March 27, 2025

QUESTION:
A member of our Medical Staff recently had a significant skiing accident which included a concussion.   When he returned to the hospital, staff noticed a change in his behavior and in his clinical performance.  Last week, he had two significant surgical complications and there are concerns that he might not be safe to practice.  The President of the Medical Staff and the Chief Medical Officer want to summarily suspend his privileges and then mandate a health evaluation – not as a punitive measure but to keep patients safe.  Does that sound like a good plan?

ANSWER FROM HORTYSPRINGER ATTORNEY SUSAN LAPENTA:
Health concerns can be particularly challenging.  There are several reasons why we don’t recommend the imposition of a summary suspension in a situation like this, except as a last resort.  First, the standard for imposing a summary suspension is pretty high and typically requires a finding that “failure to take such an action may result in an imminent danger to the health of any individual.”  (This is the standard built into the federal Health Care Quality Improvement Act.)

Second, most bylaws require that there be significant process after the imposition of a summary suspension.  This process typically includes a meeting with the Medical Executive Committee and, if the Medical Executive Committee continues the suspension, the commencement of an investigation, which might lead to a recommendation for disciplinary action.

Third, just calling the action a suspension changes how it is perceived.  A suspension sounds punitive even if you say it’s for patient safety concerns.  Furthermore, the imposition of a suspension creates reporting obligations.  A summary suspension that is in effect for more than 30 days must be reported to the National Practitioner Data Bank and the State Board.  In fact, some state reporting statutes require any suspension to be reported regardless of the duration.

In our experience, in situations where there might be an injury leading to an impairment, the preferred approach, and the approach that is consistent with accreditation standards, is a more collegial one.  For example, as a first step, the President of the Medical Staff and the Chief Medical Officer could meet with the physician, share their concerns, and discuss next steps and options.  This discussion could include a request that the physician voluntarily refrain from exercising surgical privileges until the fitness for practice evaluation can be completed and reviewed by the Practitioner Health Committee.

A physician in this situation will almost always agree to get the evaluation even if they don’t necessarily think it’s needed.  You can use this approach even if it is not expressly spelled out in your bylaws.

Better yet, build this approach into your Medical Staff bylaws documents.  That way, Medical Staff leaders have the authority to require a fitness for practice evaluation by a physician approved by them and can get the necessary authorizations to share information with, and receive information from, the physician who performs the evaluation.  It also helps to have bylaws language which states that if a physician refuses to get the fitness for practice evaluation that the result would be an automatic relinquishment of clinical privileges, not a suspension.

If you have a quick question about this, e-mail Susan Lapenta at slapenta@hortyspringer.com.

March 20, 2025

QUESTION:
We just discovered that a Licensed Practical Nurse was excluded from participation in all federal health programs.  We have never had a problem with this LPN and since she is an LPN, she does not refer patients to the hospital.  Should we do anything?

ANSWER FROM HORTYSPRINGER ATTORNEY HENRY CASALE:
Yes.  First, remove this person from any contact with patients whose care is paid for in whole or in part by a federal health care program such as Medicare or Medicaid.  Next, review your employment-related credentialing process.  All employees should be screened against the OIG’s List of Excluded Individuals/Entities before they are hired.  Find out how and why this did not occur before this person was hired and institute the processes necessary to prevent a similar situation from occurring in the future.

Now for the difficult and painful part.  You need to make a voluntary disclosure to the OIG.  The information described above will help to structure that self‑disclosure.  The fact that the excluded individual was an LPN, and that an LPN does not refer patients to the hospital or other facility, is irrelevant to the OIG.  Their position is that this person should never have provided any care, items, or services to a federal health care program patient.  As a result, the OIG will demand a refund for all federal health care reimbursement received by the hospital for each patient cared for in any way by the excluded person.

As you can imagine, the penalty will add up.  For example, in January 2025, an Ohio Skilled Nursing Facility entered into a $243,000.90 settlement agreement with the OIG in order to resolve allegations that the SNF employed an LPN who was excluded from participating in any federal health care programs and who provided items or services that were billed to federal health care programs.

If you have a quick question about this, e-mail Henry Casale at hcasale@hortyspringer.com.

March 13, 2025

QUESTION:
We have a physician who was granted a leave of absence (LOA) last October.  Before she went on leave, there were some concerns raised about her practice, and she signed a performance improvement plan that included extensive CME and simulation training.  When the physician asked to go on leave, she was told that before she would be reinstated, she would have to complete both the CME and the simulation training outlined in her performance improvement plan.

The problem is her current appointment term expires at the end of April.  We don’t want to reappoint her now and give her a stamp of approval especially if she hasn’t completed the CME or training. Is there a way to align the decision on her reappointment with her return from the LOA?

ANSWER FROM HORTYSPRINGER ATTORNEY SUSAN LAPENTA:
We share your concern about reappointing a physician who is on an LOA.  This case is further complicated by the fact that when the physician took the LOA there was an incomplete performance improvement plan.

Additionally, we would be reluctant to reappoint a physician about whom you had clinical concerns at least without first reviewing the most up to date information about her clinical performance.  If you reappoint this physician now, you won’t have any clinical information for at least the last six months.  And then, she won’t return from the LOA for an additional six months, at least potentially.

One suggestion would be to inform the physician that final action on her reappointment application will be held in abeyance until she seeks reinstatement from the LOA.  When she is ready to return from the LOA, she will have to update her reappointment application before any action is taken.  You will also want to make sure that your primary source verifications are current.

Simultaneously, she will have to demonstrate that she has satisfied the elements of the performance improvement plan.  Furthermore, it is not unusual, when a physician has been on an LOA for an extended period of time, for leadership to develop a focused professional practice evaluation plan to confirm competence as part of the physician’s reinstatement.

If you have a quick question about this, e-mail Susan Lapenta at slapenta@hortyspringer.com.

March 6, 2025

QUESTION:
Our hospital received a threatening letter from a lawyer, claiming that our website uses Google Analytics and, in doing so, has violated wiretapping laws.  Is this legitimate or a scam? What should we do?

ANSWER FROM HORTYSPRINGER ATTORNEY RACHEL REMALEY:
Some might believe the letter you received is both legitimate and a scam, wrapped up in the same package.  Specifically, as you likely know, the U.S. legal system acknowledges/permits class action lawsuits – essentially, lawsuits filed by one or more “class representatives” who litigate the claim on behalf of all similarly situated class members (the aggrieved individuals).  In concept, class actions permit litigation of claims where the damage to any one litigant may be too small to warrant a single individual shouldering the expenditure of fees/costs on complex litigation.  By grouping the claims of the entire class together, the lawyers who manage class action lawsuits make their money (since they collect their legal fees/costs first, out of any settlement or award), making it possible for these claims – that may otherwise go unaddressed – to be brought.

With that said, many of the class action lawsuits threatened/brought in recent years seem to originate with lawyers looking for a hook to justify a claim.  Often these firms run advertisements looking for individuals willing to serve as a “class representative” plaintiff, giving assurances that those volunteers won’t have to pay any upfront fees and, for their time, will be awarded a greater share of any settlement/award that results from the suit.  One begins to wonder if, for many of these suits, anyone was ever “aggrieved” to begin with.  Some of these firms even sell an interest in the lawsuits to private equity investors.  If the suit eventually results in a settlement or award, the firms/investors win big.  Class members usually receive paltry payouts.  Sometimes, they are a few cents or dollars.  Sometimes, there is no payout for the class members, just promises by a company to do better in the future.  Either way, the law firm walks away with its fees/costs recouped.

So, the letter you received is probably a legitimate letter from a lawyer or law firm.  If it alleges that some class of individuals is aggrieved, it remains to be seen whether any individual actually believed they were aggrieved or knew anything about the alleged wiretapping violation described in the letter.  A quick search of the internet will reveal for you that these types of letters/claims are rampant, and not just with respect to health care organizations.  They are just one of the many ways that firms/plaintiffs have been pursuing class action claims in recent years.  Remember several years ago, when a spate of lawsuits alleged that health care entities were violating HIPAA and state healthcare privacy laws through tracking that occurred on their websites?  We have also seen some firms/plaintiffs taking a new angle, alleging that websites that show videos and track users are violating the federal Video Privacy Protection Act (VPPA).

The good news for you is that (1) you are not alone in being targeted in this way, and (2) a number of courts around the country have already rejected these types of claims under various state’s wiretapping laws.  But, that doesn’t mean that you should simply throw the letter in the trash and ignore it.  Any time you receive any correspondence alleging a legal violation or threatening to sue, you should notify risk management and legal counsel, so that they can help the organization decide the most appropriate response.  In most cases, the next step will be to promptly notify your insurance carrier (who may decide whether to appoint specific counsel to manage the response, put a litigation hold in place, etc.).

Finally, receipt of a letter like this can be a good time for the organization to review its current practices to ensure that there are not gaps in compliance/areas of risk.  The Department of Health and Human Services put out a guidance document, “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” that may be helpful to review, if website tracking concerns are new to you.  As the HHS website makes clear, some of the guidance has been limited by court action.  But, if you are looking for more information about why website tracking is of concern and some steps that might be taken to address privacy concerns, it is a good place to get started.

If you have a quick question about this, e-mail Rachel Remaley at rremaley@hortyspringer.com.

February 27, 2025

QUESTION:
We perform delegated credentialing/payer enrollment for our employed practitioners and have been receiving correspondence from health insurers with which we have delegated agreements that we need to make changes to our policies and procedures because of revisions to the NCQA Standards.  Is this correct and, if so, can you provide us with more information on the changes that we need to make?

ANSWER FROM HORTYSPRINGER ATTORNEY CHARLES CHULACK:
It is indeed correct.  The NCQA Credentialing and Recredentialing Standards that go into effect on July 1, 2025 include significant changes that will require, at a minimum, updating your policies that apply to delegated credentialing/payer enrollment.  The most significant NCQA amendment is the elimination of the much maligned and close to incomprehensible “Credentialing System Controls” Standard.  When we first heard of this decision by the NCQA, we were relieved (and our relief was shared by those on the frontlines of delegated credentialing).

Unfortunately, the Credentialing System Controls requirements have been replaced with a new “Credentialing Information Integrity” Standard.  On its face, the new Standard is a little bit easier to understand, but it is process heavy and will require revisions to your documents.  Without going too far into the weeds of the Standard, the NCQA is targeting “inappropriate documentation and updates” to credentialing information.  Per the Standard, those performing delegated credentialing must have, among other things, policy language and corresponding processes for: (1) the credentialing information that falls under the integrity requirements, (2) the process for documenting updates to credentialing information, (3) a description of inappropriate documentation and updates, and (4) the auditing process for identifying inappropriate documentation and updates to credentialing information.  This is scratching the surface of what is required under the Credentialing Information Integrity Standard, but it gives you an idea of what changes need to be made to address this topic.

The NCQA Standards also tightened up the time limits for verifications and notifying practitioners of credentialing and recredentialing decisions.  By way of example, verifications of licensure, board certification, work history, and malpractice history must be reviewed by your Credentials Committee or Medical Director within 120 days of the verification (as opposed to 180 days which was required by the old standard).  Moreover, practitioners now must be notified of a credentialing decision within 30 calendar days (compared to the previous requirement of 60 days).

Other changes to the Standards include a requirement that your application ask about practitioner race, ethnicity, and language and a statement that you do not discriminate or base credentialing decisions on these items.  However, the application needs to note that providing this information is optional.

While the Q&A section of the Health Law Express doesn’t have the space to detail all the amendments for the 2025 NCQA Standards, we wanted to give you notice that changes will need to be made.  We have walked many of our clients through the required changes to their policies and procedures and, frankly, the policy changes that are mandated are not difficult to make.  That being said, the Standards are going to necessitate process updates, adjustments, and education for your credentialing staff and implementation may be a rocky road.

If you have a quick question about this, e-mail Charlie Chulack at cchulack@hortyspringer.com.

February 13, 2025

QUESTION:
Our team just attended your seminars in Amelia Island.  The one member who attended the Peer Review Clinic came out of the session with a strong belief we should remove “scoring” from our case review forms.  He’s had some trouble convincing the rest of us, so we wanted to hear it right from the horse’s mouth – why do you recommend against scoring cases?

ANSWER FROM HORTYSPRINGER ATTORNEY IAN DONALDSON:
We are happy to back up your colleague on this one!  The reasons we recommend moving away from using scoring as a part of the peer review process are based on the following issues:

  • We have observed that peer review committees spend a lot of energy on assigning the score, which distracts from the more important issues of whether there is a concern with the care provided and, if so, the appropriate intervention.
  • While scoring gives a perception of being objective, we’ve found that numerical scores don’t necessarily capture the complexity of a case in the same way as a detailed description from a case reviewer.
  • We have found that reviewers may be uncomfortable assigning low scores, which often carry labels indicating that the physician’s care was “inappropriate” or “below the standard.” As a result, the reviewers choose higher scores indicating “care appropriate” even if there are concerns.
  • Negative scores may put physicians on the defensive, especially since most scoring systems don’t allow for the provision of nuanced information.

These characteristics of scoring can undermine efforts to make the peer review process educational rather than punitive.  Accordingly, we recommend having a peer review/professional practice evaluation (“PPE”) system that focuses on actions and performance improvements rather than scoring.

If you have a quick question about this, e-mail Ian Donaldson at idonaldson@hortyspringer.com.

Please join Ian Donaldson and Charlie Chulack at an upcoming Peer Review Clinic to learn more about the new approaches Medical Staffs are taking to traditional peer review matters. You can learn more by clicking here.

February 6, 2025

QUESTION:
There is a private subreddit discussion group in which only Medical Staff professionals are approved to participate.  Most members of the group seek advice on credentialing, privileging, and peer review issues.  Community guidelines within the group caution against identifying the practitioners involved in their questions.  However, some posts may include specific details about problematic credentialing files or behavior incidents.  In some instances, individuals who post questions may include information such as their name and the hospital at which they work.  A few of our leaders are wondering if joining this group would help to bounce ideas off other Medical Staffs and their leaders.  Is this problematic?

ANSWER FROM HORTYSPRINGER ATTORNEY MARY PATERNI:
While we don’t mean to discourage professional interactions among Medical Staff professionals, there are legal risks to discussing credentialing and peer review issues about individual practitioners on social media.

Let’s be real, it’s social media.  There is never any guarantee that anything posted on platforms like Reddit, Facebook, or Instagram will remain private, even if a group is “closed.”  A member of the group could have a reason for disclosing information outside the group.  All it takes is a screen shot or copy + paste.  Plus, efforts to “de-identify” information do not always work.  Even the smallest bits of supposedly de-identified information can sometimes be pieced together and become identifiable.

There are a variety of legal risks if a post about credentialing or peer review matter gets back to the practitioner who is the subject of the post.  First, the practitioner could claim that the post was defamatory because it disclosed unfavorable information in a public setting.  Also, the practitioner could argue that the post constituted a breach of the confidentiality obligations set forth in the Medical Staff Bylaws, “tortiously interfered” with his employment prospects, or constituted a “breach of contract” under state law.

Social media posts could be problematic even if they are disclosed to individuals other than the practitioner in question.  For example, plaintiffs’ attorneys could use such posts as a reason to look for problems at a hospital.  Also, attorneys representing plaintiffs in malpractice or negligent credentialing cases could argue that the disclosure of peer review information on social media resulted in a waiver of the peer review privilege under state law of any information related to that matter.

So, we want to be careful here.  Again, we don’t mean to discourage professional interactions among Medical Staff professionals.  There are certainly many topics that could be discussed that don’t raise the potential problems discussed above.  However, recognize that there are risks to disclosing practitioner-specific information on social media.

If you have a quick question about this, e-mail Mary Paterni at mpaterni@hortyspringer.com.

January 30, 2025

QUESTION:
Our hospital is in the process of refining our Conflict of Interest (“COI”) Policy.  What are some general principles we should stick to/try to avoid?

ANSWER FROM HORTYSPRINGER ATTORNEY HALA MOUZAFFAR:
Every potential COI is unique depending on who is involved, what stage in a process you are in, and the level of participation of the potentially conflicted individual.  So, it is hard to have a lot of hard and fast rules when it comes to evaluating COIs.  That being said, there are some general principles you can follow when defining a process to identify and manage COIs.

(1)        The provider under review should not have the right to compel someone to be disqualified as a COI.
While we can and should allow a provider under review to note potential conflicts with individuals reviewing them, the final say in determining if an individual is truly a COI should remain with someone like a committee chair or other leadership that can make an objective decision.  Also keep in mind that anyone can end up in the hot seat as the provider under review, so we want to make sure that no matter who that individual is – even if it is you one day – we are giving that person fair process and evaluating all potential COIs.

(2)        Committees should have a COI identification process.
Some conflicts are obvious (e.g., family members, competitors, etc.), but some you might be completely oblivious to (e.g., history of animosity, good friends, etc.).  Since it is impossible to know every conflict that might exist, you should have a process that requires committee members to disclose any potential conflicts.  Because if conflicted individuals participate in a process, they may be putting themselves at risk of some legal trouble, so we want to protect those that are volunteering their time to help the hospital by managing those conflicts on the front end.

(3)        Have a COI Policy that maintains the integrity of the process.
Ultimately, our goal in managing COIs is to protect the integrity of the processes we have in place.  By managing conflicts effectively, we build trust in our system processes, so everyone feels like they are being treated fairly and given a fair chance to be heard.

If you have a quick question about this, e-mail Hala Mouzaffar at hmouzaffar@hortyspringer.com.

January 16, 2025

QUESTION:
How should we handle distributing peer review materials prior to a meeting?

ANSWER FROM HORTYSPRINGER ATTORNEY NICHOLAS CALABRESE:
In general, we recommend that documents not be distributed before meetings.  You always take a risk when you distribute peer review materials prior to a meeting, because if the materials are lost, misplaced, or treated carelessly, peer review protections could be lost.  Confidential materials should not end up in the hands of someone who is not part of a legally protected peer review committee.

But, we also realize that sometimes confidential materials have to be reviewed prior to a meeting, because it may be a huge pile of documents.  So, here are a couple ideas:

You could keep all of the peer review materials in a central location, like the medical staff office.  Committee members can have access to the materials, but won’t be able to take them out of the office.  Also, here, don’t allow any copies to be made, unless the VPMA, CMO or CEO allows it.

Another idea is to put the committee member’s name and phone number on the materials, along with a number, like 1 of 12.  The committee members should be told that no copies may be made, and that the documents should be returned after the meeting.  Then, after the meeting, the materials should be collected, all of the numbers accounted for, and the copies destroyed – only keep the originals as official records.

One final idea that can be used with the first two ideas is to stamp all of the confidential materials with a stamp that states “Protected and Confidential Pursuant to the State Peer Review Statute.”  Again, a red flag goes up if the stamp is seen outside the meeting room.

During the pandemic, everything became virtual, which raised a whole host of issues.  Everyone is now more comfortable sharing peer review documents electronically through protected portals and the like, but there is still a need to be cautious.  So, sit down and think everything through on how to tackle this.  For example, think about:

  • How do you control access? (passwords, secure email, etc.)
  • Do you send emails to gmail accounts or only to hospital accounts?
  • Are you going to blind the records? Prohibit copies?

We advise pulling in your facility’s tech experts to work with you as a part of this process.  Which videoconferencing platform is secure for HIPAA and other privacy laws?  Create a list of approved software programs.

We’ve developed a policy on virtual meetings.  The highlights of the policy are:

  • Virtual participants should be required to maintain compliance with all policies relating to confidentiality, data privacy, electronic communications and security. We recommend that all meetings begin with a reminder about confidentiality, privacy and security, and that this be reflected in the minutes.  Quorum and voting requirements apply as if at an in‑person meeting.
  • The best practice is to prepare for calls by testing new cameras and microphones before the meeting. Also, minimize outside distractions, such as the dog coming in and out of the picture, hearing the neighbors fighting, or the kid next door testing out the new exhaust on his Dodge Challenger.  You can’t soundproof the walls, but do try to find a secluded, quiet space.

Some practical tips for virtual meetings…

  • Remember that you’re in a professional setting. During the pandemic, there were stories about people making dinner, brushing their teeth, etc., while on Zoom.  Avoid that and give the meeting the attention it deserves.
  • Remember that mute is your friend. Keep microphones on mute unless speaking, and always assume that the mic is hot.  Pre‑pandemic, there’s the famous story about President Ronald Reagan forgetting that he had a hot mic, and saying “My fellow Americans, I’m pleased to tell you today that I’ve signed legislation that will outlaw Russia forever. We begin bombing in five minutes.”  Then there are the pandemic stories – all members of a San Francisco area school board resigned after they were heard making disparaging comments about parents at a virtual board meeting.  Always assume the mic is hot and the camera is on.

If you have a quick question about this, e‑mail Nick at ncalabrese@hortyspringer.com.

January 9, 2025

QUESTION:
We have an applicant who is refusing to answer one of the questions on our application form because she says that her lawyer told her it could violate a settlement agreement that she has with another hospital. We think that information is relevant to her request for appointment at our hospital. Can we still ask for the information?  Should we ask for a letter from her lawyer? Should the application be held incomplete?

ANSWER FROM HORTYSPRINGER ATTORNEY LEEANNE MITCHELL:
Yes! Credentialers have a duty to review all of the relevant qualifications of each applicant for Medical Staff appointment and clinical privileges and cannot allow the legal interests of an applicant, in an unrelated matter, to interfere with that duty. Accordingly, the Medical Staff Bylaws (or related policies) should state very clearly that every applicant bears the burden of submitting a complete application and of producing information deemed adequate by the hospital for a proper evaluation of current competence, character, ethics, and other qualifications and for resolving any doubts.

A similar issue arose in a 1997 case, Eyring v. East Tennessee Baptist Hospital, 950 S.W.2d 354 (Tenn. Ct. App. 1997), in which a physician applicant refused to sign a release form authorizing a hospital where he had previously practiced to send information to another hospital where he had applied. The physician argued that he received legal advice that signing the release could compromise his lawsuit against the hospital, which had revoked his privileges. The court held that because the physician had not provided the additional information that the hospital requested – irrespective of the fact that a settlement agreement was in place – he had not submitted a complete application and, thus, under its Bylaws, the hospital was not required to process his application further.

If you have a quick question about this, e-mail LeeAnne Mitchell at LMitchell@hortyspringer.com.