Category Archives: Practice Enhancement

Updated Practice Management Guidelines for Healthcare Facilities

April 1, 2020

Healthcare providers today have found themselves in the midst of an unprecedented public health emergency requiring the combined efforts of the entire workforce. In times like these, clear and effective guidance is a necessity. To assist clinicians with navigating this challenging landscape, the Centers for Disease Control and Prevention have released interim guidelines outlining preparation strategies for healthcare facilities anticipating community spread of the novel coronavirus (COVID-19) and those which may be experiencing it currently.

 As the situation is unfolding dynamically it is impossible to predict the course of the outbreak and the medical workforce’s preparedness is vital to improving patient outcomes. The CDC stresses the importance of continual care for all patients, despite a surge in demand at healthcare facilities, and the need for concentrated efforts aimed at mobilizing all aspects of the system to reduce the spread of COVID-19 while decreasing its burden. As the situation continues to evolve, public health guidelines will likely change; clinicians and healthcare facilities should remain aware of the latest updates on local and state public health recommendations as they become available.

 Preventative Actions to Take Now

 At this time, the primary goals for the U.S. healthcare system are to reduce morbidity and mortality rates, minimize COVID-19 transmission, protect medical personnel, and preserve healthcare system functioning. To do so, the CDC recommends several preventative solutions to prepare healthcare facilities for potential outbreak spread.

 In communities yet unaffected by the virus, the CDC urges healthcare facilities to take time to educate staff on COVID-19 preparations and protocols. This includes informing them about transmission mechanisms, the clinical management of COVID-19 patients, as well as infection prevention and control recommendations outlined by the agency.

 Additionally, providers are urged to minimize the amount of face-to-face contact with patients by encouraging patients to use advice hotlines, patient portals, online assessment tools, and to call medical professionals directly. Implementing or expanding an existing telehealth program can prove vital at this time, helping clinicians provide safe and effective care remotely.

 Personal protective equipment is lacking all over the country, however, providers should plan to optimize their facility’s supply before they reach a dire need. Identifying flexible mechanisms of procuring additional supplies when needed and organizing local drives for equipment donations can help prepare for future shortages.

 It is also essential for healthcare facilities to prepare to safely triage and manage patients with COVID-19, which includes implementing visual alerts, instruction on hygiene and prevention etiquette, ensuring supplies are available, and offering facemasks to patients with respiratory symptoms. In addition, an area should be created to spatially separate patients with such symptoms, ideally allowing for at least 6 feet of space between individuals. It is also important to ensure patients with symptoms are aware of healthcare facility protocols – such as the need to call before arriving in person to allow care teams to prepare.

 Handling COVID-19 Community Spread

 In communities currently experiencing community spread of the virus, healthcare facilities are urged to work with local and state public health organizations, healthcare coalitions, and other local partners to minimize disease spread. Designated staff – trained on the CDCs’ infection prevention and control guidelines – should be responsible for caring for COVID-19 patients; these providers should also be monitored closely for symptoms.

 Facilities experiencing widespread transmission may opt to screen staff members for fever or respiratory symptoms and prepare for increased absenteeism by extending hours, cross-training current employees, and hiring additional staff. Further, it is essential for staff to be aware of sick leave policies, recommended work restrictions, staff monitoring procedures, and be given the opportunity to stay home if they present symptoms of illness.

Medical professionals are encouraged to manage mild cases of COVID-19 remotely; if patients are able to engage in home monitoring safely, then telehealth is preferred. Caregivers and patients should be aware of home care instructions and be able to access the healthcare facilities for urgent care. Working with local public health authorities and community organizations can help affected communities offer support services for COVID-19 patients recovering at home – including food, medication, and other necessity delivery.

 Considerations for Outpatient Care

 The CDC urges facilities with outpatient services to reschedule non-urgent outpatient visits as necessary. Providers should consider reaching out to patients deemed at high risk of COVID-19 complications – including the elderly and those with underlying health conditions – to ensure they adhere to current treatment plans, confirm they have sufficient medication refills, and provide instructions on how to notify their providers if they begin to experience symptoms. Additionally, it may be helpful to accelerate the timing of high priority screening and interventions in anticipation of an upcoming influx of COVID-19 patients. To support optimal hospital capacity, the CDC also recommends eliminating patient penalties for cancellations and missed appointments in cases of respiratory symptoms.

Considerations for Inpatient Care

 Based on the latest guidance, facilities should reschedule elective surgeries as necessary at this time. When feasible, providers are urged to shift elective urgent inpatient diagnostic and surgical procedures to outpatient settings to further preserve hospital capacity. In planning for a forthcoming influx of COVID-19 patients, inpatient facilities should identify additional or alternate space in the ER, ICUs, and other patient care areas along with dedicated staff to care for known or suspected COVID-19 patients. Visitors of COVID-19 patients should be limited as well.

Considerations for Long Term Care Facilities

 Long term care facilities are recommended to limit visitors, post visual alerts with hygiene instructions, ensure adequate supply availability, and employ targeted efforts toward preventing COVID-19 patients from exposing other patients. This can be achieved by limiting the movement of COVID-19 patients, designating staff members responsible for care of these patients, and observing incoming patients and staff for respiratory symptoms. 

 Although times are uncertain and it is not possible to determine if, how, and when the COVID-19 outbreak will affect your community, it is essential for healthcare providers and facilities across the nation to be prepared for potential emergency situations. These may include surges in incoming patients seeking care, potential staff shortages, closures related to social distancing, and a rising need for telehealth programs. Shifts in the healthcare model as a result of the outbreak are complex and expected to continue evolving as more information about the virus becomes available; clinicians are encouraged to communicate with their local public health officials to stay up to date with the latest guidance.

The Latest HIPAA Updates in Response to COVID-19

March 26, 2020

In light of the novel coronavirus (COVID-19) pandemic, government officials, medical professionals, and public health authorities have been forced to navigate an increasingly difficult situation. With a focus on affording the population widespread access to care, many regulations have recently been amended in order to assist the health care system in combating the spread of COVID-19. During an infectious disease outbreak or other emergency situation, It is important for clinicians to continue adhering to official mandates despite the national emergency.

As such, the Office for Civil Rights at the U.S. Department of Health and Human Services has recently shared an updated bulletin reminding health care providers of the ways in which patient information can be shared under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. As per the HIPAA rule, the notice recognizes the need for public health officials to have access to protected medical information as a method of protecting the health and safety of both individual patients and the public at large. As such, it permits covered entities to disclose protected health information without authorization when mandated necessary.

Guidelines for Sharing Patient Information

The HIPAA Privacy Rule is intended to protect the privacy of patients’ health information, with exceptions made for appropriate disclosures of information when necessary to treat a patient, protect the nation’s public health, and for other critical purposes. In the case of a global pandemic, such disclosures may be warranted more frequently as public health organizations and government officials rely on patient health information to inform their directives.

Serving as a reminder of the protections of the Privacy Rule which are not set aside during an emergency, the latest bulletin provides essential guidance for health care providers. The latest HIPAA regulations are outlined below and can be found on the U.S. Department of Health and Human Services’ website as well.

Treatment Information

Under the Privacy Rule, HIPAA-covered entities may disclose protected health information about a patient as necessary to treat both the patient and other patients without authorization. This includes the coordination and management of care as well as all other related services by one or more health care providers and others, consultation between providers, and the referral of patients for treatment.

Public Health Activities 

The act recognizes the legitimate need for public health officials and others responsible for ensuring public health and safety have to access protected health information that is necessary to carry out their mission. Under the Privacy Rule, covered entities can disclose the needed health information without patient authorization to public health authorities, at the direction of a public health authority to foreign government agencies, and to persons deemed at risk.

Health care providers are permitted to disclose such information to a public health authority – an agency or authority of the United States government, a State or a territory responsible for public health – as well as an individual acting under a grant of authority from such an agency. This includes the CDC or a state or local health department authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability. Examples include the reporting of disease of injury and vital events (such as births or deaths) or conducting public health surveillance, investigations, or interventions.

Under these regulations, a covered entity may disclose to the CDC protected health information as needed to report all prior and prospective cases of patients exposed to or suspected or confirmed to have COVID-19. Furthermore, protected information may be disclosed to individuals deemed at risk of contracting or spreading the virus – if allowed for by state law – to notify persons as necessary and prevent the spread of disease.

Disclosures to Family Members and Others 

According to the HIPAA Privacy Rule, a covered entity may share protected health information with a patient’s family members, relatives, friends, or other involved individuals. Information may also be shared to identify, locate, and notify anyone responsible for the patient’s care, as well as to convey the patient’s location, general condition, or death. Recipients of this information can include family members and other persons involved in the patient’s life, the police, the press, or the general public. Furthermore, a covered entity may share protected medical information with disaster relief organizations, such as the American Red Cross. However, the covered entity should receive verbal permission from patients when possible before disclosing such information.

Disclosures to Prevent Serious and Imminent Threat 

Clinicians are permitted to share protected patient information with anyone to prevent or lessen a serious and imminent threat to the health and safety of a person or the public under applicable law and standards of ethical conduct. Providers may disclose information to anyone who is in a position to prevent or lessen imminent threat without prior permission. Although, in such cases, health care professionals are urged to use professional judgement and care in making determinations about the severity of imminent threat.

Disclosures to Media or Others Not Involved

Unless otherwise noted in the bulletin, clinicians cannot disclose information about an identifiable patient to the media or public at large without written authorization from the patient or their personal representative. However, covered entities may disclose limited medical information in cases of incapacitated patients. Additionally, information can be shared about patients who have not restricted the release of protected health information if this is done in the best interest of the patient or in response to a request to disclose information about a particular patient asked for by name.

Share “Minimum Necessary”

In the majority of cases, information disclosed should be kept at a “minimum necessary” although, this does not apply to disclosures to health care providers for treatment purposes. Under the Privacy Rule, covered entities may rely on representations from public health officials to ensure the requested information is the minimum necessary. For example, covered entities may rely on CDC representations that protected health information requested by the CDC about all patients exposed to, suspected or confirmed to have COVID-19 is the minimum necessary for the public health purpose.

Safeguarding Patient Information

Medical professionals must prioritize safeguarding patient information; clinicians are responsible for protecting patient health information against intentional or unintentional impermissible uses and disclosures. Covered entities must apply the administrative, physical, and technical safeguards outlined under the HIPAA Security Rule to ensure the confidentiality of electronic medical data.

HIPAA-Covered Entities and Business Associates

Lastly, the HHS’ bulletin reminds clinicians of who the HIPAA Privacy Rule applies to. Currently, the Privacy Rule applies to disclosures made by employees, volunteers, and other members of a covered entity’s or its business associate’s workforce. This includes health plans, health care clearinghouses, as well as health care providers that conduct one or more covered health care transactions electronically. Under the rule, business associates are defined as individuals or entities that perform functions or activities on behalf of or provide services to a covered entity that involve the use of protected health information. These also include subcontractors working on behalf of other business associates.

As such, the Privacy Rule does not apply to disclosures made by entities or other persons who are not covered entities or business associates, such as third-party administrators.

Understanding and following HIPAA rules is crucial to navigating the increasingly complex clinical setting during the global COVID-19 pandemic. Health care professionals are urged to treat all medical information as confidential, affording it HIPAA protections to operate out of an abundance of caution. Disclosures of protected health information should be made only to authorized personnel and care should be taken to ensure patient data is not shared unintentionally. During these tumultuous times, public health organizations and experts will continue to release the latest guidance as it becomes available to help health care providers tackle the disease while protecting themselves.

Protecting Against Medical Identity Theft

January 28, 2020

Since the implementation of National Provider Identifiers (NPIs) by the Centers for Medicare and Medicaid Services (CMS), billing processes have been simplified and streamlined. The unique ten-digit identifier codes assigned to physicians and other healthcare providers by the US Department of Health and Human Services have now become a part of the majority of electronic health information being transmitted and are used in a variety of circumstances, including authentication, process control, individual claims, contracts, agreements, and more. Although the use of NPIs has improved efficiency and eased burdensome processes, their existence poses a potential threat of identity theft and medical fraud.

Continue reading