QUESTION:    I understand that our patients can now directly obtain their lab results from the lab, and don’t have to get that information from their physician or his or her office. I’m very concerned with my patients receiving those test reports without the benefit of my description and interpretation of them. I don’t know how patients are going to have the knowledge to understand what they’ll be reading, and that could be harmful to them. What is this all about?

ANSWER:    Until this year, the Clinical Laboratory Improvement Amendments (“CLIA”) did not allow a patient to directly access his or her completed test reports. At the same time, while HIPAA championed an individual’s direct access to medical record information, the Privacy Rule said not for lab reports, to be in step with CLIA.

A new federal rule changes all of that. By the new rule, both the CLIA and HIPAA regulations have been revised to allow a patient, or his or her personal representative, to have the right of direct access to the lab results.

As to why this was done, the Department of Health and Human Services (“HHS”) states that it “believes that this right is crucial to provide individuals with vital information to empower them to better manage their health and take action to prevent and control disease. In addition, removing barriers in this area supports the commitments and goals of the Secretary of the Department of Health and Human Services…and the Administrator of CMS regarding personalized medicine, an individual’s active involvement in his or her own health care, and the widespread adoption of EHRs [electronic health records] by 2014.”

As to the concern that patients will not be able to understand the lab results without their physicians’ involvement, HHS states: “This rule does not diminish the role of the health care provider in interpreting the laboratory test reports for his/her patient in the context of the patient’s medical condition. We expect that individuals will continue to obtain their test reports and the interpretation of those test reports from their health care provider.”

HHS also believes: “that the rule will further encourage ordering and treating providers to more proactively discuss with patients the range of possible test results and what the results may mean for the particular patient before or at the time the test is ordered.”

The new rule does not require the testing lab to provide any interpretation information or material to the patient involved.

The world of medical records is changing, and that’s not just because of the switch to EHRs or providers desire to meet the meaningful use rules in order to receive the incentive payments that come with that. Collectively, recent industry practices, rules or rules in the making make patient access more direct (patient portals, this new rule), enhancing patients’ rights. Others treat or propose to treat EHR as less private than they are now (proposed revisions to the federal drug and alcohol medical records laws, practices necessary for health information exchanges to best perform).

These changes are not all pulling in the same direction, and there are likely more changes to come. Look for a coming article in our Action Kit of Hospital Law publications to read more in-depth about all of these changes and what you should know to best manage them.

QUESTION:   We understand that the enforceability of a restrictive covenant depends on state law. In our state, the courts will enforce a covenant in an acquisition and will generally enforce a covenant in an employment agreement. However, a question has arisen as to whether the courts will enforce a covenant in an agreement with an independent contractor in the same manner as it would if the physician were an employee.

ANSWER:   As you correctly point out, whether a court will enforce any type of restrictive covenant depends on your state law. Most (if not all) states will enforce a restrictive covenant that is part of an acquisition of a business. Most states will also enforce a covenant that is reasonable in scope and geographic extent during the term of employment or during the term of an agreement with an independent contractor. Where courts differ is whether a court will enforce a restrictive covenant following the termination of the employment/services agreement. However, the enforceability of a covenant should not depend on whether a physician is an employee or an independent contractor.

In Pennsylvania, for example, the Pennsylvania Superior Court has specifically held that restrictive covenants are applicable “beyond the tradition employer/employee relationship” and has held that “a valid restrictive covenant can be imposed on an independent contractor…restrictive covenants should not be set aside…merely because [a party]…is an independent contractor rather than an employee.” This decision was based on a Pennsylvania Supreme Court decision that a restrictive covenant in a franchise relationship was enforceable and Section 516(f) of the First Restatement of Contracts upholding a restrictive covenant by “an assistant, servant or agent not to compete with his employer or principal during the term of the employment, or agency or thereafter….” (Emphasis added.)

Therefore, the fact that a physician is an independent contractor should have no effect on the validity or the enforceability of an otherwise valid and enforceable restrictive covenant.

 

QUESTION:    Our hospital would like to allow students from local high schools, colleges or trade schools to “shadow” Medical Staff members and other health care professionals. We believe this will encourage students to enter the health professions and perhaps work at our hospital in the future. Would a job shadowing program violate HIPAA?

ANSWER:    The HIPAA Privacy Rule has been in effect for over a decade. In that time, the federal government has not provided any formal or informal guidance regarding job shadowing programs. Also, we have not heard of any HIPAA investigations involving job shadowing programs. This is not to minimize the compliance issues associated with job shadowing programs. However, the government’s lack of action in this area suggests that the HIPAA risks of job shadowing programs can be successfully addressed.

The HIPAA Privacy Rule permits protected health information to be used and disclosed without patient authorization for the “health care operations” of a hospital. The definition of “health care operations” includes two provisions which could reasonably be viewed as including job shadowing programs:

(1)        “general administrative activities” of the hospital; and

(2)        “conducting training programs in which students, trainees, or practitioners in areas of health care learn under supervision to practice or improve their skills as health care providers.”

We believe that job shadowing programs could be viewed as part of the “general administrative activities” of the hospital. Such programs can increase the number of individuals interested in health careers and allow hospitals to build closer relationships with their communities. These would seem to qualify as important administrative activities of a hospital.

Another alternative is for a hospital to establish a “Health Career Assessment and Training Program” in a formal manner. The purpose of such a program would be to encourage individuals to choose health care professions as careers. This would bolster the argument that participants in the training program fall within the training language set forth in the Privacy Rule’s definition of health care operations.

To minimize risk, job shadowing programs could require that students sign an agreement by which they promise to keep the identity of any hospital patient and the medical condition or treatment of any patient strictly confidential. In addition, a sponsor from the hospital, either a physician or other health care worker, should sign an agreement to be responsible for the actions of the student.

QUESTION:    This week’s question comes from Jack, who lives in Georgia, and who writes “Dear Countdown, my wife, Diane, has lived far away from me for the past several years as she went through residency.  It’s been very hard, but now things are looking up, since she’ll soon be taking the Midnight Train to Georgia and be with me again.  I’m wondering though – I’m on the Medical Executive Committee of a hospital, and Diane is going to apply for clinical privileges there.  I was told that I can’t vote on her application, but my thinking is What’s Love Got to Do with It?”

ANSWER:    Well, Jack, we don’t want you to be Alone Again (Naturally).  But in order for this story to have a happy ending, you’ll need to think back to your compliance training and Listen to What the Man Said about basic conflict of interest rules.  You see, you have, or reasonably could be perceived as having, a conflict of interest or bias regarding Diane’s application.  So, you can’t participate in the final discussion or vote on her application, and are required to be excused from the meeting during that time.  But, you may provide relevant information and answer any questions regarding her application before leaving.  Good luck Jack & Diane, and the Countdown wishes both of you Endless Love.

QUESTION:    The MEC and Board serve as approval-type bodies for credentialing decisions.  So, our custom is to have the chair of each department present applicants within their departments to the MEC for approval.  Usually, this just involves the department chair offering up a list of applicants who have been “recommended” for appointment, reappointment, and clinical privileges.

At the Board level, the MEC’s recommendations for appointment, reappointment, and clinical privileges are presented.  This generally involves the Board being given a list of applicants and the Chief of Staff verbally reporting that the MEC has recommended the listed individuals.

Is something more required or recommended?

ANSWER:    When hospitals credential applicants for appointment, reappointment, or clinical privileges, much of the hard work is done by the Medical Staff Office and Credentials Committee, which look closely at any history that the applicant may have, follow up on any concerns, and obtain more information from the applicant and outside resources, and, in the case of the Credentials Committee, carefully deliberates and decides how to proceed.  While these functions are invaluable to the credentialing process, they do not replace the important role that the MEC and Board play in carefully considering and acting upon applications for appointment, reappointment and clinical privileges.

When no concerns have been raised about an applicant (which is the case most of the time), the MEC and Board can likely fulfill their duties by approving a list of applicants, with the understanding that the Medical Staff Office, department chairs, and Credentials Committee have done their jobs diligently, in accordance with the Medical Staff Bylaws and related policies.

The situation differs when material concerns have been raised about an applicant.  In that case, the MEC and Board should be provided more information about the concerns and the reasons for the recommendations of the department chair and/or Credentials Committee – even if the department chair and Credentials Committee have decided to recommend appointment or reappointment and the grant of clinical privileges, with no additional conditions or restrictions being put into place.

It can be helpful in emphasizing the Board’s responsibility for approving applicants for the Board Chair to require that the Chair of the Credentials Committee or the Chief of Staff personally present the approved list of applicants for Board approval.  The Board Chair would – each time – ask the presenter whether he or she personally approved the actions.  This all is pro forma but it emphasizes that the Board expects that those who send the list forward for Board approval understand the Board’s responsibility and accept responsibility for the recommendations they are making.

After being alerted to the general nature of the concerns involving the applicant, the MEC or Board (as applicable) can decide whether it would like to review the applicant’s credentials file, obtain additional information, or refer the matter back to the Credentials Committee for further consideration and recommendation.  Those bodies can only make such decisions, however, if they are made aware that there is something unusual about the applicant who is before them for approval.

So, the answer to your question is that, yes, when making credentialing decisions, it is sometimes necessary for the MEC and Board to be given more than a name on a list.

Please join us at The Credentialing Clinic this fall for more practical advice and tips for leaders performing credentialing functions.

QUESTION:    As we continue to employ more physicians, we have spent a fair amount of time trying to manage the files related to these individuals. At this point in time, “personnel files” live in our HR department, while our confidential medical staff files live in the Medical Staff Services Department.  But where should we keep the health records of employed physicians when there has been a disclosure of a condition like Parkinson’s or ADHD?

ANSWER:    The Americans with Disabilities Act (“ADA”) places certain restrictions on the manner in which employee health information may be stored.  The regulations implementing the ADA state that such information must be stored in a confidential manner that is only accessible by supervisory personnel and first aid workers.  This approach is explained in the Equal Employment Opportunity Commission’s (“EEOC”) guidelines, which state that:

The ADA requires employers to treat any medical information obtained from a disability?related inquiry or medical examination (including medical information from voluntary health or wellness programs), as well as any medical information voluntarily disclosed by an employee, as a confidential medical record. Employers may share such information only in limited circumstances with supervisors, managers, first aid and safety personnel, and government officials investigating compliance with the ADA.

Accordingly, whenever information related to an employed physician’s health is disclosed, there is no hard and fast rule on where the information is physically stored.  The primary concern is limiting the accessibility of that information to those who have a “need to know,” i.e., a supervisor or manager who may be involved in developing any necessary accommodations related to the employee.

For answers to more of your credentialing questions, including tips on how best to organize and maintain access to your confidential files, please join us this fall for “The Credentialing Clinic” at the New York Marriott Marquis in The Big Apple or contact us about having The Credentialing Clinic come to you!

QUESTION:    We are a rural hospital that has difficulty recruiting physicians for certain specialties.  To help with recruitment, we are actively seeking to engage physician recruiters to bring needed physicians to our hospital.  The physician recruiters that would like to work with us all have proposed different contractual terms for their services.  What should we be looking for or insist on including in these agreements with the physician recruiters?

ANSWER:    Some physician recruiters will offer bare bones recruitment agreements and “guarantee” a physician’s placement for a limited period of time, such as 30 days.  We recommend, at a minimum, a stronger “guarantee” in any agreement with a physician recruiter.  For example, the agreement should specify that if a physician candidate for whom the recruiter has been paid fails to commence a medical practice per the employment agreement or if the employment agreement is for any reason terminated within one year of the commencement date, then the recruiter will conduct a new search at no additional fee for a period of six months to provide a suitable replacement candidate.  If the recruiter fails to provide a replacement candidate, the agreement should obligate the recruiter to refund the fee paid for its recruitment efforts.

In the Simpson v. Beaver Dam Cmty. Hosp., Inc. case, the employer paid the physician recruiter $12,000 after the physician accepted the offer of employment even though the credentialing process for medical staff appointment and clinical privileges was not complete.  Ultimately, the physician was not appointed to the medical staff or granted clinical privileges and his employment did not go forward.  Using a strong “guarantee” in agreements with physician recruiters can help eliminate situations like these when the employer, per an unfavorable agreement, would otherwise be on the hook for a significant sum because of the recruitment of an unsuitable candidate.

We also recommend that the agreement include a “position description” attachment, which the recruiter will provide to the candidate.  The position description outlines the duties and obligations that will be set forth in the employment agreement.  The position description serves the primary purpose of informing both the recruiter and the candidate of the expectations for employment.  Ideally, outlining these in a position description and requiring the recruiter to present it to any candidate will minimize the chances that the recruiter will present candidates who are unable to meet the expectations and will also save both time and money for the employer.

For more information on physician recruitment and other essential topics related to physician employment, please join Henry Casale, Rachel Remaley, and Charles Chulack for the Institute on Employed Physicians and Their Impact on the Medical Staff in New York, New York on December 4-6, 2014.

QUESTION:    We are now reviewing our Bylaws and Credentials Policy.  One physician has objected to the proposed language that the CEO appoints the hearing panel.  Is it okay for us to keep the current provision that the Chief of Staff appoints the hearing panel?  We haven’t had a hearing in over a decade.

ANSWER:    A hearing panel is most commonly appointed by the CEO, to protect the Chief of Staff from the risk of being named in a suit.  Such a suit can include antitrust claims that there is a conspiracy to restrain trade, among medical staff members.  Hearings are rare.  The Bylaws or Credentials Policy should guide physician leaders to use progressive steps starting with collegial intervention.  A Peer Review Policy should provide options for performance improvement plans.  However, a hearing is necessary when an adverse recommendation is made by the MEC, in cases where a practitioner is unable or unwilling to follow those steps.  Often, the attorney for the affected practitioner will seek to argue that medical staff leaders are biased or acting anticompetitively. The Health Care Quality Improvement Act immunity has worked well to protect physician leaders from antitrust allegations that were common before the HCQIA.  The HCQIA’s objective reasonableness standards have been applied by the courts generally to rule that allegations of subjective motives are irrelevant if the record demonstrates reasonableness. The Chief of Staff is at some risk of being personally named in an antitrust suit – an aggravation even if the likelihood of actual liability is extremely remote.  However, notwithstanding the enhanced legal protection for the Chief, it can sometimes be politically difficult to get buy-in for the CEO to appoint the panel.  A middle ground, to balance trust and protection, is to have the CEO consult with the Chief of Staff. 

QUESTION:    We have several clinical departments that have either weak chairs or chairs who are there entirely by “default.” These individuals are relied upon to perform a really important role.  How can we get stronger leaders interested?

ANSWER:    In many hospitals, it has been traditional to rotate the department chair position so that everyone in the department gets his or her turn.  However, not every physician has an aptitude for, or interest in, medical staff leadership.  And to be perfectly honest, many do not even know what the role will require of them before they assume the position.  One answer may be to develop stronger qualifications for serving in medical staff leadership roles, including officers and department chairs, and to provide compensation for department chairs.  Another question to ask is if there are too many departments.  Consider including guidelines in the governance documents that provide factors for the medical executive committee to consider when deciding whether to eliminate (or establish) clinical departments that explains the functions that the individuals within such a department have to fulfill.  On that basis, you might consider consolidating departments or doing what many hospitals have done, which is moving to a service line model.  By having fewer positions to fill, you then have a larger pool of qualified people who want to serve!

 

QUESTION:    Two years ago, we terminated an employee for violating the hospital’s privacy policies.  The former employee has now obtained an employment offer within our community and, as part of his new employment, would need to have remote access to our health system’s EMR.  Is it lawful to allow access, considering the circumstances pursuant to which the employee was terminated?  Should we allow access?  What are the risks?

ANSWER:    Access to a health care organization’s electronic medical record system is a courtesy and privilege and your organization has no obligation to grant “second chance” access to anyone whose access has been previously terminated for non-compliance with the rules governing access to the system.  That being said, there is no legal prohibition to reinstating access for such individuals.  Accordingly, it is within your organization’s discretion to decide whether it will process requests for reinstatement of access and, if so, what process it will use to determine whether reinstatement will be granted and any terms or conditions of reinstatement.  Here are a few things you may wish to consider:

• You may wish to update your internal policies and procedures to state whether requests for reinstatement of access will be considered and, if so, how they will be processed.

For example, consider adding language such as the following:  “if access to the HIT system has been previously terminated for an individual for any reason, that individual may request reinstatement of access by submitting a written request to the privacy officer, who shall have sole authority to determine whether to grant reinstatement.  Requests for reinstatement of access will be considered on a case-by-case basis.  Access to the HIT system is a courtesy and privilege.  There is no right to access.  Accordingly, the privacy officer’s decision regarding reinstatement shall be final, without any right to appeal or other procedures.

• If you decide to consider requests for reinstated access, it is probably best to consider them on a case-by-case basis, rather than adopting a one-size-fits-all process (e.g., “reinstatement will be granted if at least two years has passed since the violation/termination” or “if the underlying violation was determined to be intentional, rather than reckless or negligent, then the individual is ineligible to request reinstatement of access”).

Case-by-case consideration of requests will give your organization more flexibility to consider all of the facts surrounding the prior violation, including the amount of time that has passed, the nature of the violation, whether the employee admitted the violation at the time and took full responsibility, and any mitigating factors (such as the requestor’s subsequent completion of privacy-related education or subsequent work in a health care organization without incident).

Further, you may wish to consider the benefits to the community of granting reinstatement of access (for example, is this a doctor who practices in a needed specialty or a nurse developing a care coordination network for the community’s elderly population?).

In any case where the decision is made to grant reinstatement of access, be sure to document the reasons that support that decision.  This can serve as evidence of your reasoning should there ever be an issue (such as a DHHS surveyor questioning your judgment).  Further, keeping a written record of such decisions will probably help you to be more consistent when making those decisions.  Finally, should the privacy officer’s decision ever be challenged as unfair (i.e., “you reinstated her access, but won’t reinstate mine”), the documentation of why access was reinstated in a prior case can help to demonstrate the justification for any disparity.

• If you choose to grant access to individuals who have previously demonstrated their unwillingness or inability to abide by your privacy rules, consider taking steps to limit your risk.

For example, you may choose to consider requests for reinstatement of access only if the individual submits evidence of having completed substantial (as defined by your organization) re-education or re-training in medical ethics and/or patient privacy.

In addition, you may wish to require the individual – and/or his or her prospective employer – to sign an agreement to indemnify and defend the organization should the individual violate any of the organization’s privacy or security policies.

The agreement should make it clear that the individual will be responsible not only for damages arising from any lawsuit, but also any fines or penalties imposed by the federal or state government, the costs of any breach notifications deemed necessary by the organization, any costs associated with investigation of the privacy or security violation (such as audits by computer experts), and any mitigation deemed necessary by the organization (for example, the purchase of identity theft insurance for patients affected by the violation).

If you are going to request the prospective employer to take responsibility for any future violations by the individual requesting reinstatement, that employer may wish to obtain additional information from your organization regarding why access is not available automatically to the individual in question.  Note that you will want to be careful when sharing information with the prospective employer to avoid any allegations by the former employee that you defamed him/her or violated his/her privacy.  Accordingly, prior to sharing any information about the reasons the individual is not able to obtain access to your EMR without special consideration, you should first have the individual sign an authorization form that specifically authorizes you to speak with the prospective employer and to disclose full details of the circumstances surrounding the individual’s termination from your organization.  That form should also include broad language releasing your organization from liability for any information you share and should state that the individual agrees not to sue you (and will pay your attorneys’ fees and costs if he or she sues you, despite having signed the form, and does not prevail).

Finally, if you choose to grant reinstated access, be sure to limit such access to the minimum necessary and take other practical steps to limit the risk of future violations.  For example, if access is being reinstated to allow a nurse in the community to provide care coordination services for elderly patients with multiple chronic conditions, and if your EMR has the technical capability, consider limiting access to the records of patients over the age of 65.  Also consider setting up regular audits of the individual’s access to your EMR (for example, as a condition of access, you may require the care coordinator to have her employer submit on a weekly basis a list of all patients the coordinator is responsible for.  The HIT department can then run an audit of all EMR records accessed by the care coordinator and compare it against the list to verify appropriate access.  Any names which do not match should be further audited to determine whether there was an appropriate reason for access).