By Susan Walberg
The Coronavirus pandemic is all over the news, and is affecting us all, especially those in healthcare on the front lines.
For those of us who are responsible for compliance, there are many new challenges, issues, and questions that arise as this situation rapidly unfolds. In addition, the federal government has been providing daily briefings which often announce new changes. Just this week they announced a willingness for providers to work across state lines. The Centers for Medicare and Medicaid Services, (CMS) has been issuing various waivers to states, which can be found on the CMS page under the Medicaid section.
As I think about this as a compliance person, and listen to the briefings, I see a few key topics that will generate questions and that people need to understand.
Historically, patient care via electronic transmission was not widely available as an option for Medicare beneficiaries. While there is some benefit, it has been primarily for rural patients. The big news here is that health care providers are now being allowed (under Medicare) to provide services via telehealth. So, what does this mean in real terms?
First of all, telehealth services that are now being allowed are not solely for suspected Coronavirus cases. This is an important point. The Medicare population is generally considered more vulnerable and the desire is to preclude them from going out and getting exposed if it’s not necessary. President Trump has also encouraged private insurers to look at this option. So if a patient is requesting that service for an unrelated illness or condition, don’t say no on that basis.
Not only does telehealth help protect patients from undue exposure that they would face at a health care facility, it also allows for more efficient use of health care resources. So providers should take advantage of this opportunity, not only in the current crisis but hopefully it will lead to increased use going forward.
In terms of what systems can be used, the guidance from CMS states that ‘any non-public-facing’ communication product may be utilized. So systems like Skype can be used, but not Facebook, for instance.
If you work in a compliance role, you should read the CMS guidance that is available online and get together with your clinicians and leaders to see how you can make the best possible use of this opportunity. Once you identify a process that will work for your organization, it would be a good idea to get that information to patients, for instance on your website. If you don’t have a telehealth policy, now is a good time to think about that. I suspect that the criteria will be looser after this.
Privacy and information security are always a challenge, and during a time of crisis it is no different. The government, however, has made it very clear that they want public health to be the first priority. What does this mean? Well, for one thing consider how you communicate with patients. Whether it is telehealth ‘visits’ or email communication, I would advise against quashing those activities because you are concerned, for instance, about meeting encryption standards.
Obviously you don’t want to deliberately and unnecessarily violate patient privacy, but if it benefits the patient and they wish to get care or advice electronically, I would recommend getting their consent. Advise them of any potential security or privacy risks if they choose to communicate that way, and ask them to consent. If you can’t get it in writing from them, then document it in the record. The key here is to make care as efficient as possible and remove roadblocks. That goal has been made very clear by the direction out of the federal government and CMS guidance.
Also, speaking of HIPAA, don’t forget the basics which will come up. Treating providers can access patient records without patient authorization. There is a public health exception to the authorization requirement. If you start hearing of employees creating obstacles, unknowingly, give them a quick refresher. When this kind of stress occurs, often people knee-jerk and react. If new policies, communication, or education is needed, it’s best to get it out quickly if possible.
In addition, do you have solid processes in place to ensure that people calling about patient status are properly identified in terms of who can have information? Is everyone who could get those calls well trained? Sometimes people at a reception desk are trained but when someone at the department level gets the call they make mistakes. If you have potential Coronavirus patients coming in or being admitted, this could become an issue as people are especially anxious and families will be calling. You may receive calls from the media, as well, so make sure everyone knows how to verify callers before giving information out about specific patients. Your Administrator, CEO, Public Relations person, or whoever usually handles media needs to know who they can and cannot talk to and where those lines are.
The Centers for Medicare and Medicaid Services, (CMS) is putting a hold on routine reviews. This is generally good news, since the last thing anyone wants in the middle of a crisis is a state survey. That being said, CMS will still come for complaints or concerns relating in particular to infection control. If your facility has a history of ‘immediate jeopardy’ findings related to infection control, you can potentially expect a visit. CMS has cut out the routine surveys in order to focus on the high risk situations and providers, so if your organization is one of those, be aware.
Recertification and certification surveys will still be conducted.
There is a particular concern for skilled nursing facilities and assisted living facilities when it comes to visitors. I would argue that hospitals and any other facility should also look at this issue seriously. The current guidance states that SNFs should restrict visitors as well as non-essential personnel at this time. Make sure you have a process (and education) to ensure that is happening, however. This can be easier said than done if you have multiple entrances, a visitor could follow an employee through a locked back door, or wander in while the receptionist runs to get a cup of coffee. This is an important issue to address.
Hospitals are supposed to have a policy for visitation. Make sure you do, first of all, and then look at when that policy can and should be suspended. Infection control is one rational reason. The more you can limit access by various people outside your entity the better for everyone, including the visitors themselves.
Visitors to patients are one challenge, but you need to also think about vendors, marketing reps, and any others who conduct business at your facility. They should have meetings over the phone. Samples and supplies can be left at a designated spot, there is no need for people to wander your facility. I personally don’t like that practice anyhow, but this current situation makes it more than just a compliance issue, it now jeopardizes the health of not only patients but also your employees.
Review your policies relating to vendor access (hopefully you have some!) and discuss with Materials Management and/or leadership the idea of drafting a new, temporary policy/procedure during the crisis.
5. Infection Control
Yes, I know, it’s obvious. However, the OSHA standards around infection control are particularly important right now. The ongoing battle to manage hand washing and to correctly use personal protective equipment (PPE) should be highest priority. It would be a good idea to check with your designated Health and Safety Officer to see if they need help with getting reminders out to staff, etc. This is obviously a much bigger piece of the ongoing challenge than I am addressing here; I just remind you to keep an eye on CDC and OSHA guidance as it evolves.
These are not the only issues, to be sure. During one of President Trump’s recent updates, he briefly referenced looking at admission standards and relaxing the 3-day rule for SNF admissions. He has repeatedly made clear that he is willing to loosen various regulations to enhance care during this crisis. Because it evolves daily, I would advise you to stay on top of those briefings as well as the CMS and CDC websites, as well as your state health department website, since the various states are also making decisions and receiving waivers from CMS.
I would also advise you that, if a clinician says they need to do something to help a patient that would normally be outside Medicare rules, don’t say no outright-help them by looking at the risk versus patient benefit, maybe call CMS, your state health department, or your fiscal intermediary to ask the question. Sometimes we have spent so many years following the same rules that it becomes rote; I would argue that right now the situation warrants taking a fresh look when necessary and being flexible if possible where it would benefit safety and public health.
I am following this closely and will continue writing articles as various issues get on my radar. Please sign up for my email list below if you would like to receive these updates timely. In addition, part of what I do is help organizations with compliance-related policies and procedures, educational tools, etc., so if you need that sort of assistance during this crisis, please feel free to reach out to me through this site and connect with me on LinkedIn. I want to be a resource if possible. We are all in this together.
Please note that nothing above constitutes legal advice.