  • Standards, Policies and Procedures;
  • Compliance Program Administration;
  • Screening and Evaluation of Employees, Physicians, Vendors and Other Agents;
  • Communication, Education and Training;
  • Monitoring, Auditing and Internal Reporting Systems;
  • Discipline for Non-Compliance; and
  • Investigations and Remedial Measures.

These elements provide a broad framework for your organization to identify risk, proactively remediate and provide a response mechanism to mitigate when there is an exposure. Working the plan and program throughout the year helps your organization achieve a state of ongoing readiness.

Cybersecurity

Cybersecurity is one item that will likely factor more heavily in your work plan, and appropriately so. Last June, the HHS Health Care Industry Cybersecurity Task Force released a report on improving cybersecurity in the industry. The Task Force concluded that cybersecurity, at its core, is a patient safety issue and a “public health concern that needs immediate and aggressive attention.”

Some of the areas to address in the broader realm of cybersecurity include:

  • Ransomware;
  • Email security, including phishing;
  • Internet of Things (IoT) and devices;
  • Bring your own device (BYOD); and
  • Medical identity theft.

As the Task Force report notes, cybersecurity must be thought about across the continuum of care in your organization. Work to shift the culture and thinking that cybersecurity is simply a technology issue, of concern only to the IT department.

Do this by implementing policies and procedures for key cybersecurity issues and then communicating them across the organization. Follow that with training, including everyone in your organization, from staff to board members. The training should: define cybersecurity; explain how it may manifest in the organization, and address your policies and procedures, making it evident to all what they can and cannot do and how to respond.

Third-Party Vendor Management

The outsourcing of services to third-party vendors is increasingly common and for good reason. Such relationships offer great benefits, but at the same time, these relationships also carry legal, financial, reputational and compliance-related risks. Here are seven questions to evaluate your third-party vendor relationships:

  • Does your organization, as a covered entity (CE) under HIPAA, have a vendor compliance program to help you identify, manage and report on these risks?
  • Do you review and assess your vendors’ risk profile?
  • Are you familiar with each vendor’s hiring practices?
  • Do you know which vendors’ products connect to other IT systems that contain critical data, including protected health information (PHI)?
  • Do you have insight into each vendor’s information security and data privacy capabilities?
  • Do you know with which vendors you have a business associate agreement (BAA)?

For many healthcare organizations, the answer to several of these questions is likely “no,” which creates risk for those organizations. The OIG’s position is clear: healthcare entities have a responsibility to proactively identify, assess and manage the risks associated with their vendor relationships.

All vendors are NOT created equal. A good starting point in managing an effective and efficient third-party compliance program is to perform a risk-ranking of vendors based on their access to critical assets or information. By segmenting your vendor population into “risk tiers” you can focus limited resources on the most serious exposures.

Components of third-party compliance assessment should include, among other things:

  • Due diligence (background, reputation, strategy);
  • Knowledge of, and compliance with, security and privacy requirements;
  • Operations and internal controls (policies and procedures);
  • Workforce controls, background and exclusion checks; and
  • Training and education.

And, of course, with every vendor that meets the criteria of a Business Associate, ensure that a written BAA is in place. BAAs can be complex and are often daunting, but they must be carefully negotiated and acknowledged by both parties.

By ensuring your vendors have strong compliance programs in place and that they are following through on the BAA requirements, your organization is meeting its compliance obligations and doing its best to minimize its risks.

Telehealth

The compliance concerns related to the delivery of care via telehealth are numerous and include the following:

  • Licensing;
  • Credentialing;
  • Security;
  • Regulatory requirements for billing; and
  • Fraud and abuse.

An area to focus some attention on is payment under federal healthcare programs. The OIG currently has two active work items on telehealth, one for Medicaid and one for Medicare. Both of the items relate to the propriety of payment for telehealth services.

If your organization provides telehealth services, consider conducting a risk assessment to determine if you have any exposure in the area. Risk assessments are not strictly one of the 7 required elements of a compliance program, but they are often referred to as the “8th Element” given the focus on them in the Federal Sentencing Guidelines and OIG documents.
Risk assessments, along with the other elements of a compliance program, provide your organization the means to identify, prioritize, remediate and/or mitigate the myriad on-going risks it will encounter. If you are not working your compliance program and specific risk areas throughout the year, you are failing to adequately prepare for an event. By failing to prepare, as one wise man said, you are preparing to fail.

About the Authors: Tim Feldman is Vice President and General Manager of Healthcare Compliance & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. He oversees product development across a vast suite of practice tools and workflow solutions to help professionals stay ahead of regulatory developments and effectively manage compliance activities. Darci L. Friedman, JD, CHPC, CSPO, PMC-III, is the Director of Content Strategy & Author Acquisitions for Healthcare Compliance, Coding & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. She is responsible for supporting the overall strategy for developing new content and features, innovating new product models, and recruiting top content contributors.

HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.

Infographic: Patient Communication Compliance

January 11th, 2017 by Melanie Matthews

Communication with current and potential patients is pivotal to maintaining and growing your practice, but your practice must ensure that you are compliant in all of your communication points with HIPAA, FDA and FTC rules, according to a new infographic by Response Mine.

The infographic touches on all points of patient communication—from digital advertising and marketing to scheduling appointments and patient reminders—to help practices protect patient information and stay compliant.

Patient Communication Compliance

Framework for Patient Engagement: 6 Stages to Success in a Value-Based Health SystemIntermountain Healthcare’s strategic six-point patient engagement framework not only has transformed patient care delivered by the Salt Lake City-based organization but also has fostered an attitude of shared accountability throughout the not-for-profit health system.

Framework for Patient Engagement: 6 Stages to Success in a Value-Based Health System details Intermountain’s multilayered approach and how it supports its corporate mission: Helping people live the healthiest lives possible.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today. Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Bizarre ICD-10 Codes

June 15th, 2015 by Melanie Matthews

ICD-10 codes will provide a more robust classification system, providing vastly more detail for diagnoses and procedures, revealing more about quality of care and allowing data to be used to better track outcomes.

However, according to a new infographic by CureMD, some of the new codes border on the bizarre in their specificity.

ICD-10-CM/PCS Implementation Action PlanOf all the tapes and books on the market about ICD-10, this important book by an Approved ICD-10 CM-PCS Trainer is a standout. Hospital, physician practice, ambulatory surgery center, freestanding clinics, and long-term care staff who are primary or secondary users of medical coding data will want it as their constant companion as they begin the implementation of ICD-10 at their facility.

ICD-10-CM/PCS Implementation Action Plan goes beyond its comprehensive coverage of ICD-10 CM/PCS to provide you with training tools, as well. This 135-page book also includes an 81-page customizeable document, as well as a customizeable spread sheet log.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: ICD-10 Industry Readiness

January 5th, 2015 by Melanie Matthews

Nearly 75 percent of health plans have completed their ICD-10 impact assessment, while only 50 percent of providers have completed theirs, according to results from the Workgroup for Electronic Data Interchange (WEDI), August 2014 ICD-10 Industry Readiness Survey, depicted in a new infographic by Healthsomely, a healthcare communications firm.

The infographic also looks at vendor readiness and testing by both providers and health plans.

ICD-10-CM/PCS Implementation Action PlanOf all the tapes and books on the market about ICD-10, this important book by an Approved ICD-10 CM-PCS Trainer is a standout. Hospital, physician practice, ambulatory surgery center, freestanding clinics, and long-term care staff who are primary or secondary users of medical coding data will want it as their constant companion as they begin the implementation of ICD-10 at their facility.

ICD-10-CM/PCS Implementation Action Plan goes beyond its comprehensive coverage of ICD-10 CM/PCS to provide you with training tools, as well. This 135-page book also includes an 81-page customizeable document, as well as a customizeable spread sheet log.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Clinical Documentation

September 5th, 2014 by Melanie Matthews

Correct coding based on complete clinical documentation boosts first time clean claim rates and decrease denials.

MRS Information Services has developed an infographic that details the regulatory impacts of correct clinical documentation and how to improve your health information management department for maximum performance. The infographic also highlights how ICD-10 will impact healthcare organizations and how organizations are preparing for ICD-10.

Electronic Health Records: Strategies for Long-Term Success Electronic Health Records: Strategies for Long-Term Success is a comprehensive reference for the design, implementation, and optimization of electronic health records (EHRs). The authors offer a detailed road map for avoiding common pitfalls during conversion and achieving higher-quality care after system implementation. A glossary of important terms and references to additional resources are also included in the book.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: 7 HIPAA Security Risk Analysis Myths

August 4th, 2014 by Melanie Matthews

An initial Office of Civil Right (OCR) HIPAA security compliance audit found that the top missing item needed for HIPAA security compliance was a risk analysis.

A new infographic by Coalfire outlines the top seven myths about HIPAA security risk analyses and what covered entities need to know about a risk analysis.

7 HIPAA Security Risk Analysis Myths

Covered Entity Manual The Covered Entity Manual is a template-style download manual that can be easily adapted to align with your compliance needs as a covered entity. All content complies with the Omnibus Rule. The Covered entity-specific manual provides you with a generic, yet comprehensive set of policies and procedures: 33 privacy policies; 30 security policies; 6 policies that address common requirements of both the privacy and security rules; 1 breach notification policy; and 12 forms and templates, including a notice of privacy practices.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: 7 Reasons to Engage With Patients Before Their Appointments

February 26th, 2014 by Jackie Lyons

The need to engage patients by preparing them before their appointments is rapidly growing. Positives include efficiency and increased patient satisfaction due to less manual data entry and shorter patient wait times among other benefits, according to a new infographic from Leading Reach.

This infographic provides the top seven reasons to engage with patients before their appointments and 10 examples of information that can be sent to patients before their appointment to ensure satisfaction.

You may also be interested in this related resource: Healthcare Innovation in Action: 19 Transformative Trends. Need more ways to increase patient satisfaction? This 40-page resource examines a set of pioneering efforts supporting the industry’s seismic shift from a volume-based culture to one rewarding value and patient-centeredness.


Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Can Telemedicine Improve Patient Care and Reduce Hospital Readmissions?

February 6th, 2014 by Cheryl Miller

Where technologies such as videoconferencing for remote diagnostics are deployed, adopters report impressive gains in the care of remote and rural patients, as well as a decrease in health complications, according to responses to the Healthcare Intelligence Network’s Telehealth in 2013 survey.

Take, for example, the numerous initiatives in the area of remote monitoring, the top clinical telehealth application reported by this year’s respondents. Fifty-seven percent monitor patients or members remotely; fully 100 percent of those employing this technology track vital signs and weight in monitored individuals, two critical red flags in treatment of individuals with chronic illness.

Active users of telehealth and telemedicine also experience fewer hospitalizations, hospital readmissions, emergency room visits and bed days, respondents reported.

Researchers at UC Davis Children’s Hospital recently found that telemedicine consultations with pediatric critical-care medicine physicians significantly improved the quality of care for seriously ill and injured children treated in remote rural ERs, where pediatricians and pediatric specialists are scarce.

The study also found that rural ER physicians are more likely to adjust their pediatric patients’ diagnoses and course of treatment after a live, interactive videoconference with a specialist. Parents’ satisfaction and perception of the quality of their child’s care also are significantly improved when consultations are provided using telemedicine, rather than telephone, and aid ER treatment, the study found.

Excerpted from 2013 Healthcare Benchmarks: Telehealth & Telemedicine.

Women’s Health Must be Priority for States’ Health Exchanges

March 13th, 2013 by Cheryl Miller

Women are finally getting the respect they deserve.

According to a new report from the George Washington University School of Public Health and Health Services (SPHHS), women’s health issues are key to the health of the nation and should be a major consideration when policymakers design and set up new insurance exchanges. And states need to maintain transparency so women can know up front what their coverage includes, including enrollment processes, scope of benefits, out of pocket charges and exemptions, so they can best provide for themselves and their families.

Transparency is also key to HHS’s aggessive list of health information technology (HIT) goals for 2013. Among them: at least 50 percent of physician offices will be using EHRs, and a majority will use electronic exchange among providers, ensuring that patients’ health information will be accessible wherever they access care. These goals are considered crucial to reducing healthcare costs and improving care quality, HHS officials say.

Increased access is behind a new primary care medical home (PCMH) certification from the Joint Commission. Designed for hospitals and critical access hospitals that have ambulatory care services that include primary care services offered by clinicians, the certification is considered beneficial to patients because it provides them increased access to the clinician and interdisciplinary team, and care from other clinicians and facilities is tracked and coordinated and regulated by evidence-based treatment protocols.

And increased virtual access is welcome to the majority of consumers, says a new Cisco Customer Experience Report recently released at the Healthcare Information and Management Systems Society (HIMSS) Conference.

Consumers and healthcare decision-makers across the globe were surveyed on sharing personal health data, participating in in-person medical consultation versus remote care and using technology to make recommendations on personal health. Results showed that the majority of Americans favored the increase of technology and remote care.

Three-quarters of consumers find access to care more important than face-to-face contact with their clinician, and are comfortable with the use of technology for medical interaction. The bottom line: consumers will overlook cost, convenience and travel, in order to be treated at a perceived leading healthcare provider to gain access to trusted care and expertise.

And don’t forget to take our new online survey on care transitions in 2013. Describe how your organization strategizes care transitions and you’ll receive a free executive summary of survey results once it is compiled.

These stories and more in this week’s issue of the Healthcare Business Weekly Update.

Infographic: The 5 C’s of Healthcare for 2013

March 11th, 2013 by Patricia Donovan

2013 will be the most important year in U.S. healthcare industry in modern history thus far, according to Deloitte. The nation’s fiscal challenges and the healthcare industry’s bulk are on a collision course, says the consulting firm, predicting that the story line about healthcare in 2013 will center on five themes: Clarity, Costs, Compliance, Consolidation, and Consumers.

The infographic below highlights each of these themes and what the nation might expect in 2013 from each.

2013's 5 C’s of Healthcare

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

You may also be interested in this related resource: Healthcare Trends & Forecasts in 2013: Performance Expectations for the Healthcare Industry.