Question:

We are reviewing and updating our Medical Staff Professionalism Policy and, while we include sexual harassment in the definition of unprofessional or inappropriate conduct, we are attempting to decide whether we should have a different process for addressing reports of sexual harassment.

Answer:

Some courts have concluded that hospitals may be held liable for sexual harassment perpetrated by an independent member of the medical staff if the hospital knew or should have known of the conduct and failed to take immediate and appropriate action.  Because of the unique legal implications surrounding sexual harassment, we recommend that a policy addressing inappropriate conduct incorporate a modified process for review of reports involving sexual harassment.

A single, confirmed incident of sexual harassment should trigger a well-defined process that involves the medical staff and hospital taking immediate and appropriate action to address the conduct and to prevent it from reoccurring.  For example, a personal meeting should be held with at least two members of the professionalism committee (or similar committee) to discuss the incident.  If the physician acknowledges that the incident occurred and agrees not to repeat the conduct, the physician is sent a formal letter of admonition and warning that is placed in his or her file.  The letter should set forth any additional actions or conditions imposed on the physician’s continued practice at the hospital which result from the meeting.  If the physician refuses to acknowledge the confirmed incident of sexual harassment or there are confirmed reports of retaliation, the matter should be immediately referred to the Medical Executive Committee to conduct a review consistent with the credentials policy or bylaws.  A well-defined process which incorporates these details demonstrates the hospital’s efforts to address any incidents of sexual harassment and attempts to prevent them from occurring again, minimizing the risk of the hospital being held liable in a court of law.

Question: We are reviewing and revising our Hospital’s Medical Staff Rules and Regulations and were concerned about medical staff members’ compliance with the section that requires all verbal orders to be authenticated by the ordering practitioner within 48 hours of the order being given.  Can we revise this requirement to give the ordering practitioner more time to authenticate the verbal order?

Answer:

It depends.  The Centers for Medicare & Medicaid Services (“CMS”) revised the Hospital Conditions of Participation (“CoPs”) in 2012.  The revised CoPs now permit verbal orders to be dated, timed and authenticated by the prescribing practitioner or another practitioner responsible for the care of the patient and who is authorized by hospital policy in accordance with state law to write a specific order (even if the order did not originate with him or her).  Thus, the 48-hour time frame for authentication has been removed and CMS is now deferring to state law and hospital policy.  Nonetheless, CMS continues to emphasize that hospitals should “keep the use of such orders to a minimum” and have policies in place to ensure accuracy, such as requirements for “read-back and verify.”  In addition, some states have their own time requirements for the authentication of verbal orders.  So, even though CMS has eliminated the 48?hour requirement for authentication of verbal orders, you will have to consult your state law and regulations before revising your Medical Staff Rules and Regulations.

Even if your state does not have a time requirement for the authentication of verbal orders, there are policy reasons underlying time requirements for authentication of verbal orders.  Verbal orders are prone to errors because of the risk of the practitioner accepting the order mishearing the order that is given.  While much of this risk is minimized by keeping the use of verbal orders to a minimum and with read-back and verify requirements, time-limited authentication requirements serve to identify and correct errors in a short period of time.  Accordingly, a 48?hour authentication requirement helps to further minimize the risk of errors with verbal orders.

Lastly, if there are concerns about the medical staff complying with a 48-hour requirement for authentication, CMS now, explicitly, allows not only the ordering practitioner but also other practitioners caring for the patient and acting within their scope of practice to authenticate verbal orders.  Thus, if a verbal order is given on a Friday night, the physician giving the verbal order would not have to come into the hospital by Sunday night to authenticate the verbal order if the Rules and Regulations include a 48-hour authentication requirement.  Another practitioner caring for the patient could authenticate the order.  However, and once again, you will have to consult state law and regulations to confirm that those sources impose no barriers to this practice.

Question: Our hospital is considering whether it should affiliate with another, larger hospital or a health system.  What are the major steps to take for a significant transaction such as this?  How long does a transaction like this take?

Answer:

Many hospitals have done, or are doing, the same kind of review that you are now starting.  Whether it is some kind of loose affiliation or partnership, becoming a subsidiary of another hospital or health system, or a full-fledged merger, this is one of the most important choices the hospital’s Board is ever going to make.

Step one is just that – the Board going through a thoughtful and careful process to make its decision.  That will take time, and often involves an outside consultant to help the Board.  If the Board’s decision is to move forward, the end result of this first step is usually to create a Request for Proposal (“RFP”) that the hospital sends out to anywhere from one to a number of different entities.  From the responses, the Board decides with whom to move forward.

Step two is the negotiation process, where the key terms of the affiliation are spelled out in a Letter of Intent (“LOI”).  A while ago, LOIs used to be fairly short documents, the “spine” of the transaction upon which to build the Definitive Agreement.  Now, given the importance of this kind of transaction and the details of any affiliation, LOIs have become rather substantial documents.  They usually address, among other things, important conditions to move forward, the delineation of powers involved, details of financial commitments and the assumption of liabilities, if any.

Step three is the due diligence process.  “DD,” as it’s called, is the process by which each entity reviews information and materials about the other.  This work is led by the legal counsel for each entity and often involves some review work by the entities themselves and any consultant(s) involved.

The whole point to the DD process is to provide each entity with sufficient information to make good judgments and good risk management decisions.

The DD process has always been very time and labor-intensive and voluminous when it comes to the documents and information involved.  Like the universe, DD lists look to be constantly expanding.

Step four, which usually begins at some point in the DD process, is for the Definitive Agreement to be drafted and eventually signed.  The details of the LOI create the base of the Agreement.  The remainder is completed by addressing any other issues that need to be resolved and adding the kind of provisions needed for such an Agreement:  representations and warranties, covenants, requirements for closing, schedules and exhibits, etc.

Step five concerns major regulatory reviews on both a federal and state level.  Due to the nature of these transactions, antitrust regulatory review has become an enormous piece of the regulatory review.  If the federal government is to be involved, that’s likely to be the Federal Trade Commission (“FTC”) or it could be the Department of Justice (“DOJ”).  If no federal review is required, that’s a best outcome.  State reviews, usually by the state’s Attorney General’s Office, are usually quite rigorous and time and document-consuming.

On the state level, the appropriate agency that reviews charitable organizations will become involved.  The extent of this is often dependent upon the particulars of the hospital’s situation.  Some transactions are so clearly needed that the agency may not be too demanding in its review.  With others, the state agency uses the full extent of a detailed review protocol.

Other state agencies will be involved, certainly the Department of Health and perhaps the Insurance Department, depending upon the transaction.  All of this takes time, planning and document management.

The sixth step begins once the Definitive Agreement has been signed.  It’s all the work that must be completed to take the parties through to the transaction’s Closing.  During this time, DD issues must be cured or settled, contractual notices given, all the requirements in the Agreement met, and appropriate Board action taken.  If the transaction also requires approval by a court, that step is taken here.

Step seven is the Closing and Post-Closing duties.  The Closing occurs on the chosen date when all regulatory reviews have concluded, all requirements and conditions have been met, all approvals received and legal documents filed.  Difficult regulatory reviews can extend this process and make the run-up to and through the Closing kind of choppy at times.

Post-Closing, from a legal perspective, is the final work to make sure that all post-closing notices are given and any remaining loose ends tied up.

Generally speaking, you should count on at least one year’s time to go through steps one through seven.  If you’re lucky, it takes less, and it’s not uncommon to take longer.

Then, of course, comes step eight:  making the affiliation work.  No lawyers here.  It’s leadership, staff, personnel, physicians, health care providers, etc. – all the people and populations that make up the hospital, and their counterparts in the other hospital or health system, coming together to achieve the purposes and goals identified by the Board in step one.

Question: What will happen next year to individuals who do not have health insurance as required by the Affordable Care Act?

Answer: Not a heck of a lot.  The so-called “individual shared responsibility provision” of the Affordable Care Act provides that (subject to certain exceptions) if individuals don’t have “minimum essential health coverage” as defined in the Act, they will be subject to penalties starting at $95 a year in 2014, with higher amounts as income goes up.  The minimum penalties go up to $325 in 2015 and $695 in 2016.  However, these penalties can only be assessed by the IRS as an offset to any refund or other amount due to the taxpayer. So if the individual does not have a refund coming, there is no effective penalty.  Moreover, those who do have a refund will simply get a lower one and may not view the “shared responsibility payment” as a payment at all.  This is likely going to work as an additional incentive for individuals not covered by employer-provided  insurance to go bare, especially in light of the large premium increases and enrollment difficulties that have recently been reported.  Therefore, hospitals and physicians should be prepared for a substantial uptick in uninsured patients, at least for the next couple years.

The IRS has published a useful summary of the individual shared responsibility provision on its website (which as of this morning was working fine, unlike that of HHS).

 

Question: We are holding a Halloween party for our children’s ward.  A musician has volunteered to host a sing-along with the kids and a local church is going to send some volunteers (dressed in costume) to hand out small candies and toys and paint children’s faces (as the children are able).  Do we have to get any special consent for HIPAA purposes prior to holding the party?  What about if we take pictures?

Answer: You do not need to have patients (or their parents) sign an authorization form permitting volunteers to be present on the children’s ward.  It is not a violation of patient privacy to have those individuals present for the purpose of hosting a holiday celebration for hospitalized children.

If volunteers intend to go into patient’s rooms (instead of greeting them at a centralized location, such as a lounge), you should consider getting the patient’s prior consent (in this case, the parent’s prior consent) due to the greater likelihood that the patient’s privacy and modesty could be encroached.

You do not need to have volunteers sign business associate agreements (after all, they are not providing an administrative service for the hospital – some might argue they are providing a treatment or health care operations function by keeping patients happy).  But that does not mean privacy issues are not raised by the presence of party volunteers.  Volunteers who come to the hospital to provide services to patients, including brightening their spirits, fall within the hospital’s “workforce” and should be given basic training about patient privacy.  This does not mean that those individuals need to sit through an entire HIPAA training session.  The “training” can be limited to that necessary for the role they will play in the hospital.  In the case of individuals coming to the hospital on a one-time or occasional basis to play music, paint faces, or help with holiday celebrations, the HIPAA training might consist merely of a statement signed by volunteers indicating that they understand patient privacy is paramount and they agree not to disclose specific information about patients, including their identities and specific health information, outside of the hospital.  Consider, too, having them agree not to take pictures.

Finally, it is okay to take pictures when events such as a Halloween party are hosted.  Before any such pictures are taken, however, we recommend that patients/parents are clearly informed that photographs will be taken at the event.  And better yet, get a signed authorization from the parent of each patient who is photographed (this could be attached to a general “permission form” to attend the party).  This will ensure that any future use of the photographs is authorized (for example, posting on a bulletin board, sharing with other parents on the ward, publishing in a hospital newsletter, release to a newspaper, or advertisement in a fundraising communication).

 

Question: Our hospital is about to enter into a professional services contract with an anesthesia group.  Can we require, as a part of this contract, the anesthesia group to test its physician employees who will be providing care at our hospital for drugs and alcohol?

Answer: A hospital can require testing for drugs and alcohol in hospital-based contracts, such as professional services contracts with anesthesia groups.  However, since hospital-based contracts are usually between the hospital and the group/corporation and not with the individual physicians of the group, any requirement in the hospital’s professional services contract with the group may not be enforceable against the group’s individual physicians.  Specific contract language can address these difficulties and ensure that the group is requiring drug testing for its individually employed physicians.  For example, the hospital’s contract with the group can state that each of the group’s physicians, as a condition of providing services at the hospital under the contract, shall be free from the influence or presence of alcohol or drugs and that this shall be determined by the group testing the physicians at the time of conditional offer of employment, following a reasonable suspicion of use or abuse, and upon return to work after a leave of absence for drug or alcohol treatment.  This approach can be reinforced by requiring every member of the group to sign an agreement to be bound by all the terms of the hospital’s contract with the group.

A hospital and its medical staff can achieve a similar result by having drug and alcohol testing requirements in the bylaws or another medical staff policy.  Since a group’s physicians would have to be appointed to the medical staff and granted clinical privileges to practice at the hospital, the group’s physicians would have to comply with any requirements in the bylaws or other policies, including those for drug and alcohol testing.

For further discussion of this issue and others related to drug testing physicians, join Linda Haddad and Charlie Chulack for the audio conference “Drug Testing Physicians:  Does Physician Privacy Trump Patient Safety?” on October 29, 2013 from 1:00 p.m. to 2:30 p.m.  Eastern Time.

Question: Did the federal government shutdown affect the Hospital Compare website?

Answer: Yes.  The Centers for Medicare & Medicaid Services (“CMS”) was not able to update the data on October 10, as planned, because of the federal government shutdown.  The next update to the data, including 30-day readmission and complication measures, is due December 12.

Question:

An adult patient recently requested a copy of her birth records. She was adopted as an infant and her birth records, while still maintained by the hospital, include information about her birth mother.  Should we release the records?  If so, should we redact information about the birth mother?

Answer:

The federal Health Insurance Portability and Accountability Act (“HIPAA”) privacy regulations require covered entities (including hospitals) to provide patients with access to their protected health information in a designated record set.  45 C.F.R. §164.524(a).  This includes a copy of any medical record that is used to record and make decisions about the patient’s care.  In the case of an infant, the birth record would be included.

There are exceptions to patients’ right of access under HIPAA.  One of those exceptions applies when the information to be disclosed could harm the person mentioned in the record. Specifically, the HIPAA regulations provide:

Reviewable grounds for denial.  A covered entity may deny an individual access, provided that the individual is given a right to have such denials reviewed, as required by paragraph (a)(4) of this section, in the following circumstances:

 ***

(ii) The protected health information makes reference to another person (unless such other person is a health care provider) and a licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to cause substantial harm to such other person;

45 C.F.R. §164.524(a)(3).

In the case of parents who relinquish custody of an infant for adoption purposes, it is well within a licensed health care professional’s (e.g., social workers, CMOs, nursing supervisors) discretion to determine that access by the now-grown infant is reasonably likely to cause harm (e.g., mental anguish, anxiety) to the relinquishing parents.  In reaching that conclusion, the health care professional could point to the state’s adoption procedures.  Most states have detailed statutes and regulations that outline the procedures that courts and adoption agencies must follow when managing adoption records.  The obvious intent of those laws is to protect adopted children and relinquishing parents from discovering each other’s identities without mutual consent.

Note that if access to the birth records is denied by the hospital pursuant to the HIPAA regulations’ exception at 45 C.F.R. §164.524(a)(3), the hospital must:

• Give the adopted individual a copy of any information in the record that is not likely to harm the birth parents (probably, a copy of the entire record with all identifying information about the parents removed).  45 C.F.R. 164.524(d)(1).
• Provide a timely, written denial to the individual, including the basis for the denial, a statement of the individual’s right to request review, an explanation of how the individual can exercise that right, and a description of how the individual can complain to the hospital (including the name or title and telephone number of the contact person) or to the Secretary of the Department of Health and Human Services. 45 C.F.R. 164.524(d)(2).
• If the patient appeals the denial, the hospital must appoint a licensed health care professional who was not involved in the original decision to deny access to review the request for access.  The hospital must then promptly inform the patient of the reviewing professional’s decision and take other action as required to carry out the reviewing professional’s decision.  45 C.F.R. 164.524(d)(4).

Finally, though it is not legally required, if you intend to deny access to a birth record, consider referring the requestor to the local courts or child welfare agency to obtain more information about lawfully obtaining the identity of the birth parents.  Many states have amended their adoption procedures in recent years to provide a process for adoptees or birth parents to seek each other’s consent to share their identities and contact information.

Question:

Questions have arisen regarding the quality of care provided by Dr. R. Kiner at the hospital.  The Chairs of our Credentials and Peer Review Committees, Dr. H. Wagner and Dr. P. Traynor, both say that a review, and not an investigation, should be performed concerning Dr. Kiner’s hospital practice.  Why is there a distinction?

Answer:

Part of the answer is that an investigation is usually a much more formal process and is to be conducted in accordance with the investigation process described in the hospital’s Credentials Policy or Medical Staff Bylaws.  A review is less formal and may be conducted pursuant to a designated process, such as the peer review process, or a more ad hoc process.  Part of the answer is also legal.  A physician who relinquishes his or her medical staff appointment and/or clinical privileges either during or in lieu of an investigation is to be reported to the Data Bank.  That is not the case when a review is involved.

Question:

Thanks for the answer in last week’s Health Law Express that when it comes to minutes, “don’t” record the details of any discussion, since less detail is better, except when it comes to making an adverse recommendation regarding a physician.  Do have any other “don’ts” that you can share with us?

Answer:

Yes, another “don’t” is don’t record personal remarks unrelated to the committee’s business.  For example, if Dr. Smith’s competence is an issue, don’t record “Dr. Jones thinks that Dr. Smith is incompetent, mean to children, and kicks dogs.  But, Dr. Jones said that Smith must have a lot on his mind since his son was just arrested for heroin possession.”  The only issue before the committee that is relevant is Dr. Smith’s competence.  So record “The committee recommended that Dr. Smith’s clinical privileges for laparascopic cholecystectomies be revoked because of competence concerns.”

To learn more about medical staff documentation issues, please join Nick Calabrese and Ian Donaldson, attorneys at HortySpringer, for an audio conference entitled “Documentation: Committee Minutes and Medical Staff Files” on October 1.