The Most Important Compliance Best Practices You Need to Know

Patients have the rights to file complaints and grievances when they are not satisfied with the treatment received. The healthcare organization should have a process to address and resolve them in a timely manner. The process should be effective and in compliance with the federal regulations and accreditation standards. By implementing an effective process, the healthcare organization reduces risks, enhances patient safety, and improves system or individual performance. Maintaining transparency in patient satisfaction data offers quality improvement opportunities.

The HIPAA Final Omnibus Rule was published on January 25, 2013, by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The amendments to HIPAA found in the Final Rule are extensive and address complex healthcare regulatory schemes. It broadens the definition of business associates and provides new requirements for business associate agreements. All kinds of covered entities as well as business associates of covered entities need to review their HIPAA policies and procedures in order to comply with changes in these rules. This article provides some of the best practices the covered entities can adopt to ensure that their business associates are in compliance with requirements of the HIPAA Final Omnibus Rule.

The HIPAA Final Omnibus Rule went into effect last year in January. The amendments to HIPAA found in the Final Rule are extensive and address complex healthcare regulatory schemes. It contains modifications to the privacy standards (Privacy Rule), security standards (Security Rule), interim final security breach notification standards (Breach Notification Rule) and enforcement regulations (Enforcement Rule). All kinds of covered entities as well as business associates of covered entities need to review their HIPAA policies and procedures in order to comply with changes in these rules. This article describes the amendments in the breach notification rule and how to comply with these new regulatory requirements to avoid fines and penalties.

The Knox-Keene Health Care Service Plan Act (Knox-Keene Act) is a California law that provides the license and regulation of managed health care service plans. The design of the act provides for the regulation of health insurers by the Department of Insurance. The licensure and plans' compliance with state regulations is managed by the Department of Managed Health Care.

U.S. Department of Health and Human Services Secretary Kathleen Sebelius on April 6, 2010 had delivered in a speech titled “Health Reform and You: How the New Law Will Increase Your Health Security”. From the title of the speech subject is quite understandably becomes clear to the reader, and yes, the topic of her speech was the newly passed healthcare bill, famously known as Obamacare bill and infamously, The Affordable Care Act.

The recent healthcare reforms law by President Obama includes provision to decrease substantial taxpayer subsidies to private insurance companies that administer Medicare Advantage plans. This can be achieved by strengthening oversight, improving efficiency and tough provider screening which enable to identify fraud at the initial stages.

One of the most important issues facing health care executives today is the demand for health services from an increasing number of patients with Limited English Proficiency (LEP). The design community is challenged to develop design tools and methodologies that will enable those with LEP and limited literacy access to health services. Universal symbols are an effective design tool to help visitors navigate health facilities.

This document was developed by the Provincial Infectious Diseases Advisory Committee (PIDAC). PIDAC is a multidisciplinary scientific advisory body who provide to the Chief Medical Officer of Health evidence-based advice regarding multiple aspects of infectious disease identification, prevention and control. PIDAC’s work is guided by the best available evidence and updated as required. Best Practice documents and tools produced by PIDAC reflect consensus positions on what the committee deems prudent practice and are made available as a resource to the public health and health care providers.

Mar 22, 2010 – Hollywood, FL - Interview with: Gerald Bowe, Chief Executive Officer, COHR Inc. (DBA Masterplan, ReMedPar and MESA)

Running a hospital requires clockwork precision and attention to detail. One problematic machine can delay patients and staff, disrupt the processes in place and potentially jeopardize patient safety. A mechanical hiccup also translates to a loss of revenue, says Gerald Bowe, Chief Executive Officer at Masterplan Inc. A solution provider at the marcus evans National Healthcare CXO Summit Spring 2010 taking place in Florida, April 25-27, 2010, Bowe considers cost reduction strategies that healthcare CEOs could implement to ensure a steady revenue stream.

The progress of the information revolution in clinical health care has been slow compared with its advance in fields such as financial services, manufacturing, architectural design, and transportation. Computerized data processing came first to the financial aspects of health care, including clinical billing systems. Clinical laboratories, radiology, and research absorbed the new and powerful tools made possible by computer technology. Clinicians were dragged reluctantly into compliance with diagnostic-related groups (DRGs) and Current Procedural Terminology (CPT). Reluctance was followed by dismay when use of DRGs and CPT led to the creation of massive pooled databases of clinical information and the documentation of significant variations in quality, cost, efficiency, and outcomes.

The advent of virtually free Internet access has opened large vistas of health care information to those willing to invest a small amount of time and energy learning how to perform searches using browser software. Health care providers, organizations, and professional associations, among many others, publish "best practices" information for both administrative and clinical audiences, making these recommendations among the fastest-growing types of health care information appearing on the World Wide Web. The problem is how to find best practices among the wealth of resources on the Internet and then how to separate the proverbial wheat from the chaff.

WHO IS SEEKING BEST PRACTICES ON THE INTERNET?

Best practice describes a process or technique whose employment results in improved patient and/or organizational outcomes. Health care providers, managed care organizations, administrators, payers, and policy analysts are all interested in improving the quality of health care and are likely to be customers of best practices informational resources.

HOW TO EVALUATE THE QUALITY OF BEST PRACTICES INFORMATION?

Once the information is available on the Internet, the problem for the searcher shifts from one of quantity to quality. The best practices information seeker should stop and ask a number of questions about the quality of information, its sources, and the methods used to obtain it. CONCLUSION: The "truth" may be out there some-where in cyberspace, but locating best practices information and evaluating its quality require new skills and patience and time to practice and develop them to the point of efficiency.

Source: http://www.ncbi.nlm.nih.gov/pubmed/9476203

 

We are all searching for the best practices in value analysis in order to obtain greater savings yields and quality gains. The question is where and how can we find them? To speed up your search I am of feting you 10 of the top value analysis best practices that we have observed or initiated at healthcare organizations throughout the country that will move your supply value analysis program to the next level of savings and quality:

1. Team-based:

Value teams are now coming into their own throughout the country became they make more sense than value analysis committees. Value teams get the job done faster and better by involving customers, stakeholders and experts who understand their products, services and technologies much better than a committee member or members collectively can or should.

2. Extensive training:

Value analysis is an art and a science with a 63-year history that requires 40 to 80 hours of classroom and just-in-time training to truly become proficient in this discipline. Healthcare organizations that are making this investment in training their value teams are receiving a minimum of41:1 ROI for their efforts.

3. Standardized process:

Too many hospitals are "Winging It" when it comes to value analysis, whereas, best practice hospitals have a defined value methodology that their value team members follow religiously on each and every value study that they perform. By adding this discipline to their value analysis program best-practice hospitals are realizing 6 percent to 9 percent savings annually in addition to greater quality gains.

4. Function oriented:

Value analysis is the study of function and the search for alternatives, not price. Value analysis goes beyond price to identify the true requirements of your customers and meets those requirements at the lowest possible cost. Best-practice hospitals who understand this important differentiation are saving on average 26 percent on each commodity group they study.

5. Customer focused:

Value analysis begins and ends with the customer at best practice hospitals. However, spelling out just what products, services and technologies will meet our customer's exact requirements is the real challenge. This challenge is being met through utilizing techniques, such as, the Value Analysis/Value Engineering Customer Mapping process. This process helps to truly understand a customer's exact requirements, and then positions customers for the change(s) that you will be proposing to them with your value justifications.

6. Clinician ownership:

The No. 1 challenge for value analysis practitioners in healthcare today is obtaining buy-in from their clinicians on product, service and technology changes that they are recommending. Yet best-practice hospitals have solved this challenge by having their clinicians customize the product, service and technology they are purchasing, as opposed to standardizing on products, services and technologies they won't accept or buy-into.

7. Strategic planning driven:

Most value analysis programs focus their efforts on their group purchasing organization contracts and requisition driven offerings, whereas best-practice hospitals strategically plan their value analysis candidates and target their savings. This results in the strategic planning driven value analysis programs saving 10 to 15 times more than GPO and requisition driven value analysis programs.

8. Outcome-based results:

Best-practice hospitals track their value analysis savings and quality gains through agreed upon metrics and milestones with their executive management team in order to enforce discipline and ensure that outcome-based goals are met and/or exceeded.

9. Decision support:

Real-time data, in an organized, structured and cleansed format, is provided by best-practice hospitals for their value team members to use to data mine for the gold nuggets that surface with data driven value studies.

10. Knowledge management:

Best-practice hospitals capture all value studies documentation in a centralized electronic database to be shared with all internal and external collaboration partners, as opposed to reinventing the wheel year after year.

These 10 best practices in value analysis represent the forefront of system thinking on value analysis in healthcare today. If your hospital wants to be on the cutting edge of this maturing discipline you will need to adopt all or most of these best practices in order for you to move to the next level of supply chain performance. To quote Kenichi Ohmae, known as Japan's only management gum, rowing harder doesn't help if the boat is headed in the wrong direction." So let these 10 best practices guide you to grow faster, smoother and easier with your value analysis program and in the right direction.

Source: http://findarticles.com/p/articles/mi_m0BPC/is_7_29/ai_n14735115/

 

Many changes have and will continue to occur in how your family will receive health services. One important change is the use of managed care plans, such as health maintenance organizations (HMOs) and preferred provider organizations (PPOs), by employers and state Medicaid agencies. This article answers some of the most frequently asked questions about effectively using managed care plans.

 

Physician-patient relationship is perhaps on a verge of losing its eternal sacrosanct essence. Utmost dependence of a patient with all his personal and intimate information on a doctor will have to see an end as an increasing numbers of incidents of breaching patients’ confidentiality are being recorded from almost all corners of the word, and surprisingly the number is on rise!
 

Almost everyday’s newspaper brings to us the news of breaching patient confidentiality, but how many of us are truly aware of its effect? Let’s take a ride to this article and try to explore some unknown corners of patient confidentiality, its meaning, significance and impact of breaching..let’s explore who breaches and why…so that next time we become sincere (finicky?) before sharing our information (if patient) or will give a little effort to maintain the data in a more proper way (if staff/doctor).
 

What is Patient Confidentiality?
 

According to the American Medical Association, “Confidentiality is the right of an individual to have personal, identifiable medical information kept private. Such information should be available only to the physician of record and other health care and insurance personnel as necessary.”
 

If put in simple words, patient confidentiality means when a patient reveals his personal and medical information to a healthcare provider, that has to be kept with maximum care so that the information do not get divulged to others. Only with specific permission of the patient, his information can be disclosed to others.

Knowing a patient’s full information helps a doctor to provide better diagnosis and improved care. Therefore, knowing a patient’s medical history is a doctor’s right. Likewise, when a patient reveals his personal info, he expects it to be protected by the doctor. Hence, it is the physician’s duty to keep patient’s information confidential and let the patient enjoy access to a better treatment.
 

What is a Breach of Patient Confidentiality?

Breach of patient confidentiality refers to incident where patient’s confidential information, learned by the doctor within the physician-patient relationship, is divulged to a third party without the former’s consent or court order.

Breaching can be oral, written, or done via telephone or fax, or electronically by using email or health information network. Importantly, the medium of disclosure is not important but special security requirements may apply to the electronic transfer of information.

HIPAA and Patient Confidentiality

HIPAA Privacy Rule was introduced to ensure the privacy and protection of personal information of the patients held by physicians, hospitals and its staffs. HIPAA also provides a range of rights with respect to personal information. At the same time, the Privacy Rule permits the disclosure of personal health information when needed for patient care and other important purposes.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information.

As per the Health Insurance Portability and Accountability Act (HIPAA) of 1996, all professionals and organizations are to guard the privacy of their patients and customers. Employees at all levels are required to maintain confidentiality with integrity.

Not only HIPAA, in other countries like in UK, a similar Act, Patient confidentiality and Access to Health Records is also there to protect patients’ confidentiality.  This law functions under the Data Protection Act, 1998. This rule says, “Patient information is generally held under legal and ethical obligations of confidentiality. Information provided in confidence should not be used or disclosed in a form that might identify a patient without his or her consent. There are a number of exceptions to this rule but it applies in most circumstances”.

In India also, Privacy and the Right to Information Act, 2005 holds high the significance of individual`s right to privacy in general, and especially in health-related matters.

Impact of Patient Confidentiality Breaching

According to UK government, organizations failed to comply with the Data Protection Act can face a fine of up to £5K in magistrates courts, unlimited fines in higher courts and even face legalities in charge of violating Human Rights Act.  Moreover, there are possibilities that the organization may be told to stop using the data they gather.

Failure to comply with HIPAA can result in civil and criminal penalties (42 USC § 1320d-5). The “American Recovery and Reinvestment Act of 2009”(ARRA) that was signed into law on February 17, 2009, established a tiered civil penalty structure for HIPAA violations. Under this rule, the organization, violating HIPAA is supposed to give penalty of $100 per violation, with an annual maximum of $25,000 for repeat violations to $50,000 per violation, with an annual maximum of $1.5 million.

In June 2005, the U.S. Department of Justice (DOJ) clarified criminally liability of breaking HIPAA. Organizations and specified individuals, who "knowingly" obtain or disclose individually identifiable health information in violation of the Administrative Simplification Regulations, can be penalized with a fine of up to $50,000, as well as can be imprisoned for up to one year.

Cases of Patient Confidentiality Breach
 

• Breach of Britney Spears patient data reported (March, 2008)
  New York Times published that employees accessed confidential medical records of pop star Britney Spears during her stay at UCLA Medical Center.

• GPs fear breach of secret patient data
  In UK, doctors blamed health officials for risking a breach in thousands of patients' medical records through a new system being pioneered in Stoke-on-Trent.

• Estimated 500,000 BlueCross members at risk for identity theft (October, 2009)
  Health Imaging revealed, the October data security breach at a Chattanooga, Tenn. office threatened an estimated 500,000 BlueCross members’ of identifies theft. While most of the at-risk members reside in Tennessee, BlueCross has identified 32 states with 500 or more members whose data may be at risk as of Jan. 8.
  

• Kaiser Hospital Fined $250,000 for Privacy Breach in Octuplet Case  (December 2009)
  An external electronic data storage device containing patient health information for approximately 15,500 Northern California members of health insurance company Kaiser Permanente got stolen from an employee’s car at the employee’s home in Sacramento, Calif.

• Non-medical staff 'have access to health records' (March 2010)
  BBC News reveals, At least 100,000 non-medical staff in NHS trusts have access to confidential patient records.
   

Can Breaching Be Stopped?

Breaching of patient confidentiality can be stopped if addressed properly. If you are an owner of a healthcare organization, following steps can provide you with a good result:

Train Your Staff

Organizations can’t assure confidentiality, integrity, and availability of information without “ensuring that each person involved understands their roles and responsibilities and is adequately trained to perform them, therefore implement a security awareness and training program for workforce, including management

Establish and Check Workforce Clearance Procedures

Before giving access to your organization’s confidential database, check your employee’s criminal background.

Use Improved Security Measure

To restrict employees’ access to your confidential start using improved security measures. The new technologically sound security measures will help you cut or limit your employee’s access.

Effective Workforce Termination

Adhere to a policy that terminates your employee’s access to building, computer and health related protected information, soon as you terminate the person.

Review System Activity

Conduct technical audits and do a regular checking of your systems’ activities. Regular tracking may help you know the access of your employees.

Keep Data in Encrypted Mode

Provide password to all important data to protect them from theft.

Periodic Security Reminder

Use a security reminder to help you keep your employees vigilant about data theft.

Finally, discuss consequences of theft! Let workforce know what measure company can take when someone breaks the rules. And, make your training program dynamic and part of everyday work routines. Now, with successful implementation of the above mentioned steps, witness a better result in terms of protecting patient data and saving yourself from bad reputation.

Reference:

http://www.issuesinmedicalethics.org/164ar158.html

http://www.dh.gov.uk/en/Managingyourorganisation/Informationpolicy/Patientconfidentialityandcaldicottguardians/DH_702

http://www.ama-assn.org/ama/pub/physician-resources/...

http://www.healthimaging.com/...

http://www.scmagazineus.com/breach-of-britney-spears-patient-data-reported/article/108141/

http://news.bbc.co.uk/2/hi/health/8587898.stm

http://www.cmanet.org/bestpractices/best_practices_6.pdf