October 22, 2015

QUESTION:        Our health system is comprised of multiple entities, including several hospitals and a large physician group practice. We wanted to know how we can promote consistency and economies of scale by coordinating our efforts to comply with the Health Insurance Portability and Accountability Act (“HIPAA”). We also wanted to know whether we could share protected health information amongst and between the multiple entities.

ANSWER:           Yes, you can. The easiest way to do this is under the HIPAA regulations, at 45 C.F.R. §164.105(b)(1), governing affiliated covered entities. Per this section, “legally separate entities that are affiliated” may designate themselves as a single covered entity for purposes of the security and privacy requirements of the HIPAA regulations. However, all of the covered entities in the system must be under common ownership and control and the designation must be documented. The designation documentation must be maintained in written or electronic form and for a period of six years from the date of its creation or the date when it last was in effect, whichever is greater. Often, this designation can be accomplished with a brief board resolution. The practical effect of the affiliated covered entities designation is that all of the covered entities in your system which are under common ownership and control are treated as one covered entity for HIPAA privacy and security purposes. Thus, they can share a single set of privacy policies and can freely share protected health information as if they were a single entity. This may result in significant efficiencies when navigating the regulatory complexity of the HIPAA rules.

October 15, 2015

QUESTION:        It’s the flu season, again, and we know that we can require employed physicians to have a flu shot, but what about physicians who aren’t employed? What’s the easiest way to do this?

ANSWER:           Yes, a hospital can require non-employed physicians to get a flu shot. The easiest way to implement the policy for non-employed physicians is to include it as part of the eligibility criteria in the medical staff bylaws or credentials policy. The criteria could require every applicant and medical staff member to provide evidence of an annual flu shot. Of course, with every rule, there are exceptions. For example, a physician may have a medical condition that prevents him/her from receiving a flu shot. In those cases, the physician could be required to wear a mask at all times in the hospital.

October 8, 2015

Question:        When do we have to be in compliance with the new requirements for financial assistance policies and emergency care policies?

Answer:         The Patient Protection and Affordable Care Act (“ACA”) added §501(r) to the Internal Revenue Code, imposing new requirements, financial assistance policies, and emergency care policies, on 501(c)(3), “nonprofit” organizations. Last December, the IRS published the final regulations, giving some hospitals just one year to comply with the final regulations.

The date on which a hospital must be in compliance depends on when its tax year begins. A hospital must be in compliance with the Section 501(r) final regulations beginning on the first day of its first tax year after December 29, 2015.

So, if a hospital’s year ends on December 31, 2015, it must be in compliance by January 1, 2016. If it ends on June 30, 2016, it must be in compliance by July 1, 2016. If it ends on September 30, 2016, it must be in compliance by October 1, 2016.

 

October 1, 2015

QUESTION:        We have a Mental Health Unit (“MHU”) in our hospital. Sometimes, inmates from a local prison become inpatients on the MHU. Until recently, we have not required prison security to be on the MHU with the patient/inmate; we were concerned that would damage the treatment milieu. Now we’ve decided it’s necessary to have a prison security officer because of the real potential for violence from the patient/inmate, with possible harm to our other patients and MHU personnel. If the prison will not provide a security officer, will we have EMTALA-compliance problems if we say we cannot take the patient/inmate on our MHU?

ANSWER:          That’s a very good question, and for any individual hospital, the best answer probably comes from its CMS Regional Office (“RO”). Each RO has EMTALA “jurisdiction” over its region. It’s the RO that determines whether there has been an EMTALA violation or not.

Here’s the EMTALA side to the question. The inmate becomes a patient once he is brought to the hospital’s Emergency Department (“ED”). As required by EMTALA, the patient is given a medical screening examination to determine if the patient has an emergency medical condition (“EMC”). The definition of EMC under EMTALA includes a psychiatric EMC.

If the patient has a psychiatric EMC, the EMTALA duty upon the hospital is to stabilize that EMC if the hospital has the capacity and the capability to do so. Because this hospital has an MHU, it has the services and resources to stabilize a psychiatric EMC. (That’s assuming the MHU has an available bed. Here, it does.) So the hospital must proceed with the MHU inpatient process under EMTALA, correct?

Here’s the problem: The MHU is not a “forensic unit” which is meant to be able to handle prison inmates as a patient population. While every MHU has to be able to manage a certain level of violence – that comes with the regular mental health patient population – it’s not meant to manage an inmate population that brings significant concerns of safety and security. That’s the reason why this MHU has told the prison it can no longer take inmates as psychiatric inpatients unless there is a prison security officer on the MHU floor to guard them, as well.

The MHU’s EMTALA argument: It does not have the EMTALA capacity to care for the patient in the MHU without that prison security officer. As the MHU is not a forensic unit, when there are legitimate concerns about violent behavior by a prison inmate/patient, it does not have the capacity to take that patient without the prison security officer.

We have had conversations with different CMS RO EMTALA officials about this knotty problem, one quite recently. That EMTALA official was very sympathetic to the MHU’s plight, and agreed with the capacity analysis. Another RO EMTALA official with whom we once talked this through was not as sympathetic.

And, that’s not to criticize the ROs or their EMTALA officials. It’s a difficult problem, one also further complicated by the fact that EMTALA and state mental health laws and services are often a bad fit, and because there are simply not enough MHU beds in any region or in any state. These two underlying complications make a difficult problem even more difficult.

 

September 24, 2015

QUESTION:        One of the few remaining independent physician groups whose physicians are members of our medical staff desperately needs help. They have been unable to find a physician who is willing to relocate, but have found several qualified non-physician practitioners who are. The group has approached the hospital requesting the same type of net income guarantee recruitment assistance agreement that the hospital would offer to the group if they had located a physician. Since it will be less costly to provide the recruitment assistance needed to recruit a non-physician practitioner, this seems like a simple decision. However, our attorney is telling us that the proposed arrangement violates the Stark law. How?

ANSWER:          Unfortunately, your legal counsel is correct. The Stark law only applies to physicians. A PA, CRNP, CRNA, or other non-physician practitioner (“NP”) is not a “physician” as defined by the Stark law. So the Stark law would not apply to a direct compensation arrangement between the NP and the hospital.

However, that is of little practical benefit if the request is for an income guarantee. By definition, the hospital must, directly or indirectly, pay the guarantee payment to the physician group. This creates a compensation arrangement between the hospital and the group and so in order to comply with the Stark law, this arrangement must satisfy an exception. Unfortunately, in the Preamble to the Stark Phase 3 Rules, in response to a comment asking whether recruitment assistance could be provided to a group to recruit an NP, CMS responded by stating that the physician recruitment exception is limited to the recruitment of a physician. CMS then stated that any recruitment payments made by a hospital to a physician group to assist the group to recruit an NP would constitute a compensation arrangement “to which no exception would apply.”

We have never understood CMS’s position and now it appears that CMS has seen the error of its ways. In the July 15, 2015 Federal Register, CMS proposed creating a new exception to the Stark law that would specifically permit a hospital to provide recruitment assistance to a physician group to employ an NP.

While a positive step, there are a number of concerns with the proposed exception. As proposed, the new exception is much more limited than the physician recruitment exception. For example, it limits the exception to PAs, CRNPs and certified nurse midwives who are employed by a physician group to provide primary care services. It also limits the type of recruitment assistance that may be provided.

In comments that we submitted to CMS, we requested that CMS revise this exception to make it less restrictive and more in line with the physician recruitment exception. Whether CMS will agree with our comments remains to be seen when it publishes final regulations.

Therefore, the safest course of action right now is to provide the recruitment assistance directly to the NP. However, current law does not permit a guarantee-type arrangement with a physician group to recruit an NP. As a result, we have found the types of recruitment assistance that are currently permitted to be used with an NP to be very limited. If you have the luxury of time, a better approach would be to wait and see if CMS publishes the proposed NP recruitment exception in final form and then follow that exception.

The $115,000,000 settlement described in the “Your Government at Work” section of this week’s HLE was, for the most part, due to the compensation paid to employed physicians. Want to learn more about the types of compensation that can be paid to employed physicians? Join Henry, Rachel and Charlie in Las Vegas on October 15-17 at the Physician Employment Institute.

September 17, 2015

QUESTION:        Our MEC recently commenced an investigation regarding a practitioner with a long history of behavioral incidents. The MEC has decided to conduct the investigation itself. Who should be present for the investigation? All of the people normally present at MEC meetings? Only members of the committee? Only voting members of the committee?

ANSWER:           If the MEC has decided to undertake a task, the whole committee can and should be involved. This means all members of the committee, including any individuals who are members by virtue of their position (i.e., ex officio members) and regardless of whether those members are physicians or have voting rights. Members are members because they have a valuable role to play (sometimes, providing expertise or information or administrative support for the committee). Take advantage!

Individuals who often attend MEC meetings as guests, but who are not members, may be excluded from investigations or other sensitive matters, if that makes sense. For example, if the investigation involved a psychiatrist, there would probably be no reason to have the director of the OR or the nurse manager present for the investigation, even if those individuals routinely attend MEC meetings as guests.

Medical Staff Services professionals and other administrative support persons, on the other hand, are often asked to attend and be involved in the MEC’s investigation because they may be able to offer valuable support to the committee as it proceeds (including offering support regarding the terms of the Bylaws, the contents of the practitioner’s credentialing and peer review files, keeping minutes, coordinating meetings, and assisting in drafting or coordinating the drafting of documentation regarding the investigation process – such as interview summaries).

September 10, 2015

QUESTION:        Our hospital is doing a HIPAA security risk assessment and was told we have to follow guidance issued by the National Institute of Standards and Technology (“NIST”). Is that something we have to do?

ANSWER:            No. You can use the NIST publications as a guide, but you don’t have to. The HIPAA Security Rule itself does not reference the NIST guide at all, although some NIST documents are mentioned in the Preamble to that rule. The HHS Office of Civil Rights has published several papers providing useful guidance on complying with the security rule, which can be found at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule. In one of them, OCR says:

Although only federal agencies are required to follow federal guidelines like the NIST 800 series, non-federal covered entities may find their content valuable when performing compliance activities. As stated in the CMS frequently asked questions (FAQs) on the HIPAA Security Rule,

“Covered entities may use any of the NIST documents to the extent that they provide relevant guidance to that organization’s implementation activities. While NIST documents were referenced in the preamble to the Security Rule, this does not make them required. In fact, some of the documents may not be relevant to small organizations, as they were intended more for large, governmental organizations.

The Security Rule does not prescribe a specific risk analysis or risk management methodology. This paper is not intended to be the definitive guidance on risk analysis and risk management. Rather, the goal of this paper is to present the main concepts of the risk analysis and risk management processes in an easy-to-understand manner. Performing risk analysis and risk management can be difficult due to the levels of detail and variations that are possible within different covered entities. Covered entities should focus on the overall concepts and steps presented in this paper to tailor an approach to the specific circumstances of their organization.

Therefore, while the NIST publications might help you in doing the risk assessment, they are not binding on you.


 

September 3, 2015

QUESTION:        As Chief of Staff, I have been involved in several collegial interventions with an employed physician who is an outlier in clinical care and behavior. HR has been addressing the behavior and our Multispecialty Peer Review Committee has been reviewing his quality concerns. He is now claiming that this is double jeopardy – does he have an argument?

ANSWER:           As more physicians become employed by hospitals and their affiliates, physician leaders often collaborate with the management team (typically led by the Chief Medical Officer in these situations) to “triage” an issue and determine whether it makes sense to proceed through the medical staff process, the HR process, or a hybrid of the two. Regardless of what route is chosen, it is not “double jeopardy” (a term used in criminal law and thus not applicable). Rather, leaders assess which route makes most sense under the circumstances. There are a number of factors that may cause leaders to use one or the other – or even both – options. Information-sharing policies are increasingly being adopted to facilitate keeping both physician leaders and the management team in the loop, while maximizing peer review protection. Professionalism policies can guide leaders to use progressive steps to address behavior issues. Peer review policies (often called “Professional Practice Evaluation” policies in Joint Commission and HFAP accredited hospitals) can similarly provide steps for collegial intervention, Focused Professional Practice Evaluation and performance improvement plans.   There is no absolute right or wrong approach – if the physician is cooperative, leaders can seek to engage the physician in committing to performance improvement on both fronts based on their assessment of all the factors. The HR process may be better suited to address behavior issues and the medical staff peer review process to address clinical concerns. Both processes should develop documentation of the progressive steps. This will support the reasonableness of the steps taken.

For a discussion of these and related issues, tune into our “Employed Physician Peer Review: Maximizing Performance and Protection” audio conference on October 6, 2015 – 1:00 p.m. to 2:00 p.m. (ET). Join Phil Zarone and Charlie Chulack as they discuss the various concerns regarding hospital-employed physicians and how best to move forward so that the hospital is protected and performance is maximized.

And join Charlie Chulack, Rachel Remaley and Henry Casale for the Physician Employment Institute in Las Vegas on October 15-17 where all of our other seminars will be offered – please join us – and bring a team!

August 27, 2015

QUESTION:        We have several physicians who are chronic outliers in medical record completion. They are all good clinicians and a few are in specialties that we really need here, but it’s getting to the point where it’s affecting continuity of care and, quite honestly, the hospital’s bottom line. What is the best way to deal with this?

ANSWER:            It’s pretty much a guarantee that on every medical staff there will be a handful of outliers in this area, meaning physicians who are chronically late or incomplete with medical recordkeeping. Traditionally, the medical staff response to those situations has been to “automatically suspend” the physicians, although we believe the term “automatic relinquishment” is a more appropriate way to describe the situation.  Calling the physician in to meet with the MEC sometimes works because it is hard to look colleagues who are every bit as busy as you are in the eye and explain why one physician can’t do what everyone else is expected to do.

Some organizations have tried not insignificant monetary fines which must be fully paid for the physician to remain eligible for appointment to the medical staff. A few organizations have even tried the imposition of additional emergency call for those physicians who are chronic outliers. It is clear that medical recordkeeping requirements must be enforced, for many regulatory, legal, accreditation and patient care reasons. In the current era of physician employment, the employer likely has additional “enforcement mechanisms” available under the contract.

August 20, 2015

QUESTION:        Our organization’s delineation of privileges (“DOP”) form includes a laundry list of over 200 procedures. We want to move to a core privileging model for each specialty but need some direction on the best way to get started. We are especially concerned about how to address procedures that are done infrequently and/or not specifically listed in the core.

ANSWER:           Many hospitals have moved to “core” privileges and many have struggled with how best to address these types of questions. For a while, many organizations defined their cores somewhat vaguely to be, essentially, anything the physician would have learned in residency training. However, CMS and the Joint Commission let it be known that they did not like this form of core privileging because nobody really knew exactly what the physician was permitted to do. As CMS stated in a 2004 memo, “[s]pecific privileges for each category must clearly and completely list the specific privileges or limitations for that category of practitioner.”

As such, the guidance from CMS and the Joint Commission makes it clear that core privileging cannot be used to avoid the need to identify the specific tasks a physician may perform. Instead, core privileging is a way of grouping privileges based on a determination by the hospital that all the privileges in the group require similar education, training and experience.

What does this mean for those procedures outside of the core? Typically, we see these procedures identified as “special privileges,” meaning that any procedure that falls outside of the core will be included in a list of individual procedures that can only be requested if applicants can show that they have the required additional education, training, and/or experience beyond that required for the core in their specialty.

This means organizations must first decide what is in the core and what special procedures fall outside the core and then develop criteria for both.

This is an example of the types of questions you can ask our lawyers when you attend The Credentialing Clinic, which is being offered in Las Vegas this fall, Naples this winter, and San Antonio in the spring.

Click here to learn how you can join us for this interactive course.