Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Physician Office Resource Manual
Document related concepts
Transcript
Physician Office
Resource Manual
For SVMIC Policyholders
www.svmic.com
800.342.2239
615.377.1999
©2015 SVMIC
ABOUT THIS MANUAL This Physician Office Resource Manual is designed to provide resources frequently requested by physicians, other providers and practice executives. This is not a policy manual. The materials contained in this manual are general guidelines which should be customized to your situation. It is not intended to suggest there is only one way to manage any particular issue. SVMIC recommends practices take the time to assess their own unique circumstances and use the materials herein as a guide to develop and/or improve their own processes. Remember, no one answer or process will likely fit every situation or particular practice. The manual is presented in a PDF format which allows you to search the contents for a specific word or phrase throughout the document. You will need Adobe Reader to view the PDF and use the Search feature. To access the Search feature, click the binoculars icon on the left hand side and simply enter the word or phrase you wish to locate. If your version of Adobe does not support this option, you may access the Search feature by pressing “Ctrl + F” to open a search box and then enter the word or phrase. To further assist you, all the forms in Chapter 7, Sample Forms, Letters and Policies, are located in Word and/or Fillable format on the Physician Resource Manual homepage. A number of the forms are provided in a fillable PDF format. This fillable format will allow you to type directly into the document without affecting the spacing and then print it from your own printer. Highlighted links to the sample forms, letters and policies are also provided throughout the manual where referenced. As you hover over the highlighted links throughout the document, you will notice a hand shaped cursor appears. Simply click to open the link. LEGAL NOTICE/DISCLAIMER This Physician Office Resource Manual does not establish a standard of care, nor does it constitute legal advice. It is a guide to improve the management of the medical practice. Practical steps are presented throughout this resource manual to aid in reducing malpractice exposure and improve office efficiency as well as both patient and staff satisfaction. Policyholders are urged to consult with their personal attorneys for legal advice, as specific legal requirements may vary from state to state and/or change over time. These materials are copyright protected by State Volunteer Mutual Insurance Company. They are intended exclusively for the use of SVMIC’s policyholders and their staff. Any reproduction or dissemination beyond those persons is strictly forbidden. TABLE OF CONTENTS CHAPTER 1: Clinical Information Management 6 Confidentiality 7‐11 Documentation 12‐15 Electronic Health Records (EHR) 16‐20 HIPAA HITECH Policies and Procedures Manual for the Security of Electronic Protected Health Information 21‐43 HIPAA HITECH 44‐53 Medical Record Retention Guidelines 54 Medical Record Subpeonas 55‐57 Medical Records 58‐65 Personal Representatives 66‐68 Unsolicited Diagnostic Tests 69‐70 CHAPTER 2: Communication Complaint Management Electronic Communication with Patients Patient Relations Social Media CHAPTER 3: Environmental Safety and Infection Control Disaster Preparation Equipment Safety Fire Safety Infection Control Internal Disaster Safety Plan CHAPTER 4: Financial Advanced Beneficiary Notices Billing and Collections CHAPTER 5: Office Management Business Record Retention Guidelines Call Coverage 71 72‐73 74‐79 80‐91 92‐94 95 96‐97 98 99‐100 101‐103 104 105‐106
107 108 109‐111 112 113‐114 115 Closing a Medical Practice Employee Abuse, Neglect and/or Exploitation of Patients Incident Management Job Description Occupational Safety and Health Administration (OSHA) Personnel Issues Physician Behavior Issues Quality Improvement Program Reporting Lawsuits and Other Events Smoking Staff Meetings Unusual or Unanticipated Events CHAPTER 6: Patient Care, Office Systems and Patient Safety Advance Directives Adverse Reaction Appointment Scheduling Disclosure of Unanticipated Outcomes and Unusual Events Emergency Situations Huddles Informed Consent Medical Product Importation Medication Administration Medication Record Patient Agenda Reportable Diseases and Events Reporting Suspected Child, Adult, Elder Abuse/Neglect Telephone Triage/Medical Advice Terminating the Physician‐Patient Relationship Tracking of Diagnostic Tests, Referrals and Follow‐Up Visit/Clinical Summary CHAPTER 7: Sample Forms, Letters and Policies Accounting of Disclosures of Protected Health Information ‐ fillable Advanced Beneficiary Notice – English ‐ fillable Advanced Beneficiary Notice – Spanish ‐ fillable Advanced Beneficiary Notice Instructions After Hours Phone Call Record Pad Authorization Revocation ‐ fillable Authorization to Release Medical Information ‐ fillable Closing a Medical Practice Letter ‐1 Closing a Medical Practice Letter ‐2 116‐118 119‐121 122‐123 124‐128 129‐131 132‐134 135‐137 138 139‐141
142 143‐144 145‐146 147 148‐150 151 152‐154 155‐158 159‐160 161‐162 163‐166
167 168‐173 174‐175 176‐177 178‐179 180‐181 182‐183 184‐185 186‐189 190‐192 193 194 195 196 197‐202 203 204 205 206 207 Consent to Treatment of a Child by Authorized Persons ‐ fillable Document Review Tool Dress Codes Environmental Safety Checklist ‐ fillable Incident Report – fillable Letter Requesting Valid Authorization Letter To Be Sent When A Valid Subpoena Has Not Been Submitted Medication Flow Sheet No Show or Cancellation Worksheet ‐ fillable Notice of Missed Appointment ‐ fillable Orientation Checklist Patient Agenda ‐ fillable Patient Informed Consent Physician Code of Conduct Refusal of Treatment ‐ fillable Request for Consultation ‐ fillable Termination of Physician‐Patient Relationship Letter Tracking Log – fillable Visit Summary Form Workforce Confidentiality Agreement CHAPTER 8: Physician Defendant Handbook Physician Defendant Handbook 208 209‐212 213‐215 216‐217 218 219 220 221 222 223 224‐225 226 227‐229 230 231 232 233 234 235 236 237 238‐244 Clinical Information Management Chapter 1 6
CONFIDENTIALITY The American Medical Association’s Principles and Commentaries for Medical Offices states: “A physician may not reveal the confidence entrusted to him in the course of medical attendance, or the deficiencies he may observe in the character of the patients, unless he is required to do so by law or unless it becomes necessary in order to protect the welfare of the individual or the community.” The confidentiality of the physician‐patient relationship is well established and legally protected. By extension, communication between the patient and all members of the healthcare team is confidential. Also by extension, records of conversations or events pertaining to the patient’s care are also privileged. Confidential patient information is defined as any information, oral or recorded, in any form or medium that is created or received by a healthcare provider and relates to:
The past, present, or future physical or mental health or condition of an individual; The provision of healthcare to an individual; The past, present or future payment for the provision of healthcare to an individual; and Which identifies the individual, or with respect to which there is a reasonable basis to believe that the information can be used to identify the individual. Confidentiality of health information is covered by state and federal regulations and the office should designate someone responsible to stay current with the requirements of each. When both are applicable, the more stringent of the two should always be followed. All staff should be educated as to all privacy requirements. Disciplinary action, up to and including termination from employment, should be in place for situations where employees violate confidentiality of information guidelines. Physicians have a duty to protect the patient’s confidential information. The patient has a legal right to rely on this protection. An inappropriate disclosure by a physician or staff member breaches this contractual obligation and can result in a lawsuit. Policies and procedures should be developed to:
Protect the clinic/office, its employees and members of the medical staff by reducing the likelihood of inappropriate release of confidential information; Establish performance guidelines for the management of confidential information; and Ensure compliance with general principles of medical ethics and the requirements of federal, state and regulatory agencies. As with all practice policies, the confidentiality policy should be reviewed on an annual basis for relevancy and compliance with current state and federal laws. Formal training concerning confidentiality should be provided for all new hires and revisited annually for all office staff. Employee signatures indicating that they have reviewed and 7
understand the office’s confidentiality policies should be obtained on a form and maintained as a part of the orientation process. All requests for patient information should be referred to the appropriate staff. Care should be taken to verify the identity of the individual making the request and their right to know the information in order to determine the validity of the request. All medical staff members and office staff should keep confidential all information obtained during the course of medical treatment/diagnosis. Employees should never discuss a patient’s medical condition with office personnel not involved in the patient’s care, or the employee’s friends or family. Confidential matters should not be discussed within hearing distance of other patients or visitors, or in public areas where they might be overheard, such as break rooms, front office, elevators, cafeterias, etc. The medical office should be wary of the use of message boards in the office. If message boards are used in the medical office they should be located out of public view and should not contain any confidential information, such as diagnosis, procedures, etc. The patient’s presence in the office is also confidential as it could indicate the nature of the patient’s illness and therefore should not be disclosed without patient approval. Staff should be wary of requests for patient information from persons professing to be the patient’s spouse, child, parent or significant other. Even if the relationship is legitimate, the patient still has the right to expect that his or her confidentiality will be honored. It should be the usual practice to verify the patient’s agreement to disclosure before any confidential information is released in such instances. If the patient is not able to consent due to incapacity and has not previously made his/her wishes known, the physician should use his/her professional judgment and release the information if they deem it in the best interest of the patient. Patient identifiable information should be destroyed in a manner maintaining confidentiality such as shredding or incinerating. PUBLIC HEALTH AND LAW ENFORCEMENT Although patient information and medical records are confidential, certain information obtained by physicians regarding a patient’s medical condition may be disclosed without liability or may require disclosure to an appropriate state regulatory agency. Physicians should remain current with state and federal laws regarding issues such as the diagnosis of or exposure to communicable diseases; child, adult, and elder abuse; deaths related to drugs or injuries due to deadly weapons, etc. Where the law mandates reporting to third party/agencies/entities the information shall be reported as required by said agency. PSYCHIATRIC/SUBSTANCE ABUSE PATIENTS Federal regulations require confidentiality for all records of the identity, diagnosis, prognosis or treatment of any patient maintained in connection with substance abuse rehab/treatment facilities receiving federal monies. This includes confidentiality of any activity or program related to alcohol or drug abuse, including education, training, treatment, rehabilitation, etc. Some states have confidentiality statutes or regulations concerning release of information on treatment for mental health and alcohol or drug abuse. Treatment by a psychiatrist or a 8
physician for treatment of a mental disease or disorder is sometimes even more protected. It is imperative that the office be familiar with the latest state and federal regulations governing this type of treatment information. HIV/AIDS Virtually every state has passed laws dealing directly with HIV or AIDS. These states have enacted statutes, regulations or policies that protect HIV‐related information either directly or indirectly. Laws vary among states regarding: Obtaining HIV/AIDS information; Protecting HIV/AIDS information; Releasing this confidential medical information and under what circumstances that is allowed For more information regarding the laws in your state, you may wish to contact your state health department or legal counsel. WRITTEN AUTHORIZATION FOR RELEASE OF INFORMATION A patient or a person legally acting on the patient’s behalf may authorize the release of confidential information in those instances requiring written authorization. Minimum core elements of the written authorization include: The information to be covered by the release; The purpose for the release; The person to whom the information may be released; An expiration date or event; and A statement that the patient may revoke the authorization. State and federal regulations may include other requirements, and the office should reference current regulations when designing a form. The more stringent of the two should be followed. The authorization must be signed and dated by the patient, or a parent or legal guardian if the patient is a minor (except those instances when the minor can give authorization), or guardian if the patient has been adjudicated incompetent to manage his/her personal affairs, or an attorney ad litem (court‐appointed to protect the interest of another) appointed for the patient, or a personal representative if the patient is deceased. A copy of the written authorization must be maintained in the patient’s medical record. Care should be taken to verify the identity of the person presenting a request for medical records (insurance company auditors, etc.) to determine the validity of the request. Two forms of identification, one a picture ID, should be requested. Each day, patients and third parties ask physicians for access to medical records. Third party inquiries are requests by insurance companies, utilization review companies, lawyers, other physicians and other entities outside of the doctor‐patient relationship. Doctors and staff must protect patients’ confidentiality, but they must also be prepared to provide information when a patient permits/requests it or in situations in which the law requires it. These laws specify what type of authorization, if any, is needed from the patient before records can be released. These laws also set forth what records to release in response to third party requests, subpoenas, and 9
court orders. Physicians and office administrators should be familiar with their individual state and federal requirements regarding release of information to third parties. Again, when both are applicable, the more stringent of the two should be followed. The patient, or other person authorized to provide authorization, has the right to withdraw authorization for the release of information at any time. Such withdrawal should be in writing. No information should be released after authorization has been withdrawn. MEDICAL RECORDS Medical records should be maintained in secured areas and files. Files or file rooms should be locked when staff is not present. Access to medical records should be limited to office staff with a need to know. Original records should not be removed from the office premises except as required by court order, subpoena, or statute. Protocols should be developed that specify under what conditions medical records can be released and procedures to follow in making a release. Protocols should also be developed related to subpoena requests and third party requests for medical information. All requests by attorneys or by the patient for a copy of the medical record should be reviewed by the treating physician. FAXING INFORMATION Fax transmission of medical information carries some risk. It should be remembered that the rules for release of confidential information also apply to fax transmissions. Frequently the medical office is requested to fax patient information to hospitals, insurers, physicians or others. It is best to fax patient information only in urgent or emergency situations, and in other cases, consider using regular mail, overnight express mail or a courier service. In addition, you must take reasonable steps to assure that faxed transmissions will be received only by the individual for whom it was intended. Failure to do so may be interpreted as a breach of confidentiality. Keep in mind that a misdialed fax can result in a breach of confidentiality. Most fax machines have a reporting feature that will produce a confirmation of the fax sent. The office should program the fax to print this confirmation for each fax of medical information and attach the confirmation to the permanent medical record. Additionally, all medical information to be faxed should include a cover page with a confidentiality notice, the office’s address and telephone number. An example of a suitable confidentiality notice follows: “The information contained in this facsimile message is legally privileged and confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that the dissemination, distribution or copy of this facsimile is strictly prohibited. If you have received this telecopy in error, please immediately notify us by telephone and return the original message to us at the address listed via the U.S. Postal Service.” ANSWERING MACHINES If a message must be left on an answering machine or voice mail device, it is important for the office staff to understand that there is no way to control who will retrieve the information. It should be office protocol that NO confidential information is left on such devices. Depending on the specialty this may be even more of an issue. Remember, in many states minors may be 10
treated for STDs, pregnancy, birth control, alcohol or drug abuse and mental health services without parental consent, making this information confidential even from the parents. Leaving a message about an appointment on an answering machine for this minor could result in breaching confidentiality. It is a good idea to have the patient sign a consent form for leaving messages on their answering machine as a part of their initial paperwork (this consent may be incorporated into another appropriate related form as opposed to separate form). COMPUTER SCREENS It should be standard practice that computer screens are located where they are not visible to anyone that does not have a right to know. Staff should have appropriate levels of access depending on the job function. There should be an automatic log off that occurs when the user does not exit. Policies should be in place covering termination of passwords when staff leaves employment. E‐MAIL Be sure to include e‐mail in your confidentiality policy. If a patient uses an employer’s e‐mail system or one shared with family members or if the clinician uses a home computer that can be accessed by family members, confidentiality and privacy can be big concerns. E‐mail messages must be treated with the same degree of confidentiality as the patient’s medical record. A mechanism for handling all e‐mails should be established and communicated to the patients. Will the physician read all e‐mails or will he/she have a staff member triage the messages and route to the appropriate individual for response? The plan should indicate when and with whom the physician may share a patient’s e‐mail message for purpose of consultation (do not include the patient’s name or e‐mail address). Certain topics such as HIV status, psychiatric disorders and any topics protected by existing law or regulation should not be discussed in non‐
secure e‐mail communications.
Use a password‐protected screen saver for all desktop workstations in the office. Always double check the “To” fields prior to sending a message. Never forward patient identifiable information without the patient’s express permission. Never use a patient’s e‐mail for marketing purposes. Do not use unencrypted wireless communications with patient‐identifiable information. Develop and discuss with the patient a patient–clinician informed consent agreement for the use of e‐mail. The agreement should include a description of the security measures established to assure confidentiality and privacy of transmissions. Document this in the medical record. 11
DOCUMENTATION Many malpractice claims are brought against physicians, not because of inappropriate medical care, but because the physician’s documentation does not support an appropriate standard of care when a patient has an adverse outcome. In addition, since creating medical records is your legal and ethical duty, failure to do so could subject you to financial sanctions as well as discipline from your state medical board. Effective documentation is one of the most important patient care and risk management skills a healthcare professional can develop. Medical malpractice claims that allege problems with the medical record are twice as likely to result in a payment to the patient. Remember that for the record to be of value it must be legible not only to you, but to all members of the healthcare team. Most medical malpractice lawsuits are brought years after actual care is given; making your medical records a crucial component in the defense of the lawsuit. Your records will serve to recreate events of the care provided and your documentation will likely take precedence over an individual's memory of past events. Medical records preserve all information vital to a patient's health and appropriate treatment. Documentation should be thorough and accurate and records must be kept confidential. For new patients, it is important to accurately and objectively document the patient’s condition at the time you assume care. You also have a responsibility to review prior treatment records and address discrepancies with your patient. Many healthcare professionals are taught the “SOAP” note method of documenting. This acronym refers to documenting the subjective, objective, assessment and plan and is a good start in documenting the encounter. However, relying solely on the “SOAP” method may lead to incomplete records if the results of the encounter or the patient’s understanding and response to the treatment plan are not followed‐up and documented. WHAT TO DOCUMENT When evaluating your documentation of a patient’s medical records, consider what you would want documented if you were assuming management of the care. Demographic information such as the patient's name, address, telephone numbers, emergency contacts and insurance information should be included. Among other items, information in the record should include:
The reason for the visit; The complete details of the patient’s present condition; Past medical and surgical history; Family and social history; The scope of the physical exam; Working diagnoses and differential diagnoses; Laboratory and other tests; 12
Risk factors; Current medications and supplements; Allergies and drug reactions; and Follow‐up plans. If applicable, document the following:
Informed consent discussions or the patient's refusal of care; Discharge instructions; Instructions about when to seek further medical care; All contact with the patient including after‐hours telephone calls; Missed appointments and attempted follow‐up; Referrals and notes from consultants; and Other correspondence to/from the patient (i.e., dismissal from the practice). Objectively document your findings, impressions and clinical judgment. When charting in the progress notes, be specific and choose your words carefully. Avoid general statements such as ‘incision looks good’. Information expressing frustration with the patient should not be recorded, however patient noncompliance, no‐shows and cancellations should be documented. Use quotation marks to indicate patient's or family's impressions. For example, patient states "chronic pain due to a botched surgery." Most doctors are aware of the importance of the informed consent discussion, but many fail to adequately document the informed consent and educational process or any additional educational materials provided to the patient. The reading level of all patients should be kept in mind. Overly complex medical language should be avoided. Document informed refusal in the event your patient declines or refuses recommended treatment. Other considerations for documenting include using black ink; avoid overuse of abbreviations and only use those that are commonly accepted; avoid using ditto marks; record the date and patient’s name at the top of each page; and do not skip lines or leave blank spaces in the record. Document any family history of genetically linked conditions. Keep in mind, there may be instances where the payer or state law requires specific documentation such as documenting informed consent prior to a particular surgery. Finally, notes should be contemporaneous and dated and signed with the provider’s first and last name and professional designation in a timely manner. WHAT NOT TO DOCUMENT The patient’s medical record should not contain the following: Derogatory or discriminatory remarks; Comments about conflicts with other physicians, nursing staff or administration; or 13
Subjective statements regarding prior treatment or poor outcomes presented as facts. In addition, Quality Improvement Actions, financial, billing or legal correspondence should be kept separate from the medical record. DOCUMENTING A DIFFERING OPINION Providers should document new exam findings, especially if these differ from those documented by another provider. Providers should also document rationale for why a treatment plan is suggested and the rationale for not following the written recommendation of a consultant. This rationale should indicate alternatives considered, your medical judgment, and the clinical basis for your decision. Medical records often reflect differing diagnoses and treatment recommendations among multiple providers. Rarely are all pertinent facts about prior care available, therefore avoid making judgments and comments in the record if you disagree with another provider. If, after complete information is considered, you determine your patient's prior care was inappropriate, a factual summary of clinical events may be documented. Contact the provider and discuss your concerns or refer the patient back to the prior treating provider in order to give the patient the most accurate accounting of the care. FOLLOW‐UP NOTES The physician or ordering practitioner should always initial reports before they become part of the medical record. Many medical malpractice lawsuits are brought because of the ordering provider’s failure to review and act upon abnormal lab and diagnostic reports or even treatment recommendations by consultants. Oftentimes, these reports are located in the medical record without having been reviewed. Document the date a patient is notified of test results and include the method of reporting (e.g. by phone, email or letter). Record any details of follow‐up instructions, referrals or advice given. ERRORS AND ADDENDUMS If it becomes necessary to make additional notes or correct a previously entered note, simply write an addendum with the new information, the reason it was not included in the original entry and sign and date it. Do not add notes in the margins, redact, obliterate or use “white out”. If you make an error, draw a single line through the incorrect information, label it as “Error”, initial and date the entry. CONCLUSION There are a number of documentation weaknesses that come up over and over in medical malpractice claims such as incomplete records, illegibility, inappropriate comments about the patient or prior care providers, “template” charting and even alteration of records. Too often, inadequate or inappropriate documentation is a key reason for recommending settlement of a claim which, from a medical standpoint, may have been defensible. 14
Take a few extra minutes to document thoroughly and pay attention to detail. Organize and record your thoughts clearly, dictate your notes timely and review your notes for accuracy. Applying these guidelines could make the difference between a medical record that is useful in defending a case and one that presents additional challenges. Keep your records up‐to‐date and current in order to provide the best patient care and evidence that appropriate and timely care was provided. The use of patient agenda forms, checklists, flowsheets, and after‐hours documentation can save time and may also reduce communication problems and errors. Without documentation, it may be “your word against the patient’s”, making your defense more challenging than necessary. 15
ELECTRONIC HEALTH RECORDS (EHR) Electronic Health Record (EHR) systems present a great opportunity for many medical practices. A well‐designed system can improve record keeping and patient flow while enhancing documentation, potentially resulting in improved patient care and reimbursement. There are a lot of EHR systems that do really good work. The question is which system, if any, does what a particular practice needs it to do? The reality is that EHR systems have technological limitations and may create a false sense of security, especially where not properly configured, tested, implemented or working as planned. Moving an organization from a paper system to an EHR requires a tremendous allocation of resources, both financial and human, and should not be entered into lightly. It requires considerable forethought and planning. EHR FAILURE EHR failures are considered a horror story among medical practices. Industry experts place failure rates as high as 75%, depending on the source. Why do so many practices go wrong in this process? The definition of failure requires closer examination. In the context of EHR, failure is defined as physicians or groups who have not achieved their intended results within the expected timeframe. This can include missing go‐live deadlines, exceeding budget, refusal of staff to use the system, eschewing features because they are too complicated, discovering the system does not meet expectations, not making the transition to chart free or just giving up all together. The primary reason for failure emanates from the implementation phase. The practice either was not ready for the commitment and transition to EHR, did not allocate the proper resources or simply did not understand what the process entailed and how it would affect their existing processes. Perhaps equipment or licenses were reduced to save money or staff training time was neglected. Maybe the decision did not have buy‐in from all interested parties. Many practices make the mistake of trying to rework the EHR to fit their current work flow and give up or find work arounds when it does not fit their expectations. EHR systems require just the opposite. The practice must be prepared to reconfigure the way they work to achieve the desired results from the EHR. Parties making the jump to an EHR must be properly educated on what to expect and be realistic in their expectations. SYSTEM SELECTION CONSIDERATIONS There are two key considerations in selecting and relying on an EHR system. The first is the business side of the equation. What system will meet the clinical and operational needs of the practice? Second, what are the risk issues to consider that are not covered in an EHR demo? The successful system will not only assist physicians in running their business more effectively while providing quality patient care but will also assist in mitigating risk. 16
BUSINESS CONSIDERATIONS Research and Planning A tremendous amount of planning and decision‐making are required to make the transition to an EHR system successful. Consider the practice’s long range planning and strategic goals while thinking about the system requirements and what is needed to reach the practice’s objectives. Practices will likely review a number of systems and companies during the research phase. Look not only for a reputable company with a product with which the practice believes it can work but also for a system that is already working in an organization similar to the practice. In addition to product demonstrations from the vendor, take the time to get a perspective from current users to see how the product meets their needs and what frustrations they may have as well. Make sure to ask for demonstrations using common scenarios from the practice to see how the system responds. Challenge the system in a variety of ways and ensure its response meets the physician and staff’s expectations. Physicians will want to confirm that the system’s clinical decision‐making is in congruence with their own or, if not, that it can be easily altered. Implementation The decision to implement an EHR should be made by the group after both the benefits and downsides have been thoroughly analyzed. An implementation plan that encompasses contract issues including grounds for termination, a timetable, assignment of tasks and responsibilities, as well as a schedule for provider and staff training, is a necessity. It lets everyone know what is expected of them and their role in the process. The entire team will need to be on board if implementation is to be successful. This includes all physicians and other providers as well as clinical support and office staff. The assumption that attitudes among reluctant staff will change after implementation is a false one. If any member of the staff refuses to use the system, the implementation has failed. As practices consider the move to an EHR, conduct research, make a decision and develop an implementation plan, keep the following in mind: 1. Are EHR, practice management and billing systems compatible? 2. How does EHR affect staffing; eliminate or create positions? 3. Can the practice afford an EHR; is there a budget? Consider the upfront and ongoing costs including: a. Licenses, hardware, installation, training; b. Maintenance/support; and c. Software/hardware upgrades. Consider potential hidden costs including: a. Hardware and building wiring upgrades; b. Interfaces with other systems; c. Database or report customization; and d. Time away from regular duties to train staff. 4. Who will handle routine and emergency system maintenance, as well as: 5. Software updates and hardware upgrades; 17
6. Hardware and software issues; and 7. Security and recovery issues. Information Access and Flow Consider how both physicians and staff will access information during patient encounters. Will the patient’s chart be available electronically in the room and how will that be accessed, or will computers be available only at a central location outside the exam room? It is preferable that computers are available in the exam rooms to encourage real time documentation and accuracy. Patients perceive that the computerized medical practice is a better and more modern practice, especially when providers and staff are able to demonstrate the benefits to patients and minimize their dissatisfaction. Effective computer habits allow you to use the computer as a powerful tool. To do this: Do not disparage the technology Ask permission to type notes Make eye contact when asking questions and then begin typing Say aloud what you are typing Tell the patient what you are doing and why Describe and display information for the patient Does the software force an answer to questions to move through the system? Are all the questions really necessary, and do they serve a useful purpose? Free text is encouraged to customize the record to a particular patient. Medications are an area for potential risk when all the information is not available to the prescriber or staff. Any system with the capability to prescribe medications should also include notification of potential drug interactions. While many systems provide an excellent patient history regarding current medications, does it also allow physicians to see the inactive medications as well? If your office dispenses sample medications, are you recording those as well? Existing Patient Records Some systems allow the transfer of patient demographics from a billing system to an EHR, which can be a great time saver over entering patient data, but such conversions can also be expensive. The practice must also address the future of hardcopy medical records. Will existing medical records be scanned into the EHR? Who is going to do this and does the practice have the staff and equipment to handle the volume? If the practice chooses to scan records will they be indexed for easy retrieval or will the person searching be required to look through each document? Once records are scanned the question turns to whether to destroy the paper documents. Remember, the retention of medical records rules vary by state and must be adhered to unless every page in the chart has been converted electronically. If the practice chooses to scan only portions of a chart or enter a summary, the paper record may not be destroyed. 18
RISK CONSIDERATIONS In addition to the operational and implementation issues involved in choosing an EHR system, there are also a number of considerations from a risk perspective. Tracking Tracking is a serious concern from a risk perspective. The chosen system should aid in tracking all physician orders, including routine labs, serial testing, radiological tests, referrals and consults. Keep in mind that simply recording an order was made, without the ability to clearly see what is still outstanding and the actions taken, is not a true tracking system. In looking at systems, analyze the system’s ability to fully track the following: 1. Does the system alert physicians to every outstanding order/test, referral or consultation; must the patient’s chart be open for the alert to display or may staff run a report on this data? 2. Does the system track not only missed appointments but cancellations as well? 3. Does the system offer an option to “tag” or “task” a report or chart for follow‐up? 4. Does the system allow users to send one another messages? 5. Does the system house patient education materials; does it record that materials were given to a patient when requested to print? Security Security encompasses two aspects. It includes issues regarding who has access to the system and the integrity of the information itself. In terms of access, will the practice allow offsite access to physicians or other providers? Will the physician on‐call be able to remotely access patient information? Consider the possibility of restricting access to various sections of the chart based on job responsibilities. Even an employee who needs to see particular information to perform his or her job may be accommodated with “read only” access. A great way to prevent unauthorized access and potential HIPAA violations is the use of electronic time‐date stamps that record when users access a chart. The system should also identify the user who made changes to a patient’s chart. No one likes to consider the possibility of a disaster but every practice has to plan for it, especially when all patient records reside on a computer. How will the practice ensure the integrity of data and recover it in the event of disaster? At a minimum, every system should have some sort of back‐up whether it is a duplicate server or a tape drive. A duplicate server is useful as long the disaster involves only the primary server. A tape back‐up is useful in that the tape can be taken offsite at regular intervals and used to restore the data in the event of a building disaster. A back‐up tape left in a desk drawer during a fire or flood however, is of little use. Someone should be regularly checking the system to ensure it is properly backing‐up the data. The point of disaster is not the time to learn the tape drive is broken. The ultimate in data retrieval is an off‐site back‐up where the system is mirrored by a system in another city. The mirror system connects via phone line or the internet and is usually a good distance from the 19
office on the theory that distance lessens the likelihood of both facilities suffering the same disaster. Regardless of the electronic back‐up and retrieval plan, the practice must also have a plan to deal with patients who are seen while the system is down even if it means reverting to using paper forms. CONCLUSION Electronic medical record systems are another tool in the physician’s arsenal to assist with treating patients and supporting practice improvement. They can be a tremendous resource in putting information at the user’s fingertips, creating uniformity and streamlining processes. However, they remain a work in progress. If considering an EHR purchase, proceed with caution. Anticipating and planning for obstacles one may incur can help the practice be successful in the long term. Be sure to conduct thorough research and do not rely on the vendors to provide all product information. 20
HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION I. HIPAA/HITECH As part of the Health Insurance Portability and Accountability Act (HIPAA), Congress enacted measures to protect the privacy and security of an individual’s health‐related information. Effective February 17, 2010, HIPAA has been amended by the Health Information Technology for Economic and Clinical Health Act (HITECH), which strengthens and expands the protections required by HIPAA. A. HIPAA/HITECH has three main Rules: 1. The Privacy Rule Applies to electronic, written, and oral “protected health information” (“PHI”)1 Tells you if, when, and how PHI may be used and disclosed. 2. The Security Rule 45 C.F.R. §164.302 to 318 Applies to electronic PHI (“e‐PHI”)2 Sets standards for making sure that e‐PHI is secure and available when needed. 3. The Transaction Rule Addresses technical aspects of the electronic health care transaction process. Requires the use of standardized formats whenever health care transactions, such as claims, are sent or received electronically. B. This is a guide for physician practices on complying with the Security Rule: The following information is intended to give you an overview of the HIPAA Security Rule and how to comply with it. Complying with the HIPAA/HITECH rules is important. Violation of the Security Rule may result in civil or even criminal sanctions (see Section VII). 1
PHI is “individually identifiable health information” that is transmitted or maintained in any form or medium. Individually identifiable health information is PHI that either identifies the individual or that can be used to identify the individual. Health information is any information in any form (oral, written, electronic) that is created or used by health care professionals or health care entities. 2
E‐PHI is PHI that is transmitted or maintained in any electronic medium. 21
II. THE HIPAA SECURITY RULE A. The Security Rule generally requires you to: 1. Ensure the “confidentiality, integrity, and availability” of all e‐PHI that you create, receive, maintain, or transmit; 2. Protect against any reasonably anticipated, impermissible threats or hazards to the security or the integrity of e‐PHI and impermissible uses of disclosures of e‐PHI; and 3. Ensure compliance with the Security Rule by members of your workforce. B. The Security Rule is organized into 3 groups of “Standards” with “Implementation Specifications” for each Standard: 1. Administrative Safeguards. 2. Physical Safeguards. 3. Technical Safeguards. The Standards set the requirements that you must meet to keep e‐PHI confidential and secure; the Implementation Specifications provide details on how to comply with the Standards. C. The Security Rule generally applies only to e‐PHI: In general, the Security Rule applies when a physician or someone acting on behalf of a physician, such as a billing service, transmits or maintains e‐PHI in connection with a transaction specified by the Rule. Once application of the Security Rule is triggered, the Security Rule then applies to all e‐PHI within the practice. 1. The Security Rule applies to “covered entities,” namely: Health care providers, such as physicians. Health plans. Health care clearinghouses3. 3
Health care clearinghouse is a public or private entity that: (a) converts or assists with the process of converting health information into standardized HIPAA‐compliant data or a standard transaction; and/or (b) receives a standard transaction and converts or assists with the process of converting that standard transaction back into a non‐standard format or non‐standard data for the receiving entity. 22
2. HITECH makes the Security Rule applicable to Business Associates, too. 3. The Security Rule applies only to e‐PHI: The Privacy Rule applies to all PHI, but the Security Rule applies only to e‐PHI. E‐PHI is PHI that is transmitted or maintained in electronic media. Paper PHI is not covered by the Security Rule. Electronic transmission includes the Internet, extranets (using Internet technology to link a business with information only accessible to collaborating parties), dial‐up lines, computer‐generated faxes (but not traditional paper‐to‐paper faxes), private networks, and e‐PHI that is physically moved from one location to another using magnetic tape, disk or compact disc media. 4. The Security Rule applies to “standard transactions”. Like the Privacy Rule, the Security Rule applies when a covered entity maintains or transmits PHI in electronic form in connection with a “standard transaction.” If you engage in any of the following standard electronic transactions specified in the Security Rule, the Security Rule applies to you: Health care claims. Healthcare payment and remittance advice. Health care claim status, enrollment or disenrollment in a health plan. Coordination of benefits. Eligibility for a health plan. Health plan premium payments. Referral certification and authorization. First report of injury. Health claims attachments. III. RISK ANALYSIS: THE FIRST STEP IN SECURITY RULE COMPLIANCE Just as you must have written policies and procedures as part of your Privacy Rule compliance, you must also have written policies and procedures as part of your Security Rule compliance. 23
But before you prepare your written policies and procedures, the Security Rule requires that you conduct a risk analysis. As with other requirements of the Security Rule, there is no one‐size‐fits all blueprint for conducting a risk analysis. Rather, you must evaluate risks and vulnerabilities in your particular situation and then implement security measures that are reasonable and appropriate for your practice to protect against reasonably anticipated threats or hazards to the security or integrity of all e‐PHI that your practice creates, receives, maintains or transmits. In other words, Security Rule compliance is a process tailored to your particular situation, and risk analysis is the first step in that process. Methods of conducting this analysis will vary depending on the size, complexity, and capabilities of each practice. However, the methodology you choose must accomplish the objectives of the Security Rule. A. General requirements and objectives of Risk Analysis 1. You must conduct an “accurate and thorough assessment” of the potential “risks” and “vulnerabilities” to the “confidentiality, integrity, and availability” of your e‐PHI. (You will find definitions of these, and other key terms below in subsection C.) 2. Make a written record of everything you do as part of your risk analysis. It is also a good idea to record the names of the people who perform the risk analysis and the dates on which the various things were done. 3. To help you identify potential issues, begin by identifying: All e‐PHI that you create, receive, maintain, or transmit. The external sources of e‐PHI (e.g., vendors or consultants who create, receive, maintain or transmit e‐PHI for you). The “threats” to information systems that contain e‐PHI. 4. The outcome of your risk analysis is a critical factor in assessing whether an Implementation Specification or an equivalent measure is reasonable and appropriate. (See Section IV.D. below for details.) 5. The information you get from your risk analysis will be used, for example, in designing and implementing policies and procedures: 24
For appropriate personnel screening. On what data to backup and how. On whether and how to use encryption. On what data must be authenticated in particular situations to protect data integrity. On how to protect e‐PHI transmissions. B. Required Elements of a Risk Analysis There are various ways to perform a risk analysis; the Security Rule does not prescribe any single method that will guarantee compliance. But regardless of what method you use, your risk analysis must incorporate the following elements: 1. Data Collection You must identify where the e‐PHI is stored, received, maintained or transmitted. This includes e‐PHI in all forms of electronic media, such as hard drives, floppy disks, CDs, DVDs, smart cards and other storage devices, personal digital assistants, transmission media, or portable electronic media. “Electronic media” includes a single workstation as well as complex networks connected between multiple locations. Your risk analysis should take into account all your e‐PHI, regardless of the particular electronic medium in which it is created, received, maintained, or transmitted or the source or location of the e‐PHI. Gather relevant data by reviewing past and existing projects, conducting interviews, reviewing documents, or using other data gathering techniques. Document all the data on e‐PHI that you collect using these methods. 2. Identify and Document Potential Threats and Vulnerabilities You must identify and assess the potential “threats” and “vulnerabilities” to the confidentiality, availability, and integrity of all the e‐PHI that your practice creates, receives, maintains, or transmits. You must identify and document reasonably anticipated “threats” to e‐ PHI. You may have threats that are unique to the circumstances of 25
your environment, for example a high likelihood of break‐ins in your neighborhood. You must also identify and document “vulnerabilities” which, if triggered by a threat, would create a risk of inappropriate access to or disclosure of e‐PHI. 3. Assess Current Security Measures You must then assess and document: The security measures you currently use to safeguard e‐PHI; Whether security measures required by the Security Rule are already in place, and Whether your current security measures are configured and used properly. Note that the security measures implemented to reduce risk will vary among practices. For example, small practices tend to have more control within their environment, with fewer variables (i.e., fewer workforce members and information systems) to consider when making decisions about how to safeguard e‐PHI. As a result, the security measures necessary to reduce the likelihood of risk to the confidentiality, availability, and integrity of e‐PHI in a small practice may differ from those that are appropriate in large practices.4 4. Determine What Threats Are “Reasonably Anticipated” Since you are required to protect against threats to e‐PHI that are “reasonably anticipated,” you must determine what threats are “reasonably anticipated” in your practice by: Assessing the probability of potential risks to e‐PHI; and Documenting all threat and vulnerability combinations with associated likelihood estimates that may impact the confidentiality, availability, and integrity of your e‐PHI. 4 For more information on methods smaller entities might use to comply with the Security Rule, see #7 in the CMS Security Series papers, entitled “Implementation for the Small Provider” at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/smallprovider.pdf 26
The results of this assessment, combined with the initial list of threats, will help you determine which threats are “reasonably anticipated.” Those are the threats that you must protect against through appropriate security measures. 5. Determine the “Criticality” of the Risks You must also assess the “criticality,” or impact, of potential risks to confidentiality, integrity, and availability of e‐PHI. Consider the magnitude of the potential impact resulting from a threat that triggers a specific vulnerability. You may use either a qualitative or quantitative method or a combination of the two methods to measure the impact. Document all potential impacts associated with the occurrence of threats triggering or exploiting vulnerabilities that affect the confidentiality, availability and integrity of your e‐PHI. 6. Determine the Level of Risk You must assign risk levels for all threat and vulnerability combinations that you identified in your risk analysis. The level of risk could be determined, for example, by analyzing the values assigned to the likelihood of threat occurrence and resulting impact of threat occurrence. The risk level determination might be performed by assigning a risk level based on the average of the assigned likelihood and impact levels. Document the assigned risk levels and a list of corrective actions to be performed to mitigate each risk level. 7. Finalize Documentation You must document your risk analysis. No specific format is required. Be sure to keep your documentation. It is also a good idea to list the names of the personnel who participated in the risk analysis and the dates on which various tasks were performed. 8. Periodic Review and Updates to the Risk Assessment Because the Security Rule requires you to update and document your security measures “as needed,” your risk analysis process should be ongoing and continuous so that you can identify when updates are needed. The Security Rule does not specify how frequently to perform risk analysis as part of a comprehensive risk management process. The 27
frequency will vary. Some practices may need to perform these processes annually, others bi‐annually, and still others only every 2 or 3 years, depending on circumstances of their environment. Certainly a risk analysis should be performed as new technologies and business operations are planned. For example, if you experience a security incident, or if you have a change in ownership, a turnover in key staff or management, or if you are planning to acquire new technology, the potential risk should be analyzed to ensure that e‐PHI is reasonably and appropriately protected. Should you determine that existing security measures are not sufficient to protect against the risks associated with the evolving threats or vulnerabilities, a changing business environment, or the introduction of new technology, you must determine what additional security measures are needed. As part of your documentation, you might create matrices similar to these: Likelihood of Occurrence Levels Likelihood Negligible Very Low Low Medium High Very High Extreme Description Unlikely ever to occur Likely to occur two/three times every five years Likely to occur once every year or less Likely to occur once every six months or less Likely to occur once per month or less Likely to occur multiple times per month Likely to occur multiple times per day Impact Severity Levels Insignificant Little or no impact Minor Minimal effort to repair, restore or reconfigure Significant Small but tangible harm, noticeable to limited number, some effort to repair Damaging Damage or loss to many, significant effort to repair Serious Considerable system outage, compromise of large amount information affecting many Critical Extended outage, permanent loss or damage, triggering business continuity procedures, complete compromise of information 28
This table shows the resulting risk level for each degree of likelihood and each level of severity. Risk Levels Likelihood of Occurrence Insignificant Minor Significant Damaging Serious Critical Negligible Low Low Low Low Low Low Very Low Low Low Low Low Moderate Moderate Low Low Low Moderate Moderate High High Medium Low Low Moderate High High High High Low Moderate High High High High Very High Low Moderate High High High High Extreme Low Moderate High High High High These tables document your analysis of the specific risks you might have to deal with. Risk Determination Matrix Item Threat No. Name Vulnerability Risk Existing Name Description Controls Likelihood of Occurrence Impact Severity Risk Level 1. Flood No off‐site Loss of e‐
data back‐up PHI system None Very Low Critical Moderate 2. 3. 4. 29
Safeguard Determination Matrix Item No. (from Recommended Risk Safeguard Determination Description Table) Residual Likelihood of Occurrence Residual Impact Residual Risk Severity Level 1. Arrange for off‐site data back‐up Very Low Minor Low 2. 3. 4. C. Definitions of Key Terms 1. Availability means that data or information is accessible and useable on demand by an authorized person. 2. Confidentiality means that data or information is not made available or disclosed to unauthorized persons or processes. 3. Integrity means that data or information have not been altered or destroyed in an unauthorized manner. 4. Risk is defined in NIST SP 800‐30 as “[t]he net mission impact considering (1) the probability that a particular [threat] will exercise (accidentally trigger or intentionally exploit) a particular [vulnerability] and (2) the resulting impact if this should occur . . . . [R]isks arise from legal liability or mission loss due to 1. Unauthorized (malicious or accidental) disclosure, modification, or destruction of information; 2. Unintentional errors and omissions; 3. IT disruptions due to natural or Man‐made disasters; 4. Failure to exercise due care and diligence in the implementation and operation of the IT system.” In brief: Risk is a function of (1) the likelihood of a given threat triggering or exploiting a particular vulnerability, and (2) the resulting impact on the organization. So risk is not a single factor or event, but rather it is a combination of factors or events (threats and vulnerabilities) that, if they occur, may have an adverse impact on your practice. 30
5. Threat is defined in NIST SP 800‐30 as “[t]he potential for a person or thing to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.” Threats may be natural, human, or environmental. Examples of common threats include: floods, earthquakes, tornadoes, and landslides (all natural); network and computer based attacks, malicious software upload, unauthorized access to e‐PHI, inadvertent data entry or deletion and inaccurate data entry actions (all human); and power failures, pollution, chemicals, and liquid leakage (environmental). 6. Vulnerability is defined in NIST Special Publication (SP) 800‐30 as “[a] flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.” Vulnerabilities, whether accidentally triggered or intentionally exploited, could potentially result in a security incident, such as inappropriate access to or disclosure of e‐PHI. Vulnerabilities may be technical or nontechnical. Nontechnical vulnerabilities are, for example, ineffective or non‐existent policies, procedures, standards or guidelines. Technical vulnerabilities are such things as flaws or weaknesses in the development of information systems or incorrectly implemented or configured information systems. A risk analysis is the mandatory first step in your Security Rule compliance efforts. Risk analysis is an ongoing process that should result in a detailed understanding of the risks to the confidentiality, integrity, and availability of e‐PHI. The risk analysis is a careful and thoroughly documented evaluation of whether your practice’s administrative activities, physical environment, and computer systems are secure. The risk analysis will help you to determine and document any security threats or vulnerabilities (e.g., floods, computer viruses, or break‐ins) in your practice by comparing your current activities with the administrative, physical, and technological requirements of the Security Rule. As part of the risk analysis process, you must assess the likelihood and impact of identified threats and vulnerabilities and determine any necessary preventive and corrective actions. Each stage of the risk analysis must be documented, and the completed risk analysis document added to your HIPAA compliance records. You will also need 31
to update relevant policy and procedure documents to reflect any administrative, physical, or technical safeguards that have been implemented as a result of the risk analysis. As you work through your risk analysis, you may notice that you have already complied with certain Security Rule standards in your efforts to comply with the Privacy Rule. IV. SECURITY RULE STANDARDS AND IMPLEMENTATION SPECIFICATIONS The Security Rule sets forth specific Standards that explain how to meet the Rule’s requirements. A. The Standards are organized into three categories: 1. Standards for Administrative Safeguards that address the implementation of office policies and procedures, staff training, and other measures designed to carry out security requirements; 2. Standards for Physical Safeguards that relate to limiting access to the physical areas in which electronic information systems are housed; and 3. Standards for Technical Safeguards that concern authentication, transmission, and other issues that arise when authorized personnel access e‐PHI via computer or other electronic device. B. The Standards are designed to allow flexibility in compliance: 1. No One‐Size‐Fits‐All Compliance Program The Security Rule is designed to permit some flexibility in compliance so that you can adopt the security measures that are best suited to your particular situation and needs ‐ as long as you meet the Standards specified in the Security Rule. There is no “one‐size‐fits‐all” compliance program. Rather, what you do to come into compliance will depend on the size, complexity, and capabilities of your practice. What works for a small practice may not work for a larger one. 2. Scalability The Security Rule’s “scalability” concept allows you to tailor your compliance process to the size, complexity, and capabilities of your practice. In determining how to comply with the Security Rule, consider the following factors as they relate to your practice: 32
Size Complexity Capabilities Technical infrastructure Cost of procedure to comply Potential security risks For example, the Security Rule requires you to designate a HIPAA Security Officer. For a solo practitioner, it would be unduly expensive to hire someone just to fill this role, and doing so would not make sense in light of the relatively limited complexity of security issues. Accordingly, it would be appropriate for the solo practitioner simply to designate herself as the Security Officer. C. Overlap There is some overlap among the Standards. You may notice that as you meet one Standard, you may very well also have satisfied another. For example, one of the Standards for Physical Safeguards requires physical protection against unauthorized access to a physician’s computer. This Physical Standard may overlap with the Administrative Standard requiring you to limit access to e‐PHI to appropriate personnel and it may also overlap with the Technical Standard requiring you to develop procedures to verify the identity of persons who access e‐PHI. If the physician’s computer is in a locked office and can only be accessed by authorized employees, you will have met the Physical Standard. If only appropriate personnel have keys to the door, complying with the Physical Standard by locking the office will also meet the Administrative Standard. But if someone has a key to the office who should not have access to the e‐PHI, then compliance may require an additional administrative policy to limit access to the computer network, for example, by the use of passwords, and you may also need a separate technological solution, such as electronically recording the date and time that any given employee accesses the computer. D. Implementation Specifications Accompanying the Standards as part of the Security Rule are Implementation Specifications that provide specific details on how to implement the Standards. Implementation Specifications offer guidance in deciding which tasks should be undertaken to comply with each Standard. 33
Not every Standard has an Implementation Specification, but some Standards have several. Standards that do not have Implementation Specifications are not optional, and you must make reasonable efforts to comply. Each practice is different; what constitutes compliance for one practice may or may not constitute compliance for another. There may be several different ways for you to implement any given Standard. For example, you must have a Security Officer. You can implement that requirement by contracting with an outside firm or person, or by hiring someone to perform only that function, or by appointing one of your current employees to perform that function in addition to his other responsibilities, or by appointing yourself ‐ all depending on the circumstances. 1. “Required” vs. “Addressable” Implementation Specifications Because HIPAA applies to a wide range of entities from solo practitioners to large health care systems, the law recognizes the need for flexibility in how each entity complies with the Standards. To allow for flexibility and customization, the Implementation Specifications are divided into those that are “required” and those that are “addressable.” 2. “Required.” If a Standard includes “required” Implementation Specifications, you must implement the Implementation Specifications. 3. “Addressable.” If a Standard includes an “addressable” Implementation Specification, you have some latitude in tailoring your implementation of that Standard to your individual practice or, in some instances, to dispense with the Implementation Specification altogether. You must assess whether the “addressable” Implementation Specification is a reasonable and appropriate safeguard in your particular situation. Ask how likely it is to contribute to protecting your e‐PHI. If it is “reasonable and appropriate,” then you must implement it. But if it is not reasonable and appropriate, you may choose either: a. To implement an equivalent reasonable and appropriate measure; or b. Not to implement it, if non‐implementation is reasonable. 34
For example, under the Security Awareness and Training Standard there is an addressable Implementation Specification that Security Reminders (i.e., bulletins, e‐mails) should be sent to staff about potential security threats. If you don’t have any staff, it would make no sense to implement this Implementation Specification. Whatever choice you make when dealing with an “addressable” Implementation Specification, you must document not only that choice but also the rationale, based on risk analysis, for your choice. V. THE STANDARDS AND IMPLEMENTATION SPECIFICATIONS A. Administrative Safeguard Standards and Implementation Specifications Administrative Safeguard Standards require you to develop and implement policies and procedures to prevent, detect, contain, and correct security violations. Those Standards (1 through 9), and their 21 Implementation Specifications (listed immediately following the Standard to which they apply (a, b, c, etc.) are: 1. “Assigned Security Responsibility.” Appoint a HIPAA Security Officer who will be responsible for developing and implementing security policies and procedures for your practice. There is no separate Implementation Specification; this is absolutely required. 2. “Security Management Process.” The Security Officer must create and implement policies and procedures that are designed to prevent, detect, contain, and correct HIPAA security violations. a. Risk analysis (required) (See detailed discussion above.) b. Risk management (required): Implement security measures to reduce risks and vulnerabilities. c. Sanction policy (required): Develop and apply sanctions against workforce members who don’t comply with security policies and procedures. You must implement a sanction policy that clearly delineates consequences for violations of security policies and procedures by employees, agents, and contractors. Consequences could include re‐training the employee who violated the policies and procedures, issuing a warning, or perhaps terminating the individual if the violation is egregious or if there are repeat 35
offenses. Sanctions must be applied equally to all individuals, and the policy should apply to any and all violations. If you are in compliance with the Privacy Rule, you will already have a Privacy Rule sanction policy which could be modified to address both Privacy and Security Rule requirements. d. Information system activity review (required): Implement procedures to review regularly all records of information system activity, such as audit logs, access reports, and security incident tracking reports. 3. “Workforce Security.” Implement policies and procedures to ensure that all employees have appropriate access to e‐PHI. Also ensure that those employees who should not have access are unable to access e‐PHI. a. Authorization and supervision (addressable): Implement procedures for the authorization and supervision of employees who work with e‐PHI or who work in areas where e‐PHI might be accessed. b. Workforce clearance procedure (addressable): Implement procedures to determine that employee access to e‐PHI is appropriate. The goal is to ensure that individuals who have access to e‐PHI have appropriate clearance, such as a background check for employees who deal with e‐PHI. Because this Specification is addressable, you can assess what is reasonable in your circumstances. For example, if you are the only employee, you would not need to undertake a clearance procedure on yourself. But remember that you must still document why the Specification does not apply (e.g., the only employee is yourself). In a small community and a practice with only a few employees who all come from that community, a reasonable effort to meet this Specification might be to call a prospective employee’s references and ask about her reliability and trustworthiness. In a larger organization, a formal background check (e.g., criminal record, bankruptcy, etc.) may be necessary to be considered compliant. c. Termination procedures (addressable): Implement procedures for terminating access to e‐PHI when employment ends. 36
4. “Information Access Management.” Implement policies and procedures on how your employees will be given access to e‐PHI and how access will be limited when appropriate. a. Isolate health care clearing house functions (required). b. Access authorization (addressable): Implement policies and procedures for granting access to e‐PHI, e.g., through access to a workstation. c. Access establishment and modification (addressable): Implement policies and procedures to establish, document, review, and modify a user’s right of access to workstations, programs, transactions, etc. 5. “Security Awareness and Training.” Implement a security awareness and training program for all members of your workforce. a. Security reminders (addressable): periodic security updates. b. Protection from malicious software (addressable). c. Log‐in monitoring (addressable): Implement procedures for monitoring log‐in attempts and reporting discrepancies. d. Password management (addressable): Implement procedures for creating, changing, and protecting passwords. 6. “Security Incident Procedures.” Implement policies and procedures to address breaches of security. a. Response and reporting (required): Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security breaches; document security incidents and their outcomes. 7. “Contingency Plan.” Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrences that 37
threaten the security of e‐PHI, such as fire, vandalism, system failure, natural disaster, or theft. a. Data backup plan (required): Implement procedures to create and maintain exact copies of e‐PHI. b. Disaster recovery plan (required): Establish procedures to restore any loss of data. c. Emergency mode operation plan (required): Establish plan for continuation of critical business and security of e‐PHI while operating in emergency mode. d. Testing and revision procedures (addressable): Implement procedures for periodic testing and revision of contingency plans. e. Applications and data criticality analysis (addressable): Assess relative criticality of specific applications and data in support of other contingency plan components. 8. “Evaluation.” Regularly evaluate all technical and nontechnical systems to ensure that e‐PHI is adequately protected, especially if you have recently updated your risk analysis. You must also evaluate all technical and nontechnical systems in response to any environmental or operational changes affecting the security of e‐PHI. Evaluations should be documented and should explain how your policies and procedures comply with the Security Rule requirements. There is no separate Implementation Specification; this is required. 9. “Business Associate Contracts.” Initiate policies and procedures to ensure that all business associate contracts between you and your business associates incorporate and pass along to the business associate the same obligations that you have as a covered entity to comply with the Security Rule. a. Written contract or other arrangement (required): this contract or agreement can be combined with an existing Privacy Rule BA contract. 38
B.
Physical Safeguard Standards Physical Standards require implementation of policies and procedures that limit physical access to electronic information systems (e.g., computers) and the facilities (e.g., an office) in which e‐PHI is housed. The physical “procedure” might be as simple as a lock on the door of the room in which the computers are located or as complex as a retinal scan, depending upon what is reasonable in any given circumstance. The Physical Safeguard Standards and their 8 Implementations Specifications are: 1. “Facility Access Controls.” Implement policies and procedures to limit physical access to e‐PHI systems and the facilities in which they are housed, while ensuring the properly authorized access is allowed. 2. Contingency operations (addressable): Establish procedures to allow facility access to support restoration of lost data under the disaster recovery plan and emergency mode operation. For example, create a process to allow certain individuals to retrieve backup data and transfer that data to a different computer system in emergency circumstances, such as a hurricane or electrical storm. If you have dealt with this security concern through compliance with another Implementation Specification (e.g., a technical measure that automatically backs up critical e‐PHI to a remote computer) or if your risk analysis has determined that this is not a significant risk, then you may not need to implement this Specification. It will not, however, be sufficient documentation just to state “not a risk.” Your explanatory documentation must provide details showing why it is not a risk. 3. Facility security plan (addressable): Implement policies and procedures to safeguard the facility and equipment from unauthorized physical access, tampering, and theft. 4. Access control and validation procedures (addressable): Implement procedures to control and validate a person’s access to facilities based on his role or function, including visitor control, and control of access to software for testing and revision. 5. Maintenance records (addressable): Implement policies and procedures 39
to document repairs and modifications to the physical parts of the facility related to security, e.g., hardware, screens, walls, doors, locks. 6. “Workstation Use.” Implement policies and procedures that describe appropriate functions for a specific workstation (for example, a cubicle) or class of workstations used to access e‐PHI. For example, restrict the e‐ PHI available on a reception area computer to only the e‐PHI needed to schedule or change appointments. There is no separate Implementation Specification for this Standard; it is required. 7. “Workstation Security.” Physical mechanisms must be in place to ensure that access to workstations with e‐PHI is restricted to authorized users. For example, have computer screens turned so they cannot be seen by casual observers. There is no separate Implementation Specification for this Standard; it is required. 8. “Device and Media Controls.” Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain e‐PHI info within and outside of your facility. a. Disposal (required): Implement policies and procedures that take care of the final disposition of e‐PHI and the hardware or electronic media on which it is stored. b. Media re‐use (required): Implement policies and procedures for removal of e‐PHI from media before they are re‐used. c. Accountability (addressable): Keep a record of the movements of hardware and electronic media and any person who is responsible for those movements. d. Data backup and storage (addressable): Create a retrievable, exact copy of e‐PHI as necessary before moving equipment. C. Technical Safeguard Standards Technical Standards require you to have in place policies and procedures that govern the technical aspects of accessing e‐PHI within computer systems, such as, computer passwords and encryption software. 40
The Technical Safeguard Standards and their Implementation Specifications are: 1. “Access Controls.” Implement policies and technical procedures for computer use to ensure only appropriate access to e‐PHI by authorized individuals and software programs. a. Unique user identification (required): Assign a unique name or number for identifying and tracking user identity; sharing user identifications is not permitted. b. Emergency access procedure (required): Establish procedures of obtaining e‐PHI in an emergency. c. Automatic logoff (addressable): Implement electronic procedures that terminate a session after a pre‐determined period of inactivity. d. Encryption and decryption (addressable): Implement a mechanism to encrypt and decrypt e‐PHI. 2. “Audit Controls.” Implement hardware, software, and procedural mechanisms that record and monitor activity on systems containing e‐PHI for security breaches. For example, create a log that shows who accessed a particular computer and when. There is no separate Implementation Specification for this Standard; it is required. 3. “Integrity.” Implement policies and procedures to protect e‐PHI from improper alteration or destruction. a. Mechanism to authenticate e‐PHI (addressable): Create mechanisms to corroborate that e‐PHI has not been altered or destroyed in an unauthorized way. 4. “Person or Entity Authentication.” Implement procedures to verify that a person or entity seeking access to e‐PHI is in fact who he/it claims to be. There is no separate Implementation Specification for this Standard; it is required. 41
5. “Transmission Security.” Implement technical security measures to guard against access to e‐PHI that is being transmitted over an electronic communications network. For example, use secure transmission systems or encryption when e‐mailing or transmitting patient data. a. Integrity controls (addressable): Implement measures to ensure that e‐PHI is not improperly modified without detection. b. Encryption (addressable): Implement a mechanism to encrypt e‐ PHI as appropriate. In a larger practice with established policies and procedures for sharing encryption “keys” with authorized entities, purchasing a computer program that encrypts and decrypts data may be an appropriate way to handle this requirement. A small practice may choose to use a HIPAA‐compliant secure messaging service that meets the security goal without encryption software. VI. COMPLIANCE DOCUMENTATION For all Security Rule Standards and Implementation Specifications, you must keep a written policies and procedures document (it may be in electronic format) that explains how you have complied with each step of implementation. This document must be kept for 6 years from either the date it was created or the date it last went into effect, whichever is later, and the document must be made available to those persons responsible for implementing the procedures. You must promptly update your policies and procedures to comply with any changes in the law or any changes in how you plan to comply with the Standards. VII. GOVERNMENT ENFORCEMENT AND PENALTIES The Security Rule is enforced by the Center for Medicaid and Medicare Sciences (CMS). HITECH now also permits enforcement by the Attorney General of each State. Failure to comply with the Security Rule may result in the following enforcement actions or civil or criminal penalties: CMS administratively imposes a corrective action plan. 42
Civil Penalties ranging from $100 to $25,000 for each violation. Fines of up to $250,000 and imprisonment for up to 10 years. (These same penalties can be imposed for Privacy Rule violations; however, the Privacy Rule is enforced by the Office of Civil Rights (OCR). 43
HIPAA/HITECH As part of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Congress enacted measures to protect the privacy and security of an individual’s health‐related information. The Health Information Technology for Economic and Clinical Health Act (HITECH) amended HIPAA in February 2010. The provisions in the HITECH Act strengthen and expand the protections required by HIPAA, including the enhancement of enforcement and the addition of breach notification. The following information is intended to give you an overview of the requirements under HIPAA/HITECH pertaining specifically to Privacy, Security, Breach Notification and Enforcement. THE PRIVACY RULE The Privacy Rule established a set of national standards for protecting patients’ health information. Specifically, the Privacy Rule addresses the use and disclosure of protected health information and gives patients certain rights to the way their health information is used, as well as personal access to that information. The Rule is designed to be flexible to allow appropriate uses and disclosures to ensure high quality health care. The Office of Civil Rights (OCR) is responsible for enforcement of the Privacy Rule. The Privacy Rule compliance date was April 14, 2003. Here is a summary of the administrative requirements for a covered entity under the Privacy Rule: 1. You must develop and implement written privacy policies and procedures that are consistent with the Privacy Rule. 2. You must select a privacy officer. This person is responsible for developing and implementing your privacy policies and procedures. The privacy officer is also the contact person for receiving complaints and providing patients with information about your privacy practices. 3. You must train your workforce; this includes physicians, employees, volunteers, trainees, and others whose conduct is under the direct control of the entity. Even if these individuals are not paid, they must be trained. a.
You must also have and apply appropriate sanctions against anyone in your workforce who violates your privacy policies and procedures or the Privacy Rule. 4. You must mitigate, to the extent practicable, any harmful effect caused by a use or disclosure of protected health information. 44
5. You are required to have administrative, technical, and physical safeguards to protect the privacy of protected health information. 6. You must provide procedures for complaints. This process must be explained in your Notice of Privacy Practices. 7. You may not retaliate against anyone who exercises a right under the privacy rule, including filing a formal complaint. 8. You must keep all HIPAA documentation for six years from the date of creation or the last effective date. 9. You must provide your Notice of Privacy Practices to patients and obtain acknowledgement that they received it. Exceptions apply in emergencies or in indirect treatment situations. 10. You must have Business Associate Contracts in place with any person or organization that is not a part of your workforce that performs certain functions on your behalf and needs access to your protected health information. THE SECURITY RULE The HIPAA Security Rule established national standards to protect electronic protected health information (e‐PHI) that is created, received, used, or maintained by a covered entity. The Security Rule addresses the technical and non‐technical safeguards that must be put in place to protect an individual’s e‐PHI. This Rule is designed to be flexible to accommodate all sizes and types of covered entities as they adopt new technologies to improve quality and efficiency; while also protecting that information during access, use and transmission. The Office of Civil Rights (OCR) is responsible for enforcement of the Security Rule. The Security Rule compliance date was April 20, 2005. STANDARDS AND IMPLEMENTATION SPECIFICATIONS The Security Rule has specific Standards with regard to Administrative, Physical and Technical Safeguards of e‐PHI. These Standards have Implementation Specifications that provide specific details on how to implement the Standards. Not every Standard has Implementation Specifications but some have many. Standards that do not have any Implementation Specifications are required and you must make reasonable efforts to comply. Implementation Specifications will be either “required” or “addressable.” If an Implementation Specification is required, you must comply. If it is addressable, you have to determine if the addressable implementation is reasonable and appropriate for your particular situation. Listed below is a summary of the Standards and Implementation Specifications for the Administrative, Physical and Technical Safeguards. This information has been taken from the sample HIPAA/HITECH Policies and Procedures Manual for the Security of Electronic Protected Health Information, written by Andrée S. Blumstein JD, with Sherrard & Roe, PLC. This sample is included in this manual in Chapter 1. 45
STANDARDS FOR ADMINISTRATIVE SAFEGUARDS Administrative Safeguard Standards require you to develop and implement policies and procedures to prevent, detect, contain, and correct security violations. 1. Assigned Security Responsibility. Appoint a HIPAA Security Officer who will be responsible for developing and implementing security policies and procedures for your practice. There is no separate Implementation Specification; this is required. 2. Security Management Process. The Security Officer must create and implement policies and procedures that are designed to prevent, detect, contain, and correct HIPAA security violations. a. Risk analysis. (required) A risk analysis process includes, but is not limited to, the following activities:
Evaluate the likelihood and impact of potential risks to electronic protected health information (e‐PHI); Implement appropriate security measures to address the risks identified in the risk analysis; Document the chosen security measures and, where required, why you chose those measures; and Maintain continuous, reasonable, and appropriate security protections. b. Risk management. (required) c. Sanction policy. (required) d. Information system activity review. (required) 3. Workforce Security. Implement policies and procedures to ensure that all employees have appropriate access to e‐PHI. Also, ensure that those who should not have access are unable to access e‐PHI. a. Authorization and supervision. (addressable) b. Workforce clearance procedure. (addressable) c. Termination procedures. (addressable) 4. Information Access Management. Implement policies and procedures on how your employees will be given access to e‐PHI and how access will be limited when appropriate. a. Isolate health care clearing house functions (required): This is required only if a health care clearinghouse is part of your office. b. Access authorization. (addressable) c. Access establishment and modification. (addressable) 5. Security Awareness and Training. Implement a security awareness and training program for all members of your workforce. a. Security reminders. (addressable) b. Protection from malicious software. (addressable) c. Log‐in monitoring. (addressable) d. Password management. (addressable) 46
6. Security Incident Procedures. Implement policies and procedures to address breaches of security. a. Response and reporting. (required) 7. Contingency Plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrences that threaten the security of e‐PHI. a. Data backup plan. (required) b. Disaster recovery plan. (required) c. Emergency mode operation plan. (required) d. Testing and revision procedures. (addressable) e. Applications and data criticality analysis. (addressable) 8. Evaluation. Regularly evaluate all technical and nontechnical systems to ensure that e‐PHI is adequately protected. There is no separate Implementation Specification; this is required. 9. Business Associate Contracts. Initiate policies and procedures to ensure that all business associate contracts between you and your business associates incorporate and pass along to the business associate the same obligations that you have as a covered entity to comply with the Security Rule. a. Written contract or other arrangement. (required) STANDARDS FOR PHYSICAL SAFEGUARDS Physical Standards require implementation of policies and procedures that limit physical access to electronic information systems (e.g., computers) and the facilities (e.g., an office) in which e‐PHI is housed. 1. Facility Access Controls. Implement policies and procedures to limit physical access to e‐PHI systems and the facilities in which they are housed, while ensuring that appropriate access is allowed. (required) 2. Contingency operations. (addressable) 3. Facility security plan. (addressable) 4. Access control and validation procedures. (addressable) 5. Maintenance records. (addressable) 6. Workstation Use. Implement policies and procedures that describe appropriate functions for a specific workstation or class of workstations used to access e‐
PHI. (required) 7. Workstation Security. Physical mechanisms must be in place to ensure that access to workstations with e‐PHI is restricted to authorized users. (required) 8. Device and Media Controls. Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain e‐PHI. a. Disposal. (required) b. Media re‐use. (required) c. Accountability. (addressable) d. Data backup and storage. (addressable) 47
STANDARDS FOR TECHNICAL SAFEGUARDS Technical Standards require you to have in place policies and procedures that govern the technical aspects of accessing e‐PHI within computer systems, such as, computer passwords and encryption software. 1. Access Control. Implement policies and technical procedures for computer use to ensure only appropriate access to e‐PHI by authorized individuals and software programs. a. Unique user identification. (required) b. Emergency access procedure. (required) c. Automatic logoff. (addressable) d. Encryption and decryption. (addressable) 2. Audit Controls. Implement hardware, software and procedural mechanisms that record and monitor activity on systems containing e‐PHI for security breaches. (required) 3. Integrity. Implement policies and procedures to protect e‐PHI from improper alteration or destruction. a. Mechanism to authenticate e‐PHI (addressable). 4. Person or Entity Authentication. Implement procedures to verify that a person or entity seeking access to e‐PHI is in fact who he/it claims to be. (required) 5. Transmission Security. Implement technical security measures to guard against access to e‐PHI that is being transmitted over an electronic communication network. a. Integrity controls. (addressable) b. Encryption. (addressable) BREACH NOTIFICATION RULE On August 24, 2009, an Interim Final Rule was issued that implemented the breach notification requirements outlined in the HITECH Act. Breach Notification requires covered entities and their business associates to provide notification following a breach of unsecured protected health information. The Office of Civil Rights (OCR) is responsible for enforcement of Breach Notification. Breach Notification is required for breaches that occur on or after September 23, 2009. BREACH DEFINED The Department of Health and Human Services (HHS) considers a Breach to be, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual. There are three exceptions to the definition of breach. 48
1. Unintentional acquisition, access, or use of protected health information by a workforce member as long as it is not further used or disclosed. 2. Inadvertent disclosure of protected health information by an authorized person to another authorized person as long as it is not further used or disclosed. 3. If you have a good faith belief that the unauthorized individual, to whom the impermissible use or disclosure was made, would not be able to retain the information. BURDEN OF PROOF It is the responsibility of covered entities and business associates to determine if an impermissible use or disclosure of unsecured protected health information constitutes a breach. In order to make this determination, you should consider the following: 1. Determine if the impermissible use or disclosure involved “unsecure” information. a. Unsecured protected health information is information that is not secured through the use of a technology or methodology identified by the Secretary of HHS to render the PHI unusable, unreadable and undecipherable to unauthorized users. b. Exceptions to Unsecured PHI (Not Subject to Breach Notification) The following information is not considered to be “Unsecured Protected Health Information” and is therefore not subject to breach notification:
De‐Identified Health Information PHI that is encrypted PHI that has been destroyed 2. Determine if the impermissible use or disclosure meets one of the exceptions to breach notification (see above). If the use or disclosure meets one of these exceptions, it is not subject to breach notification. 3. Determine if the impermissible use or disclosure compromises the security or privacy of the individual and poses a significant risk of financial, reputational or other harm to the individual. Rules for how covered entities determine if an impermissible use or disclosure is a breach change as of September 23, 2013. See Omnibus HIPAA Final Rule below. BREACH NOTIFICATION REQUIREMENTS Once you determine a breach has occurred you are required to notify the affected individuals, the Secretary HHS and in some cases the local media. 1. Notice to Individuals: 49
a. Must be sent to all affected individuals 60 days after discovery of the breach and must include:
A brief description of the breach, including the date of the breach and the date of its discovery, if known; A description of the types of Unsecured Protected Health Information involved in the breach; Steps the patient should take to protect himself/herself from potential harm resulting from the breach; A brief description of the actions you are taking to investigate the breach, mitigate losses, and protect against further breaches; Contact information, including a toll‐free telephone number, e‐
mail address, Web site or postal address to permit the patient to ask questions or obtain additional information. 2. Media Notice a. You must notify the media if 500 or more residents are affected by a single breach in one state. 3. Notice to the Secretary a. You must notify the Secretary within 60 days of discovery when a breach affects 500 or more individuals. b. You must notify the Secretary annually for breaches that affect less than 500 individuals. 4. Notification by a Business Associate a. If a breach occurs at or by a business associate, the business associate must notify you following the discovery of the breach. b. A business associate must notify you no later than 60 days from the discovery of the breach. c. The business associate should provide you with the necessary information for the notice. d. You are still responsible for notifying your patients, the Secretary, and in some cases, the media of the breach even though the business associate was responsible for the breach. ENFORCEMENT RULE The HITECH Act made some significant changes to enforcement and penalties associated with violations of the Privacy and Security Rule. Changes and Additions to Enforcement 1. Any Person may be prosecuted, including unauthorized individuals who obtain or disclose protected health information. a. Your staff should be aware that if they commit a HIPAA violation, they can be held accountable individually. 50
2. HHS must impose a penalty for “willful neglect”. a. Not having written policies and procedures as outlined above can be considered “willful neglect”. 3. Civil money penalties to be shared with harmed individuals. a. May incentivize patients to file a formal complaint 4. HHS Secretary is required to perform periodic compliance audits. a. You may now be audited to determine compliance. 5. State Attorneys General may bring civil actions on behalf of residents damaged by violations. ENHANCED PENALTIES HIPAA Privacy and Security are two separate pieces of compliance that many have not fully addressed in their practice. Breach notification is a brand new piece to the compliance puzzle that also requires your attention. As you can see, enforcement of HIPAA is much more stringent than in days past. It is imperative that you train your staff, have up to date policies and procedures in place and that you always investigate and document your investigation of potential HIPAA violations. If you receive a formal compliant regarding a HIPAA violation from the Office of Civil Rights (OCR), you will be asked to submit documentation that demonstrates your compliance with these rules. If you cannot provide appropriate documentation, that may be considered “willful neglect” and you will be subject to a fine simply for not having appropriate policies and procedures. 51
OMNIBUS HIPAA FINAL RULE In January of 2013, the Omnibus HIPAA Final Rule was issued. This rule finalizes the changes to HIPAA Privacy, Security and Enforcement Rules included in the HITECH Act, modifies the Breach Notification Interim Final Rule, and makes other modifications to Privacy, Security, Breach Notification and Enforcement Rules to improve workability and effectiveness and to increase flexibility for covered entities and business associates. The law has an effective date of March 26, 2013, but covered entities and business associates generally have until September 23, 2013, to comply with most of the changes. Below is a brief summary of the changes: Business associates of covered entities will be directly liable for compliance with most HIPAA Privacy and Security Rule requirements Limitations on the use and disclosure of protected health information (PHI) will be strengthened for marketing and fundraising purposes and the sale of PHI without an authorization will be prohibited Patients will have the right to receive an electronic copy of their health information and to restrict disclosures to a health plan for treatment that is paid for out of pocket, in full, by the individual Changes to authorizations for research purposes will allow compound authorizations and the ability to include authorization for future research Authorization will no longer be required to release immunization records to schools or for certain individuals to receive access to a deceased patient’s records Increased penalties for violations of the Privacy and Security Rules as well as increased enforcement of noncompliance due to willful neglect Breach Notification will be required for all inappropriate uses and disclosures of protected health information unless the covered entity can demonstrate a low probability that the information was compromised Covered entities will need to address the following by the compliance date: Update Notice of Privacy Practices to include changes to patient rights, to inform patients of uses and disclosures that require authorization, and to inform patients of their right to be notified in the event of a breach of their PHI Update Business Associate Agreements with new required language Develop policies and procedures for handling new patient rights and strengthening the limitations on uses and disclosures for marketing, fundraising, and the sale of PHI Train workforce on changes and document training This is a brief summary of the changes to HIPAA included in the Omnibus Final Rule. To ensure complete HIPAA compliance, you are encouraged to visit 52
www.hhs.gov/ocr/privacy for access to the entire text of the HIPAA Administrative Simplification Statue and Rules. 53
Mutual Interests.
Mutually Insured.
Adults
Alabama
Arkansas
Georgia
Retention Guidelines for Medical Records
Minors
X-ray or Imaging Immunization Medical Board/ Regulations
10 years from date of last contact
10 years from date
of last treatment
The longer of age
20 or 10 years
after date of last
treatment
Indefinitely
10 years from date of record creation
(SVMIC recommends 10 years from date of last contact)
Kentucky
SVMIC recommends maintaining records in compliance with
KDLA guidelines, requiring records be kept for 10 years from the
date of the last contact with a patient, or in the case of minors,
until the age of 23, whichever is longer.
Mississippi
Adult patients discharged in sound mind: 10 years. Discharged at
death: 7 years. Minor patients age 28. The Mississippi Board of
Medical Licensure requires the Controlled Substances Inventory,
log and patient record be retained for 7 years.
Tennessee
Virginia
10 years from date
of last professional
contact
Six years from last
patient encounter
The longer of age
19 or 10 years after
last professional
contact
The longer of age
18 or 6 years after
last professional
contact
Indefinitely
4 years if separate
interpretive report is
kept. Mammography
records must be kept
for 10 years.
Indefinitely
www.albme.org
(334)242-4116
AL Admin. Code:
r. 545-X-4-.08 (2007)
www.armedicalboard.org
(501)296-1802
Hospital Code: 016 24
Code AR Rules and Regs:
007§14(19) (2008)
www.medicalboard.georgia.gov
(404)656-3913
O.C.G.A. §31-33-2
Indefinitely
www.kentucky.gov
(502)429-7150
www.kdla.ky.gov
Indefinitely
www.msbml.state.ms.us
(601)987-3079
Hospital Rule:
Miss. Code Ann.:
§41-9-69(1) (2008)
Indefinitely
www.state.tn.us/health
(615)532-3202
Tenn. Comp. R. & Regs.
0880-2-.15
Indefinitely
www.dhp.state.va.us
(804)662-9908
18 VA Admin. Code:
§85-20-26(D) (2008)
Note: Office must post record
retention information
54
DISCLAIMER: This information is intended solely to provide risk managemnt guidance. It is not intended to constitute legal advice. This document has been reviewed for
content and relevance but does not dictate policy or expectations. Check with your state’s medical board or other authority often to ensure these guidelines are still current.
MEDICAL RECORD SUBPEONAS You have most likely been told when your office receives a subpoena for medical records you should pay close attention to what it tells you to do and comply promptly because it is an order from the Court. That is true in most circumstances, but not always. It is important to know when to step back and consider saying “No” to the request. No medical practice is required to be completely fluent in the laws regarding subpoenas but you should be aware of two potential pitfalls before responding to the subpoena and providing the information requested. First, check to see if the subpoena is a “foreign subpoena,” i.e.‐not issued by a court in your state or by a federal court. If it isn’t, then it has not been lawfully issued to you. Second, be sure the subpoena provides you with some assurance the person whose records have been requested has been notified and given the opportunity to object to the production of these records. Both of these determinations can be made easily by the medical records clerk in your office. Subpoenas and HIPAA Under HIPAA, all medical practices, with rare exceptions, are considered covered entities in possession of patients’ protected health information (PHI). One of the ways that a covered entity can lawfully release PHI is "in response to a subpoena, discovery request or other lawful process”1 If the subpoena is not lawfully issued, then you may potentially commit a HIPAA breach by releasing the information. You cannot release records if the subpoena is unlawful on its face; that is, it is plainly unlawful when you look at it. The most common and easily spotted example of an unlawful subpoena is one issued by a foreign jurisdiction. In addition to being lawfully issued, the subpoena must demonstrate that the individual whose records are sought, or their attorney, has been given notice of the issuance of the subpoena and that no objections have been filed, or the time to raise objections has elapsed.2 It is not up to you however, to contact the patient and verify they do not object. Typically, the subpoena itself will say that the individual was notified on a particular date and given a period of time, usually 10 days, to raise an objection. Another way of giving assurance may be for the issuer to attach to the subpoena a copy of the letter sent to the individual or their attorney notifying them the issuer intends to request their records by subpoena. Examine the subpoena or letter and be sure the date to raise an objection has passed. If not, you cannot release the records. Remember, it is not up to you to contact the patient and ask if they object and it is very important that you do not do this. If the issuing attorney has given you their assurance the patient has been notified, then you may rely on that and release the records. 1
2
45 CFR 164.512(e)(1)(ii).
Id.
55
What is a foreign subpoena? Contrary to what the name implies, a foreign subpoena is not issued by another country. It is a subpoena that comes from an attorney or court in one state, the “foreign” jurisdiction, and seeks documents or deposition testimony in another state, the “target” jurisdiction. For example, an attorney defending a case that has been filed in an Arkansas state court wants to issue a subpoena to get the plaintiff/patient’s medical records from a physician’s office in Tennessee. The Arkansas court, where the case is pending, has no jurisdiction over the physician in Tennessee. Thus, the subpoena issued in Arkansas would be invalid if it was sent directly to that Tennessee physician because it was unlawfully issued from a foreign jurisdiction. This is true in every state of the union; the subpoena cannot be issued in another state. However, a subpoena issued by a Federal District Court in one state or jurisdiction is valid in every state or jurisdiction. Note that the rules on foreign subpoenas pertain only to cases that are filed in the various state courts. Does this mean that an attorney in another state can never subpoena your records? No, it does not. Each state has its own rules about how its courts will handle a foreign subpoena. These are spelled out in the state’s Rules of Civil Procedure. It is the responsibility of the issuing attorney to be sure they comply with the Rules established in the target state. The Uniform Interstate Depositions and Discovery Act Most states have adopted the Uniform Interstate Depositions and Discovery Act (UIDDA).3 The UIDDA provides an efficient and inexpensive procedure for litigants in one state to depose individuals or to request records and other materials located in another state. Under the UIDDA, the attorney requesting the deposition or records in the foreign jurisdiction can present their state’s subpoena to a clerk of the court in the target jurisdiction, in this case the state where the medical practice is located. The clerk in the target jurisdiction will then issue a subpoena that complies with its own state laws, incorporating all the terms of the out‐of‐state subpoena. The subpoena can then be served on the medical practice in the target jurisdiction according to the local rules for service. In SVMIC’s coverage area, Alabama, Georgia, Kentucky, Mississippi, Tennessee and Virginia have all adopted the UIDDA.4 Only Arkansas has not done so, and requires the attorney in the foreign jurisdiction to actually have a judge, rather than the clerk, issue the subpoena. From a medical provider’s point of view, however, the effect is the same no matter what state you practice in. If you do not see a subpoena that says it was issued by a court in your state, or by a federal court, then the subpoena is not lawfully issued to you and you should not release the records. 3
Uniform Interstate Depositions and Discovery Act, drafted by the National Conference on Uniform State
Laws, approved 2007. Last viewed October 31, 2013. Found at:
http://www.uniformlaws.org/shared/docs/interstate%20depositions%20and%20discovery/uidda_final_07.p
df.
4
UIID Enactment Status Map, last viewed October 31, 2013. Found at:
http://www.uniformlaws.org/Act.aspx?title=Interstate%20Depositions%20and%20Discovery%20Act.
56
The subpoena issued by your local state court may be just a simple, one page document with the original subpoena from the foreign jurisdiction attached to it. In some instances, the local court may completely redo the subpoena on its own forms. As long as it contains the HIPAA language that the patient has been notified by the requesting attorney and given opportunity to object, then you can release the records. Applying These Guidelines in Your Practice All of these rules may sound a little overwhelming but they can be dealt with in just a few short steps. In all likelihood, dealing with a subpoena for medical records is a rare occurrence for your practice. However, when a subpoena for medical records is received, always follow the following steps: 1. Check the subpoena for the place of issue – was it issued in your state or from a Federal Court? The issuing court name is usually located at the top of the document. 2. If it was properly issued, does it contain language that says the patient or their attorney was given notice and a period of time to object to the production of the records? 3. If you can answer yes to both of the above two questions you can release the records. 4. If you answer no to either of these questions, promptly send the requestor a letter (a form letter is fine; see sample) that says that you cannot comply because the subpoena is not valid and state the reason as either number 1 and/or 2, above. 5. As always, when in doubt call the SVMIC Claims Department for additional guidance on responding to a subpoena for medical records. If you are concerned that you may become involved in the litigation related to this patient’s care, be sure to contact the Claims Department. They may be reached at 800.342.2239. 57
MEDICAL RECORDS It would be impossible to overemphasize the importance of maintaining complete, legible medical records. A quality medical record not only serves as evidence of all pertinent facts related to the diagnosis and treatment of a patient, it fosters effective communication among members of the healthcare team and promotes effective management of patient care. Good charting is one of the most important patient care and medical risk management skills a physician can develop. The soundness of the medical record can be judged by asking whether or not another physician could provide immediate and appropriate medical care in your absence with only your chart for assistance. In the event of a medical malpractice lawsuit, the medical record becomes a legal document and can be one of the most powerful, objective and persuasive pieces of evidence that the standard of care was met by the physician. It should also be emphasized that a well‐
documented, legible medical record may actually prevent a lawsuit from ever being filed. One of the first things an experienced malpractice attorney considering a malpractice case will do is review the medical record looking for evidence supporting liability. If that attorney finds a record which is clear, complete and accurate such that even creative interpretation will not support a finding of liability, the attorney may decline to proceed further. Keeping accurate records and consulting them prior to beginning or continuing treatment is integral to good medical practice – failure to do so results in medical malpractice cases being more difficult to defend. The medical record is evidence of the course of a patient’s medical evaluation or work‐up, treatment and condition. The records are the basis upon which the quality of patient care is judged by hospitals, professional review organizations, accreditation bodies, third‐party payors, governmental agencies, medical licensing boards and juries. The record is documentation of communication between the patient and all health‐care providers and may be used by patients and their families, government agencies, public health‐CDC, CMS, etc., other healthcare providers, press, third party insurers, liability carriers, defense attorney, plaintiff attorney, employers and accrediting bodies. An ongoing internal assessment of your systems for organizing, documenting and maintaining medical records is essential to any practice. Standardizing filing and using formats for charting helps to improve the quality of patient care, enhance practice management, and minimize malpractice exposure. To ensure easy review of a patient’s medical information, the medical records should be organized thoughtfully. Each patient should have a separate chart. Color‐
coding or dividers should be used to organize the chart. In addition, each office or clinic should adopt a standard filing system (grouping all progress notes together, all lab results together, consults together, etc.) for all charts so that the medical and office staff can quickly locate information in any given chart. 58
The ideal office medical record contains the following: a. A patient information sheet listing the patient’s name, date of birth, age, gender, marital status, social security number, address, telephone number, insurance carrier, and financial and emergency contact data; b. A health history questionnaire containing: 1. A comprehensive medical history ‐ patient’s past history of illnesses, injuries and treatments, prior operations/hospitalization, current medications, age‐
appropriate immunization/feeding/dietary status; 2. A comprehensive family history ‐ health status or cause of death of the patient’s family members, including specific/hereditary diseases that may place the patient at risk; 3. A comprehensive psychosocial history ‐ significant information about the patient’s activities and other relevant social factors (e.g. marital status, living arrangements, employment, use of drugs, alcohol, tobacco, level of education, etc.); c. A current problem list; d. A current medication flow sheet listing past and present medication regimens (including over the counter) and indicating drug allergies, sensitivities, or adverse reactions; e. A list of allergies; f. Dictated or legibly written progress notes in the SOAP or other problem‐oriented format for each patient visit; g. Documentation of all informed consent discussions; h. Documentation of all instances of non‐compliance, including “no shows” and cancellations; i. Documentation of pertinent discussions with the patient and family members; j. Laboratory, imaging, or other diagnostic reports; k. Consultation requests and reports; and l. Copies of hospital or other healthcare provider records. OFFICE NOTES Each treatment session should be documented appropriately. All treatment given, subjective comments or complaints, response to treatment and patient progress should be stated. As a guideline for defining the levels and components for coordination of care, the examination/assessment should include information that is obtained, gathered and documented by the physician, based on clinical judgment and the nature of the presenting problem(s). The notes will be determined by the physician specialty and whether or not the doctor is consulting for a specific problem; but, the following list should be used as a general guideline for documentation in office visit notes. This list should not be considered definitive or all‐inclusive. For a new patient visit, there should be documentation which covers, but is not limited to, documentation of: 59
1. History and Physical; 2. Chief complaint or purpose for the visit; 3. Objective findings: a chronological description of the development of the patient’s present illness/problem from onset to present; 4. Past history: allergies should be clearly flagged, (e.g., medications, food, etc.) preferably on the front of the medical record; 5. Review of systems; 6. Patient’s expectations and goals for medical treatment; 7. Functional limitations; 8. Diagnosis or medical impression; 9. Treatment plan, including diagnostic and radiologic tests and results; 10. Treatment administered and frequency and anticipated duration of treatment; 11. Treatment results, including complications; 12. Patient’s current clinical condition; 13. Current prognosis; 14. Medication therapy program; 15. Special procedures anticipated; and 16. Follow‐up instructions and appointments. Each visit thereafter 1.
2.
3.
4.
5.
6.
Reason for the encounter and relevant history; Date of treatment; Area and/or condition for which treatment was provided; Treatment given; Any and all formal or informal education; Review or instruction about home‐care programs, including any instruction provided to the patient’s family or primary caregiver. A statement should be included of the patient’s safe demonstration and understanding of the covered aspects of the programs; 7. Subjective comments or complaints made by the patient; 8. Physical examination findings and pertinent prior diagnostic test results; 9. Appropriate health risk factors; 10. Positioning and padding of the patient during treatment; 11. Patient’s response to treatment; 12. Incidents or lack thereof; 13. Patient’s progress or lack thereof; 14. Changes in treatment and the patient’s response; 15. Assessment, clinical impression or diagnosis/revision of diagnosis; 16. Current or continuing prognosis; 17. Plan for continuation or discontinuance of care/treatment; and 18. Signature of caregiver and professional designation. 60
The CPT and ICD‐9‐CM/ICD‐10‐CM codes reported on the health insurance claim form or billing statement must be supported by the documentation in the medical record. ACCURACY, COMPLETENESS, LEGIBILITY Records should be prepared as contemporaneously with treatment as possible in order to avoid confusion and help ensure validity. Entries should appear in chronological order; each entry should be initialed and dated. The physician should initial and date all lab, x‐ray, and consultant reports after reviewing. (“Tracking Log”‐fillable) A consistent format should be used throughout the notes, for example SOAP. Each page and all forms within the record should have a patient identifier to minimize the opportunity for misfiling. All papers in the chart should be permanently affixed to avoid loss of information. All telephone communication should be documented in the chart. It is suggested that physicians use the self‐adhesive SVMIC phone call record forms which can be obtained free of charge through the Risk Management Department of SVMIC. Legibility is a must! Careful diagnosis and a good treatment plan are useless if the written orders are illegible. A jury in a medical malpractice action will equate quick and sloppy documentation with quick and sloppy care. It is recommended that only standard abbreviations be used so entries are easily understood. In the medical record accuracy is vital. A misplaced decimal point or the inadvertent use of a wrong term has precipitated medical disaster. Physicians should be meticulous in charting drug names, doses and regimens. The record should contain only facts and clinical judgment. Personal remarks on a patient’s characteristics or character are not appropriate. Additionally, the medical record should not be used to criticize other providers or hospitals. Records should be complete. This does not mean writing down everything. Poorly written voluminous records may actually increase liability exposure; the key is that the record be objective and concise. All boxes and checklists should be completed to show they were reviewed. Any lists which are written should be complete or have an all‐inclusive statement. Erasures or use of liquid correction fluid such as “White Out” to obliterate an error in the medical record should never occur. The person making the correction should draw a single line through the erroneous entry and write the correction above it. All corrections should be initialed and dated. If additional space is needed, an addendum should be prepared, initialed, and dated with the date of the addendum. Omitted information should be added by identifying the entry as a late entry dating, timing and signing the entry. 61
NEVER EVER ALTER A MEDICAL RECORD Sophisticated techniques have been developed which enable experts to detect the majority of alteration attempts. If it is determined that medical records have been altered it will not only severely damage the chances of prevailing in a medical malpractice lawsuit, but the professional liability coverage for the incident may be at risk. Changes in the medical record, including additional notes, after receipt of a claim or lawsuit should not be made without consulting a SVMIC attorney. ELECTRONIC HEALTH RECORDS (EHR) For those offices deciding to convert to electronic health records, selecting the best system for the practice is one of the most important decisions the office can make. As the demand for electronic health records grow, so do the number of new products. Following is a brief list of things to consider when evaluating an electronic health record system for a medical practice. This list is not intended to be comprehensive nor complete, but rather a tool to raise your awareness of some key issues. 1. Records should never be altered in any way. All errors must be corrected by amendments reflecting late entry date and time. 2. The EHR should have the capability to: Track and display the status of labs, diagnostic studies, and referrals; List and display allergies; Alert providers of contraindications and overdue preventive care; Record and display all current or active medications including acute, chronic, OTCs, herbals, and vitamins; Allow patient consent forms and other patient forms that need signatures to be incorporated as part of the record via scanning, file attachments, or other electronic methods; Contain patient’s medical history, such as obstetrical history, past illnesses, injuries, operations, hospitalizations, and immunizations; Document the treatment plan, including date of plan, provider, and “due” date of plan components; Allow the creation of an outbound referral from within the record, including such information as patient demographics, provider reason for referral, services ordered, and days or number of services requested; Record the beginning date and time of every record entry, including no‐show appointments, refills, etc.; Allow for an electronic signature to approve entries while recording the author’s name, date and time; Easily print patient instructions for treatment plans and medication usage; Display or print the medical record in familiar “progress note” format that includes all the pertinent information surrounding a patient encounter as well as allowing the printing of specific information on each patient such as lab results over a specified period of time; 62
Provide tools for integration of outside paper reports (such as letters and x‐ray reports) into the record; Allow access to providers when on‐call or away from facility; Permit multiple users simultaneous access to the record; Allow multiple persons to contribute to the record of the encounter (nurse, lab, physician, etc.); Allow for exceptions or free‐text in addition to “boiler‐plate” entries; Interface with the billing and appointment systems. 3. Security Customizable passwords that limit access to authorized users; Customizable levels of security and information access; Automatically logs current user off when there is no activity for a defined period; Automatically monitors user access and records date and time of entries and can produce an audit trail; Prevents unauthorized outside entities from accessing data; Conforms to the Health Information Portability and Accountability Act (HIPAA) Security Rule; Documents what content or pages were copied and released and includes the date of release and recipient; Allows for access to records before they have been “signed” while noting that they have not been approved; Regularly (at least daily) produces a backup copy of the electronic record for storage off‐site. DICTATION The successful defense of a malpractice claim or lawsuit correlates closely with the completeness and legibility of a physician’s medical records. It has been the experience of SVMIC that the defense of a claim is more likely to be successful when the medical record is dictated than when it is handwritten. SVMIC has found that physicians are more thorough in the documentation of medical care when they dictate their records. Moreover, dictated records look more professional to a jury. Although they may initially increase practice costs, dictated records often result in a higher degree of office productivity and efficiency. Because dictation takes less time, physicians may also be able to see more patients. Ideally, physicians should dictate in the presence of their patients following an examination. Not only does this result in increased efficiency, but it reinforces patient instructions, serves as a discipline to refrain from inappropriate comments, and includes the patient in the evaluation of his or her health status. Obviously, some degree of discretion is necessary when using this technique. If dictation is not done in the patient’s presence, it should be done as soon as it is practical. Ideally, dictation should take place after each patient visit. Batch records dictated following a number of patient visits are more likely to be incomplete and of poorer quality. 63
Turnaround time for the dictation to be posted in the chart should not exceed 48 hours, although 24 hours is ideal. Delays past 48 hours may cause problems with patients that are being followed closely. When converting to a dictated record or when changing transcriptionists, the office should monitor the transcription closely for several weeks to assure the work is accurate and timely. The physician should review and initial all transcriptions. The use of a dictated record is, of course, impractical in some clinical practices. One example would be prenatal care, which is not amenable to a dictated record. Also, a dictated record may not be feasible when computations and drawings are necessary. SECURITY, RELEASE, RETENTION Medical records should be maintained in secured areas and files. Files or file rooms should be locked when staff is not present. Access to medical records should be limited to office staff with a need to know. Original records should not be removed from the office premises except as required by court order, subpoena or statute. Protocols should be developed that specify under what conditions medical records can be released, and procedures to follow in making a release. Protocols should also be developed related to subpoena requests and third‐party requests for medical information. All requests by attorneys or by the patient for a copy of the medical record should be reviewed by the treating physician. The medical record of a patient is the property of the physician or practice group and are maintained for the benefit of the patient, physician, and office. Patients have the right to request a copy (the original should never be given to the patient) of records or that a copy be forwarded to another party. Medical record copies should not be withheld because of an unpaid bill for medical services. The office must be familiar with state and federal regulations concerning time frame for retention of medical records, x‐ray film, etc. When both federal and state apply, the most stringent regulations should be followed. (See Chapter 1, “Medical Record Retention Guidelines”) PHYSICIAN RELOCATION/OFFICE CLOSURE In some states when a physician leaves a group, the medical group must notify the physician's patients and inform them that their records can be transferred to the physician's new practice if the patient chooses. When a medical group is sold, the physician’s or the physician's estate (in case of the physician's death) should transfer patient records to another physician or entity that is held to the same standards of confidentiality and is permitted to take custody of the records. If a physician wants to take records along to a new practice, the physician group must arrange for the physician to become the legal caretaker of those records. If patients don't authorize their transfer to another physician or group, physicians in a closing group should let their patients know where the records are being stored and how they can 64
retrieve them. A physician or the estate of a deceased physician may sell the elements that comprise his or her practice, such as furniture, fixtures, equipment, office leasehold, and goodwill. In the sale of a medical practice, the purchaser is buying not only furniture and fixtures, but also goodwill, i.e., the opportunity to take over the patients of the seller. A patient’s records may be necessary to the patient in the future not only for medical care but also for employment, insurance, litigation, matriculation, or other reasons. CONCLUSION Physicians in a practice that is closing should talk to their attorney or SVMIC for specific information on how long their patients' medical records must be retained. If selling the practice the records may go to the physician purchasing the practice. Patients should be notified that the records are being transferred and informed that they can authorize the transfer of their records to a physician of their choice. 65
PERSONAL REPRESENTATIVES [45 CFR 164.502(g)] BACKGROUND The HIPAA Privacy Rule establishes a foundation of Federally‐protected rights which permit individuals to control certain uses and disclosures of their protected health information. Along with these rights, the Privacy Rule provides individuals with the ability to access and amend this information, and the right to an accounting of certain disclosures. The Department recognizes that there may be times when individuals are legally or otherwise incapable of exercising their rights, or simply choose to designate another to act on their behalf with respect to these rights. Under the Rule, a person authorized (under State or other applicable law, e.g., tribal or military law) to act on behalf of the individual in making health care related decisions is the individual’s “personal representative.” Section 164.502(g) provides when, and to what extent, the personal representative must be treated as the individual for purposes of the Rule. In addition to these formal designations of a personal representative, the Rule at 45 CFR 164.510(b) addresses situations in which persons are involved in the individual’s health care but are not expressly authorized to act on the individual’s behalf. HOW THE RULE WORKS General Provisions Except as otherwise provided in 45 CFR 164.502(g), the Privacy Rule requires covered entities to treat an individual’s personal representative as the individual with respect to uses and disclosures of the individual’s protected health information, as well as the individual’s rights under the Rule. The personal representative stands in the shoes of the individual and has the ability to act for the individual and exercise the individual’s rights. For instance, covered entities must provide the individual’s personal representative with an accounting of disclosures in accordance with 45 CFR 164.528, as well as provide the personal representative access to the individual’s protected health information in accordance with 45 CFR 164.524 to the extent such information is relevant to such representation. In addition to exercising the individual’s rights under the Rule, a personal representative may also authorize disclosures of the individual’s protected health information. In general, the scope of the personal representative’s authority to act for the individual under the Privacy Rule derives from his or her authority under applicable law to make health care decisions for the individual. Where the person has broad authority to act on the behalf of a living individual in making decisions related to health care, such as a parent with respect to a minor child or a legal guardian of a mentally incompetent adult, the covered entity must treat the personal representative as the individual for all purposes under the Rule, unless an exception applies. (See below with respect to abuse, neglect or endangerment situations, and the application of State law in the context of parents and minors). Where the authority to act for the individual is limited or specific to particular health care decisions, the personal representative is to be treated as the individual only with respect to protected health information that is relevant to the representation. For example, a person with an individual’s 66
limited health care power of attorney regarding only a specific treatment, such as use of artificial life support, is that individual’s personal representative only with respect to protected health information that relates to that health care decision. The covered entity should not treat that person as the individual for other purposes, such as to sign an authorization for the disclosure of protected health information for marketing purposes. Finally, where the person has authority to act on the behalf of a deceased individual or his estate, which does not have to include the authority to make decisions related to health care, the covered entity must treat the personal representative as the individual for all purposes under the Rule. State or other law should be consulted to determine the authority of the personal representative to receive or access the individual’s protected health information. Who Must Be Recognized as the Individual’s Personal Representative The following chart displays who must be recognized as the personal representative for a category of individuals: If the Individual Is: 1. An Adult or an Emancipated Minor The Personal Representative Is: A person with legal authority to make health care decisions on behalf of the individual. Examples: Heath care powers of attorney; Court appointed legal guardian; General power of attorney A parent, guardian, or other person acting in loco parentis with legal authority to make 2. An Unemancipated Minor health care decisions on behalf of the minor child. Exceptions: See parents and minors decision below A person with legal authority to act on behalf 3. Deceased of the decedent or the estate (not restricted to health care decisions). Parents and Unemancipated Minors The Privacy Rule defers to State or other applicable laws that address the ability of a parent, guardian, or other person acting in loco parentis (collectively, “parent”) to obtain health information about a minor child. In most cases under the Rule, the parent is the personal representative of the minor child and can exercise the minor’s rights with respect to protected health information, because the parent usually has the authority to make health care decisions about his or her minor child. Regardless of whether a parent is the personal representative, the Privacy Rule permits a covered entity to disclose to a parent, or provide the parent with access to, a minor child’s protected health information when and to the extent it is expressly permitted or required by State or other laws (including relevant case law). Likewise, the Privacy Rule prohibits a covered entity from disclosing a minor child’s protected health information to a parent, or providing a parent with access to, such information when and to the extent it is expressly prohibited under State or other laws (including relevant case law). Thus, State and other applicable law governs when such law explicitly requires, permits, or prohibits the disclosure of, or access to, the health information about a minor child. 67
The Privacy Rule specifies three circumstances in which the parent is not the “personal representative” with respect to certain health information about his or her minor child. These exceptions generally track the ability of certain minors to obtain specified health care without parental consent under State or other laws, or standards of professional practice. In these situations, the parent does not control the minor’s health care decisions, and thus under the Rule, does not control the protected health information related to that care. The three exceptional circumstances when a parent is not the minor’s personal representative are: 1. When State or other law does not require the consent of a parent or other person before a minor can obtain a particular health care service, and the minor consents to the health care service; Example: A State law provides an adolescent the right to obtain mental health treatment without the consent of his or her parent, and the adolescent consents to such treatment without the parent’s consent. 2. When a court determines or other law authorizes someone other than the parent to make treatment decisions for a minor; Example: A court may grant authority to make health care decisions for the minor to an adult other than the parent, to the minor, or the court may make the decision(s) itself. 3. When a parent agrees to a confidential relationship between the minor and the physician. Example: A physician asks the parent of a 16‐year‐old if the physician can talk with the child confidentially about a medical condition and the parent agrees. Even in these exceptional circumstances, where the parent is not the “personal representative” of the minor, the Privacy Rule defers to State or other laws that require, permit, or prohibit the covered entity to disclose to a parent, or provide the parent access to, a minor child’s protected health information. Further, in these situations, if State or other law is silent or unclear concerning parental access to the minor’s protected health information, a covered entity has discretion to provide or deny a parent with access to the minor’s health information, if doing so is consistent with State or other applicable law, and provided the decision is made by a licensed health care professional in the exercise of professional judgment. Abuse, Neglect, and Endangerment Situations. When a physician or other covered entity reasonably believes that an individual, including an unemancipated minor, has been or may be subjected to domestic violence, abuse or neglect by the personal representative, or that treating a person as an individual’s personal representative could endanger the individual, the covered entity may choose not to treat that person as the individual’s personal representative, if in the exercise of professional judgment, doing so would not be in the best interests of the individual. For example, if a physician reasonably believes that disclosing information about an incompetent elderly individual to the individual’s personal representative would endanger that individual, the Privacy Rule permits the physician to decline to make such disclosure. OCR HIPAA Privacy December 3, 2002 Revised April 3, 2003 68
UNSOLICITED DIAGNOSTIC TESTS From time to time physicians find themselves in receipt of diagnostic test results which either they did not order for their patient or for individuals who are not patients of the practice at all. Such results could be anything from laboratory or pathology reports to mammograms and other diagnostic tests. Medical consumers nowadays are presented with many options to undergo screening type tests without physician involvement or referral. Mobile or freestanding vendors offer various types of ultrasound screenings, and employers or health fairs may offer an assortment of free or low cost screening tests. Occasionally, ER patients will request that their diagnostic work‐up be copied to their personal physician. Accordingly, there are many sources from which a physician or practice may receive unsolicited test results. First, there are two broad categories to be addressed – patients and non‐patients. When an unsolicited test is received regarding an established patient of the practice, whether recently active or not, you should handle that test in the same manner as you would if you had personally ordered the test, including contacting the patient and arranging for any appropriate follow‐up care. Be sure you have a system in place that calls your attention to tests before they are filed in the chart (even if the test results are perfectly normal). Of course, critical or time sensitive abnormal test results should be handled expeditiously. Receipt of an unsolicited test result for a person who is not a patient of your practice presents a different challenge. First, immediately make direct contact with the source of the test result, preferably by phone, to rule out misspellings, patient name changes, or any other typo or mistake that prevents proper identification of an individual who may actually be one of your patients. In addition to the foregoing, other explanations for being unable to match a test result to a patient would include practice mergers, physician relocation, business name changes, etc. The initial phone call will alert the test source that there is a communication problem or mis‐identification that needs appropriate follow‐up. The initial phone call may also be important if the test result is abnormal and time sensitive or life threatening. If applicable, be sure that any concern or urgency is addressed in that initial phone call. Once you have reasonably determined that the individual is not a patient of your practice, you then have the option of accepting the individual as a new patient to your practice if you wish. If you decide to accept the patient, you will of course need to immediately contact the patient to confirm the new relationship and arrange for prompt handling and follow up of the test results. If you do not wish to accept the individual as a patient and desire no further obligation, you should take reasonable action to inform the test source that you are not the correct recipient of the test result. It is recommended that this notification be accomplished by BOTH a phone call and a written documenet. Phone communication with the test source allows them to take immediate action to re‐direct the test result to the proper provider. The test source may also have an independent obligation to contact the individual. The original test report should be mailed or faxed 69
back to the originator of the report with a dated notation written on it, or with an accompanying statement, informing the source that the individual is not a patient of your practice and that you are not the appropriate party to receive the report or test result. A copy of the report with your notation or statement should be placed in a general office file titled “Unsolicited Reports”. Critical or time sensitive abnormal test results should be expedited through the above notification process as needed. In the event the test results or report are emergent, it would be appropriate to make efforts to contact the non‐patient directly when timely contact with the originator of the report is not possible. The above recommendation with regard to non‐patients may appear unnecessarily burdensome. However, it is always good medicine to make sure miscommunication does not result in harm. Also, while there appears to be no obvious legal obligation to act on unsolicited test results for non‐patients, no one desires to be the test case for such an extension of liability. This guideline is not intended to cover all situations that may arise with regard to unsolicited tests. For unique circumstances let reason, patient safety and good business sense be your guide. Some states have statutes conferring immunity on physicians who receive unsolicited test results. Virginia has such a statute covering an assortment of situations with various conditions and exceptions. Finally, to offer some support for physicians in these situations, the American Academy of Family Physicians has adopted a “policy position” disclaiming responsibility for patient notification and management of the results. It states as follows: “Family physicians occasionally receive results of unsolicited clinical tests on patients with whom no patient‐physician relationship exists, most commonly clinical laboratory and radiological studies. When a family physician receives unsolicited clinical testing results in the absence of a patient‐physician relationship, it is the policy of the American Academy of Family Physicians that the physician is not required to assume responsibility for patient notification and/or management of the results.” (1992) (2010 COD) Timely and appropriate notification to the source of the unsolicited test result remains the prudent course to take in these situations. 70
Communication Chapter 2 71
COMPLAINT MANAGEMENT Increasing concerns about the quality of healthcare have arisen as a result of the public perception that cost‐cutting measures have caused premature discharge and clinical mismanagement of patients. Changes in healthcare coverage have spawned concerns that medical care has become a profit‐motivated exercise instead of a caring professional service. In response to these changes, medical offices should develop methods of dealing with patient complaints that relate to quality of care versus method of payment. Every physician’s office should receive, investigate, and respond to every complaint by a patient or patient’s family. At a minimum, medical offices should have mechanisms to inform patients of the complaint process; to receive and respond to complaints in a timely manner; to implement corrective action as necessary to resolve complaints; and to reassure the person filing the complaint that future care will not be compromised. INFORMING PATIENTS One mechanism that can be used to inform patients of the complaint process is to include it in the practice’s “new patient” brochure or on the practice’s website. The brochure should be given to each new patient at their first appointment or mailed to the patient prior to their first appointment. Having response cards to encourage patient feedback and suggestions in the waiting and reception areas is another method to garner potential complaint information from patients. RESPONDING IN A TIMELY MANNER Patient complaints are an opportunity to learn important information about the physician's practice. Some complaints will be frivolous; but some frivolous complaints may obscure more important issues that may be difficult for patients to articulate. Other complaints may point out a system weakness that if left unattended could lead to disaster. If ignored, even minor complaints can become the foundation for a lawsuit. Prompt and thorough attention to a mild complaint can go far toward avoiding an escalation of emotions. The few extra minutes to diffuse a complaint before it escalates are well spent. Upon receipt of any complaint the staff should relay the complaint in a timely manner to the appropriate person. Complaints about medical care should go directly to the physician involved; billing concerns should be referred to the account representative; other concerns should be given to the administrator or designee. Time frames for responses from the medical office should be conscientiously followed. Any deviations from promises made will usually be interpreted by the patient as confirmation of the complaint and reinforcement of their negative feelings. Verbal complaints should receive a courteous response at the time they are presented. A private location should be used if possible. The person making the complaint should be given ample opportunity to discuss their concerns without interruption. If interruption is necessary, it is suggested that it be done tactfully, referring to a statement made by the patient and asking for more information regarding that statement. 72
Written complaints should be acknowledged; the writer should be told that the complaint will be treated as an opportunity to collect more information and attempt to solve the problem. After a thorough investigation that includes a review of the records and, if necessary, interviews with other staff involved, the findings should be communicated in a sympathetic but tactful way. The complainant should be advised when corrective action has been taken. Knowing that action has been taken on problems identified, improves the patient’s perception of quality of care. Physicians should be cautious to maintain confidentiality when the response is communicated to someone other than the patient. Any corrective action that involves staff performance should not be communicated to patients or family members. All discussions with the complainant should be documented. SVMIC should be notified if the physician thinks the complaint may lead to a potential malpractice claim. REASSURANCE The patient or patient’s family should be reassured throughout the complaint process that future care will not be compromised. Should the complaints become unreasonable or abusive, the physician retains the right to terminate the physician‐patient relationship. (See Chapter 6, “Terminating the Physician‐Patient Relationship”) SPECIFIC COMMUNICATION TECHNIQUES Staff dealing with complaints should thoroughly document the entire process and use the following techniques during the complaint process: 1. Treat the complaining patient with dignity and courtesy and due regard for privacy during the complaint handling process. 2. Adopt a listening posture, i.e. making eye contact, sitting if possible, arms relaxed and not folded. 3. Allow the patient to state the problem completely, without interruption. 4. Accept patient’s feelings, without admitting fault or blame. 5. Obtain as much additional information as possible to facilitate investigation of the complaint; reassure the patient that attention will be given to the problem, and that the complaint is important. 6. Provide information regarding steps which will be taken with an expected timetable. 7. Thank the patient. 8. Follow timetables promised whenever possible; if delays arise, inform the patient of the change. 9. Conduct a thorough investigation; interviews with physician or staff involved or document review may be necessary. 10. Determine resolution of the matter and inform the patient of such. 73
ELECTRONIC COMMUNICATION WITH PATIENTS In today’s environment of laptops, smartphones and tablet devices, virtually everyone has access to information just about anywhere and at any time. We bank online, shop online and do a large part of our communication with friends and family online. Tech savvy patients would like the ability to communicate with their physicians online, too. As a physician, you want to be able to accommodate your patients’ needs and to some extent their wants in order to stay competitive, but how can you do this safely while protecting the patient’s privacy? The American Medical Association and eRisk Working Group for Healthcare have both developed guidelines to assist healthcare providers with this new era of communication. We have included their suggested guidelines below. PRIVACY AND SECURITY The Health Insurance Portability and Accountably Act (HIPAA), requires that covered entities establish and implement appropriate policies and procedures to secure Electronic Protected Health Information (EPHI). (See Chapter 1, “HIPAA HITECH Policies and Procedures Manual for the Security of Electronic Protected Health Information”) The Health Information Technology for Economic and Clinical Health (HITECH) Act added the requirement of notifying patients when a breach of unsecured protected health information occurs. In order to be able to communicate with patients safely and securely, certain precautions need to be taken. The Security Rule, which specifically addresses EPHI, does not prohibit the use of email or other electronic communication between a physician and their patient. Instead, the rule states that covered entities must implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e‐PHI. One way to protect unauthorized access to e‐PHI is to use encryption. The Security Rule made the use of encryption an addressable implementation specification, which means that you must decide whether the use of encryption is a reasonable and appropriate safeguard for your practice. EPHI that is encrypted is considered to be secure according to the Breach Notification Interim Final Rule and therefore is not subject to breach notification requirements2. Because of this provision, it would be wise for covered entities to use encryption for all of their EPHI. This would include your electronic health record and practice management system, as well as mobile devices including laptops, USB drives and smartphones that contain EPHI. (See Chapter 1, “HIPAA HITECH Policies and Procedures Manual for the Security of Electronic Protected Health Information”) SENSITIVE INFORMATION Even if you take all the appropriate steps to secure EPHI, you should still inform the patient of the risks associated with communicating sensitive information electronically. In fact, some information such as mental health, substance abuse, sexually transmitted diseases, drug and alcohol abuse and HIV status is so sensitive in nature that you may choose not to communicate this information electronically even with the patient’s permission. You should be familiar with your state’s laws before transmitting this type of information electronically. 74
PATIENT CONSENT The American Medical Association (AMA) Code of Medical Ethics addresses the use of email when communicating with patients. The AMA recommends that physicians get a patient’s authorization before providing any PHI by email, even if the patient initiates the email communication3. Obtaining a patient’s permission to communicate with them electronically does not relieve you of your duty to continue to protect their EPHI. Instead, this helps educate the patient so that they can make an informed decision about this type of communication. To assist you with the development of a physician‐patient agreement for electronic communication, we have provided a summary of the Administrative and Communication Guidelines from the AMA’s Guidelines for Physician‐Patient Electronic Communication4. The full article can be found on the AMA website at www.ama‐assn.org Administrative Guidelines
Terms of communication guidelines (see below) should be clearly outlined and easy for the patient to understand. It is especially important that the patient understands email or any other electronic communication is not appropriate for emergency situations. Instructions for when/how to convert from electronic communication to a phone call or office visit. Patients need to fully understand which services are appropriate for email and which services are better handled at the office. A description of security mechanisms that your practice has put in place to protect EPHI. This might include the use of password‐protection for your workstations, using encryption (if applicable) and verifying a patient’s email address before sending any EPHI. If you have completed your required HIPAA Security Risk Analysis or a recent Risk Assessment, these security mechanisms will have already been addressed and can simply be taken from that documentation. You may consider a hold harmless clause for information loss due to technical failures. As with any legal document, it is advisable to seek further guidance from your own legal counsel on the specifics that relate to your practice and how you choose to move forward with electronic communication with patients. Communication Guidelines
Expected Response Times. Patients should understand how your practice intends to respond to emails just like they understand the process of nurses returning phone calls, prescription refills or any other process in your practice. Determine a time frame and assign responsibility to the appropriate staff. Emergency Situations. Patients should never think that an email is an appropriate way to notify your office in an emergency. If a patient is having chest pain, they should go to the emergency room, not send you an email. Include an automatic notice at the end of each electronic message that reiterates that email or any online communication is not appropriate for emergencies. You should also list alternative forms of communication for patients if they have an emergency; for example, “call 911 or go to the nearest emergency room.” 75
Privacy Risks. Email has inherent privacy risks, especially when a patient’s email is provided by their employer or when access to their email is not password protected. Patients should understand these risks. Unencrypted email provides about as much privacy as a postcard. Neither the practice nor the patient should communicate any information in an unencrypted email that they would not include on a postcard. Access. In order to respond in a timely fashion, employees other than the physician or other healthcare provider may read the message. The patient should understand that the message is not always a private communication between the patient and the treating provider. Purpose. Patients should understand what types of services can be performed electronically. (Prescription refills, appointment scheduling, notification of test results) Format. Educate the patients on what information should be included in the message. For example, if they are in need of a refill they should put “prescription refill” in the subject line of the message. They should also include their name and account number in the body of the message for identification purposes. If you receive a message that is incomplete, you won’t be able to accommodate the patient’s request in a timely fashion. You should also inform the patients to be clear and concise in their communication. If an email is extremely lengthy or is difficult to understand, ask the patient to come in for an appointment. Stay Professional. Never use sarcasm, anger or harsh criticism in messages and discourage patients from doing the same. Do not make references to third parties in a negative way. An electronic message is forever and may be further disclosed. The implementation of any new service or procedure in your office requires direction for both the staff and the patients. Communicating electronically can be a huge convenience for the patient and can help your staff be more efficient. It can also put you at risk legally and the patient at risk medically if there are not clear instructions on how this communication will be handled. Your practice should develop communication guidelines prior to emailing or messaging your patients. This will help reduce risk and make the transition into electronic communication easier. ONLINE COMMUNICATION AND FEE‐ BASED ONLINE CONSULTATION The following guidelines were developed by the eRisk Working Group for Healthcare (used with the permission of Medem, Inc. and the eRisk Working Group for Healthcare), a consortium of professional liability carriers, medical societies, and state board representatives. These guidelines are meant to provide information to healthcare providers related to online communication. These guidelines are not meant as legal advice and providers are encouraged to bring any specific questions or issues related to online communication to their legal counsel. Online Communications ‐ The legal rules, ethical guidelines, and professional etiquette that govern and guide traditional communications between the healthcare provider and patient are equally applicable to email, Web sites, list serves, and other electronic communications. However, the technology of online communications introduces special concerns and risks: 76
1. Security. Online communications between healthcare provider and patient should be conducted over a secure network, with provisions for authentication and encryption in accordance with eRisk, HIPAA and other appropriate guidelines. Standard e‐mail services do not meet these guidelines. Healthcare providers need to be aware of potential security risks, including unauthorized physical access and security of computer hardware, and guard against them with technologies such as automatic logout and password protection. 2. Authentication. The healthcare provider has a responsibility to take reasonable steps to authenticate the identity of correspondent(s) in an electronic communication and to ensure that recipients of information are authorized to receive it. 3. Confidentiality. The healthcare provider is responsible for taking reasonable steps to protect patient privacy and to guard against unauthorized use of patient information. 4. Unauthorized Access. The use of online communications may increase the risk of unauthorized distribution of patient information and create a clear record of this distribution. Healthcare providers should establish and follow procedures that help to mitigate this risk. 5. Informed Consent. Prior to the initiation of online communication between healthcare provider and patient, informed consent should be obtained from the patient regarding the appropriate use and limitations of this form of communication. Providers should consider developing and publishing specific guidelines for online communications with patients, such as avoiding emergency use, heightened consideration of use for highly sensitive medical topics, appropriate expectations for response times, etc. These guidelines should become part of the legal documentation and medical record when appropriate. Providers should consider developing patient selection criteria to identify those patients suitable for email correspondence, thus eliminating persons who would not be compliant. 6. Highly Sensitive Subject Matter. The healthcare provider should advise patients of potential privacy risks associated with online communication related to highly sensitive medical subjects. This warning should be repeated if a provider solicits information of a highly sensitive nature, such as issues of mental health, substance abuse, etc. Providers should avoid active initial solicitation of highly sensitive topic matters. 7. Emergency Subject Matter. The healthcare provider should advise patients of the risks associated with online communication related to emergency medical subjects such as chest pain, shortness of breath, bleeding during pregnancy, etc. Providers should avoid active promotion of the use of online communication to address topics of medical emergencies. 8. Doctor‐Patient Relationship. The healthcare provider may increase liability exposure by initiating a doctor‐patient relationship solely through online interaction. Payment for online services may further increase that exposure. 9. Medical Records. Whenever possible and appropriate, a record of online communications, pertinent to the ongoing medical care of the patient, must be maintained as part of, and integrated into, the patient’s medical record, whether that record is paper or electronic. 77
10. Licensing Jurisdiction. Online interactions between a healthcare provider and a patient are subject to requirements of state licensure. Communications online with a patient outside of the state in which the provider holds a license may subject the provider to increased risk. 11. Authoritative Information. Healthcare providers are responsible for the information that they provide or make available to their patients online. Information that is provided on a medical practice website should come either directly from the healthcare provider or from a recognized and credible source. Information provided to specific patients via secure e‐mail from a healthcare provider, should come either directly from the healthcare provider or from a recognized and credible source after review by the provider. 12. Commercial Information. Web sites and online communications of an advertising, promotional or marketing nature may subject providers to increased liability, including implicit guarantees or implied warranty. Misleading or deceptive claims increase this liability. Fee‐Based Online Consultation – A clinical consultation provided by a medical provider to a patient using the Internet or other similar electronic communications network in which the provider expects payment for the service. An online consultation that is given in exchange for payment introduces additional risks. In a fee‐based online consultation, the healthcare provider has the same obligations for patient care and follow‐up as in face‐to‐face, written and telephone consultations. For example, an online consultation should include an explicit follow‐up plan that is clearly communicated to the patient. In addition to the 12 guidelines stated above, the following are additional considerations for fee‐based online consultations: 1. Pre‐existing Relationship. Online consultations should occur only within the context of a previously established doctor‐patient relationship that includes a face‐to‐face encounter when clinically appropriate. 2. Informed Consent. Prior to the online consultation, the healthcare provider must obtain the patient’s informed consent to participate in the consultation for a fee. The consent should include explicitly stated disclaimers and service terms pertaining to online consultations. The consent should establish appropriate expectations between provider and patient. 3. Medical Records. Records pertinent to the online consultation must be maintained as part of, and integrated into, the patient’s medical record. 4. Fee Disclosure. From the outset of the online consultation, the patient must be clearly informed about charges that will be incurred and that the charges may not be reimbursed by the patient’s health insurance. If the patient chooses not to participate in the fee‐based consultation, the patient should be encouraged to contact the provider’s office by phone or other means. 78
5. Appropriate Charges. An online consultation should be substantive and clinical in nature and be specific to the patient’s personal health status. There should be no charge for online administrative or routine communications such as appointment scheduling and prescription refill requests. Healthcare providers should consider not charging for follow‐up questions on the same subject as the original online consultation. 6. Identity Disclosure. Clinical information that is provided to the patient during the course of an online consultation should come from, or be reviewed in detail by, the consulting provider whose identity should be made clear to the patient. 7. Available Information. Healthcare providers should state, within the context of the consultation, that it is based only upon information made available by the patient to the provider during, or prior to, the online consultation, including referral to the patient’s chart when appropriate, and therefore may not be an adequate substitute for an office visit. 8. Online Consultation vs. Online Diagnosis and Treatment. Healthcare providers should attempt to distinguish between online consultation related to pre‐existing conditions, ongoing treatment, follow‐up questions related to previously discussed conditions etc., and new diagnosis and treatment addressed solely online. New diagnosis and treatment of conditions, solely online, may increase liability exposure, may not be sufficient to comply with statutory and regulatory requirements and should be avoided to the extent possible. ___________________________ 1
45 C.F.R. §164.312(a) (b) (c) (e). Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009 / Rules and Regulations. 42742 3
”Code of Medical Ethics: Opinion 5.026.” American Medical Association (2002). (www.ama‐assn.org) 4
Guidelines for Physician‐Patient Electronic Communications.” American Medical Association (2002).) (www.ama‐assn.org) 2
79
PATIENT RELATIONS For some, it is a taboo is to put the terms money and medicine in the same sentence. There is an unfortunate inference that money will become the focus rather than the art of medicine. Yet, money is a necessity for every organization, whether it is a government, nonprofit, Fortune 500 or medical practice. Whether the money is acquired through taxes, donations or payments for goods or services, there is an external customer funding revenue of the organization. Regardless of whether an external customer is referred to as a constituent, donor, customer or patient, they are the keystone of an organization. In other words, no customers, no business. One word that defines a patient’s expectation. Since every industry is different, external customers have different expectations of service. Understanding a customer’s opinions and expectations of the industry is critical to a successful business. Unique to most industries, healthcare is built on a platform of trust. Patients need to trust their physician and the physician’s staff. Establishing and maintaining a trusting relationship with patients is a challenging and critical necessity for medical practices. Why dead plants in a waiting room can kill a practice. A relatively small percentage of the population truly understands the engineering behind a jet engine or the science of piloting an aircraft. Yet according to the Department of Transportation, worldwide more than 800 million people board an aircraft every year. Since passengers are unable to inspect the plane for safety or interview the pilot to determine if the flight will be successful, passengers rely on a method referred to a “proxy measures.” A proxy measure is simply an indirect measure when there is no direct measure available. In the airplane example, passengers use indirect measures such as; online reviews, friendliness of flight attendants and the overall cleanliness of the plane to determine if the pilot is competent and the aircraft is safe. ProxyMeasure:
Anindirectmeasure,
In much the same way, patients are unable to determine the whennodirect
ability of the physician and staff in a medical setting. While measureisavailable
most physicians have their medical degrees displayed, patients don’t know if the physician was first or last in their class, or how well they did in residency. Therefore, patients use proxy measures to evaluate the quality of medical care provided. These proxy measures include all aspects of patient relations: the politeness and concern of the physician and staff, the cleanliness of the office. 80
Improving a practice with icebergs, proxy measures and patient relations The “iceberg model” is often used to show the relationship between the visible events and the underlying patterns, causes and systems. Only 10% of an iceberg is visible, the remaining 90% is hidden below the surface (Institute, 2012). Patient relations are a series of proxy measures that are a patient’s visible indications to assess a practice. Behind the visible patient relations are a series of internal structures and patterns that positively or negatively influence the patient relations. Patient
Relations Leadership
Culture Core Values Interpersonal Skills Team Skills When evaluating patient relations, it is tempting to fix only the “tip of the iceberg.” By only recognizing the superficial symptoms, the causes are not identified and fixed. Underlying issues must be corrected first to achieve exceptional service. Patient Relations Tips Why is building trust important? It is the core of service in healthcare Patients disclose more information to physicians they trust Patients may see physicians they don't know and haven't heard much about Patients evaluate the quality of medical care based on the courtesy, helpfulness, promptness, and consistent attitude of friendliness by all members Trust will lead to patient retention, which is excellent for the practice because: o The patient is the purpose of the work; not an interruption o The patient makes it possible to pay wages and overhead expenses What steps can I take to build trust? Establish a level of comfort with all patients o Take the time to get to know about the patient’s family environment, job situation, etc. o Knowing the patient helps to shorten each office visit 81
Use every visit to build trust o Establish a history of reliability o Explain to the patient what is going to happen next o Do what you say you will do, when you say you will do it If you tell the patient you're going to call with lab results, make certain you do Use a chaperone during any procedure that requires the patient to disrobe o Makes the patient more comfortable if a staff member of the same gender as the patient is present o Usually discourages a patient from making inappropriate comments or false allegations Why are first impressions important? Patients may see physicians they don't know and haven't heard much about Patients use proxy measures to form an opinion of a physician they’ve never meet o How they are treated by the staff when they call o How the office looks o How other patients are treated by staff o If they sense stress or discontent among the staff o Negative comments can create a liability if they imply incompetence in patient care or unsafe conditions o Comments made about other patients can create a liability by implying bias, prejudice or breach of patient confidentiality How can a good first impression be created? Begin with their first contact and communication with any physician or staff Practice basic good manners Knock before entering a room Address patients by their formal title, unless the patient requests a first name basis Give patients and their family the physician or staff member’s complete attention when greeted Use basic good manners in written records, including e‐communication, as well as telephone and personal conversations Monitor office appearance and efficiency Are the building and parking lot well lit and maintained? Is the office clean? Are the restrooms clean? Are the furnishings in good repair? Are furnishings up to date and suitable for patient populations ‐ elderly, children, handicapped, obese, etc.? Is there a place in the waiting room that a wheelchair can be positioned against the wall like a chair, so the individual does not feel like they are sitting isolated in the middle of the room? Is the layout suitable? 82
Is there appropriate accessibility for the impaired or handicapped? Prescreened reading material should be current and of interest to your patient population. Are patients greeted courteously? Everyone who approaches the front desk should be acknowledged even if it is only with a smile and a nod from the receptionist on the phone. Are arrangements made for privacy to discuss confidential patient matters? Can discussions be overheard in business office, front office, billing office, scheduling, or when calling lab results, or giving referrals? Are wait times longer than 30 minutes? Are reception areas visually monitored by office staff? Are prescription pads secured? Are electrical outlets covered in areas where children may be located? Do exam rooms provide: Privacy ‐ exam tables positioned out of view of opened door. Comfortable temperature Adequate and appropriate reading material available. Confidentiality ‐ be aware of exam room walls that are thin enough to overhear private conversations in adjacent rooms. Monitor telephone and scheduling Call your office to Check on phone service Is the phone answered in two to four rings? Is the hold time longer than 2 minutes? Are there numerous menus to walk through? If a staff member is working with a patient on the phone are they interrupted during the call by another member of the practice? Check on scheduling process Are the office staff and answering service staff courteous, responsive, and accurate in their instructions to the caller? Check on answering service/answering machine procedures Does the answering machine let patients know what to do in case of emergency as well as scheduling an appointment? Monitor office efficiency Evaluate the way patients move through the office How does a patient complete scheduling an appointment and/or procedure? Are exam rooms set up identically to enhance efficiency? Why is communication important? Poor communication may cause misunderstanding that can result in: o Animosity between patients and physicians o Reduced patient satisfaction 83
o Increased risk of liability exposure Effective communications allow the physician to correct any misunderstanding or misinformation the patient may have How can communication be improved? Written Communication o Welcome letter or new patient brochure Used to provide insight into the services, policies and providers available o Website Outline services, policies and providers at your office Provide educational resources Allows patients to access and complete paperwork needed for office visit Face to Face Communication: o Non‐verbal communication can communicate attention and respect Exhibit courteous treatment regardless of race, ethnic origin, economic or financial status Maintain eye contact Sit at patient’s level when talking to them o Verbal communication Establish a communication pattern in which the patient feels that his comments are valuable Use language appropriate to the patient’s level of understanding o Use lay terms, minimizing use of medical terminology (i.e., instead of telling the patient you will “titrate” their medication, tell them you will “change the dose” of their medication) o Be aware of cultural, language, age or intelligence barriers o Check understanding Use terms that are clear and concise Encourage patients to impart both medical and psychosocial information o Be aware of the patient’s desire ‐ or reluctance – to do this o Make the patient aware that they have a role in their own care Evaluate patient understanding o Patient’s perception of a condition or procedure may be very different from the physician’s o Use open‐ended questions and common interview techniques (who, what, when, where, why and how) How can communication in the exam room with patients be improved? Enter the room with a smile, shake the patient’s hand, and call the patient by name (first name or surname, whichever the patient prefers). Adopt a listening posture; don’t appear rushed, even if you are.
Sit when possible 84
Avoid looking at your watch and keeping one hand on the doorknob Be informed
Chart should be reviewed before entering the examination room, although reviewing the record in the presence of the patient can provide an opportunity to reinforce the treatment plan and elicit any patient concerns about compliance Personally interact with the patient whenever possible Use open‐ended questions whenever possible Use active listening skills
Allow the patient to speak without interruption
Suppress the urge to control the conversation
Focus only on what is being said rather than formulating your response in advance
If you must interrupt a patient, state what you understand the patient is saying to that point. Determine the patient’s priorities
“What would you like to talk about today?” “Tell me what’s troubling you most.” Involve the patient in their care and treatment
If necessary, include the patient’s significant other in the education and information where feasible
Be sure to obtain the patient’s permission before including any family members or significant others in discussions which will disclose personal health information (PHI) Set realistic expectations
Careful consent discussion for procedures and surgeries, as well as discussions regarding the side effects and benefits of new medications or injections Minimize distractions when interacting with patients
Minimize interruptions unless absolutely necessary
Listen and make eye contact with patient until a clear message is detected before taking notes
Listen for emotions, behaviors, and intentions of the patient, not only for details or facts Do not allow emotion‐laden words to arouse personal antagonism Integrate patient education materials into the office visit
Keep a file of patient education handouts ‐ medications, drug interactions, diabetes management, etc.
Have the nurse or medical assistant give the appropriate one to the patient
While the patient is reading it, provider may see another patient, and then come back in and answer the patient's questions 85
What are some concerns regarding telephone conversations? A physician who offers medical advice over the phone can legally become the attending physician to a patient they have never seen Relying on communication without facial expressions or body language to clarify and qualify what the words and tone seem to be saying Physician and staff should not assume that a person they are speaking to on the telephone understands what is being said Physician and staff should not assume the caller is a consultant doctor, a pharmacist, nurse, or the patient Potentially dangerous situations should have office protocols, such as: o Staff providing routine prescription approval or giving medical advice by phone, even if the patient is well known to them o Telephone prescription refills and medical instruction handled by non‐
physician staff (See also “Medication Administration,” “Medication Record,” and “Telephone Triage/Medical Advice”) Complaints or diagnoses that most frequently lead to liability are calls concerning o Abdominal or chest pain o Fever of unknown origin o High fever for more than 48 hours duration o Convulsion o Vaginal bleeding o Any head injury o Changes in mental status o Dyspnea o Too tight a cast o Visual alterations o Onset of labor Telephone Best Practices Ask the caller to repeat all of your instructions Phone conversations should be documented both for continuity of medical care and for the defense of a potential malpractice claim. A brief note in the progress record is usually sufficient to document a call Physicians should keep a pad of slips available at all times Each slip in the medical record should be firmly secured, to prevent loss Physicians may want to use the self‐adhesive SVMIC phone call record forms which can be obtained free of charge through the Risk Management Department of SVMIC. At a minimum, the following situations should always be documented in the medical record: 86
Phone calls in which positive test results are reported to patients, noting if the patient was advised to return or seek other medical attention All conversations in which medical advice is given, history is obtained, or significant patient anxiety is expressed Calls to consultants contacted for advice about a specific patient Phone calls in which medication is prescribed or changed. How can telephone communication with patients be improved? Physician and office staff should know to whom they are speaking If the caller is unknown, request their function or experience in the particular medical situation. Unless the physician or staff know the competence of the caller, it is unwise to accept a third‐party’s description of a medical condition If necessary, questioning should occur to verify that the caller understands the situation and/or the information provided. Prescribing and Advising (See also “Medication Administration,” “Medication Record,”) Physician should not prescribe or advise by phone without the patient’s medical history When diagnosing or prescribing by telephone is inescapable A record should be made identifying the caller The caller’s relationship to the patient What information was relayed by the caller Instructions or information given by the physician or staff member Information should be made a part of the patient’s permanent record. Define roles and responsibilities of staff, both for patient relations and medical care issues, regarding telephone communication What about communication when covering call? Physician should be especially diligent regarding the possibility of miscommunication with unfamiliar patients In most litigation, the covering doctor was held 100 percent responsible for damages resulting from a telephone diagnosis while the original physician was exonerated The individual answering the phone is Representing the physician Usually the first contact for all patients Call coverage location should be one that promotes confidentiality Reasonable effort should be made to assure that discussions are private, not overheard What risk issues should be considered regarding telephone conversations? 87
If you must use an automated answering system The menu and scripts should be user friendly Instructions on what to do if the call is urgent should be the first prompt (provide ambulance number or 911) How to request an appointment, prescription renewal, or ask a health question should be included Always include an option at the “root” menu to speak to a staff member immediately Are calls answered promptly – within 3 rings? If you must put a patient on hold: Ask permission before placing a patient on hold Avoid making a patient hold for an extended period of time, apologize if this happens If you know the patient could be on hold for a while, ask for a phone number and offer to call them back when you have the information Do you have policies on: Scheduling and appointments Handling irate, angry or hostile patients/family Urgent or critical calls Phone advice (triage) Phone prescription renewals Handling calls from outside facilities or healthcare providers such as hospitals, labs, consultants, other physicians Which calls are documented in patient’s chart – is there a standardized format? Does the staff know when to hand the caller to a higher level – receptionist to nurse, nurse to physician, etc.? Is there Customer Service training which includes: How to be courteous How to be professional How to be responsive How to be friendly Do patients know how to reach the physician After hours On weekends On holidays If an answering service is used: Is there a confidentiality agreement in place Do they maintain a telephone log with defined requirements, i.e., date and time of call, patient’s name, age and sex, reason for call, etc. Note: the answering service represents you and should be monitored for courtesy, efficiency, accuracy, and proper record keeping Patient Privacy 88
Physicians and staff should be cautious about discussing the patient’s condition with anyone else who may answer the phone. Why is a call back program useful? Whether the caller is a doctor or staff member, most patients appreciate the concern Patient response to call‐back programs is uniformly favorable Patients have the opportunity to clarify instructions How does a call back program work? A day or two after a visit, the physician or physician’s designated staff telephones Postoperative patients Anxious patients New patients Regular patients on new medication or with new medical problems. Patients are asked How they are feeling, If they have any questions, If they have scheduled a follow‐
up appointment, etc. All answers to these questions are entered into the medical record and properly dated and signed How are we doing? Secondary goal of medical practice (after providing quality care) is to maintain a successful business Economics of satisfied patients cannot be overemphasized. If patients are treated well, they tend to rate their medical care higher and remain loyal o Patients are extremely forgiving of medical treatment that does not go as expected, provided that they feel you care and respect them If a patient becomes disgruntled they may not return to your practice o This patient may also share the bad experience with others which may cost you potential patients. o If the patient feels they were not treated well and also has a less than desirable outcome, there may be litigation. o 90% of unhappy patients will never tell you they are dissatisfied, but they do not return to the practice. o Studies show that each dissatisfied patient will complain to at least nine (and up to 20) other people. o Of those people who hear about another patient’s negative experiences, 90% of those told will never give you a first chance to be their physician. o Understanding patients’ perception of your office will allow you to improve your practice. Why should I get feedback from my patients? 89
Demonstrates to your patients that you care about what they think Underscores the importance of customer service to your practice and gives employees a vested interest in meeting patient expectations. Provides feedback concerning the patient’s perception of your practice o Not all perceptions are positive, if a patient does not believe they can tell a practice, they may use the internet to express their satisfaction Identifies areas of opportunity that you can address How do I get patient feedback? Verbal Face to face recognition of caring/respectful attitude by a staff member Complaint about office staff (in person or by phone) Written Internet Report Cards Identifies public perception of your practice Allows comparison to other practices where multiple offices are evaluated Satisfaction Surveys Provide feedback on a variety of areas including office environment, staff behavior and clinical care Use results as a component of employee evaluations What about surveys for Accountable Care Organizations, Patient Centered Medical Homes (PCMH) and Patient Experience awards?
Currently these require a practice use the Consumer Assessment of Healthcare Providers and Systems (CAHPS) PCMH Survey For a complete list of ACO surveys, see the CMS document: ICN 907407 October 2011 For approved survey vendors or more information, the NCQA website www.ncqa.org or
contact NCQA Customer Support at 888-275-7585 What do I do with the feedback? Do not jump to any conclusions, even if the review is negative and directed at a particular employee Investigate the underlying causes Correct any underlying issues or patterns How your staff treats your patients is a reflection of your culture Patients are extremely forgiving if they are treated in a manner that lets them know that you care. Creating an environment of trust allows staff to focus on your patients and let them know you care. How a patient feels about a practice is just as important as medical expertise. This 90
connection between, patient, staff and physician can make a critical difference in whether a patient who has had a bad outcome will sue. Patients want to trust their physician and staff. If a patient knows they are cared for as a person, they are extremely forgiving. 91
SOCIAL MEDIA Social media takes many forms. Most notable and popular among those are Facebook, Twitter and LinkedIn. These different social media programs reside on the internet and allow one to create a profile and connect to others to develop a personal network. The user can share personal information through demographic and personal information, online comments or posts, upload photos and control who has access to this content through privacy settings. In most cases these programs can be accessed from a smartphone making them available virtually anywhere. Other tools include YouTube, blogs and wikis. Businesses may use all these resources to enhance communication with current and potential customers. In the context of a healthcare setting, particularly a medical practice, social media can be used to engage patients in their own healthcare. Educational materials and videos can be viewed by patients thus better preparing them for a procedure or first visit to the practice. Consider the possibilities to announce the arrival of flu vaccine or reminders for back‐to‐school physicals or publicize new services at virtually no cost. These tools also provide an excellent opportunity to gather ideas, suggestions or feedback from patients and the community‐at‐large, further engaging them. As society becomes more technologically savvy and relies less on traditional modes of advertising such as phonebooks, patients are increasingly taking to the internet and all it has to offer. Given the strong correlation between patient referrals and growth in the healthcare system, it is easy to understand why physicians and practices are looking to social media to develop or enhance new and existing patient relationships. Social media provides the forum for patients who have never met to share their impressions of the practice and the care they received. It essentially provides the opportunity for word‐of‐mouth advertising to go electronic. While the effect of positive patient reviews may be a boon to a practice, there is a downside. Patients can share negative experiences just as easily as positive ones. There are also ethical considerations in developing a relationship with a patient via social media. Until now the line has been pretty clearly drawn in regards to developing friendships with patients but does an online “friend” count? These friendships can be problematic because there is the potential to not prioritize the clinical needs of the patient. There is also the potential the physician or provider may learn private information about the patient such as smoking, drug use or drinking which impacts the relationship. The American Medical Association responded to the situation with the creation of a policy on the use of social media, AMA Policy: Professionalism in the Use of Social Media. In this policy the AMA specifically states “physicians must maintain appropriate boundaries of the patient‐
physician relationship in accordance with professional guidelines, just as they would in any other context.” While cautioning against an inappropriate online physician‐patient relationship, the policy also warns physicians are not only responsible for their own actions but also for those of their colleagues. Physicians who see posted content that appears unprofessional should notify the individual to provide an opportunity to take appropriate 92
action. Behavior that significantly violates professional norms with no corrective action is to be reported to the appropriate authorities. There are a great many opportunities associated with the use of social media. The possibility to share important information with patients and their families at minimal cost is very attractive. There are also an equal number of risks which carry significant costs. Before developing an online image via social media, it is wise to first develop a social media policy. As one develops policy there are some key risks and tips to consider. SOCIAL MEDIA RISKS Communication with patients could be considered medical advice. Patient privacy rules still apply. Comments and photos posted on the internet become virtually permanent. Even if the posting is removed online it is still likely recoverable from some source and there may even be printed copies. Anyone can see what is posted either through their own access or through someone else with access. Anyone can post anything – true or false. Employees may make inappropriate comments. SOCIAL MEDIA TIPS Do not use social media to provide medical treatment. Educate patients on proper use and include a disclaimer. Assume nothing is anonymous. Review privacy settings on a regular basis. These may change as new versions of the software are released. No matter what a patient or another person says, do not be tempted to respond with protected information. Monitor sites routinely for inappropriate behavior. Keep personal and professional life separate. Consider establishing separate profiles using a nickname or middle name to protect personal information. Establish and maintain boundaries. Allocate resources and authority to manage your online presence. Develop a social media policy and educate staff. CONCLUSION As physicians and practice executives develop their practice’s policy and create an online image, consider what the organization’s goals and fashion online use accordingly. Who is the practice trying to reach, where do they expect to find the doctor or practice and what are they looking for? Allocate the appropriate resources for this marketing initiative including someone to manage it if this is not done by the physician personally. Two way communication requires practices remain current and consistent in monitoring whatever tool(s) they are using. An unanswered comment can be just as dangerous as an inaccurate one because both are equally available to the public. Remember, any actions and posted content may negatively impact the 93
physician and practice’s reputation and career, be detrimental to patients and undermine the public trust in the medical profession. Properly managed, however, social media can be a cost‐
effective method of enhancing both patients’ care and trust in their physician. 94
Environmental Safety and Infection Control Chapter 3 95
DISASTER PREPARATION A disaster is any event which disrupts practice operations for more than 24 hours, impacts the ability to see and care for patients and/or impacts cash flow. Disasters take many different forms. There are external disasters such as floods, tornadoes, acts of terrorism, pandemics, etc. Internal disasters include a computer system crash or loss of medical records, a burst pipe, power failure or significant staff absences. Among the different kinds of external and internal disasters there are varying degrees of severity. Some may represent a prolonged inconvenience while others may result in a total cessation of operations. In each scenario however, the impact can be lessened through appropriate disaster planning and preparation. Practices should develop disaster plans for the most likely possibilities. While no plan can cover every possible contingency, a well‐developed and executed plan gives structure to the organization when it is most needed. Additionally, a disaster plan will assist in providing for the care of patients, the safety and security of employees, protect the interests of the employer and minimize potential litigation. Additionally, a plan gives purpose to employees and outlines their responsibilities in a crisis when the tendency might be to panic. It should define what is to be done in the situation, when and how it needs to be done and who is to do it. In developing a disaster plan, reverse planning is a common strategy. Reverse planning begins with the potential disaster and the worst possible outcome and works backwards from there envisioning a successful recovery. The next step is to identify the individual actions necessary to achieve the envisioned recovery. From there the process is broken down into manageable tasks which are defined and assigned to personnel for execution during the disaster. In developing a disaster plan for your practice, consider the following steps: Form a team Utilize reverse planning Keep it simple Obtain plans from hospitals, other practices and community resources for use as a guide Model your plan after others Customize your plan to your staff and resources Distribute the plan to key staff and other entities for input Finalize the plan Implement the plan Develop and conduct staff training; training should be ongoing and include simulation exercises Re‐evaluate and update the plan annually A successful disaster plan will address all facets of practice operations including its physical structure, communication, information technology (which includes the preservation of medical and business records), patients, employees, practice property and supplies. 96
The Federal Emergency Management Agency (FEMA.gov) provides a number of disaster planning tools available for download from their website www.fema.gov 97
EQUIPMENT SAFETY Staff must be trained in the use of any patient care equipment they are responsible to use. Medical equipment should be inspected and, if required, calibrated by a Biomedical Technician in accordance with manufacturer’s recommendations, but at least semiannually. The schedule of maintenance and calibration of equipment should be put on a reminder list so that it is not overlooked at the time it is required. Any discrepancies observed by employees should be reported and the equipment should be removed from active use. The equipment should then be inspected and sent for repair. In the event of an injury resulting from malfunctioning equipment, the following steps should be taken: 1. Use of the equipment should be immediately discontinued and the normal incident reporting procedure followed. 2. The appropriate person should be notified immediately. 3. If possible, the equipment should be maintained in the same condition as it was at the point of injury. The equipment should be unplugged and settings unchanged. If possible, photographs should be taken. 4. The equipment should be secured in a manner that other persons cannot come into contact with it. 5. Under no circumstances should an employee attempt to correct malfunctioning equipment. The appropriate Biomedical technician/engineer should inspect the equipment. 6. An unusual event report should be completed and submitted to the responsible individual. 7. The incident should be evaluated and additional information obtained to complete the necessary forms for the Food and Drug Administration (FDA), as necessary. If an employee or patient experiences a serious illness, injury, or death as a result of any office equipment, this occurrence must be reported to the FDA immediately. A serious illness or serious injury is defined as: 1. Life threatening. 2. Resulting in permanent impairment of body function or damage to body structure. 3. Requiring immediate medical or surgical attention. 98
FIRE SAFETY The medical office should have a plan in place to deal with a fire in the office. A fire is considered to be any uncontrolled flame and/or smoke. The office should conduct periodic fire drills to demonstrate and improve employee response to a simulated fire emergency and to preserve lives and prevent undue panic in the event of an actual fire. Each employee should be aware of the fire exits and proper procedures for ensuring fire safety. The following steps should be taken to ensure effective handling of a fire situation: 1. Staff members should participate in annual fire extinguisher training classes. 2. Fire drills should be held each quarter. Fire drills are conducted to allow personnel to practice how they will respond to a fire and to reinforce fire safety education. To ensure that drills provide the maximum benefit, personnel should respond as if there were an actual fire. Appropriate in‐services should be held pertaining to fire safety. Pre‐assigned locations to meet outside the building should made for all personnel to account for all employees after the evacuation. In the event a fire is discovered, staff should remain calm, act quickly, and follow the RACE acronym steps: 1. Remove any patients, visitors, or staff from the immediate area. 2. Activate the nearest appropriate fire alarm. If unable to leave the vicinity of the fire, designate someone to call 911 and make appropriate notifications. Be prepared to name the location of the fire. 3. Close the door to the immediate area; close all other doors in the office. 4. Evacuate office, or extinguish fire with fire extinguisher as appropriate. When using a fire extinguisher, use the PASS acronym: P: pull the pin A: aim at the base of the fire S: squeeze the handle S: sweeping motion STAFF RESPONSIBILITIES The person who finds the fire: 1.
2.
3.
4.
5.
6.
Evaluates fire according to type and extent. Move patients away from the area of danger. Pulls nearest fire alarm. Closes the door. Reports fire or designates another individual to report fire. Notifies receptionist or designated individual of type, location, and extent of fire. 99
7. Evacuates if indicated. 8. Uses appropriate fire extinguisher. RECEPTIONIST 1. Calls 911 or notifies the local Fire Department of location, extent and type of fire. 2. Announces designated code for a fire, for example, “Code Red”, three (3) times consecutively over the public address system (if available) giving the zone/location of the fire, for example “CODE RED, Exam room 3.” 3. Notifies appropriate supervisory personnel by phone or pager. ADMINISTRATOR/OFFICE MANAGER 1.
2.
3.
4.
5.
Determines need to evacuate. Reports to appropriate staff on progress. Notifies staff when “ALL CLEAR” has been announced. Coordinates activities in the area and secures offices. Assumes responsibility for: a) Safety of patients in the area b) Sending personnel to area of need c) Keeping corridors and doorways clear 6. Reports fire to Fire Department. 7. Secures business, personnel, and medical records. OTHER PERSONNEL 1. Report to designated area for instruction. 2. Close doors and windows. 3. One employee may need to monitor the front entrance, asking arriving patients to remain in waiting area or parking area. 4. Reassure patients and family members. 5. Evacuate as directed. 6. Carry area fire extinguisher to fire location for use if needed. 7. Remain calm. No disaster plan can cover all scenarios. Employees should be trained and empowered to exercise their own best judgment in evaluating the danger of a situation. 100
INFECTION CONTROL Each practice should ensure that the environment of the office is preserved at the highest level of asepsis and that precautions are taken to protect patients, visitors, and personnel from infection. Policies and procedures must be developed and stringently followed. An infection control program should be based on current guidelines and recommendations from the Centers for Disease Control and Prevention (CDC) and the Occupational Safety and Health Administration (OSHA). The office should maintain responsibility for influencing, coordinating, implementing, supervising, and evaluating standards of care through in‐service and infection control activities. Universal blood and body fluid precautions should be the minimum standard practiced in the care of all patients. MANAGEMENT RESPONSIBILITIES The administrator/office manager should have responsibility for the overall coordination and implementation of the infection control and education programs in the office, including close communications with all personnel concerning infection control problems and epidemiological hazards. Developing and conducting in‐service education programs for all office personnel to improve the knowledge and practice of infection control and to fulfill other educational needs may be delegated to one staff member, although primary responsibility will remain with the administrator/office manager. The staff member assigned responsibility for the daily operation of the infection control program should also be responsible for the following related activities: 1. Compiling clinical data and actively assisting in research studies related to infection control. 2. Keeping accurate records of all ongoing epidemiological programs, surveys, and problems. 3. Reporting and providing information required by the City or State Health Department, the CDC, and other authorities. 4. Conducting infection‐control orientation for new employees. ORIENTATION AND EDUCATION Ongoing educational programs that encompass appropriate aspects of infection control should be implemented, reinforced, and evaluated on a regular basis. The office‐orientation program should include details of the infection‐control program and each employee’s individual responsibilities. In addition, employees should attend annual infection‐control educational programs where attendance is recorded. A record of the employee’s attendance should be kept in the employee’s personnel file. The infection‐control policies and procedures should address the following topics (the list is not all inclusive): 101
1.
2.
3.
4.
5.
6.
7.
8.
9.
Employee illness and patient contact ‐ Individuals who work in healthcare are exposed frequently to persons with infectious diseases. Healthcare workers also pose a risk to patients and other personnel if they develop a communicable disease (employees with shingles should not care for newborns, etc.). Written policies, therefore, should exist regarding exclusion of staff members with contagious illnesses. Respiratory tract infections may not be a reason to exclude office personnel, but precautions should be taken with an emphasis on hand‐washing before all patient contacts. Communication with health department authorities ‐ The physician must be aware of the rules and regulations covering the reporting of communicable disease in their location. Policies and procedures for communication with local and state health authorities regarding reportable diseases and suspected outbreaks should be established. (See Chapter 6, “Reportable Diseases and Events”) Hand washing and use of gloves – Hand washing is the single most important method to prevent transmission of infectious agents. Hands should be washed before and after each contact with patients, body fluids, and contaminated or soiled materials; between dirty and clean procedures on the same patient, after removing gloves; before and after performing invasive procedures; after using the rest room; and whenever hands are visibly soiled. Contagious patients and how they are handled ‐ Infected patients who are symptomatic should be segregated from well patients as quickly as possible. In some cases, the patient may be asked to use a separate entrance to avoid the waiting area. Ideally, immunocompromised patients should not wait in the general waiting area but be escorted immediately to an exam room. Skin preparation procedure and solutions for injections and other procedures – Immunizations, routine venipuncture as well as for incision, suture, and collection of blood for culture. Cleaning of environment – Toys, examination rooms, rest rooms, air flow, personal and diagnostic equipment, general housekeeping of floors, counter tops, and refrigerators, etc. Sterilization and disinfection of instruments, scopes, and other equipment ‐ Monitoring of sterilization equipment must be performed. The procedure recommended by the manufacturer to document sterility should be done at least weekly or at the frequency recommended by the manufacturer and results recorded. Written policies for sterilization and disinfection in the office will ensure that these procedures are performed properly, and regular reviews should be conducted to be sure that policies are being followed. Disposal of medical wastes ‐ The federal OSHA standard, as well as local and state regulations, dictate the proper disposal of medical wastes, including dressings, needles, sharps, and body fluid samples. Staff must be educated on the rules and they must be followed. Bloodborne Pathogens Exposure Control Plan – OSHA regulations mandate an office that puts employees at risk of exposure to BBP must implement an exposure control plan (ECP) that meets the Federal Bloodborne Pathogens Standard (see OSHA). The office’s ECP must be kept current with the latest guidelines and be readily available and understood by employees. 102
10. Tuberculosis Exposure Control Plan ‐ Policies should be established regarding screening of new hires and handling patients who have active tuberculosis. Depending on the patient population and number of cases in the practice’s area, an exposure control plan should be put into place based on the CDC recommendations. 11. Judicious use of antimicrobials ‐ Another aspect of infection control is diagnosis of infection and institution of antibiotic therapy when indicated. Inappropriate use of antimicrobial agents in hospitals and in physician offices has contributed to the emergence of antibiotic‐resistant organisms. Judicious use of antimicrobial agents is essential to limit the emergence and spread of drug‐resistant bacteria. The Centers for Disease Control and Prevention and different medical associations have provided guidelines for the judicious use of antibiotics. 12. Wound Management ‐ All open wounds should be dressed or debrided with sterile techniques only. Any unexplained drainage, inflammation, or swelling of the wound should be reported to the attending physician. 13. Scheduling ‐ Isolation patients should be scheduled during times of minimal activity. Patients with infectious or draining wounds should be scheduled at the end of a scheduling period, whenever possible. 103
INTERNAL DISASTER An internal disaster is an occurrence that causes significant disruption of the office’s normal operation. Such occurrences include, but are not limited to, explosion, fire, flooding, or a chemical release or spill. All staff should be prepared to respond calmly and efficiently in the event of a disaster. A disaster plan should be developed and implemented. The person finding or receiving information of a possible internal disaster situation should notify the appropriate person. That person should assess the situation, noting the following: 1.
2.
3.
4.
Size and scope of imminent danger. Number of staff members and patients involved. Estimate of the extent of injuries. Estimate of facility damage. The Disaster plan should categorize disasters and appropriate response based on the severity of the incident. Suggested levels and response in a disaster plan are: Level 1: Minor isolated disaster. Move patients to a safe area within the office. Level 2: Isolated disaster involving one entire treatment/work area. Evacuate patients to any safe place within the office. Level 3: Major internal disaster requiring evacuation of the entire office. Patients may be sent home, transferred to another medical site, and/or rescheduled. If at any time there arises a question of safety, patients should be moved to a safe location. Circumstances may arise making it necessary to evacuate a given area without waiting for an order. Should such a situation occur, the person in the area of the occurrence will have control over the evacuation process. A process for maintaining a list of patients in the office and assuring that all have been evacuated should be implemented. 104
SAFETY PLAN The medical office safety plan is developed to contribute to a safe and healthy office environment for both patients and staff. In order for the plan to be successful, each employee should have a working knowledge of the plan. Management’s responsibilities include: 1. Planning for space, equipment and resources needed to safely and effectively support the services provided; 2. Educating the staff about their role in safety; 3. Developing standards to measure staff performance relating to safety issues; and 4. Implementing plans to manage safety issues. Effective management of safety includes employing processes and procedures to reduce and control facility hazards and risks, prevent accidents and injuries, and maintain safe conditions for patients, staff and others. The authority and responsibility for the plan rests with the administrator. The administrator should have the authority to take action in situations that require immediate intervention to avoid serious risk to patients, staff, and others. This authority should be delegated to someone else during ANY administrator absences. Educational activities represent a primary means through which the safety program will effect improvements in the safety of patients, staff, and others. Members of the management staff are responsible for ensuring that employees under their direction participate in relevant safety educational programs. All new employees should attend orientation programs to receive initial safety training. Thereafter, each employee must participate in any relevant educational programs and reorientation annually to ensure that all personnel are trained in safety and emergency procedures. (“Orientation Checklist”) Management may elect to delegate responsibility for daily operation of the safety program to one or more staff members. Responsibilities of the safety representative(s) include the following: 1. Coordinate the approach to safety through the development of programs, policies and procedures. 2. Conduct regular surveillance assessments of the office and take action when opportunities to improve safety are found. (“Environmental Safety Checklist”‐
fillable) 3. Implement an incident report program, providing general and office specific education and implementing administrative and engineering controls where appropriate to prevent accidents. 105
4. Minimize opportunities for clinical equipment failure, or user error, by monitoring preventive maintenance and inspection procedures, as well as providing special education and educational programs for users and maintainers of clinical equipment. 5. Provide regular general safety training to all personnel on issues consistent with industry standards and the ongoing review of information collected regarding specific safety issues. 6. Develop programs in accordance with applicable laws and regulations that deal with chemical, radioactive, and medical hazardous materials and wastes. 7. Implement and maintain an emergency preparedness program. 8. Minimize opportunities for utility failure or user error by monitoring preventive maintenance and testing programs, as well as providing specialized educational programs for users and maintainers of utility systems. 9. Post safety regulations regarding equipment in all patient care/service areas, stating that the use of office equipment is only permitted by office personnel. 106
Financial Chapter 4 107
ADVANCED BENEFICIARY NOTICES An Advance Beneficiary Notice (ABN) is a written notice, which a group practice gives to Medicare beneficiaries. The purpose of the ABN is to inform the patient prior to receiving specified items or services that might be paid for by Medicare that the program will not pay for those services to that particular beneficiary on that particular occasion. If the practice does not use an ABN, it will be responsible for paying for all uncovered or partially covered services and the patient is not responsible. The practice must use the form approved by CMS, but may place its letterhead at the top of the CMS approved letterhead, as long as no language is changed and the font‐size remains the same. The ABN must be filled out and signed in person, in writing and not over the phone. The Medicare beneficiary must have the capacity to understand the notification and have it in their language. The practice must submit an ABN for each service that they believe Medicare will deny as not medically necessary. There must be a specific reason to believe that Medicare may not pay for certain items. Examples of statements to be entered on the ABN might include:
Medicare does not pay for this service for your condition Medicare does not pay for this service more often than (frequency noted) Medicare does not pay for services that it considers to be experimental or for research use Generic or blank notices are not acceptable and will not protect the practice from financial responsibility. However, there are exceptions to the prohibition of routine ABNs such as:
Services that are always denied for medical necessity ‐ State in the “because box: “Medicare never pays for this item/service.” You do not need to submit a claim. Experimental items and service(s) – Give the ABN that states in the “because box: Medicare does not pay for items or services which it considers to be experimental or for research use” (“Advanced Beneficiary Notice‐English” fillable and “Advanced Beneficiary Notice‐Spanish"
fillable, and “Advance Beneficiary Notice Instructions”) For more information on this form and its use visit the CMS website, www.cms.gov. 108
BILLING AND COLLECTIONS The management of the billing and collections operations in a medical practice is critical both for the fiscal strength of the practice and the quality of the physician‐patient relationship. There should be clearly defined written policies and guidelines governing billing and collections procedures. Patient dissatisfaction can result if the charge for services is unexpectedly high, particularly in the event of a bad outcome. It is good practice to let the patient know in advance of the first appointment what the financial policy is. The financial policy should be discussed at the time the appointment is made. At the very least, fees and payment expectations should be discussed at the first office visit by someone with excellent communication skills who has been designated as having responsibility for billing matters. Fee and billing matters are sensitive issues and should be handled delicately and with diplomacy. HIPAA requires that a practice take reasonable steps or safeguards in limiting disclosures to insure privacy. A confidential area should be designated to discuss billing concerns and problems. Staff should be instructed on the importance of maintaining confidentiality of billing matters and also to be sensitive to possible patient animosity regarding a bill. Such animosity may, in fact, be an expression of overall dissatisfaction with the care rendered and should be dealt with immediately. Any patient refusal to pay a bill should be addressed as soon as possible. If lack of financial resources is an issue or a challenge, all efforts should be made to establish or negotiate a payment schedule. In addition to those procedures previously mentioned, the billing and collections procedures listed below should be followed by all personnel to ensure optimum payment for services rendered and to maintain a professional relationship with the patients: 1. Inform all patients of the practice’s financial policy prior to service by including the billing information in the patient information brochure. Include such items as insurance company participation and billing, patient responsibility, time of service payments and acceptable forms of payment. 2. Demographic and billing information should be obtained for all patients receiving service at the time the appointment is scheduled. 3. Meet with new patients to explain the practice’s policy regarding financial expectations and discuss the expected insurance coverage, patient responsibility and payment arrangements. 4. Patients should be advised over the telephone when they make their appointment that payment or proof of insurance is expected at the time of service. If the practice sees a patient who has no insurance or cannot pay for the service, such as an emergency room referral, payment arrangements should be discussed by the business office representative. 5. Verify all insurance coverage/limits, deductible status and copayments, as well as referral and precertification requirements. 6. Collect all copayments. 109
7. Verify the patient's demographic and billing information at each office visit. 8. Request the patient complete or update a general information sheet annually. 9. Provide patients with the business office contact information for assistance with billing questions. 10. Make it convenient for patients to pay at the time of service or upon receipt of a mailed statement. 11. If any employee suspects a problem or the patient indicates difficulty making payment, the business office representative should be informed immediately to establish a reasonable payment plan with the patient. 12. All encounter forms should be accounted for at the end of each day. 13. Physicians are responsible for assignment of the proper diagnoses and procedures performed on each patient’s encounter form. If any discrepancies are found, the business office representative should immediately consult with the physician. 14. All personnel having contact with or responsibility for patient billing should be thoroughly trained and oriented in the proper procedures to follow before performing any billing activities. All business office representatives should be familiar with the appropriate sections of the ICD‐9/10 and CPT codes manuals most often utilized in a medical practice. 15. All discounts and insurance adjustments should be automatically posted by the accounts receivable clerk and reviewed on a regular basis by the manager/administrator. All other write‐offs must be approved by the manager/administrator. 16. Credit balances should be worked on a regular basis. Upon discovery of an overpayment by a patient’s insurance company or the patient, the practice should promptly refund the overpayment to the appropriate party. 17. The physician should continue to provide treatment to a patient with a delinquent account and give proper notice of termination or transfer of the physician‐patient relationship in order to avoid a claim of abandonment. 18. The office should not use a billing system that automatically produces collection letters without the physician’s approval. 19. The office should offer alternatives to immediate cash payments such as a credit card option. The practice should implement a voluntary compliance plan which includes chart audits on a regular basis. The chart audits are a component of an effective compliance plan for medical practices as outlined by the Office of Inspector General (OIG). The objective of the audit is to verify that documentation in the medical record clearly supports the services billed. Through these audits, practices can help reduce billing errors and thereby reduce the potential for civil, criminal and/or administrative action. In addition, exclusion from participation in Federal healthcare programs, private insurance and/or managed care plans can occur. The Medical Practice Services Department at SVMIC is available to assist medical offices with this process. The office should assign tactful, confident and pleasant staff to be responsible for the collections process. Staff should be calm and empathetic, while being direct in their communications with the patient. Helping patients understand their bill will result in fewer complaints and improved collections. 110
Under no circumstances, should a patient account be sent to a collection agency before the physician has reviewed the care and weighed the prospects of malpractice litigation against the need to collect. Patients should be sent 30, 60 and 90 day statements and a collection notice. The final notice should be followed with a telephone call from the designated staff member responsible for billing matters if resources allow. All conscientious efforts by patients to make monthly payments should be recognized and considered. The entire staff should be aware of the importance of handling billing issues with tact and prudence. If the office decides to utilize a collection agency, the agency should be carefully considered and the office should request references and check with the Better Business Bureau regarding possible complaints before entering a business arrangement. The collection agency should be professional, as the communications may be viewed by the patient as coming directly from the physician’s practice. Practices should be aware individual state laws vary regarding collection procedures and the associated fees for such procedures. The physician should approve forms and/or letters used by the agency and a copy should be kept on file. Since medical liability claims are sometimes in response to collections activity, it should be required that the agency keeps the physician informed regarding ongoing collection efforts. The physician should give written approval before the collection agency files a lawsuit against a current or former patient. Collections procedures should treat all patients consistently. Documentation of account delinquencies should not be placed in the medical record. The office should never refuse to respond to a request for copies of medical records based upon a financial dispute with a patient. In situations where the patient’s response to collection attempts is so overly belligerent that the physician determines the patient’s attitude has permanently impaired the physician/patient relationship, the physician should consider formally terminating the relationship. Situations when the patient does not pay may also result in terminating the physician/patient relationship. 111
Office Management Chapter 5 112
BUSINESS RECORD RETENTION PERMANENTLY Capital stock ledgers Corporate minute books Deeds Titles Abstracts and other papers pertaining to the sale of real estate General ledgers Financial statements Books of original entry (i.e., cash receipts and disbursements including general journal entries) Tax returns IRS audit reports Personnel records Employment Agreements AT LEAST SEVEN YEARS The IRS can examine a tax return and make adjustments within three years from the date of its filing. This period increases to six years if the return contains a very large understatement of income. Therefore, we recommend holding accounting documents for seven years: Expired contracts Accounts receivable ledgers (patient accounts) Royalty statements or computations Bank statements and cancelled checks Accounts payable files (purchase orders, packing slips, invoices, statements) Charge tickets (encounter forms or super bills) Explanation of benefits Appointment records THREE YEARS Payroll time cards Timecards Employment applications OSHA RECORDS 3 years for training documents At least duration of employment plus 30 years for employee exposures and medical records CLIA RECORDS 2 years for most records (call SVMIC Medical Practice Services for specifics) 10 years for pathology reports generated by the testing facility HIPAA RECORDS 6 years from creation or last effective date 113
Rule of thumb – never destroy clinical or business records without first consulting a competent advisor. These are general recommendations from SVMIC in the absence of specific requirements to the contrary. Please be advised individual state and/or agency regulations may require different retention periods. 114
CALL COVERAGE In the interest of providing quality patient care while also decreasing the possibility of malpractice suits, it is imperative physicians provide call coverage for all times when they are unavailable. All physicians should have secondary coverage arrangements for those times when their primary covering physician is also unavailable. If the practice is a solo practice, it is necessary to arrange cross coverage with someone in the same specialty, when possible. Covering physicians should have privileges at the same hospital. Ideally the covering physicians should also be members of the same managed care panels whenever possible. In a group practice, a call calendar should be maintained by the office manager or administrator with the specific call days coordinated with each physician. The call calendar should be kept in the manager’s office with copies being distributed to all physicians as much in advance as possible. Call calendars should be prepared as much as possible in advance, in order to allow time for making changes. If changes must be made, they should be done by the physician involved and then communicated to the manager. Call calendars or documentation should be kept for a period of time determined by the practice with a minimum of one year recommended. It should be the responsibility of the office manager or administrator to communicate the call schedule to all parties involved, including the answering service, hospitals, other physicians and patients as appropriate. Dates of absence or unavailability and the names and telephone numbers of the covering physicians should be communicated to hospitals and the answering service. The transmission of such information should be in writing if at all possible. The treating/attending physician has the responsibility to communicate patient information to the covering physician, especially information on patients with anticipated problems. This information sharing should be documented in the patient’s medical record. At a minimum, information about patients with specialized needs or fragile medical conditions, including patients receiving home health services, should be communicated to any physician(s) covering call. A modified call coverage process should be used with a solo physician whose covering physician is outside the practice. The covering physician should advise the treating/attending physician about a patient’s course of treatment during the coverage and this should also be documented in the medical record. Patients should be made familiar with how to reach the physician after hours and on weekends/holidays. Physicians who are on call to an emergency room are obligated under Emergency Treatment and Active Labor Act (EMTALA) to respond in the time and manner defined in the hospital’s on call policy and to personally attend to patients deemed to have an emergency medical condition under EMTALA. The EMTALA provisions apply to all individuals who attempt to gain access to a hospital for emergency care. Failure to abide by EMTALA provisions may result in significant fines and sanctions from Centers for Medicare and Medicaid Services (CMS) and may be imposed against hospitals or individual physicians. State Operations Manual, Appendix V – Interpretive Guidelines – Responsibilities of Medicare Participating Hospitals in Emergency Cases, Rev. 60 115
CLOSING A MEDICAL PRACTICE Physicians considering closing their practices to retire, relocate or join another physician practice, often ask about what kind of notice they are required to give their patients, how that notice should be given and in what time frame. While state and federal laws provide direction for the retention of medical records, there are often no laws that specifically relate to closing a practice. However, there are several organizations that provide guidelines on this subject. These guidelines, while not law, provide a good rule of thumb for physicians to follow. A brief synopsis of the American Medical Association (AMA) guidelines to closing a practice is provided below. EMPLOYEES At least three months before closing, employees should be notified of the plans, and the employees’ ethical and legal obligations should be reviewed and conformed to state and federal guidelines. Employees should hear about the practice closing directly from physicians before that event is announced to patients and with enough notice to plan their own transition. Offering key person(s) an incentive to remain as long as needed or lining up potential temporaries in the event people leave before closing is important. Retaining at least one employee on the payroll after a physician stops seeing patients helps the physician tie up loose ends. Employee retirement plans, healthcare plans and requirements to pay for unused employee benefits, such as vacation time and sick time, should be reviewed. Physicians should be fair with staff regarding overtime pay, unused sick time and vacation time. The amount of vesting employees may have in pension plans and how funds are to be transferred should be covered. The physician should ease their employees’ concerns by assisting employees in finding other employment, if possible. A physician can encourage a buyer who assumes the practice to hire the staff. When notifying colleagues of the transition, the physician can send along employee résumés. Physicians also can inform sales representatives of the transition as they often know of openings and can spread the word regarding experienced employees who are looking for new opportunities. NOTIFYING PATIENTS The physician must notify patients to ensure continuity of care. The physician should avoid abandonment by notifying active patients (generally those seen within the last 3 years) or their legal representative, of the intent to terminate their care in writing (“Closing a Medical Practice Letter 1 and Letter 2”) and in sufficient time for the patient to arrange for care with another physician. Registered mail (return receipt requested) is advisable in the case of high‐risk patients, those undergoing aggressive treatment, or those on your follow‐up schedule. The notice should explain that the practice is closing, rather than merely being taken over by another physician, and should include the following information: closing date, where records will be stored, the length of time (in years) that the records will be retained, and a mailing address, phone number or other guidance on how to access them. A release of information 116
form for requesting copies (originals should never be given to the patient) and transferring records to another physician should also be sent along with information addressing the deadline for submitting records request, and how to contact a new physician/healthcare provider. A copy of the notice and the mailing list along with returned envelopes should be kept. Note: Arrangements for someone to maintain the address and respond to requests for records, for the time periods mentioned above must be made. MEDICAL RECORDS Whenever a medical group dissolves due to bankruptcy, retirement, a sale to another group, or some other reason, the guiding principle to remember is that "the physical record is the property of the physician or practice and the information is the property of the patient." The ultimate responsibility goes to the physician or physicians in the medical group to make sure that patient records are stored or transferred to other physicians following a practice or medical group closure. When records are lost or destroyed, the ability to successfully defend against malpractice claims may be seriously impaired. Purchasing the services of a document management company is an expense that must be weighed against the risk of liability for spoliation of evidence. It's important that the office have a plan in place to ensure that patient medical records are either transferred to the patients' new physician, placed in safe storage, or digitized and stored electronically. Records must be maintained for several years in compliance with state and federal record retention regulations. The office should obtain a copy of the current state and federal medical record laws and rules in order to determine how long to maintain medical records for minors and adults. The more stringent of the two should be followed. Retention of mammograms, x‐ray films, immunization records and incompetent patient records should receive special consideration. The storage agreement should include confidentiality terms. The physician should advise the local medical society of the location of the stored records. Although physicians may charge for records, the AMA recommends that the physician provide the records at no charge. The office must be familiar with state laws and/or the HIPAA Privacy Rule pertaining to charging for records. LIABILITY COVERAGE The physician should notify SVMIC of the intent to close and make sure that malpractice protection will continue for those patients treated during the years of practice. The underwriter should be made aware of future plans such as no longer in practice, locum tenens, new practice, etc. Professional liability insurance coverage will be canceled if a physician plans to cease practicing entirely. SVMIC insureds are covered under a "claims made" policy, therefore, when notifying SVMIC of practice closure, be sure to discuss the necessity of continuing coverage by arranging for a reporting endorsement ("tail") coverage. Keep a copy of the policy that is being canceled and the reporting endorsement, once received, readily accessible. Other insurance covering personnel, property, and contents must be maintained until business is formally and legally concluded. 117
NOTIFICATION OF OTHERS Print an announcement in local newspapers. Notify the Medical Board for every state in which you hold a license, hospitals, Drug Enforcement Administration (DEA), professional associations and societies, major insurance carriers, local community physicians, physicians that refer patients to the closing practice and the Social Security Administration if approaching retirement age. ACCOUNTS RECEIVABLE Work out payment plans with patients as they come in the office for visits. Arrangements should be made for the billing and collection of the accounts. Check the contracts for all payers to determine the method for termination of the contracts. Maintain accounts receivable records in compliance with payer contracts and state and federal laws. OTHER CONCERNS Contact your local DEA office for approved method of drug disposal and length of time for maintaining the narcotics ledger. Dispose of drugs according to DEA instructions. Destroy all unused prescriptions pads if you are discontinuing practice. Securely store all diplomas, licenses, indications of medical memberships, etc. Give some thought to keeping your answering service active for anywhere between three months to a year, depending upon local circumstances, your specialty and/or patient population. Check with the local medical society for an advisory opinion. Make arrangements for the retention of business and personnel records. Contact your attorney and/or accountant regarding retention of administrative records such as your professional liability policy, corporation/practice documents, premise liability policy, business records (billing slips, encounter forms, accounts receivable, remittance advices from insurance payers), bank records, employment records, tax records, leases and legal documents. Leave a forwarding address with the post office. Change your address with the Board of Medical Examiners, DEA and hospitals. Other resources on closing your practice can be obtained by contacting your state medical association, AMA or SVMIC. 118
EMPLOYEE ABUSE, NEGLECT AND/OR EXPLOITATION OF PATIENTS It is important that physicians and office staff understand their responsibility in preventing or reporting patient abuse, neglect, and/or exploitation and ensuring that appropriate corrective action is taken. In any discussions regarding abuse, neglect, or exploitation, appropriate definitions such as those listed below should be used: Abuse or neglect: the infliction of unwarranted physical pain, injury or mental anguish, or the deprivation of services which are necessary to maintain the health and welfare of the patient. Exploitation: the improper use of the patient’s funds for one’s own advantage. mean or insulting language; rude and discourteous behavior; ethnic slurs; Verbal abuse: profanity. The medical office should provide in‐service training annually to assist the physician staff and employees in the prevention, recognition, and resolution of patient abuse, neglect or exploitation. Staff should be instructed on the requirements of state laws and regulations regarding the reporting of abuse, neglect, or exploitation of patients. Any employee who becomes aware of an incident occurring in the office that might constitute abuse, neglect, or exploitation should make an immediate verbal report to the Administrator or Office Manager, or Supervisor. If a patient wants to file a written complaint, the staff member(s) should provide the necessary assistance in accordance with patient‐complaint procedures. The medical office may not suspend or terminate, discipline or otherwise discriminate against an employee for reporting suspected patient abuse, neglect, or exploitation. It is a good practice to perform a background check on any individual considered for employment who will be providing direct patient care. This background check should verify any required training, licenses or certifications for the position the applicant is being considered in addition to your routine pre‐employment screening process. Tennessee law now requires registry checks to be performed before any person who will be providing direct patient care is hired. Health care facilities, emergency medical services, and individual health professionals are required under Tennessee law to conduct registry checks using the state sex offender registry, the state abuse registry and the abuse registries for states in which the prospective employee has lived in the previous 7 years. Most states do not yet have the stringent requirements enacted by Tennessee, but such precautions even if not mandatory can help protect the practice from unknowingly hiring an individual with a prior history of conduct that might indicate a propensity for harming patients. 119
LISTING OF STATE AGENCIES WHO PARTICIPATE IN CRIMINAL BACKGROUND CHECKS ALABAMA http://background.alabama.gov Phone: 1‐866‐740‐4762 or 334‐517‐2470 E‐mail : [email protected] Mail: Alabama Criminal Justice Information Center 201 South Union Street, Suite 300 Montgomery, Alabama 36130 ARKANSAS http://www.asp.state.ar.us For more on‐line information about background checks through the Arkansas State Police, go to www.asp.state.ar.us and click on “criminal background checks now available.” Arkansas State Police Headquarters Phone/TDD: 501‐618‐8000 1 State Police Plaza Drive Child Abuse Hotline: 800‐482‐5964 Little Rock, AR 72209 eMail: [email protected] GEORGIA Georgia Bureau of Investigation: http://www.georgia.gov You may also contact GCIC at (404) 244‐2639, option 2 or via email at [email protected] for additional information or assistance. KENTUCKY The Kentucky State Police Records Branch, Name Search Section, conducts background checks for employment, licensing, and other similar purposes, as authorized by the Kentucky Revised Statutes. For additional information on this service please contact the Kentucky State Police Criminal Dissemination Section at 502‐227‐8700. Business hours are M‐F 8‐4:30 EST. Website is: http://kentuckystatepolice.org Kentucky State Police 1250 Louisville Road Frankfort, KY 40601 (502) 227‐8700 MISSISSIPPI http://www.msdh.ms.gov or Contact: Contact the Criminal History Record Check Division at 601‐364‐1101. Mississippi Department of Health Criminal History Record Check Unit P.O. Box 1700 Jackson, MS 39215 (601) 992‐4121 ext. 201 120
TENNESSEE Tennessee’s Health Department at http://health.state.tn.us VIRGINIA There are two methods of obtaining criminal history record name searches pursuant to §19.2‐
389 of the Code of Virginia. Read more at: http://www.vsp.state.va.us Please e‐mail specific questions to Virginia State Police at: Criminal Record Check
or call 804‐674‐6718. 121
INCIDENT MANAGEMENT Promoting patient and employee safety should be a primary goal for every successful practice. A medical practice must have policies and procedures in places to deal with both employee and patient safety issues. Over a million employees are assaulted annually and more of these incidents occur in the healthcare and social services workplace than in any other industry. According to the Bureau of Justice Special Report on Violence in the Workplace, 1993‐1999, nurses are second to police officers in becoming a victim of a violent incident in the workplace. Common causes of workplace violence in the medical practice include patient frustration about wait time, pain management issues and financial concerns. In addition, poor staff relationships and conflicts can result in violence. Patient safety within your practice should be of the utmost importance. Orientation programs for new employees should include training on OSHA requirements, HIPAA requirements and general practice safety concerns. Reporting actual occurrences of incidents related to employees and patients serves as a necessary step in developing effective risk management and preventing further incidents. Practice leadership must promote the use of this tool to reduce any negative perception of the process. Incident reports typically provide the facts of any situation that deviates from what is construed as usual or customary within your practice. Some examples of situations that might warrant a report might include: Medication‐related issues(medications missing) Needle sticks Falls within the practice(staff/visitor/patient) Staff conflict which results in violence or potential violence Other workplace violence Missing items or personal property of staff or patients The report should contain the following details: Patient/Employee/Visitor’s Name If a patient – the patient’s diagnosis Date and time of the incident or injury Location of the incident or injury Description of what occurred Witnesses List Statements from witnesses/staff/physicians Evaluation details of the data and results of investigation if appropriate Documentation of outcome 122
All incidents associated with an employee and bloodborne pathogens must be documented and followed up on according to the Federal Bloodborne Pathogens Standard and the practice’s OSHA policy. Staff and physicians should review the issues surrounding any incident and use the information to promote quality improvement to reduce instances of such incidents when possible. (“Incident Report”‐ fillable) 123
JOB DESCRIPTIONS All employees should have a written job description outlining required responsibilities in the practice. Job descriptions, if well written, provide direction and guidance to employees as well as an objective measure by which to gauge performance. In writing a job description for any employee, there are a number of elements to be considered and addressed. Those include: 1. Title 2. Position Summary 3. Qualifications Education and Training a. High school, bachelors or advanced degree(s) b. Certification c. Licensure Experience 4. Performance Requirements Knowledge Any Special Skills Accuracy Job Relationships – other positions with which this position is required to work Worker Characteristics Dexterity Mental Abilities, Language or Communications Skills Hazards Physical Demands Specific Job Tasks 5. Acknowledgement of the Description The below job description is merely a sample meant to provide guidance as to the form and content areas of a job description and items to be considered in developing your own. It is not intended to be used without review and revisions in consideration of your own specific office situation. It is also always advisable to consult with a human resources attorney in these matters. TITLE: Secretary/Receptionist 1. Summary of Position Under the general and direct supervision of the administrator/office manager and area supervisor, provides clerical, secretarial and receptionist support for the clinic. 2. Qualifications Education and Training Rev 3/15 124
a. Should be a high school graduate or equivalent, in order to have mature reasoning ability required in this clinic. b. Must have superficial knowledge of the reasons for patient care as administered in the clinic. Some knowledge of physiology, anatomy, neurology and medical terminology is desirable and helpful but is not necessary. c. Must have verification card of current CPR certification. d. Must possess a basic proficiency in English, spelling and mathematics. e. Must be able to pay attention to details. f. Must be able to type 60 words per minute with 98 percent accuracy.
Experience a. This could be an entry‐level job. However, some medical clerical experience in a hospital, medical clinic, nursing home or insurance agency is preferable. 3. Performance Requirements Knowledge a. Must be knowledgeable in the care of equipment, machines, supplies; safety and welfare of the patient; prevention of unnecessary expense, waste, loss of time and damage to equipment; order and cleanliness of the clinic. b. Must be familiar with cleaning agents and methods; physical layout of the clinic; techniques of processing/registering patients; operation of office equipment. c. Keeps current on and adheres to all policies and procedures as enumerated in the Policy and Procedure Manual.
Skills a. Must possess skill in the techniques of patient relations, efficiently assisting in the processing/registration of patients; be competent in the operation of office equipment; speak intelligently and in a professional manner.
Mental Application a. Must be willing to work under direction and take instructions and corrections; have the ability to reason and remember names and details of instructions; be alert, adaptable and flexible.
Accuracy a. Must possess a high degree of accuracy for the performance of job‐related tasks and functions.
Job Relationships a. Promotion from: (There is no direct line of promotion). b. Promotion to: (There is no direct line of promotion). c. Supervised by: Clinic Administrator/Office Manager, Immediate Supervisor d. Supervises: None
Worker Characteristics Rev 3/15 125
a. Must be thoughtful of others, gentle, courteous, patient, neat, well groomed, healthy, tactful, friendly, of average intelligence and with a good memory. Must have the ability to organize his/her time. b. Must be able to communicate effectively and tactfully with others within the clinic and especially with the public. c. Must be punctual and reliable. d. Must practice basic rules of personal hygiene and personal appearance as outlined in the clinic Dress Code policy.
Dexterity a. Must have coordination of sight and body movements for various applications of procedures and have the ability to handle the tools and equipment of the profession. b. Must have sufficient arm and hand movement with dexterity of finger and wrist to type at a speed of 60 words per minute with 98 percent accuracy with a word processor (computer) or typewriter.
Mental Abilities a. Must be able to follow verbal and written instructions. b. Must be able to organize workload to determine priority of clerical duties. c. Must be able to work in a small office with stress factors of telephone calls, noise generated by computer printers, and occasional talking.
Working Conditions a. Works inside under normal temperature conditions, with adequate light, ventilation and space. Works mostly with others, occasionally alone. b. Must expect moderate noise from equipment and instruction of patients.
Hazards a. No unusual hazard risks. b. May be asked to assist in patient care in the event of a disaster; therefore, potential exposure to bloodborne pathogens could occur. c. Exposure to various chemical agents typically used in an office setting.
Physical Demands a. Able to tolerate intermittent physical activity, including sitting, walking, standing, stooping, carrying, talking, seeing, bending, handling; has good color vision. The degree to which any of these is done depends on the techniques being used. b. Must have sufficient freedom of total body movement in order to stand up and sit down at work station; be able to squat and/or stoop in order to lift at least a 25‐pound box of paper or lift a 25‐pound stack of charts. Must possess the physical traits to remain sedentary for most of the day performing clerical duties. Must be able to reach for files/charts above shoulder height. Rev 3/15 126
c. Must have sufficient seeing ability to be able to type on a computer or typewriter. Must have sufficient hearing ability to be able to answer telephone calls and be able to respond to any audio alarms that go off unannounced within the clinic. 4. Job Tasks Schedules, receives and directs patients and visitors to the appropriate areas or clinic personnel, regardless of race, creed, age (infants, children, adolescents, adults, geriatrics), gender or disability without bias or prejudice. Performed regularly every hour. Maintains responsibility for general secretarial support functions to ensure efficient utilization of time; schedules meetings, and patient appointments; maintains calendars; coordinates with other clinic services; coordinates inservice and education arrangements; keeps patient records. Codes and lists procedures for patient billing within one (1) working day. Screens and refers incoming phone calls and clinic visitors to ensure that accurate and timely communication is facilitated and that the clinic is presented in a positive manner. Coordinates clinic correspondence to facilitate ongoing communications and efficient clinic operations. Maintains appropriate clinic records and departmental filing and archive system to ensure the expeditious retrieval of information so that the clinic staff can accomplish their responsibilities. Maintains appropriate levels of office supplies and other materials to allow staff to complete assigned responsibilities and provide for patient needs by submitting approved purchase requisitions. Directs work flow to staff, as permitted, allowing them to execute their responsibilities successfully. Demonstrates regard for the dignity and respect of all patients, family members, medical staff, visitors and clinic personnel, as defined in the clinic Policy and Procedure Manual. Maintains proper attendance and punctuality to ensure that the clinic is operated in an efficient and cost‐effective manner. Performs housekeeping duties in his/her area by routine and periodic cleaning; maintains order and cleanliness throughout the clinic. Performed daily. Routes charts and records to appropriate areas in a timely and extremely accurate manner, assuring confidentiality of all records. Maintains master patient index on all patients’ age, sex and diagnosis in an extremely accurate manner. Pulls medical records upon request and completes tracking in an accurate manner, assuring confidentiality of all records. Assists in copying of medical records for release of information, assuring confidentially of all records. Answers telephone in a courteous, helpful manner. Rev 3/15 127
Attends clinic meetings as required. Uses spare time in work‐related activities that contribute to the clinic’s needs. Coordinates efforts to work effectively with others in a manner that is productive. Can be depended upon to modify work schedule as required by the clinic and according to policy. Interacts with fellow employees in a way that promotes a harmonious and cooperative working environment. Maintains the confidentiality of all current and former patients information as required by clinic policy and governing laws. Can acquire the skills/functions to perform the job in an acceptable manner within four (4) to six (6) months. Performs other diverse duties as assigned. I understand and agree to uphold the written responsibilities listed in, but not limited to, this job description to the best of my abilities. The intent of this job description is to provide a representative summary of the major duties and responsibilities performed by incumbents of this position. Incumbents have been required to perform job‐related tasks other than those specifically presented in this description. I understand that my job description is to be used as a guide for conduct in the employment setting and is not a contract or offer of a contract of employment terms and cannot by relied on as such. Responsible to: Clinic Administrator/Office Manager, Immediate Supervisor _____________________________________ ____________________________ Secretary/Receptionist Signature & Date ______________________________________ ___________________________ Administrator/Office Manager Signature & Date Rev 3/15 128
OCCUPATIONAL SAFETY AND HEALTH ADMINISTRATION (OSHA) GENERAL DUTY CLAUSE The General Duty Clause of OSHA states that an employer has a duty to protect and safeguard employees against recognized hazards to human health, safety and life. The General Duty Clause applies to all businesses, not just medical practices. That’s the General Duty Clause in a nutshell, but what it specifically states is that: Each employer shall furnish to each of his/her employees employment and places of employment which are free from recognized hazards that cause or are likely to cause death or serious physical harm to his/her employees. Each employer shall comply with occupational safety and health standards promulgated under OSHA. Each employee, that being you, shall comply with occupational safety and health standards and all rules, regulations, and orders issued pursuant to OSHA which are applicable to his/her own actions and conduct. In other words, if your job tasks put you at risk of an exposure, you have to abide by the rules and if you don’t, disciplinary actions, including termination from your job could take place. In a medical practice there are many areas to consider when ensuring a safe working environment. Listed here are the most common areas that should be addressed in any medical practice safety program. Policies and procedures should state what the safety concern is and how the practice eliminates or minimizes exposure risks for its employees. These policies and procedures must be communicated to the employees. Areas of concerns in a medical practice include (but are not limited to): 1. Bloodborne Pathogens Exposure Control Plan Personal Protective Equipment Hepatitis B Vaccination Post‐exposure Evaluation and Follow‐up Recordkeeping Needle Stick Injury Prevention 2. Hazard Communication Chemical List MSDS Sheets Labeling chemicals 3. Hazardous & Infectious Waste 4. Tuberculosis 5. Ergonomics 6. Workplace Violence 7. Building Maintenance Safety Standards 8. Ionizing Radiation 9. Laser 10. Emergency Action or Medical Treatment 11. Medical and First Aid 129
BLOODBORNE PATHOGENS STANDARD (29 CFR 1910.1030) Applicable to all employers that have employees that have job tasks where it is conceivable the employee will be exposed to bloodborne pathogens and other potentially infectious materials. The employer must: Provide a written exposure control plan, to be updated annually. Require employees to use universal precautions when a risk of exposure is possible. Offer, at no cost to the employee, the Hepatitis B vaccination series if the employee is at risk of exposure to bloodborne pathogens. Supply, and where appropriate, require employees to use engineering and work practice controls and appropriate personal protective equipment (gloves, face and eye protection, gowns). Offer, at no cost to the exposed employee, medical follow‐up in the event of an “Exposure Incident.” Use labels or color‐coding for items such as sharps disposal boxes and containers for regulated waste, contaminated laundry and certain specimens. Properly contain all regulated waste. Provide appropriate employee training upon employment and annually. Maintain records and documents as specified in the regulation. HAZARD COMMUNICATION STANDARD (29 CFR 1910.1200) Known as the “Employee Right‐to‐Know” standard, gives employees the right to access hazard information associated with their job tasks. The employer must: Provide a written hazard communication program. Provide a list of hazardous chemicals in the practice. Provide the Material Safety Data Sheet (MSDS) for each chemical on the hazard list. Provide employee training before the employee uses the hazardous chemical and annually. IONIZING RADIATION (29 CFR 1910.1096) The employer is responsible to monitor the radiation exposure of employees at risk of radiation exposure and prohibit exposure that exceeds the limits defined in regulation. Special labeling of areas where radiation is found must be visible to employees to warn them of the radiation hazards. Policies and procedures as well as oversight of the monitoring program must be part of an OSHA compliance plan for the practice. WORKPLACE VIOLENCE Employers should train employees on how to respond to workplace violence situations whether the violence is from a patient, provider or fellow employee. The victim should remain outwardly calm and follow the practice’s procedure for dealing with the situation. This could involve calling 911 for professional assistance. 130
OSHA PENALTIES 1. Per Violation Non‐Serious Violations – Max Penalty $7,000, may be adjusted downward by 95% Serious ‐ Death Serious Harm – mandatory penalty with max Penalty $7,000, may be adjusted downward Willful – Intentional Violations – Max Penalty $70,000 with a min of $5,000 (criminal conviction up to $250K for an individual and $500K for a corporation), may be adjusted downward Repeat Violations – Max Penalty $70,000 Failure to Abate – civil penalty max $7,000 per day 2. Falsifying records, reports or applications $10,000 and/or up to six months in jail 3. Posting requirements violation Civil penalty of up to $7,000 4. Assaulting a compliance officer, or otherwise resisting, opposing, intimidating, or interfering with a compliance officer while they are engaged in the performance of their duties Criminal offense, subject to a fine of not more than $5,000 and imprisonment for not more than three years 131
PERSONNEL ISSUES Quality care and safety is the job of every health professional and of everyone who works in a healthcare organization. Ongoing training and careful recruitment are as essential in healthcare organizations as they are in other high reliability organizations. All physicians and office staff should contribute to a culture of safety and promote an atmosphere of teamwork. Gross negligence and unethical behavior are barriers to promoting patient and staff safety and should not be shielded. Professional misconduct is a grave threat to patient and staff safety and should be dealt with accordingly. POLICY MANUAL The office should develop, implement, and maintain a policy and procedure manual covering administrative and patient care standards of practice. All new staff should be required to read and sign an acknowledgement they will abide by office policies. The manual should be reviewed at defined intervals and revised as necessary to reflect changes in federal or state laws and/or office practice. Staff meetings should be conducted on a routine basis (at least monthly). Reviewing two or three policies and procedures at each staff meeting is a good way to assure that staff is aware of the office’s standards of practice. This also accomplishes review of the manual and allows input from the staff. (See Chapter 5, “Staff Meetings”) Job descriptions should be written for each position and reviewed annually. The job description is the basis for setting expectations and for developing staff reviews and goals. Each new hire should receive a copy of their job description and sign an acknowledgement that they have read and will abide by the job description. The job description should include duties and responsibilities of the position. The job description should also include a line such as “other duties as requested” which helps to emphasize that the staff should work as a team. Qualifications for the position, including education, training, experience, and technical skills, as well as physical abilities required should be listed. (“Job Descriptions”) HIRING A written application that conforms to state and federal antidiscrimination laws should be used. The application should include a statement that falsification of information is grounds for termination. The credentialing or hiring process should include a system to ascertain that all members of the clinical staff are licensed, registered and/or certified in their respective disciplines. A full criminal background check should be conducted on all candidates prior to hire. In hiring for positions in Tennessee that provide direct patient care, the background check should include review of the state sex offender’s registry, the state abuse registry and the abuse registries for any states in which the prospective employee has lived during the previous seven years. Practices should be aware some states require additional steps in conducting a background check and prohibitions against hiring employees found on certain registries. 132
All licensed personnel should have and maintain a current non‐restricted license to practice within the discipline necessary for the specific job description. Documentation should be maintained in the personnel file. Qualified healthcare personnel are defined as physicians and other professional and technical workers who, by state law, engage in activities that support, complement, or supplement the functions of the physician, and who are licensed, registered, or certified appropriate to their qualifications to practice; further, they practice only within the limits of their licensure, certification, or registration. Minimum credentialing for registered nurses, licensed practical nurses, and radiology technicians, etc., should include visual verification of an original of the state license/certification. Minimum credentialing for physicians and mid‐level practitioners/physician extenders, (NPs, PAs) should include visual verification of an original of the State License/Registration, a copy of any written disciplinary records from the licensing board, a copy of the state and federal controlled substances registration certificates and a copy of the professional liability insurance policy face sheet. Decisions and actions regarding health services are the sole responsibility of qualified healthcare personnel. Decisions of a healthcare nature should only be made by the appropriate healthcare practitioner in accordance with applicable federal, state and local laws, contract provisions, policies, procedures and healthcare standards. The office should have knowledge of each type of staff members’ duty limitations and license restrictions in the state. The office should examine tasks staff perform and carefully evaluate which ones can be performed safely and legally, within the scope of practice of that staff member, without a doctor on the premises. ORIENTATION AND ONGOING EDUCATION All new hires should receive orientation and ongoing education to include reviewing the policy and procedure manual, signing confidentiality agreements and instruction covering infection control, OSHA, HIPAA, safety, equipment use, and patient relations. All employees should receive an effective orientation driven by their particular job description and area of responsibility to ensure competency with specific tasks outlined in their job description. (“Job Descriptions”) In addition, it is good practice to utilize a skills checklist for orientation of clinical staff with a capable individual signing off as procedures are performed in an acceptable manner. (“Orientation Checklist”) Staff should be given the responsibility to meet the requirements for continuing education pertaining to the individual’s licensure/certification status in their respective discipline. Practice may choose to provide onsite education and/or send employees to outside programs. Continued education should be monitored to ensure licensure compliance. STAFF APPEARANCE AND IDENTITY A dress code that includes clean attire that is appropriate for a patient care environment should be enforced. Patients expect staff to be competent. Poor grooming and inappropriate attire can give the impression that the individual does not care or is not competent. (“Dress Codes”) 133
The patient has the right to know the identity and professional status of the individuals providing service to them and to know which physician or other practitioner is primarily responsible for their care. In order to readily identify all staff to the patients, visitors, and other employees, identification (I.D.) badges worn at all times during working hours and during promotions, such as open houses, are a convenient and cost effective way to convey this information. This creates an atmosphere of professionalism, courtesy and efficiency. The badge should include the professional designation for credentialed individuals or position title for those individuals not licensed or certified. Patients have a right to know the education level and credentials of the person providing their care. It is important the office not be viewed as holding staff out to the public as someone they are not or as having credentials which have not been earned. Staff should not refer to nurse practitioners, physician assistants, certified nurse midwives, etc. as “Doctor John or Doctor Jane”. Likewise, staff should gently correct patients who incorrectly refer to non‐physician providers as “Doctor”. For those staff members who have earned doctorate degrees, care should be exercised so that patients are not confused to believe such people are medical doctors or doctors of osteopathy. Patient requests to see a “doctor” should be honored although patients may be scheduled with non‐physician providers as long as the patient has been asked and consented. Some states have specific laws outlining the identification of a physician or provider’s credentials to the patient. Physicians often utilize both licensed nurses and medical assistants to support them with patient care. When the physician chooses to use a medical assistant, either certified or uncertified, the physician and the staff should not refer to the medical assistant as the doctor’s nurse or allow patients to think the medical assistant is a nurse. 134
PHYSICIAN BEHAVIORAL ISSUES A growing number of medical practices struggle to deal with physicians with behavioral issues. It is difficult to know whether the number of physicians with these problems has increased or others have just become less tolerant. Either way, these situations are only compounded by the everyday stresses of practicing medicine. It is critical that a practice set standards, expectations and governance for physician behavior. The best time to do this is before issues arise, but it is never too late to lay this important foundation. CORE VALUES The first step is to agree on the Core Values for the practice. What are those fundamentals on which physicians base their everyday decisions and actions? Examples might include Quality Patient Care, Respect for All Individuals, Team Work, Balanced Lives, Honesty, and Doing What Is Right. Once these values are clearly understood and agreed upon, it becomes much easier to recognize behavior that strays from what is acceptable. For instance, if a practice has a physician who routinely shows up late at the office, does not complete charts and sloughs off when on‐call, they are disruptive to everyone. When other physicians are asked why they come to work on time, complete their charts each day and appropriately handle on‐call work, the response is likely to be that it’s not fair to patients, staff and colleagues to do otherwise. What they are saying is that their values guide their actions. The poor behavior of a physician is often just the symptom; the real issue may be that they do not share the same Core Values. GOVERNANCE The next important piece of the foundation is governance. A group needs to decide who is responsible for dealing with physician behavioral issues. Far too often it falls to the practice manager. In only the rarest of organizations would it be appropriate for the manager to have this role. It is simply not appropriate for an employee to deal with the behavior of one of their bosses. The immediate responsibility should be assigned to the lead physician of the practice – the group president or managing partner. The ultimate responsibility lies with the governing body – the Board of Directors, Shareholders or Partners. EXPECTATIONS The third piece of the foundation is clearly delineating expectations as to how physicians should conduct themselves. A good way to do that is through a Code of Conduct or a document that sets forth examples of expected behavior and unacceptable behavior. (“Physician Code of Conduct”). The corporate documents or partnership agreements should reference these examples and give the governing body the authority to act appropriately when those standards are not met. 135
APPROACHES TO PROBLEMS When choosing the best approach for dealing with physician behavioral problems, there are two basic precepts which must be followed: 1) always treat the physician as an employee when dealing with behavioral issues; and 2) rely on the formal governance structure that you have put in place. Regardless of the approach, these two items are essential for success. There are several possible approaches but the proper way to handle any specific situation will depend on a number of factors, including past behavior, personality, motivations, personal life, age, and relationships. Whatever the factors, the person with the delegated responsibility for dealing with physician behavioral issues must confront the physician as an employee and clearly tell him or her that their behavior has been deemed inappropriate. The lead physician should have the unanimous support of the governing body – either by explicit delegation of authority by virtue of the position or by meeting to discuss the situation before the physician is confronted. The meeting with the physician is not a discussion or debate; it is to inform the misbehaving physician their conduct is not acceptable. It is very important that the problem physician understands the spokesperson is speaking for the whole group. Fundamentally, the situation should be handled as any other employee discipline issue following a set step‐by‐step process such as: • Counsel • Warn • Discipline a. Fine b. Suspend c. Require outside counseling d. Direct activities – cannot see patients until charts are completed, work on weekends to catch up, etc. • Terminate Although this outline provides some general guidance, it will rarely work as a “one size fits all” answer. It is often difficult, if not impossible, for the practice or the individual physician to fully understand what underlying problems are driving the poor behavior. If the physician denies the problem(s), an outside professional assessment may be indicated. Such programs typically include: • Psychological testing and reports • Psychiatric evaluation • Psychosocial history (may include interviews with family members) • History and physical, when indicated • Blood work and drug testing, when indicated 136
•
•
•
Collateral information – with client permission, other interested parties maybe interviewed Follow‐up sessions Comprehensive report for client and practice Other approaches include requiring the physician with behavioral issues to work with a professional job coach. These are trained and credentialed professionals who spend time during regular working hours helping the physician change the behavior. It must be remembered that the troubled physician very likely learned this behavior over a long period of time and it will almost certainly require considerable time and effort to alter their behavior. Some individuals may require additional psychological or psychiatric counseling. PLAN OF ACTION Once the appropriate approach is determined, the practice should present the physician with a specific action plan to maximize the likelihood of success. Some of the options to consider: • Obtain a comprehensive professional assessment • Seek the care of a psychologist/psychiatrist • Get charts caught up by a specific date • Stop doing surgery/accepting new patients • Attend an anger management course • Apologize to the team • Follow the prescribed action plan • Participate in a Physicians Health Program Have a plan in place to monitor the progress or lack thereof. The physician should be given regular feedback. Most importantly, the repercussions for failure to adhere to the plan should be clearly defined. CONCLUSION A final very important consideration is the financial impact on the practice and the physician in dealing with the behavior problem. The physician’s professional confidence will be threatened through this process so the question becomes, does adding a financial burden on top of that make a positive outcome even less likely? The practice should consider supporting the physician financially by protecting his or her income while they seek help and paying for any necessary evaluations and treatment. Let compassion guide your decision making, with the understanding that it will likely cost the practice more money to recruit, replace and build a new physician’s practice than it will to rehabilitate a current physician. The Medical Practice Services (MPS) Department at SVMIC is available with professional consultants to assist practices with this process. 137
QUALITY IMPROVEMENT PROGRAM Medical practices that have a culture of continuous quality improvement (CQI) have achieved higher quality services at a lower cost and at a faster pace. Staff and patient satisfaction rates are higher on average than practices that do not continually strive to improve their services. CQI activities include, but are not limited to: Educating staff Empowering staff Implementing policies and procedures to recognize areas that could be improved, planning an improvement, implementing an improvement and monitoring the improvement to meet goals CQI can be accomplished through a series of systematic steps that are used to reduce variation and improve consistency of quality. Basic elements include: 1. Identify the Aim: what are you trying to accomplish? 2. Identify Data: how will you know that the change is an improvement? 3. Analyze the Process/Decide on Changes: what changes can you make that will create the desired improvement? 4. Plan/Do/Study/Act a. Plan: determine what action you will take that will create the desired improvement b. Do: implement the chosen action c. Study: study the data to determine if you achieved the desired improvement d. Act: based on the data analysis, determine if you should continue with the selected action or if you need to abandon the current action and implement a different one.1 “Mistakes” are opportunities to improve services. When an individual makes a mistake, don’t assume it is the individual’s fault. Staff should never be too intimidated to admit to a mistake. Staff should feel rewarded for bringing forward the opportunity to improve a service. Ask the question, “What allowed the employee to make the mistake?” Involve the staff in CQI activities to help find the solution to the problem and they will be the best to implement changes that are proposed. 1
Improvement Model from Langley et al., The Improvement Guide: A Practical Approach to Enhancing Organizational Performance, Josey‐Bass, 1996. 138
REPORTING LAWSUITS AND OTHER EVENTS Professional liability claims and the litigation process are very stressful for physicians. It is reasonable to assume that most physicians will be sued at least once in their career and many will be sued multiple times. It is important for physicians and office staff to recognize events or incidents that should be reported to SVMIC, as well as claims or notice of claims that merit reporting. It is also important to recognize the insured’s responsibilities when a physician or his/her group has received lawsuit papers. RECEIVING LAWSUIT PAPERS The receipt of lawsuit papers requires physicians and their staff to know and follow certain basic procedures. The physician or his/her representative MUST notify SVMIC by telephone as soon as practical if the physician and/or the physician’s group receives lawsuit papers. Lawsuit papers should then be promptly forwarded to the SVMIC claims department, preferably by e‐mail or fax. Because a timely response to a lawsuit is required, please ensure that you speak to an attorney from the Claims Department. Do not contact the patient or his/her attorney to discuss the claim or lawsuit and do not discuss the claim with anyone without the agreement and permission from legal counsel. If a lawsuit has been filed, a defense attorney will be retained to represent you. Generally, a lawsuit can be filed with the court and served on (delivered to) the defendant physician without any advance notice. A limited number of states provide for advance notice to the healthcare provider prior to the filing of suit. Tennessee is among those states requiring advance notice. This notice usually appears in the form of a letter or other document and is commonly known as a “Notice of Intent to Sue.” The number of actual days of advance notice (typically 60 to 90) may vary from state to state in those states that require such notice. Receipt of such a “Notice of Intent to Sue” does not always mean the physician will be sued as it is frequently sent before the patient’s attorney has fully investigated the potential claim. The notice may or may not state the basis for the claim and the alleged damages. In most states the actual lawsuit is called a “complaint” and it is usually labeled as such. Generally, the complaint will be accompanied by a second document called a “summons.” A summons and complaint describes the plaintiff’s allegations against the defendant(s) and indicates who has been sued and in what capacity (individual physician, medical group corporation, partner, hospital, etc.). The law requires a response to the complaint within a specific period of time to avoid a default judgment or other penalties, so it is vitally important that SVMIC be notified without delay when complaints are received. Lawsuit papers may be delivered by a private process server, a law enforcement officer or via U.S. mail. The insured or his/her authorized representative cannot refuse to accept papers or claims that correctly name someone working in the group or the group itself, even if office personnel and the physician think the papers/claim were sent in error or believe the allegations of malpractice contained in the papers to be without basis. If there are questions about whether to accept papers from a process server, call SVMIC for advice. 139
SVMIC recommends that physicians and their offices develop procedures for accepting and handling lawsuit papers. The person (s) actually receiving the papers should check to be sure that the name on the papers is the name of someone who works within the group or the group itself. There is no legal obligation to accept papers for individuals other than the physician‐defendant(s) who is currently a member of the group and/or the group itself. As noted above, someone from the office must notify SVMIC that papers have been received as soon as is practically possible. The person who calls to report a lawsuit or incident should have the patient’s medical records available if possible. It may be helpful to record the name of the SVMIC claims attorney who assisted you, the date of the call, as well as any other pertinent information. However, any information related to communications with SVMIC and your defense counsel should not be recorded in the patient’s chart, but should be kept in a separate, confidential file maintained for correspondence and notes related to litigation or anticipated litigation. HANDLING MEDICAL RECORDS Procedures should be in place to assure that medical records relevant to actual or potential litigation are properly secured in order to prevent allegations of misuse or inappropriate handling of those records. If a notice of intent to sue or lawsuit papers are received, the medical record should be secured to protect its integrity. If you maintain medical records in paper form, the chart should be placed in a secure location for safekeeping. If in electronic form, you should determine whether your electronic medical record system will allow you to preserve the record in its current state. Medical office personnel should not release copies of the medical records without approval from the physician involved. The office manager and physician should contact defense counsel or an SVMIC claims attorney if there are questions regarding maintaining or releasing records. After a lawsuit is filed or notice of a claim is received, no amendments, annotations or clarifications should be made to a medical record without advice from an SVMIC claims attorney or defense counsel. RESPONDING TO SUBPOENAS A “subpoena” is a formal command from a court or other governmental body that requires the recipient to appear at a certain place and time in order to give testimony and sometimes to provide documents. A subpoena can be issued to witnesses, as well as to the parties involved in a lawsuit. Before releasing any medical records or medical information, you must ensure that the subpoena complies with the laws applicable to the issuing court and Federal privacy laws. Under HIPAA, the party seeking records regarding a patient must give the patient or his or her representative notice and time to object to the request. If you have any questions regarding a specific subpoena, please call SVMIC. REQUESTS FOR DEPOSITIONS A notice of deposition or deposition subpoena is a document served upon a witness in or party to a lawsuit. The notice or subpoena will usually request the witness to appear for a 140
deposition and/or to produce original records. It will set the date, time and place for the witness to appear, all of which may be changed by agreement. A deposition is a recorded question and answer session, attended by lawyers for both plaintiff and defendant(s). The witness is under oath and should testify truthfully. Deposition testimony is taken to establish the witness’ knowledge of the incident, or in the case of physicians, possibly to ask for medical opinions. A physician may receive a deposition subpoena or be asked to give a deposition in cases where he or she has not been sued. Some physicians have been added as defendants to existing lawsuits after giving their depositions. SVMIC recommends that its insureds notify SVMIC before responding to a deposition subpoena or notice in a medical malpractice lawsuit so that we may assess the risks and work to protect your interests. REPORTING EVENTS OR INCIDENTS TO SVMIC The physician and office staff should recognize a reportable event or incident. Generally speaking, a reportable event is one which the physician feels may result in a claim or suit in the future. It may be an error, poor outcome, or accident which could have or did result in injury or loss. Following is a partial list of events that should be reported to the claims department at SVMIC: 1. Verbal or written threat of a claim or lawsuit by a patient or family member. 2. Letters from an attorney alleging substandard care. 3. Requests for records by a patient or a patient’s authorized representative, if the physician believes the request is related to quality of care issues or a potential professional liability claim. Routine requests for records where quality of care is not believed to be an issue need not be reported (for example, workers compensation or automobile accident patients). 4. Unexpected outcomes or deaths. 5. Obvious error in health care provider’s judgment or practice. 6. Requests for a settlement or waiver of an outstanding balance. 7. Verbal or written allegations of misconduct (sexual harassment, discrimination, etc.). 8. Verbal or written claims alleging invasion of privacy/breach of confidentiality. 9. Falls or similar incidents on or near the physician’s premises with injury. 10. Governmental investigations regarding EMTALA, HIPAA, billing errors or omissions, employment practice issues as well as Medicare investigations (only legal expenses are provided up to prescribed limit). This is not an all‐inclusive list. If you have any questions or concerns regarding a specific situation, the physician or his/her designee should contact the SVMIC claims department for guidance. Once notified, SVMIC will advise if any action needs to be taken and whether additional information and documents will be needed. Reporting an event or incident is discretionary; however, if in doubt SVMIC encourages the reporting of these matters. 141
SMOKING In keeping with current health advisories and information, each office should promote a safe and healthful environment, thus smoking should be prohibited in each office. A “No Smoking” policy should apply equally to all employees, patients and visitors. If an employee observes a patient or visitor smoking, that employee should tactfully inform the smoker of the office policy and ask the smoker to extinguish the item or step outside to continue smoking. In addition, “No Smoking” or “This is a Nonsmoking Facility” signs should be placed on the receptionist’s counter, the front door and, if possible, in other strategic locations throughout the office and directly outside of the practice entry to discourage smoking in the immediate practice area. The nonsmoking policy should be included in patient information brochures and the office personnel policy manual. 142
STAFF MEETINGS A patient‐centered team with all members working in the best interests of the practice requires good communication. Staff meetings are an excellent and often underutilized tool for building rapport and giving direction to all members of the team. Regular meetings provide an opportunity to offer suggestions, elicit feedback and address concerns which lead to a stronger team, a higher level of service, a safer environment and ultimately, more satisfied employees and patients. Effective meetings reduce the need to share fragmented bits of information through emails, memos and individual meetings. They provide an opportunity for staff, supervisors and physicians to discuss how best to do their respective jobs. Whether your organization has 2, 20 or 200, there are some essentials to making your meetings successful: 1. Gather the necessary participants. 2. Make the meeting effective and efficient. 3. Follow through on the decisions and communicate them to the appropriate people. GATHER THE NECESSARY PARTICIPANTS When you plan the meeting, decide who needs to be there. In a smaller office, everyone, staff and physicians alike, will likely attend. In a larger office, staff may break into smaller groups such as nursing or office staff more frequently and come together as a whole less often. Physician involvement is essential to success. All physicians may attend in a smaller group while in a larger setting a designated physician may attend or physicians might rotate attendance. Regardless of who attends a report is made to all physicians at their meetings. Choose a consistent day and time for meetings. Everyone should know when and where the meeting will take place. No other meetings or appointments are scheduled. Many groups avoid Mondays and Fridays because they tend to be busy work days and are usually heavier with vacation and holiday time too. Whatever the day, the time should be consistent as well. Before the start of office hours is a great time to catch everyone fresh while after office hours removes any preoccupation with the busy day ahead. Lunch is a great opportunity to have a meeting without adding time to an already busy day. Whatever day and time you choose, be sure to provide food and drinks so staff are not scrambling or wasting time looking for a snack. MAKE THE MEETING EFFECTIVE AND EFFICIENT All meetings should have an agenda no matter how brief. Ideally it will have been typed and distributed to attendees prior to the meeting. This accomplishes three purposes. First, it serves as a reminder of the upcoming meeting and any assignments made from the last meeting. Second, it allows staff members time to gather any thoughts or suggestions he or she might like to add to the topic(s). Finally, it keeps the meeting on track. This leads to another important guideline for successful meetings; stay on time. If the meeting is set for an hour, then end it at an hour. If you are respectful of attendees’ time, they will be respectful of yours. In consideration of time constraints, place the most important or controversial items at the top of the agenda. If you run out of time, the lesser issues wait until the next meeting. Do not fall into the trap of trying to pack everything into one super meeting. Meetings lasting over an 143
hour tend to see a drop in participation and a feeling of boredom emerges unless the topic or conversation is very dynamic. The group should have a leader. This will likely be the practice administrator but may also be a physician or another supervisor depending on the group and the purpose of the meeting. A logical choice will emerge. The leader’s responsibility is to keep the meeting on task, on time and cordial. The leader must be prepared and will have researched any outstanding issues from the last meeting. Whether directly or through delegation, the leader is responsible for the tools of a successful meeting as well – agenda, minutes, meeting reminder, adhering to ground rules, food, etc. If you are serious about meetings, attendees will be serious as well. Postponing or cancelling meetings sends the message they are not important or you were not prepared. Lay ground rules about conduct at meetings and be respectful of differing viewpoints. Establish rapport among the parties. A little friendly banter can be useful in setting a cooperative tone. Everyone should have the same goals‐create a safer, more productive, employee and patient‐
centered practice. Employees should be encouraged to share their thoughts. Differing opinions are normal and challenge organizations to grow and evolve. Try to end meetings on a high note. Recognize the contribution of an employee to the practice, a professional or personal accomplishment or even share a compliment from a patient. It is a nice reminder of the appreciation supervisors and physicians have for their staff. If the right environment is created, once decisions are made all team members will feel valued and work toward the best interests of the group. FOLLOW THROUGH ON THE DECISIONS AND COMMUNICATE THEM TO THE APPROPRIATE PEOPLE While meetings are a great place to check on progress, that should not be the only purpose. It is the place for goals and developing plans. To assist with this process, as items are addressed, determine who is responsible for implementing the decisions and set an appropriate deadline for completion. Follow through with decisions and implementation specifics through meeting minutes. Everyone in the practice should get a copy of the minutes which is a great way to let those who could not attend know what he or she missed and remind everyone of their specific roles in any projects. Remember, a task without a deadline is just a discussion. CONCLUSION Well run staff meetings are a great way to bring a group of people together as a team working toward a common purpose. They reinforce staff appreciation as well as the mission and values of the organization. They are an effective means of communicating important information and reaching consensus in a time‐efficient manner. Perhaps most importantly, they help lay the foundation for a policy of open and honest communication, which is vital to building and maintaining an efficient and productive medical practice. 144
UNUSUAL OR UNANTICIPATED EVENTS The practice should have procedures in place to identify, report, document, and, if applicable, monitor and/or remediate unusual or unanticipated events. These are occurrences that give rise to potential liability, that can affect the quality of patient care, or that can affect safety in the practice, including situations that caused injury and situations that had the possibility to cause injury, though no injury actually occurred. Early identification of such events allows the practice to investigate the circumstances of the incident, and, if necessary, institute corrective action to prevent similar occurrences in the future. Examples of unusual or unanticipated events may include the following (this is not an inclusive listing): 1. Error in the care of patients (e.g., errors in the administration of medications, treatment errors, misdiagnoses, office system failures such as test results lost or failure to follow up when indicated). 2. Adverse reactions to a procedure or medication. 3. Any patient allegation of physical, sexual or verbal abuse by an employee or physician. 4. Unexpected death of a patient. 5. Threatening patient complaints. 6. Patient care equipment failures. 7. Accidents inside the office or on the premises (e.g., slip and fall). In cases of possible injury, have the patient, visitor, or employee involved in the event examined by an appropriate health care provider, and document that examination in accordance with your customary medical practice. You should include in the medical record an objective description of the incident along with any follow‐up observations, diagnostic studies, and treatment. The practice should educate the staff concerning the risk prevention and incident reporting procedures of the practice. This training should be part of each new hire’s orientation. Policies and procedures should be implemented to set forth how staff members report such events. Staff members should be encouraged to report and not fear retribution. Once reported, investigate the details of the report to determine if remedial steps need to be taken to prevent a similar incident in the future. In the event the incident resulted in patient harm or an injury to a person on your practice’s premises, any insurance carrier who might have coverage for the incident should be notified. Your practice may have procedures in place to document the incident in the form of a report to facilitate the investigation process. (“Incident Report” fillable, see Chapter 5, “Incident Management”) Please keep in mind that any such report may be discoverable in the event of subsequent litigation depending on the laws of your state. If your practice has chosen to generate a report, complete the report form and any additional documentation using factual and objective language only. You should not include any judgments as to the cause of the 145
event, and you should not include any speculation as to what occurred. Quotes should be used where applicable with unwitnessed incidents, e.g., "Patient states..." The names of any witnesses should be included on this report. Any report generated for this purpose should not be placed in a patient’s medical record. The report form should be considered an administrative document and, thus, not a part of the medical record. Additionally, you should not document in the medical record the fact that a report form has been completed. If you have any questions regarding a particular incident or how to document your investigation, please contact an SVMIC claims attorney. 146
Patient Care Office Systems Patient Safety Chapter 6 147
ADVANCE DIRECTIVES Advance directives are written instructions recognized under State law relating to the provision of healthcare when adult individuals are unable to communicate their wishes regarding medical treatment. The various legal devices that exist serve to enhance the ability of individuals to have their desires carried out in the event that they become unable to make their own medical treatment decisions. The advance directive may be a written document authorizing another person, such as a relative or close friend, to make decisions on an individual's behalf (a durable power of attorney for healthcare), a written statement (a living will), or some other form of instruction recognized under State law specifically addressing the forms of medical treatment a person wishes to receive or forgo when unable to make decisions in stated medical conditions. Such medical conditions may include irreversible unconsciousness, terminal illness, or severe and irreversible brain disease. PATIENT SELF‐DETERMINATION ACT (PSDA) In 1990, the United States Supreme Court decided Cruzan v. Director of Missouri Health Department and held that a person has a constitutional right to make a determination to accept or reject medical treatment. Also that year, a federal law concerning the patient’s right to make medical decisions was passed. Most States had enacted legislation defining an individual's right to make decisions regarding medical care, including the right to accept or refuse medical or surgical treatment and the right to formulate advance directives. However, prior to the enactment on November 5, 1990, of the Omnibus Budget Reconciliation Act of 1990 (OBRA '90), Public Law 101‐508 patient self‐
determination act (PSDA), there were no requirements relating to advance directives under Federal Medicare or Medicaid laws. The Act became effective on December 1, 1991. The PSDA requires hospitals, nursing homes, hospice programs, home health agencies, and HMO’s to advise adult patients (or legal representatives if the patients are not competent) in writing of their rights to govern their healthcare decisions. The Federal Register Volume 60. No. 123, June 27, 1995 contains the requirements for healthcare facilities covered by the Act. Following is a listing of responsibilities the facility must meet when the patient comes under the medical care of the facility: 1. Provide written information to all adult patients as to their rights to make decisions about their medical care (including the right to accept or refuse care and the right to formulate an advance directive). The statement of rights must be derived from the law and court decisions of the state in which the facility is located. 2. Maintain written policies and procedures that insure compliance with State laws with respect to advance directives and to provide patients written information on the policies of the provider respecting the implementation of such rights, including a clear and precise statement if the provider cannot implement the advance directive as a matter of 148
conscience. The policies, at a minimum, must contain a provider's statement of limitation that: a. Clarifies any differences between institution‐wide conscientious objections and those that may be raised by individual physicians; b. Identifies the state legal authority permitting such objection; and c. Describes the range of medical conditions or procedures affected by the conscientious objection. 3. Document in the individual’s medical record whether or not the individual has executed an advance directive. 4. Avoid conditioning the provision of care or otherwise discrimination against an individual based on whether or not the individual has executed an advance directive. This should not be construed as requiring the provision of care that conflicts with the advance directive. 5. Ensure compliance with state law (statutory or recognized by the courts of the state) on advance directives. 6. Provide education programs for staff and the community at large about advance directives and their meaning. The regulation states that a provider is not required to implement an advance directive if, as a matter of conscience, the provider cannot implement an advance directive and the State law allows that any healthcare provider or any agent of such provider can conscientiously object. Physician practices such as a traditional office or clinic setting have no obligation to comply with any of the above federal requirements. However, the quality programs of some managed care plans obligate physicians to inform patients of their right to execute an advance directive. The physician should also document any discussions concerning advance directives in the patient’s medical record. In all states a copy of any advance directive that a patient produces upon admission or executes while in a covered facility is filed in the patient’s medical chart. The admitting physician also writes a progress note indicating that the documents are contained in the record and noting any specific requests the patient may have expressed in them. Currently, all 50 states and the District of Columbia have laws setting forth the processes whereby competent adults may make decisions regarding healthcare they will receive when they are about to die and/or are in a chronic vegetative state. The specifics regarding advance directive documents and procedures vary from state to state, but the basic right of patients to determine what types of life‐
prolonging healthcare they will receive in the future remains the same. The laws regarding healthcare directives vary slightly from state to state, as do the laws relative to physicians rendering care and treatment to incompetent patients without written instructions prepared when a patient has decisional capacity. Efforts to standardize this area of the law has been unsuccessful. Statutes pertaining to advance directives comprise a relatively new area of law, and states seem to change them with some frequency. The failure of the 149
patient to express his/her wishes in writing often makes it difficult for a physician to know how to proceed. Making decisions to withdraw or withhold life‐sustaining treatment from a patient who is about to die or is in a coma from which he/she is not likely to awaken often turns on fact‐specific circumstances. Treating physicians, you are encouraged to contact the administrators at the healthcare facility in which the patient is being treated and/or seek guidance from an SVMIC claims attorney when issues regarding advance directives arise. For more information on Advance Directives: www.familydoctor.org www.noah‐health.org 150
ADVERSE REACTION It is possible in the daily activities of a physician’s office for an adverse reaction to treatment to take place. Protocols should be in place in the medical office outlining staff behavior and responsibilities in the event of an unforeseen adverse patient reaction to medication or treatment. Staff should be trained on the likelihood of an adverse reaction occurring with a specific procedure, and what the adverse reaction is likely to be, prior to performing the procedure. A plan of action should be understood by staff so that proper action can take place to minimize potential injury to the patient. An adverse reaction protocol should include: 1. Treatment should be discontinued immediately. 2. Assessment by the physician completed as quickly as possible, if the physician is not present already. 3. Vital signs should be taken and documented, at a minimum upon recognition of the adverse reaction and upon stabilization. Findings should be recorded in the record. 4. Remedy, including medications, should be administered as ordered by the physician. 5. The physician and nurse should stay with the patient until vital signs are normal and until the patient has recovered. 6. If the adverse reaction does not subside, the patient should be transferred to another facility with the capabilities to manage the emergency. Staff should be familiar with the procedure for an emergency transfer in a timely manner. 7. The events which occurred, the reaction to the events, and the outcome should be noted in the patient chart by the physician and/or staff involved. After the patient has been stabilized or transferred, the physician and nurse(s) should review the circumstances of the emergency. At a minimum the evaluation of the incident should address: 1. How the situation was handled; 2. Ways to improve staff response; 3. Ways to avoid a recurrence; 4. Adherence to appropriate protocols; 5. Adequacy and completeness of documentation; and 6. Notification of all appropriate entities, such as drug manufacturers, equipment manufacturers, etc. Any documentation of an evaluation of how the incident was handled internally should be kept separate and apart from the patient’s medical record. 151
APPOINTMENT SCHEDULING When patients have to endure long waits, they perceive that the physician really does not care about them and is indifferent to their needs. This leads to frustration and dissatisfaction. To minimize this preventable dissatisfaction the office should maintain a realistic schedule that minimizes long waiting times for patients. The solution is to provide clear instructions to the staff on how to handle scheduled and unscheduled appointments, waiting times, and cancellations. When scheduling patients, the appointment scheduler should advise the patient of the available appointment times and allow the patient to choose the time that is most convenient for them. When scheduling new patients, the staff should use effective pre‐visit procedures to reduce the time required in setting up the patient on arrival. This includes gathering complete demographics and all necessary insurance information to allow the practice to do insurance verification prior to the first appointment. All scheduling should allow enough time for the staff to render safe, quality patient care/services consistent with the office’s mission, goals, and policy. Scheduling an appointment can often be the most frustrating encounter the patient may have with his or her physician. The patient may assume that the problems they are experiencing are unique and require immediate attention, therefore the wait for an appointment can be both frustrating and anger provoking. Policies and procedures covering telephone etiquette will help to minimize resentment when patients are advised of scheduling delays. Advising the patient of a delay and offering options will go a long way toward maintaining a pleasant patient relationship. In the event that the patient feels that their problem warrants an earlier appointment the staff should offer to communicate the patient’s health problem to someone in the clinical department to triage for the best appointment option. Written procedures should be in place to help scheduling staff make appointment decisions in cases of scheduling difficulties. The office should determine procedures and time frames for scheduling and conducting different type appointments (new patients, urgent, same day, follow‐up, physical exams, ancillary testing, etc.) and implement procedures to meet the defined goal. For instance, new patients usually take longer at the first visit; elderly and physically handicapped patients may require more staff time; physical exams may require more physician time. The “new patient” brochure and practice website should provide guidance on appointment scheduling. (See Chapter 6, “Telephone Triage/Medical Advice”) All office staff, including the physicians, should attempt to adhere to the schedule. Effective communication reduces patient anxiety and dissatisfaction. When delays occur, patients should be informed and given an opportunity to reschedule, if they do not want to continue waiting. Patients should be notified as soon as possible if changes in the schedule must occur. Time with a patient can be spent most efficiently if the staff prepares the patient for an exam, reviews post‐visit instructions, and handles follow‐up appointments and billing. Confirmation calls 1‐2 days prior to the patient appointment provides both the reminder notification of the upcoming appointment and opportunity for the patient to reschedule if necessary. This reduces 152
the incidence of patient no‐shows. Any patients who simply need to return for routine lab, injections or other ancillary services should be scheduled in service specific appointments to provide a smooth and manageable schedule for the staff. A New Patient Demographic Form containing the following demographic information should be obtained prior to or during the first visit for all patients. A. Name of patient B. Date of birth C. Age D. Gender E. Marital status F. Home address G. Responsible party’s name 1. Home address 2. Home phone number 3. Employer 4. Employer address H. Home telephone number I. Work telephone number J. Employer K. Who to notify in case of emergency 1. Address 2. Phone number L. Current insurance information 1. Name of insurance company or health plan 2. Name of insured 3. Insured’s date of birth 4. Gender of insured 5. Group number 6. Identification number 7. Which insurance is primary? Offices should also use specialty specific health history questionnaires at the first visit. Both the new patient demographics and the health history should become a part of the patient’s permanent medical record and as such are considered confidential. FOLLOW‐UP APPOINTMENTS Patients scheduled for return visits should be scheduled before leaving the office and given a reminder card complete with date and time along with any additional instructions. When the physician advises the patient that they need to be seen within a certain length of time this should be communicated to the scheduling staff by the physician. It is important to make sure that the staff documents all attempts to provide appropriate scheduling for both new and follow‐up patients. When an unavoidable delay occurs, offering to 153
place the patient on a wait list in case of a canceled time slot is appropriate. This should be documented in either the patient record or a specified appointment log. NO SHOWS AND CANCELLATIONS Cancellations, no shows and wait list scheduling should be documented with the same care given to medical records. White out should never be used on appointment schedules to remove no shows or canceled appointments. This record can be a valuable tool in the event office scheduling practices are called into question. Appointment schedules should be maintained for a period of time exceeding state statute of limitations. The office should have a procedure to ensure that cancellations and no shows are documented in the medical record and that a list or the charts of all no shows are given to the physician daily. Depending on the patient’s diagnosis and/or reason for the appointment, the physician may instruct that the patient be contacted and informed of the need for the appointment to be rescheduled and kept. This contact should be documented in the medical record. 154
DISCLOSURE OF UNANTICIPATED OUTCOMES AND UNUSUAL EVENTS ADVERSE PATIENT OUTCOMES To maintain successful patient relationships, physicians must focus on identifying and eliminating those elements of healthcare delivery that fuel a patient’s predisposition to sue or cause dissatisfaction with the care that is being provided. Patients express more dissatisfaction with communication skills than with any other aspect of healthcare. Ongoing communication with a patient and the patient’s family greatly decreases the likelihood that complaints associated with patient care will arise. The quality of the interaction between the physician and the patient or family is often equated to the quality of the healthcare provided; thus the need to maintain open and active communication is critical. SVMIC has long recommended open and honest discussion as the appropriate means of dealing with communication of unanticipated outcomes. However, caution must be exercised in relaying early information that is often incomplete or jumping to conclusions that may subsequently prove erroneous. The point of the discussion is not to point fingers, assign blame or even have all the answers. It is to inform the patient and their family, to the extent reasonably possible, of the medical situation at hand and what the next steps will be to deal with it. It is a time to allow questions and concerns to be addressed and to let the patient and the family know they are an important part of the healthcare process. Although hospitals are now required to formalize, in writing, a procedure for dealing with unanticipated outcomes, the sensitivity, thoughtfulness and attentiveness needed to successfully effect this kind of communication has long been a part of good doctor/patient relationships. Good communication skills are always important when dealing with patients and their families and become even more important when having to inform a patient (or the family of a patient) about a serious or adverse outcome involving the patient’s care. The stress of such events often makes communication very difficult, but the importance of it cannot be overestimated. This is definitely not the time to let the physician‐patient relationship deteriorate. The physician may consider contacting an SVMIC claims attorney if unsure about how to proceed with the discussion. First and foremost, the physician should attend to the patient’s medical needs. Appropriate consultation should be obtained as necessary to address the patient’s condition. It will be beneficial if discussions about the factual details and sequence of what occurred are held with healthcare team members. The physician should maintain contact with the patient and/or family throughout the patient’s recovery even if the patient’s care was transferred to another physician. This continued contact with the patient can minimize a patient or family’s perception of indifference, guilt, or abandonment by the physician. Before divulging any information about the incident to the patient or family, the physician should verify that all of the facts are correct and complete. Using words that admit to negligence or malpractice should be avoided. For example, terms such as “breach of the standard of care,” “substandard care,” “malpractice,” and “negligence” are legal conclusions. Instead of using terms such as these, focus on the actual facts. A frank description of the events without either accepting or placing blame and a sincere acknowledgment of regret for the 155
unfortunate nature of the event probably serve the situation best. It is important to control the situation by providing only factual information and not speculating on what could have happened or what might have caused the adverse outcome. Usually, the actual communication with the patient or the family regarding a serious incident is the responsibility of the physician. Having the physician who is best known to the patient or who has the most positive relationship with the patient discuss the event with the patient and/or family is often advisable. A sincere expression of regret following a poor outcome or unexpected event, such as “I’m sorry this happened,” coupled with a discussion about future treatment options can demonstrate an empathic and caring attitude. Expressing sincere sympathy and compassion to the patient and/or family when a serious adverse event occurs is often the most important response to help diffuse a potentially volatile situation. An apology is meaningful. It is a powerful tool in maintaining the physician‐patient relationship and, it can be instrumental in avoiding lawsuits. Expression of sympathy with concern for the patient is encouraged without a specific admission of fault. With the patient’s consent, the physician may wish to have family members or a significant other present during the disclosure of an adverse event. Another member of the healthcare team, such as a nurse, or office assistant, etc. should also be present as a witness. The meeting should take place in private, such as an office, conference room, or other quiet area away from the center of activity. When the result of the incident is very serious, it may be wise to encourage the patient and family members to discuss the facts of the incident again at a later date after they have had the opportunity to deal with the initial shock and to formulate questions that may come to mind. Physicians should be accessible for questions. Repeated requests for an explanation of an event are common reactions of upset patients and family members. Ignoring these requests only reinforces the patient and/or family perception that the physician is guilty of some wrongdoing, negligence or malpractice. If the physician acknowledges the adverse outcome or unexpected event from the onset and extends a willingness to answer questions, the patient and family may retain a healthy respect for the physician and not feel abandoned in the situation. If the facts are known, such as a medication error or surgical complication, the discussion should take place as soon as possible after the incident. The explanation should be honest and direct rather than taking a defensive stance against accusations of substandard care. The physician should refrain from attempts to implicate other clinicians and healthcare professionals. The physician should not criticize the care he/she provided, other caregivers’ care, or engage in “thinking out loud” about what happened or why. A significant number of claims arise, not because a medical error actually occurred, but because the patient or his or her family perceives that an error occurred due to a poor outcome or statements made by medical providers. The best response when all of the facts are not known is an explanation that focuses on outcome only. It should be accompanied by an explanation of any additional tests or procedures that can be performed to help find answers not readily available. If additional 156
follow‐up is indicated, discuss those plans with the patient. An appropriately worded show of concern, such as “I understand how difficult this situation must be for you,” may actually help reduce the likelihood of litigation. As the physician gets additional facts or information, he or she should keep communication open and arrange for follow‐up meetings with the patient and/or family members to share the findings. As soon as possible after the event, the incident and the medical response should be factually recorded in the medical record. Plans for further follow‐up care, if indicated, should also be recorded. DO NOT alter any prior documentation or insert backdated information. DO NOT use the record to speculate about the causation of the adverse outcome or express dissatisfaction about other caregivers, equipment, or administrative processes. Record alterations can render otherwise defensible cases almost impossible to defend. If a correction is necessary, the erroneous entry should be lined through once, dated and initialed. Erroneous entries should NEVER be obliterated with Liquid Paper, adhesive labels, ink, or permanent markers. While addenda to the record can be legitimate, the physician should consider carefully whether or not the information is relevant to the patient’s clinical management. An accepted rationale for an addendum would be for the correction of facts, i.e., persons involved, time of event, sequence of events, and for the addition of facts or clarifying information. Addenda should not be used to state opinions, perceptions, or defenses. Even carefully documented addenda, however, may be interpreted as an attempt to alter the medical records and may be used by the plaintiff’s attorney to support the plaintiff’s claim. No amendments or addendum should be made without contacting an SVMIC claims attorney. Additionally, the physician should contact the facilities risk manager if the incident occurred in a hospital, nursing home, or ambulatory facility. Reporting forms may be required such as device‐related reports; the physician should complete these as required or requested. The physician should notify SVMIC as soon as possible. Commenting negatively on another clinician’s care should be avoided to the extent possible. Malpractice lawsuits are often initiated because of either a careless or unintentional comment made by a peer. Following an unanticipated outcome or an unusual event, patients and their family members often ask subsequent treating physicians to express opinions regarding the care provided by others. In these situations, it is advisable to defer to the original doctor/nurse to address the concerns about the care he or she provided. Encourage the patient or family member to contact the original clinician as it would often be unfair to the patient or to the other clinician for the physician to express opinions without knowing all of the facts. If the subsequent treating physician ultimately believes that he/she must comment to the patient or patient’s family member adversely regarding another clinician’s care, the physician should exercise due diligence to ensure that complete and accurate information is obtained and thereby conveyed. 157
HANDLING OF THE BILL One approach to resolving billing issues on a case‐by‐case basis is to consider “writing‐off” all or part of a patient’s bill. Some patients will see this as a gesture of good will and will never pursue a malpractice claim. Others will do so in spite of the “writing‐off” of the bill. Generally, adjustments to a patient’s bill in an effort to settle a claim are not considered an admission of liability in a legal proceeding. As a practical matter, some patients may misconstrue a courtesy or hardship write‐off as an implied admission. No one guarantees that this practice will prevent or avoid future claims. It is possible that “writing‐off” the bill of a patient who is a Medicare beneficiary could result in the need to report this waiver of fees to the Federal government under the Medicare, Medicaid, and SCHIP Extension Act of 2007 (the “Act”), Section 111 [42 U.S.C. 1395 (y)(b)(8)]. As of late 2011, this law is in the implementation phase, and its application to patient bill waivers is unclear. Also, you may not be fully aware of a patient’s Medicare beneficiary status as the qualification under Medicare is not limited to patients who reach age 65. Individuals who have been determined to be disabled under the Social Security laws and individuals who suffer from end‐stage renal disease may qualify as a Medicare beneficiary regardless of age. Therefore, it would be wise to consult with SVMIC before agreeing to write‐off a patient’s bill. CONCLUSION The majority of patients who experience an adverse outcome or an unexpected event do not sue their physician, or even lodge a complaint. In those cases where a patient or family member expresses anger, dissatisfaction with care, or even their intent to seek legal advice, the physician has an opportunity to minimize a potential litigious situation. Some patients report that they sued a physician only to obtain answers that were otherwise not provided. In many cases, how the physician deals with the adverse event determines whether or not the patient will eventually sue. No methods or techniques can prevent all lawsuits; however, dealing with complaints and adverse events in medical care can improve physician‐patient communications and avoid some malpractice actions. It is equally advisable to educate all staff members on how to handle sensitive situations with patients. The training should include what is appropriate for staff versus physicians or providers to address with patients. Staff members should be encouraged to report patient complaints and/or concerns as they may be a precursor to more serious steps taken by the patient. Websites that cover the issue of discussing adverse outcomes with patients include: The National Patient Safety Foundation (founded in 1996 by the American Medical Association), www.npsf.org American Society of Healthcare Risk Management, www.ashrm.org American Hospital Association, http://www.aha.org/ 158
EMERGENCY SITUATIONS Life threatening emergencies may be infrequent, but the possibility of a patient experiencing a medical emergency in a physician’s office exists in all areas of medical practice. It is possible, in the daily activities of a physician’s office, that an adverse reaction to medication or treatment results in respiratory or cardiac arrest. When an emergency does occur, the office should be prepared. Staff should be trained on steps to take in any foreseeable emergency that may arise in the office setting. All offices need to have, at a minimum, a procedure that simply includes appropriate staff being certified in Basic Life Support, and the receptionist assigned to call 911 while someone assigned to do so performs CPR until the paramedics arrive. Whatever the needs, the emergency protocol needs to be developed and taught to all staff. The protocol should identify the roles the staff will play should an emergency occur. For example; Front Desk staff – those who usually have the least medical knowledge should be able to identify patients in distress at check‐in or while in the waiting room and be prepared to alert the clinical staff. Clinical staff should know where the medical equipment is located, alert the physician, and situate the patient so that vital signs and further evaluation and treatment can take place. These are simply two considerations to be made when developing a response appropriate for your setting and patient population. Depending on the specialty and type of patient seen, the office may choose to have staff certified in Advanced Life Support with a fully stocked crash cart, oxygen tank, defibrillator, etc. Regardless, every office needs to define the procedure they will use, and all staff must be trained and know their responsibility if a patient crashes in the lobby, an exam room or the hallway. Such a plan is essential in order for staff to perform appropriately and minimize potential injury to patients when an emergency does occur. The amount and type of emergency equipment maintained will depend on the anticipated needs of a particular practice’s patients and the predictability of an adverse outcome. For instance, physicians who perform procedures requiring anesthesia, administration of contrast medium or stress tests should be prepared with the proper equipment and training to provide emergency aid to any patient who suffers an adverse reaction as a result thereof. In contrast, primary care and pediatric offices are more likely to have such emergencies as respiratory distress (asthma), anaphylaxis, shock, seizures and cardiac arrest to drive the equipment needs. The responsibilities of staff members in either of these situations should be clearly defined in writing. When choosing medical supplies, consider the amount of time it will take for emergency personnel to reach your office. If the practice is in a rural setting, more supplies may be necessary to stabilize the patient prior to and during transfer. Offices located only blocks away from a hospital also need emergency equipment, as it is well noted in the research that early effective intervention is critical to the outcome. Also consider the skills of your staff and the 159
physicians. Any equipment stocked should be safely used by the staff. By choosing to have a crash cart or life support equipment such as a laryngoscope, you have even greater accountability. You must be able to establish that staff is trained in their use. Physicians and staff should make every effort to maintain current certification in basic or advanced lifesaving courses. Protocols that define who can administer emergency drugs, who can defibrillate, and who can intubate must be in place. Staff should practice mock codes. The crash cart or emergency kit contents must be documented and checked at defined intervals (e.g. at the beginning of each month) for expired drugs and functions of equipment. A signature log indicating when this is done should be maintained. AUTOMATED EXTERNAL DEFIBRILATOR (AED) The public is becoming more knowledgeable and aware that equipment such as automated external defibrillators are now placed in public buildings, department stores, courthouses, and airports. Police officers are carrying them in their cars and are trained to use them. The public will surely hold the physician’s office to a higher level of care than a clerk in a public building or a police officer. There are laws by state that dictate the compliance measures necessary for an entity to use an AED. The ability to successfully defend the physician in any of these cases will depend on the proper documentation of efforts taken to improve practice readiness like: Patient triage; Appropriateness of the equipment and medications; Proper education and training of the equipment users; Proper use of the equipment; Proper notation of true office emergencies; Patient education; and Proper maintenance and servicing of the equipment. The various medical specialties may have recommendations for emergency preparedness in the office pertinent to the type of patients seen and the testing procedures done. Some resources to get you started on this effort are as follows: Medical Emergency Preparedness in Office Practices. Seth Toback,MD, Washington, Pennsylvania, Am Fam. Physician, 2007 Jun 1;75(11):1679 – 1684 Policy Statement – Preparation for Emergencies in the Offices of Pediatricians and Pediatric Primary Care Providers. Committee on Pediatric Emergency medicine Guidelines issued by the American Academy of Pediatrics, PEDIATRICS Vol. 120 No. 1 July 2007, pp. 200‐212 (doi:10.1542/peds.2007‐1109) For the laws by state that dictate the compliance measures necessary for an entity to use an AED: http://www.aeduniverse.com/ American Heart Association’s Basic Life Support for Healthcare Providers guidelines 160
Huddles A brief, daily meeting between team members can improve efficiency in your office in mere minutes. The huddle is a key element that speaks to importance of the team by communicating vision, providing clarity, and demonstrating unity. A huddle is a short meeting of those involved in the care of the patients. Typically, a huddle occurs before the start of the day, but one can occur in the middle of the day as well to re‐focus the team and get back on track if delays or other untoward events have occurred in the morning. Huddles go a long way in developing a team with the unified goal of serving patients both safely and efficiently. A practice’s efficiency benefits everyone, most importantly, patients. The Institute for Healthcare Improvement has advocated the use of the huddle to improve communication as well as patient access. It’s an opportunity for the front‐line staff to meet frequently and consistently to get on the same page without waiting for more formal and infrequent staff meetings. Huddles are an easy way to get your staff to begin thinking and acting like a team since the huddle can be accomplished in three quick steps: review, plan and execute. How to conduct a huddle Review: The huddle should be a brief (5‐7 minute) daily meeting with your clinical and scheduling staff to review the day’s schedule, anticipate patient needs and identify potential pitfalls. Key areas to assess are chart preparation, scheduling problems such as overbooked times or canceled appointments, staff shortages and identifying patients who may require extra time like the elderly or disabled. Plan: It takes very little time to plan for each patient, being sure the equipment and supplies are available, patient needs are anticipated so your patient isn’t repeating the chief complaint over and over, and ensuring test results and follow‐up notes are in the chart before the patient arrives. Time spent preparing for each patient’s visit will cut down on wasted time and frustration from both your staff and your patients. Keep in mind that planning for the patient also includes anticipating serial testing, refills and referrals; all of which can be major roadblocks in a busy office caught unprepared for the visit. Execute: The huddle helps each team member clarify responsibility and increases accountability. Before you know it, your care team will routinely have charts prepared, check for needed supplies, have refills and referrals ready for your signature and have a backup plan in place in the event of an unexpected problem such as a computer network failure or a hospital emergency. Keys to Successful Implementation 1. Get physician buy‐in. The goal should be that the physician attends the meeting, as his or her support of daily huddles is critical to their success. 161
2. Settle on a time(s) to meet consistently. It is important that the huddle time becomes part of everyone’s routine and expectation. 3. Experiment with different participants. Identify who the key people in your practice are who need to know the information given in a huddle. Physicians are encouraged to attend as they are the leader responsible for directing the team. 4. Limit huddles to seven minutes or less. This keeps the meeting focused and prevents team members from becoming long‐winded and getting off track. Having everyone stand the entire time will also help accomplish this goal. 5. Hold the huddle in a central location. Gather in a hallway, the receptionist area (especially good if you need the computer), the nurse’s or medical assistant’s area or someplace that is convenient with the equipment you need to hold a successful huddle. The huddle is successful for many reasons. First and foremost it is direct, personal, human‐to‐
human, eye‐to‐eye contact. It is a powerful way to unify a group of people. It is instructive with each team member knowing his or her role and how to follow through with it. And if one fails, he or she is held accountable by a face‐to face in the next huddle. With physician support and a little practice, huddles can become part of the daily routine. A quick, efficient meeting of the minds will strengthen communication within the office and improve patient service and satisfaction. Patients who sense you are prepared for their visit will feel well cared for and more satisfied. Huddles can benefit practices of any size. As with any new initiative, the huddle may require some fine tuning to find the right mix of staff involved or the best time of day to meet. Be flexible and open to the needs of your practice but consider trying it daily for a couple of weeks and weigh the benefits it may have for your practice. The Basics of the Huddle Who Should Attend? The members of the care team including the physician, assistant and scheduler. Experiment with the mix of staff. Your practice may require a couple of brief huddles such as between receptionist and nurse followed by physician and nurse. What is the Goal? The goal of the huddle is to give you an “at a glance” overview of the day to anticipate work flow, equipment needs and make adjustments to avert bottlenecks. When to Huddle? The care team should huddle at a consistent time every day depending on the needs of the practice. Keep the huddle under 7 minutes and follow a routine agenda. Typically the huddle takes place before the start of the day to review that day’s schedule or at the end of the day to plan for the next day’s schedule. Where to Huddle? Choose a central location and ask that everyone remain standing to increase effectiveness and emphasize the goal of a rapid review and plan for the day. Why Huddle? The huddle is simply one of the simplest and easiest methods to improve almost every facet of a busy medical office. Huddling will strengthen communication and teamwork while increasing patient centeredness and service. Created 3/15 162
INFORMED CONSENT The informed consent process remains one of the most important risk management tools physicians have in improving defensibility of claims when adverse events occur. Many physicians feel that informed consent is merely a formality necessary to obtain the patient's signature on a form in order to allow a specific procedure or treatment to be performed. In actuality, it is often the most important discussion a physician will have with his or her patient. Patients may bring a lawsuit against a healthcare provider predicated solely on the allegation that they did not give their consent to be touched; this is called a battery. A second and much more common claim is that consent was not given based upon proper and adequate information; this is known as a claim for lack of informed consent. Informed consent allegations are usually found as part of the typical medical malpractice action and arise from all types of medical situations in virtually every area of specialization; this is certainly evidenced by our SVMIC claims data. Thus, from a risk management perspective, the informed consent process plays a crucial role in minimizing physician exposure to medical negligence lawsuits. WHAT IS INFORMED CONSENT? Although the specific definition may vary from state to state, it essentially means that a physician must disclose to a patient the potential benefits, risks and alternatives involved in any surgical treatment, medical procedure or other course of treatment, and must obtain the patient's consent to proceed. It is a process of communication between a patient and a physician, not a piece of paper. It refers to the ethical and legal duty a physician has to provide sufficient information to allow the patient to make a rational decision about receiving or not receiving treatment. The process is intended to educate the patient that complications can occur, even without negligence, and that all prospective modes of treatment involve a weighing of relative risk. Ideally, informed consent discussions build trust and reduce surprise and disappointment if complications or adverse events occur. Generally, it is the duty of the physician who performs the medical test or procedure in question to disclose pertinent information to the patient and ensure that valid consent is obtained. The physician may be assisted by other healthcare professionals ‐ such as nurses, residents or technicians ‐ in disclosing pertinent information or documenting the informed‐
consent process, but the individual who actually renders the care bears the ultimate responsibility for obtaining valid informed consent. To be valid, the process must include adequate opportunity for the patient to have direct and meaningful communication with the physician. WHAT INFORMATION SHOULD BE DISCUSSED? Absent an emergent situation, it is desirable for the informed‐consent discussion to occur a sufficient period of time before the proposed treatment or procedure in order to allow the patient time to consider the information and ask questions. This also avoids any issue of pressure, duress or the influence of medications. During the discussion, the physician should use language the patient can understand and avoid the use of "medical jargon." 163
The following information should be discussed with the patient and documented in the medical record: The nature of the patient's illness, the diagnosis, the proposed treatment plan and the prognosis. A description of the recommended procedure or treatment, and its purpose. The probable outcome, particularly if it is difficult to predict, and the patient's expected post‐procedure/treatment course. The most likely, and the most severe risks and side effects, the potential benefits, as well as the potential complications of the procedure or treatment. Reasonable alternative methods of treatment or non‐treatment, including the risks, benefits, complications and the prognosis associated with each alternative or with non‐
treatment. HOW MUCH INFORMATION IS ADEQUATE? As a general rule, a physician is required to disclose information that the average patient would need to know in order to be an informed participant in the decision. This "reasonable patient standard" is applicable in a majority of states, including Tennessee, Arkansas, Kentucky, Alabama, Mississippi and Georgia. It focuses on what a patient would need to know in order to understand the decision they are being asked to make. Virginia's standard for informed consent, however, is a "reasonable physician standard." This requires disclosure of the information a typical physician would give about the treatment, procedure or surgery at issue. The best approach to the question of how much information is enough is one that meets both your professional obligation to provide the best care and respects the patient as a person with the right to a voice in healthcare decisions. A physician need not disclose all of the risks or complications which may occur, but should discuss those risks most commonly associated with the procedure or treatment and which have a reasonable chance of occurring, as well as those risks which have a small chance of occurring but which have grave consequences. TYPES OF CONSENT: EXPRESS AND IMPLIED Informed consent may be either "express" or "implied." Express consent is given in writing or verbally and, generally speaking, is required for surgery, anesthesia, invasive treatments and those situations specifically defined by statute as requiring consent (for example, HIV testing). Consent not given by a patient in writing or verbally, but understood from the circumstances surrounding the procedure or treatment at issue, is known as implied consent. Implied consent normally is given in routine office practice. Implied consent may be inferred when a patient seeks treatment or shows a willingness to go through with a particular course of treatment. For example, if a patient, without speaking, rolls up his or her sleeve and holds out an arm in response to a request to take a blood pressure reading, their conduct indicates implied consent to the process. Consent is also implied in emergency medical situations. Typically, the patient must have a life or health threatening medical condition and it must be severe enough that any delay in treatment would have a serious negative impact on the health and well‐being of the patient. Also, the patient must be so incapacitated that he or she cannot be expected to make an 164
informed choice regarding treatment. Under these circumstances a physician is justified in undertaking medical treatment without express consent. CAPACITY TO CONSENT Informed consent requires that a patient possess the requisite mental capacity to understand and weigh the positive and negative features of a proposed medical treatment and be able to voluntarily give or withhold consent after making an informed decision. If the issue of incompetence is unclear, a psychiatric or other consultation may be helpful. If the patient is determined to be incompetent, someone else must be authorized to make medical decisions and give informed consent for that individual. It may be someone holding a Durable Healthcare Power of Attorney, a court appointed guardian, or next of kin. In most situations, parents and legal guardians must give informed consent for treatment of their minor children. However, some states allow minors to play a more active role in their medical care and treatment, including informed consent. Many states have specific laws that allow minors to consent, without parental knowledge or approval, to healthcare treatments related to substance abuse, mental health and sexual activity. Likewise, many states make various exceptions for "mature minors" and "emancipated minors." Because laws vary from state to state, it is recommended that the office call an SVMIC claims attorney with questions or concerns regarding appropriate informed consent procedures for incompetent individuals or minors. DOCUMENTATION OF CONSENT Contemporaneous documentation of the informed consent process serves as the foundation for defense of any subsequent claim by a patient for lack of informed consent. Poor or absent documentation forces a physician to testify from memory about an event which probably occurred several years earlier and negatively impacts his or her credibility as a result. Furthermore, poor or absent documentation may be a significant factor in a patient's attorney's decision to pursue legal action in the first place. The informed consent process may be documented in two different ways. The first is by obtaining the patient's signature on an appropriate consent form following the necessary disclosures and discussion. For frequently performed procedures, a detailed form outlining the pertinent information should be considered. The second way is to document the informed consent process in the medical record, including any supplemental education that was offered, such as videos or brochures. Avoid the use of summary statements such as "The patient was advised of the potential risks/complications of the operation and alternatives." Instead, note some of the actual risks, complications and alternatives discussed with the patient. For example, a better entry would state that "information regarding the risks, complications and alternatives were discussed with the patient and/or family, including but not limited to….," followed by the specific information discussed and any questions asked by the patient. The patient's informed refusal of recommended diagnostic and therapeutic interventions should likewise be documented. (“Patient Informed Consent” and “Refusal of Treatment”) 165
REFUSING CONSENT Competent patients have the right to withhold consent or refuse treatment. If a patient refuses to sign a consent form, the physician should not proceed without further attempting to obtain the consent. Treatment without the patient’s consent may be construed, legally, as battery. The first issue to be sorted out is whether or not the patient’s refusal relates to signing the form or to some aspect of care. Further explaining the meaning of the form (with the aid of translation service, if necessary) may alleviate the patient’s concerns. If the refusal to sign the form is based on concerns about potential medical interventions, more dialogue about the treatment plan and the patient’s preferences should take place. Finally, neither a thorough informed consent or a signed Consent Form will excuse, or should excuse, medical malpractice. The informed consent process is intended to educate the patient so he or she can participate more fully in making difficult decisions. It should be emphasized that this process is not limited to the pre‐surgical context but is applicable to some treatment modalities and long term drug therapies. CONCLUSION Informed consent is a communication process between patient and physician resulting in the patient's educated decision either to pursue or refuse certain treatments or procedures. It lets the patient know that complications can and do occur, even in the absence of negligence, and that all treatments involve some element of risk. While persons other than the physician may perform administrative tasks, such as obtaining the patient's signature on a consent form, handing out an educational pamphlet or showing a video, it is the physician's responsibility to complete the actual consent process. A valid consent must include an adequate disclosure of information, including risks, benefits and alternatives, as well as the opportunity for the patient to have all concerns addressed and questions answered by the physician. It should be accomplished in an atmosphere that allows the patient to make thoughtful, well considered decisions regarding their healthcare, which means the process should not take place after certain medications have been administered or in a rushed fashion just prior to a procedure. It is imperative that all these steps are appropriately charted, no matter who performs them. A good consent process optimizes patient care and rapport and minimizes medical malpractice exposure, a win‐win situation for all involved. 166
MEDICAL PRODUCT IMPORTATION Physicians should be aware of the risks of importing medical products from distributors and pharmacies outside of the USA. Foreign distributors and pharmacies actively market themselves to physicians in the United States as a less costly resource for medical devices and medications. But if a medical product requires FDA approval, importation from foreign sources may run afoul of FDA regulations designed to protect American consumers from the risk of receiving a potentially harmful product. Charged with protecting the public interest, the FDA maintains strict guidelines regulating a variety of products as well as the manufacture and packaging of each. This is done to facilitate public notice and provide mechanisms for the recall of unapproved and/or defective items. Physicians with questions about the approval of a particular product may reach an FDA representative at 888.463.6332 (888‐INFO‐FDA). First, choose option three to speak with a representative. You will then be asked to select an option related to a specific area including: blood products, option one; drugs, option two; and medical devices, option three. Callers will also hear options for food and supplements, tobacco products and animal products. In addition, nearly all FDA‐approved medications and devices have on them a unique National Drug Code (“NDC”) number assigned to them by the FDA. The absence of such a number is a strong indication that the medication or device is not approved by the FDA. Additional resources to determine whether a drug product is FDA‐approved are Drugs@FDA which contains most FDA‐approved drug products, or the National Drug Code Directory (NDC), http://www.accessdata.fda.gov/scripts/cder/ndc/default.cfm. Legitimate internet pharmacies are licensed by the appropriate state board of pharmacy and follow laws and regulations of the state where they operate. They also display a seal from the National Association of Boards of Pharmacy ‐ known as a VIPPS Seal for Verified Internet Pharmacy Practice Sites. By clicking on the VIPPS seal you are able to access verified information about the pharmacy. For more information about VIPPS and a list of VIPPS‐accredited pharmacies, go to www. nabp.net/programs/accreditation/vipps. A physician may also ask a prospective pharmacy to provide documentation showing that the specific product being offered is FDA approved. SVMIC strongly recommends against the importation of any medical product that has not received FDA approval. 167
MEDICATION ADMINISTRATION The potential for medication errors is enormous, and the consequences can be serious. Because of the number and variety of individuals involved in the administration of medications, each dose of a drug presents multiple opportunities for error. And, each error has the potential for causing injury or prolonging treatment. There should be written procedures to cover the acquisition, maintenance, storage, dispensing and administration of medications and to assure conformity with all applicable federal and state regulations. DEFINITIONS Administer: To deliver to the patient a dose of medication. Controlled substances: DEA designated drugs with defined abuse potential and restrictions on ordering/dispensing. DEA: Drug Enforcement Administration. Dispense: To provide a supply of properly labeled medication to a patient. Legend Drug: Drug requiring legally authorized practitioner order for dispensing. OTC: Over the Counter. Prescribe: To order a medication to be administered. PURCHASING All drug purchases should be initiated by the authorized physician. You should decide who can sign for receipt of all prescription drugs, verify accuracy of contents compared to invoice and immediately report any discrepancies to the physician. How much stock to maintain should be defined. PRESCRIBING/ORDERING Each prescription/medication order must contain all the following information: patient’s name, date, medication name, strength, form, administration instructions, duration of prescription and authorized signature. Each prescription must be noted on the individual patient’s chart. Authority to issue prescriptions, and/or order medication administration is limited to persons authorized by state license or certification regulations (the physician and/or midlevel providers following appropriate written protocols as dictated by state regulations). TELEPHONIC PRESCRIBING Prescribing medications over the telephone without first seeing the patient could increase your malpractice exposure. In addition to malpractice concerns, there are State and Federal laws, Medical Board rules and regulations as well as rules from different governmental agencies that should be taken into consideration. When a patient contacts your office via telephone to request a prescription, it is important to consider the following factors:
Is it an established patient of the practice or a new patient? 168
Do you know the patient’s medical history? What is the reason the prescription is requested? Is it a new patient complaint? Has the patient used all of their prior prescription early? Is there a potential for fraud or misuse on the part of the patient? What type of medication is he/she requesting? Is it a refill, a dosage adjustment, a medication previously taken or a new medication? Is the medication one where lab values should be checked before an additional prescription is written? Is the patient taking other medications whether by prescription or over the counter? Does the patient live in the same state where you are licensed? Is it a patient of another practice for whom you are covering call? How long has it been since you last evaluated the patient? Are there insurance or other mandates that require you to see the patient before writing the prescription or giving a refill? When a patient calls and requests a prescription, your office should have established protocols on how to handle these calls, including a process for obtaining information from the patient such as allergies and other medications he/she is currently taking. Some prescriptions may require an informed consent type discussion with the patient. As with any telephone encounter with a patient, you will be relying solely on verbal information without the benefit of observing nonverbal cues or having the opportunity to physically examine the patient. Of utmost importance is thorough documentation concerning the call, the information obtained and the advice provided. Some states will not allow pharmacies to fill prescriptions solely on the basis of a telephonic consultation without a valid prior patient‐practitioner relationship. A proper physician patient relationship generally means that the physician has performed a history and physical examination of the patient and has made a diagnosis based on the examination and testing with appropriate follow up at medically necessary intervals. There are instances where personal evaluation may not be necessary. These generally include admission orders for a newly hospitalized patient, when taking call for another provider, when verifying the appropriateness of the medication, when medications are continued on a short term basis for a new patient prior to the patient’s first appointment or when a new physical exam for an established patient is not required based on sound medical practices. ADMINISTRATION AND DISPENSING The office should define who can administer medications. Only the physician, midlevel provider or licensed nurses have received formal education in pharmacology and hold licensure covering the administering of medications. When the physician chooses to delegate this function to an unlicensed individual he/she is accountable to know if they can perform this function as part of their scope of practice in the state and that they follow proper procedure and have knowledge concerning adverse reactions and how to instruct the patient on what to expect. 169
Individuals administering medications must be properly trained in medication administration using the 5Rs, (right patient, right medication, right route, right dosage, right time), and should also be aware of security matters related to medications, accountability for timely carrying out of practitioner orders, recording the administration of medications and common side effects of medications. Each administration or delivery of a dose of prescribed medication must be documented in the medical record. The office should define who can dispense sample or other medications. Is it only the physician or is it also the midlevel provider and licensed nurse following written protocols approved by the physician? Excessive refills or refills of medications requiring further follow up can be a trap for the unwary physician. When a patient calls the office to request a “refill” after the authorized number of refills runs out at the pharmacy, the patient is actually requesting a ‘renewal’ of the same medication which is a new prescription. Authorization for renewal of medication falls outside the scope of a non‐physician or non‐mid‐level provider. Practices may want to consider some of the following processes to increase efficiency and safety as well as meeting customer expectations:
Physicians may want to delegate the approval of requests for renewal of maintenance medications once the refills have expired to another lawful prescriber such as a midlevel provider authorized by his/her protocol. Staff should routinely ask the patient at each visit about any needed refills; this could be accomplished with a patient agenda or verbally clarified at the same time staff questions the patient about their current medications and allergies. Patients should be directed to contact the pharmacy for renewal requests. Designate an employee to handle all renewal requests. Develop a written policy to include what information should be gathered by staff prior to forwarding the renewal request to the physician or midlevel provider, including: demographic information, updated current medications/allergies, lab tests, last prescribed date, last visit date, next appointment, and results of the database query (per law). For medication renewal requests that are not considered high‐risk, it is reasonable for staff to begin the medication request prior to the provider’s review with the subsequent provider sign off the same day. Many medication errors are preventable and may even be remedied once discovered. Illegible handwriting is an example of a preventable medication error. Prescribers are encouraged to utilize electronic prescriptions if possible. This could be as simple as having an inexpensive computer program print out the prescription before you sign it. If already using electronic medical records, be sure to post electronic reminders to keep tabs on monitoring. In the absence of electronic prescriptions, make it a practice to print all prescriptions and include the name of the drug, dose, frequency, strength, quantity and indication. STORAGE 1. Drug containers which are cracked, soiled or without secure closures should not be used. 170
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
All areas where drugs are stored should be kept dry, clean and neat at all times. Drugs should be stored in an orderly manner in specifically designated cupboards, cabinets, closets or drawers away from public access or locked to prevent unauthorized access to drugs, including sample medications. Refrigerators containing drugs should be maintained between 2 degrees centigrade (36 degrees Fahrenheit) and 8 degrees centigrade (46 degrees Fahrenheit). Refrigerators used for drug storage must not contain food items. Freezers should be maintained – 4 degrees to 14 degrees Fahrenheit. A daily log of temperatures should be kept. Drugs for external use in liquid, tablet, capsule or powder form should be stored separately from drugs for internal use. Drugs with similar sounding names as well as drugs that look alike should be kept in separate locations. Consider storing medications in groupings that are disease‐specific rather than alphabetical. Test reagents, germicides, disinfectants and other household substances should be stored separately from drugs. Drugs should not be kept in stock after the expiration date on the label. No contaminated or deteriorated drugs should be used. Drugs should be checked monthly as well as each time a medication is dispensed for outdates. Monthly checks of sample drugs should be included. Do not keep unlabeled bottles, vials or pre‐filled syringes in the office. Multidose vials of injectable medications should be dated and initialed when opened. a. A multi‐dose vial is a bottle of liquid medication that contains more than one dose of medication and is approved by the Food and Drug Administration (FDA) for use on multiple persons. b. A new, clean needle and syringe should always be used to access the medication in a multi‐dose vial. The reuse of needles or syringes to access multi‐dose vial medication can result in contamination of the medicine with microbes that can be spread to others when the medicine is used again. c. The CDC recommends that single‐use vials be used whenever possible and that multi‐dose vials of medication be assigned to a single patient to reduce the risk of disease transmission. (See Centers for Disease Control article at (www.cdc.gov) d. The vials should be destroyed when expired (per manufacturer directions) or if contamination is suspected. Drugs used for local anesthesia should be single use vials. All single dose vials or vials without preservatives must be discarded at time of use and not reserved for further use. Bottles of Sterile Saline and Sterile Water for irrigation must be dated and initialed when opened. These containers should be discarded 24 hours after being opened. Creams, liquids, or ointments expire on the manufacturer’s date as long as the contents remain in the original container and provided the contents are removed for each application under sterile conditions and that they are recapped securely between every use. The containers need to be marked with the date opened. 171
17. Foil envelopes of creams or ointments must only be used for one patient and the envelope discarded after use. 18. Narcotics should be appropriately stored and double‐locked. All non‐narcotic medications should be kept in a secured area that is not accessible to patients. EMERGENCY DRUGS Emergency drugs should be checked and logged at least monthly to assure appropriate replenishment of drug supply and to assure that drugs are not outdated. DISPOSAL OF OUTDATED MEDICATIONS Medications which become outdated, with the exception of scheduled drugs, should be disposed of in the bio hazardous waste or returned to the drug manufacturing representative. CONTROLLED SUBSTANCES Physicians who choose to store, administer and/or dispense controlled substances are subject to regulation by the Drug Enforcement Administration. Additionally, physicians may be subject to regulation by the Board of Pharmacy in the state where they practice as it relates to these particular drugs. Physicians are advised to contact their local Board of Pharmacy for specific guidance. PRESCRIPTION MONITORING PROGRAMS/CONTROLLED SUBSTANCE DATABASES
Of the states serviced by SVMIC, Alabama, Tennessee, Mississippi, Kentucky, and Virginia have prescription monitoring programs (PMPs) as of August 2011. In order to insure you are meeting the state‐specific requirements of these programs, please check the SVMIC.com website. Alabama statute specifically provides that a practitioner shall have no requirement or obligation to access or check the controlled substances database prior to prescribing, dispensing or administering medications as part of their professional practice. (Ala. Code 1975 Sec. 20‐2‐214) The Tennessee Medical Association interprets Tennessee statute as not requiring a practitioner to query the database before prescribing, however the statutory provision is not clear. (TCA Sec. 53‐10‐310(d)) Mississippi, Kentucky and Virginia do not appear to have a clear mandate that the physician check the prescription monitoring database before prescribing drugs. In that the laws surrounding these programs are changing frequently, the physician should check frequently with the PMP agency in their state to make sure that the law has not been changed to require that the database be checked before prescribing. In all, 34 states have such prescription monitoring programs (PMPs) in operation. The states with such programs certainly seem to encourage its physicians to use the database. The exact purpose of the database varies from state to state, but the overall purpose according to the Alliance of States with Prescription Monitoring Programs is to collect data to support the efforts of the states in education, research, enforcement and abuse prevention. The physician may wish to check the database before prescribing, even if it is not mandated by the state, so that he is not unwittingly prescribing to patients who are engaging in doctor‐
172
shopping. States are stepping up law enforcement efforts to stop drug diversion and drug abuse from prescription drugs. Physicians should check with the agencies in the particular states that administer the PMP as the programs vary widely from state to state. Such programs have highly restrictive confidentiality rules with respect to how a prescription monitoring report can be used. The physician needs to thoroughly understand these rules as a violation can be punished as a criminal offense. For example, if a physician in Kentucky shares the report with the patient, the physician can be charged with a felony. See the FAQ Page at the Alliance of States with Prescription Monitoring Programs found at http://www.pmpalliance.org/. 173
MEDICATION RECORD In the office setting, properly maintained medical records can help reduce errors and can be crucial to the defense of a malpractice claim. The following suggestions may help prevent medication errors and can significantly decrease risk. 1. It is recommended that a medication flow sheet with all medications listed (including over the counter) be used to avoid having to flip through progress notes in order to determine what medications the patient is taking. Every medication a patient takes should be documented on the flow sheet, including the date of the prescription, the name of the medication, the dose, route, amount, duration, number of refills, and the initials of every refill provider. The flow sheet should be placed in the front of the record where it will be easily accessible. In an electronic medical record, it may be found as a separate tab in the record, or in a designated field on the “face sheet” when the medical record is opened. The flow sheet should also identify any drug prescribed that will require blood level assays or periodic laboratory screening; and in an electronic record, this would include automated reminders to alert the provider when the recommended screening is due to be completed. (“Medication Flow Sheet”) 2. Patient allergies and prior adverse reactions to medication should also be posted on the flow sheet and on the front cover of the file jacket, preferably on a distinctively colored label. It is critical that the flow sheet and front cover are updated and correct. In the electronic record, allergies should be obviously apparent at the opening of the record, or be part of an “alert” system that would easily draw the provider’s attention to any patient allergies. The patient should be asked for any allergies at each visit or prior to calling in a prescription in order that the record is updated as necessary. No medications should be administered or prescribed without first checking the list of allergies or adverse reactions. 3. Patients should be queried regarding their current use of prescription medications, over‐the‐counter drugs, herbal, botanical, and other dietary supplements, especially if the physician or staff knows they are seeing other physicians or getting medication from more than one source. Flow sheets should be updated accordingly. Although many patients cannot give an accurate statement of all current medications, a good practice is to ask such patients to bring in all prescriptions and over‐the‐counter medications. 4. Patients should be informed of the contraindications, drug interactions, warnings, and side effects of every medication prescribed. Prescribing medication with potentially significant side effects may require the patient’s informed consent. This discussion should include the proposed drug’s benefits, risks and alternatives. Document the patient’s understanding and acceptance of the risks and agreement to take the medication. Any follow‐up care or required monitoring should be understood by the patient and the plan should be documented in the record. 3/15 174
5. Any instructions given to the patient should be documented in the record, and should include a description of any educational material that was provided to the patient as part of these instructions. Documentation in the medical record should also include all patient reports of side effects or adverse reactions, as well as all actions taken to relieve them. 6. If medications are prescribed in a manner contrary to the manufacturer’s recommended use, the patient should be so advised and the rationale for the decision to prescribe should be documented. 7. Before refilling medications, the prescribing provider should document periodic re‐
evaluations of the patient’s condition, including results from recommended laboratory screenings when appropriate. Therapeutic levels of these medicines are critical to the safety of the patient and the effectiveness of treatment. Neglecting to monitor levels can lead to harm and potential litigation. Many patients say they are taking their medication as prescribed, but lab tests or physiological parameters do not change in the expected fashion. This could be a sign of noncompliance or even a hint to question the patient about dietary changes or supplements they may not have disclosed. In any event, monitoring high risk medications is the provider’s responsibility. Education is important in conveying the goals of treatment. If your patient fails to comply with the ordered testing or follow up, be sure to document the noncompliance and necessity of monitoring. It may be necessary to terminate the patient from the practice. If your patient is noncompliant with the medication treatment, be sure to emphasize the need for treatment and document the patient’s refusal. 3/15 175
PATIENT AGENDA The patient agenda form is a useful communication tool. Patients are given a simple form to complete prior to the visit allowing them to list specific concerns, symptoms and special requests. (“Patient Agenda”–fillable) The physician and the patient can review the patient concerns and budget the time appropriately. It also allows staff to prepare prescriptions, referrals, complete forms and other tasks ahead of time. The patient agenda promotes collaboration and partnership allowing the patient’s principal concerns and questions to drive the visit. Studies show this approach has several benefits: 1. Takes less time as patient’s concerns are focused and the patient agrees to the time allotted. 2. Occupies patients while waiting to be seen and prompts them to gather the necessary information for the visit. 3. Creates a manageable priority list for the visit. 4. Improves patient satisfaction. 5. Improves health outcomes without requiring additional investment in time or resources. 6. Improves adherence to medication/advice. A chief complaint among patients is they feel the physician is rushed and does not spend enough time during the office encounter. However, many physicians complain that patients have unrealistic expectations about what can be accomplished within the timeframe of a routine office visit. The patient agenda is intended to assist the physician with focusing the visit and budgeting time. The patient agenda can go a long way in giving the physician a “heads‐up” as to what the patient needs to feel good about their visit, which is a big help in deciding how to budget the appointment time. A typical medical office schedules a patient visit with a chief complaint in mind. Yet the average internal medicine patient presents with 2.5 complaints per visit, or one and a half complaints more than a chief complaint, so most physicians are behind before they even get into the room with the patient. Too often patients forget to tell their physician key information or skirt around an important issue until the physician is ready to walk out the door. Studies show patients want two questions answered when they come to the office: 1. Do I have what I think I have? 2. Are you going to do for me what I think you should do for me? A simple patient agenda may help uncover the patient’s expectations for the visit with just a few simple questions: what concerns do you want to be sure to discuss at today’s visit; what symptoms do you want your provider to be aware of; and do you have specific requests for refills, completion of forms or other specific requests. Give a 176
limited number of lines to help direct the patient to be more specific in their answers. If these needs are listed beforehand, it helps eliminate the risk of the “doorknob phenomenon”, which is when the physician believes he or she has completed the office encounter and the patient is just getting started with their list of concerns. Finding common ground is important as it is not solely the physician’s responsibility to guide the visit. One goal of the visit should be to address the patient’s problem and get their buy‐
in on the treatment plan. It is not going to benefit anyone if the physician is focusing on an issue that has little concern to the patient and is missing the real reason for the visit. Physicians should not to be overly concerned about patients with a long list of problems. If it is on the patient’s mind, it is best to find it out at the beginning of the visit when one can appropriately triage the situation. Physicians can discuss the expectations and time budgeted for the visit and then collaborate with the patient on the most pressing concerns. It is certainly appropriate to take care of problems 1, 2 and 3 during this visit but reappoint or refer to a specialist for the other non‐priority issues. However, it is not helpful to address 1 and 2 only and then recognize as a physician that problems 3 and 4 would have needed the most attention. Such situations where the physician is put on notice but does not address the problem(s) can create liability. Take the time to include plans to address all of the patient’s concerns in the visit note and retain the patient agenda in the patient’s records as well. They serve as useful documentation of patient concerns and can help avoid later allegations that a patient raised an issue you failed to address. To help alleviate any misunderstanding, many physicians add simple language to the patient agenda form such as “Please understand that most appointments are scheduled for a 15 minute visit. We would appreciate it if you are as specific as possible. We will strive to address all your concerns at this visit but we may need to make another appointment or refer to another provider for the recommended treatment”. CONCLUSION When used properly, patient agendas not only make a patient more engaged in his or her own care but also work as a time saving device. Physicians often find out about emergency room visits, visits to other doctors or new prescriptions they did not authorize. It shifts the responsibility to the patient to let the physician know exactly why he or she is there and what they expect from the encounter. 177
REPORTABLE DISEASES AND EVENTS In the United States, requirements for reporting diseases are mandated by state laws or regulations, and the list of reportable diseases in each state differs. The diseases and events listed for each state are declared to be communicable and/or dangerous to the public and are to be reported to the appropriate authorities by all hospitals, physicians, mid‐level providers, laboratories, and other persons knowing of or suspecting a case. Based on the case, reporting timelines range from immediate telephone notification to weeks. The purpose of the reportable disease surveillance is to: 1. Identify in a timely way any diseases or conditions that may require immediate public health intervention and follow up; 2. Detect changing trends or patterns in disease occurrence; 3. Identify areas or communities that require special public health response as a result of changes in disease patterns; and 4. Assess and evaluate control and prevention interventions. Alabama Department of Public Health http://www.adph.org/ REPORT (Rules for Every Provider and Organization to Report on Time) Notifiable Diseases The purpose of REPORT is to ensure all reporting organizations understand the Notifiable Diseases Rules. In 2011, the Notifiable Diseases Rules were updated with new reporting times and categories: Immediate, Extremely Urgent diseases must be reported within 4 hours of diagnosis; Immediate, Urgent diseases must be reported with 24 hours of diagnosis; and Standard Notification diseases must be reported with 7 days of diagnosis. The list of reportable diseases and events is located at: http://www.adph.org Arkansas Department of Health http://www.healthy.arkansas.gov The “Rules and Regulations Pertaining to Communicable Disease Control” adopted by the Arkansas State Board of Health in 1977 pursuant to the authority conferred by Act 96 of 1913 (Arkansas statutes, 1947, Section 82‐110) Section III, states “The responsibility for reporting certain communicable diseases is the duty of EVERY physician, practitioner, nurse, superintendent or manager of a dispensary, hospital, clinic, nursing or extended care home and laboratory personnel examining human specimens resulting in the diagnosis of notifiable diseases or any person in attendance on a case of any disease or conditions declared notifiable.” The list of reportable diseases and substances can be found at: http://www.healthy.arkansas.gov 178
Georgia Department of Public Health http://health.state.ga.us All Georgia physicians, laboratories and other health care providers are required by law to report patients with conditions or events listed on the flyer to their County Health Department or District Health Office. Cases may also be reported to the Acute Disease Section of the Epidemiology Branch. Both lab‐confirmed and clinical diagnoses are reportable within the time interval specified on the flyer. Reporting enables appropriate public health follow‐up for your patients, helps identify outbreaks, and provides a better understanding of disease trends in Georgia. The list of reportable diseases and events is located at: http://health.state.ga.us Kentucky Department of Public Health http://chfs.ky.gov Mississippi Department of Health The list of reportable diseases and events is located at: http://www.msdh.state.ms.us Tennessee Department of Health http://health.state.tn.us The diseases and events listed the Reportable Disease document are to be reported to the local health department by all hospitals, physicians, laboratories, and other persons knowing of or suspecting a case in accordance with the provision of the statutes and regulations governing the control of communicable diseases in Tennessee (T.C.A. §68 Rule 1200‐14‐01‐.02). Virginia Department of Health The Division of Surveillance and Investigation of VDH serves the citizens of the Commonwealth of Virginia by monitoring for the occurrence of reportable and emerging diseases or suspected outbreaks of illness (natural or otherwise), providing recommendations and guidance to prevent the spread of communicable diseases, and investigating outbreaks of disease and other public health emergencies. The list of reportable diseases and events is located at: http://www.vdh.state.va.us 179
REPORTING SUSPECTED CHILD, ADULT, ELDER ABUSE/NEGLECT The medical office should have mechanisms in place to ensure the identification of potential abuse victims and to facilitate proper legal and medical follow‐up of potential domestic violence victims including abused children, adults, and the elderly. In accordance with applicable state laws, any individual having a reasonable cause to suspect that a patient has sustained any wound, injury, disability, malnourishment, or physical or emotional harm as a result of abuse/sexual abuse, brutality, neglect or exploitation as well as injuries involving violence, deadly weapons or exposure to methamphetamines, may have an obligation to make a report to the appropriate state or local authority. Most states have laws that require mandatory reporting by healthcare professionals for the following: Suspected abuse, sexual abuse, brutality, neglect, mistreatment, and exploitation of a child. Suspected abuse, neglect, mistreatment/maltreatment and exploitation of an elder adult. Injuries involving knives, guns, deadly weapons, violence, poison, suffocation, or exposure to methamphetamines. Reports involving children, by telephone or otherwise, must be immediately made to the appropriate authority. Typically this will be the local juvenile judge or the county department of human services or the sheriff or chief law enforcement official of the municipality where the child resides. Any person who, in good faith, believes that a patient is or has been abused, neglected or exploited should notify, verbally or in writing, the appropriate regulatory or law enforcement agency. Statutory immunity is provided for those who report actual or suspected abuse or neglect. There is, however, NO immunity for failure to report and most states impose a criminal penalty for failing to report suspected abuse or neglect. The administrator/office manager or his/her designee should be notified prior to making a report; however this notification does not nullify the statutory requirement to report reasonably suspected abuse. All reports of possible abuse submitted to regulatory agencies are confidential. Care and treatment should be conducted with an attitude of concern, interest and confidentiality. Privacy should be provided during any interviews or examinations; treatment of the patient should be done with respect to establish a supportive and non‐judgmental attitude that reassures the patient. The office may not suspend or terminate, discipline or otherwise discriminate against any employee for reporting reasonably suspected patient abuse, neglect or exploitation. 180
If the physician or staff member is presented with a situation involving a patient who appears to be the victim of abuse, neglect or other type of injury identified above and a question exists as to whether or not a report is required, an SVMIC claims attorney should be contacted. 181
TELEPHONE TRIAGE/MEDICAL ADVICE Primary care providers are increasingly called upon to control healthcare costs and the utilization of healthcare resources. All physicians have calls from patients needing clarification of medical instructions, treatment, etc. Most physicians, however, are too busy to personally answer all the calls from patients seeking advice. This responsibility frequently falls to the staff. It is often difficult for the staff to handle telephone questions efficiently and appropriately without standardized protocols. The physician’s office staff giving medical advice or instructions to a patient without written, approved protocols can be viewed as staff practicing medicine without a license and such practices are not in the best interest of the public’s health, safety and welfare. It is important that a written triage protocol be developed for personnel responsible for handling telephone triage to distinguish emergency and urgent phone calls from routine calls such as billing inquiries, appointment requests, refills and lab results. The protocol should further instruct where such calls are to be directed. All non‐urgent calls should be returned by the end of the day. If a non‐urgent call cannot be returned until later, staff should advise the patient when a response can be expected. It is crucial to have in place a detailed telephone advice protocol for all clinical staff who are allowed to give patient advice or make clinical decisions. Triage or medical advice should only be performed by competent, qualified, clinical staff (preferably a licensed clinician such as a Registered Nurse) who always gives a statement to the patient regarding limitations of advice to reduce liability. The physician should be accessible to the nurse for any serious problem. All patient telephone calls, whether incoming or outgoing, must positively identify the patient or patient’s guardian prior to discussing any medical or personal issues. The protocol should be detailed enough to include the questions staff should ask in response to various complaints as well as when a patient should be referred to a physician. Applying the caller’s description of symptoms to an algorithm type of program which progresses through a decision tree to help determine where to direct a patient on a consistent basis, will help reduce malpractice liability claims resulting from telephone encounters. All staff should be trained in phone‐encounter techniques, dealing with difficult calls, documentation, and the use of the protocols including when a call should go to the next level, i.e. receptionist to nurse, nurse to physician. All patient telephone calls for medical advice are to be properly documented. Document the following: Date and time of the call; Patient name; Allergies if pertinent; 182
The problem and any other information related to the problem gleaned from questions asked; Who took the call; The physician directives; Time the patient called/was called back; With whom the patient spoke; and Either physician sign‐off or the nurse sign‐off with “per protocol of Dr. X.” Written protocols for triage or telephone advice can be obtained through certain professional medical associations’ medical bookstores. There are also several on‐line resources such as: www.majors.com; www.teletriage.com; and www.amazon.com. The office can take these protocols and tailor them to their particular practice. Alternatively, a physician may design his/her own protocols by defining very measurable statements/questions (decision tree) to be used by the nurse when performing triage or giving medical advice to the patient. All telephone protocols should be reviewed and updated annually by the physician. 183
TERMINATING THE PHYSICIAN‐PATIENT RELATIONSHIP While a patient may terminate care at any time without notifying the physician, the same is not true for the physician. Once created, the relationship imposes legal obligations and duties, so it is important to follow certain procedures when dismissing a patient to avoid civil liability or disciplinary action for abandonment. This article will provide guidelines for ending your relationship with a patient. The physician‐patient relationship is based on the law of contracts. Once the physician‐patient relationship is established, the treating physician is required to render care to the patient until one of the following occurs: 1.
2.
3.
4.
The relationship is terminated by consent of the parties; The patient’s condition no longer warrants treatment; The relationship is revoked by the patient; or The relationship is revoked by the physician. There may be times when a physician feels, for a variety of reasons, that he or she can no longer care for a patient. It may be that a patient’s noncompliance prohibits proper treatment, or that the patient makes demands the physician feels are inappropriate. The patient or a family member may be threatening or hostile in their attitude towards the physician or staff. Or, it may be necessary to end the relationship because of retirement, relocation or the patient’s failure to comply with a payment plan. Generally, a physician can terminate his/her relationship with a patient for any reason, provided it is not based on discriminatory grounds (such as race, color, gender, religion, national origin, age, sexual orientation, disability or HIV/AIDS status), and the physician has not signed a contract (e.g. a third party provider contract) that precludes such termination. The physician must also consider the patient’s underlying medical situation before making a decision to terminate. It may not be appropriate to terminate care if the patient is in a critical stage of treatment. Some of these situations might include hospitalized patients, postoperative patients or a patient who is well into her pregnancy. Once a decision has been made to dismiss a patient, the physician should take appropriate steps to avoid a possible allegation of abandonment. The recommendations below can minimize liability exposure arising from the termination of the physician‐patient relationship: 1. Review the medical record for conditions that might require additional monitoring or treatment. 2. Check the provisions of any contract signed with the patient’s health plan to ensure compliance with it. 3. If at all possible, first discuss the termination with the patient in person. Send a written notice of termination to the patient by certified mail. (“Termination of Physician‐Patient Relationship Letter”) This letter should indicate the reason for termination unless doing so would further inflame the patient.* It should also specify whether the patient is being dismissed by an individual physician only or by the entire group. If the patient refuses to 184
4.
5.
6.
7.
sign for the letter, keep the copy of the undelivered receipt and the letter in the medical record. Send an additional copy of the letter by regular mail. Be sure to state in the letter that you will provide medical care to the patient for the next 30 days (if that is an appropriate period of time under the circumstances) while he/she looks for another physician.* A specific date of termination should be indicated. The physician may choose to provide only emergent care or in certain instances, such as in the case of illegal activity by the patient or the threat of hostile action toward the physician and/or staff, immediate termination may be appropriate. Please contact SVMIC directly for guidance in those circumstances. State clearly the need for ongoing medical care, if such care is necessary. Explain in the letter that a copy of the patient’s medical records will be sent to the new physician at the patient’s request. Enclose a medical records release authorization form with your letter. Avoid referring the patient to another specific physician. Instead refer the patient to the local medical society, the yellow pages or another physician referral source in the community. A verbal notice of termination may be sufficient in special circumstances, such as when the patient frequently moves or has no permanent address, but ALWAYS document this discussion in the chart. If the relationship is terminated by the patient, rather than the physician, a similar process should be followed. The treating physician should confirm in writing the patient’s intention to terminate the physician‐patient relationship. The letter should clearly state the patient’s duty to procure another physician without delay if the patient requires further medical treatment. Send this notification to the patient by certified mail with a copy of the notification and the receipt of service included in the permanent medical record. Once the relationship has been terminated, alert your office staff, particularly the appointment scheduler, about the dismissal and advise them not to schedule the patient after the effective termination date. Clearly indicate whether the patient has been terminated by an individual physician or the entire group. Keep in mind, if the patient stays with the group and needs care when the dismissing physician is on‐call for the group, that physician will have to see the patient. An analogous situation can arise if the dismissing physician is on‐call when the patient comes to the Emergency Department. The physician has to treat the patient until he/she is stabilized from that event, but once the emergency is resolved, you should send a letter indicating that the relationship remains terminated. The hospital’s on‐call contracts will determine specific follow‐up responsibilities. If you have any concerns about the appropriateness of terminating a patient, whether it has to do with the reason for the dismissal, the timing of the dismissal or the procedure to follow in accomplishing the dismissal, please call SVMIC’s Claims Department at 800.342.2239, and allow one of the Claims Attorneys to provide more specific guidance. *Please Note – The Mississippi Medical Board requires physicians practicing in Mississippi to give a “brief and valid reason” for the termination of the relationship. The physician must also provide ongoing care, not just emergent care, for 30 days following the date of termination. 185
TRACKING OF DIAGNOSTIC TESTS, REFERRALS AND FOLLOW‐UP Failure to track is still a significant source of malpractice claims filed against physicians. Many practitioners are aware of the importance of tracking labs and diagnostic tests, but don’t think about tracking appointment cancellations, no‐shows or consultations and referrals. These should be tracked just as you would a test result. With today’s technology physicians have an assortment of diagnostic tests from which to choose. The diagnostic test chosen must be the appropriate one to achieve the desired results, must be performed correctly, and the findings must be properly interpreted and analyzed in order to assist the physician in diagnosis and treatment decisions. Missed diagnosis is the number one claim received at SVMIC. Once the physician has ordered any diagnostic test, he/she has a duty to be aware of the results. Losing a patient to follow‐up can have disastrous consequences that could have been avoided simply by tracking referrals, ordered tests, appointment cancellations and no‐shows. System breakdowns that can result in diagnostic delays and pose potential risks: An ordered test or referral not being performed Results not getting back to the office A test or consultant correspondence being filed in the patient’s chart without being seen by the physician, and/or being filed in the wrong place No patient notification of test results The importance of a well‐defined follow‐up system in an office practice cannot be overestimated. The system should monitor that diagnostic testing and/or the referral is completed, the results are received and that they are reviewed by the physician and communicated to the patient before filing in the patient’s record. Follow‐up systems can be manual or computerized, but should be simple and easily maintained. PATIENT NOTIFICATION There should be a consistent method for notifying patients so no one is missed. Have a process of notifying the patient of all test results and give the patient a time‐frame in which results will be communicated. Never take the approach with patients that “no news is good news.” By doing so, you lose the additional safety net of a patient who is expecting to receive results and who may notify you if something ends up missing. However, asking the patient to call for test results does not absolve the physician of the duty to inform the patient of the results. If you are a referring physician and you learn the patient has not kept the appointment, have your office call or send a letter noting your concern and emphasizing the importance of the consult. Depending on the severity of the issue, a certified letter may be necessary to document your attempt. If you determine the consult is no longer necessary, document your reasons for the change in opinion. As the consulting physician who is in receipt of medical records on a patient you have not seen, take the time to review the records and track the appointment. While primary care physicians have a responsibility to make clear and appropriate hand‐offs to specialists, there is an equally important responsibility on behalf of the specialist to provide 186
clear and timely feedback. In addition to being good patient care, it also makes good business sense to maintain strong relationships with your referring colleagues. Guidelines for the Referring Physician Request a consultation when the management of your patient goes beyond your training and experience.
The referring physician should have his or her own informed consent discussion when referring a patient to a specialist for a particular test or procedure. Track your referrals in the same office tracking system used for tracking labs, cancellations and no‐shows, diagnostic imaging, etc. Remember that the follow‐up is not complete just by requesting an appointment with a specialist. Train all employees not to file any reports, including consultation reports or letters, until reviewed and signed off by the physician. When possible, have your staff make the appointment with the specialist before the patient leaves your office. There is a greater likelihood of the patient following up with the specialist if the appointment is made before the patient leaves your office. Follow‐up with the specialist or the patient within an appropriate time frame to ensure the appointment was kept. Create a form for requesting consults or use the sample form on the SVMIC website at www.svmic.com.
Guidelines for the Consulting Physician Be prepared for the patient visit by reviewing the records. Have an informed consent discussion with the patient prior to any tests or procedures and document any refusals. Promptly notify the referring physician with the specific plan of action recommended including new problems identified, medication changes, test results, etc. If the patient does not show up or cancels the appointment, notify the referring physician and make an attempt to reschedule the appointment. A sample “Notice of Missed Appointment” may be found on the SVMIC website at www.svmic.com. Be sure to clarify the role of each physician in the patient’s care, whether you will continue care or sign off on the case.
187
Following is a discussion of some tracking systems that work well to ensure that nothing falls through the cracks, causing a missed diagnosis. LOG The system can be as simple as a spiral notebook with columns for the date, patient’s name, test ordered, and the lab or facility where the test was performed. You can use a column to show date test results are received and staff initials. To indicate all is completed, simply highlight the patient name when test results are received. Either of these will easily identify those results that have not been received. Results should always be given to the physician to review. If received electronically, the result should be tasked to the physician for review. The physician should date and initial indicating a completed review of the results. The staff should complete any instructions given before the report is filed in the patient’s chart. For urgent results, always document the person who is notified, date, time and initial. This should be indicated directly on the test result and maintained in the patient’s chart. TICKLER FILE This is another type of paper follow‐up system. In this file, a folder is created for future days, weeks, or months (depending on the size of the practice and the frequency of orders for tests). An expandable file can also be used for this purpose. A copy of the test order requisition is filed in the tickler file on the date that the results are reasonably expected to arrive in the office. Each day the file is checked and results are matched to the copy. If expected results are not received, appropriate follow‐up action is taken. The test result is then submitted to the physician for review, instruction, patient notification, etc. SCHEDULING The scheduling mechanism can be used in several ways to track patients. The first is, after the physician orders a test or referral, he/she schedules a follow‐up appointment with the patient to discuss the results. This system only works if the practice also tracks patient no‐show and cancellations. The second is, when a physician orders a test or referral, the nurse so indicates on the appointment sheet next to the patient’s name. The appointment sheet then serves as a tracking log and the procedures for tracking would follow those previously outlined. The third way the scheduling procedures can be used to track is, after a test/referral is ordered, the physician instructs that the patient’s name and the test/referral ordered be placed on his/her schedule for the day the results would reasonable be expected to be received in the office. An appointment time is not given; the patient’s name is simply added to the schedule with a “results pending” notation. Each day, the patient charts designated “results pending” are reviewed, and if the results have not been received, then appropriate investigation follows. Standard physician follow‐up should occur. ELECTRONIC TRACKING SYSTEM Many electronic health records systems have the ability to track tests which have been ordered and patients who have been referred. The best systems electronically alert the physician or office staff to the fact that a test result is outstanding or a consultation report has not been 188
received or reviewed. The appropriate follow‐up then takes place. The practice should be aware that the use of electronic tracking systems requires that they verify that every lab or diagnostic vendor from whom their patients may receive services is able to provide this type of alert or notification. If there are labs or facilities that do not have this capability, then an additional tracking system must be employed for the patients who obtain services at those locations. CONCLUSION Whether you practice using a paper chart or an electronic health record, be sure you have an effective tracking method for all lab tests, diagnostic imaging, referrals, consultations and cancellations and no‐shows. If a test or consult is important enough to order, it’s important enough to track. Having redundant systems such as reminding patients to call if they have not received results may be invaluable in the long run. Some offices have developed variations on the above suggested systems that seem to work well in their particular setting. What matters is that the system instituted is effective and used consistently by all physicians and office personnel in the practice. It is critical that you have a fail‐safe method in place to ensure that the results are received, seen and evaluated by the physician, reported to the patient, commented upon in the chart and that appropriate follow‐up is taken so that no report is missed. Resources: American Medical Association: www.ama‐assn.org Medical Economics: www.memag.com Rev. 3/15 189
VISIT / CLINICAL SUMMARY In most practices, it is fairly commonplace for patients to call back to the office with questions about orders and treatment plans received earlier that day. This can be quite a disruption to both the physician’s work flow, not to mention the staff managing the calls. Consider how often patients come in for their follow‐up visit only for you to discover they did not understand your instructions and therefore valuable time has been wasted in their care. One solution to problem areas such as frequent callbacks to the office, noncompliance with treatment regimens, failure to keep return appointments and basic communication breakdown between the provider and patient, is to generate an after‐visit clinical summary for patients. The summary can be on paper, or automatically generated by your electronic health record (EHR) system. As more and more practices convert to electronic health records (EHRs), many offices have the ability to generate a summary from the computer system. Talk with your EHR vendor to create a template or develop the necessary steps to generate the information pertinent to the visit you want the patient to remember. Just be aware, for the purpose of meeting the Meaningful Use Criteria in implementing a certified EHR as defined by the Centers for Medicare and Medicaid Services (CMS), the visit summary is not necessarily the same as a “Clinical Summary” which must contain defined elements outlined below. For those offices attesting to Meaningful Use, clinical summaries must be provided for at least 50% of patient encounters. For Stage One, the government requires provision of the summary at no cost within four business days, shortening it to one business day for Stage Two. The clinical summary is defined by CMS as “an after‐visit summary that provides a patient with relevant and actionable information and instructions containing in no particular order…”: •
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Patient name Provider's name and office contact information. Date and location of the visit. Reason for the office visit. Current problem list. Current medication list. Current medication allergy list. Procedures performed during the visit. Immunizations or medications administered during the visit. Vital signs taken during the visit (or other recent vital signs). Laboratory test results. List of diagnostic tests pending. Clinical instructions. Future appointments. Referrals to other providers. Future scheduled tests. Demographic information maintained within certified electronic health record technology (CEHRT) (sex, race, ethnicity, date of birth, preferred language). 190
•
Smoking status. •
Care plan field(s), including goals and instructions. •
Recommended patient decision aids (if applicable to the visit). The provider must include all of the above that can be populated into the clinical summary by certified EHR technology. If the certified EHR technology cannot populate all of the above fields, then at a minimum you must provide: • Problem List • Diagnostic Test Results • Medication List • Medication Allergy List There are some exceptions as well as additional provisions, but generally you should evaluate your internal workflow processes to be prepared to either give each patient a clinical summary before he or she leaves the office, or quickly make those summaries available to patients online through a secure patient portal, personal health record (PHR) or printed copy. For more information, visit http://www.cms.gov/Regulations‐and‐
Guidance/Legislation/EHRIncentivePrograms/downloads/Stage2_EPCore_8_ClinicalSummaries.
pdf [you might want to create a short link for both the Stage One and Stage Two criteria, as a significant number of your members will be on Stage One in 2015. A clinical summary can be created and tailored to your patients, summarizing the main topics of the visit and explaining your treatment plan. The summary is a very useful tool to improve patient compliance and office efficiency while reducing malpractice risk. You may forget an instruction, or the patient may not hear one because he or she is trying to remember so many things, and the summary can serve as a reflection of the office visit and treatment goals. The office visit summary is similar to the hospital discharge summary that physicians have long used to help clarify patient instructions following a hospitalization. Patients are often stressed and distracted in the medical office and generally need some help understanding and recalling the important elements of the visit. When used in the medical office patient encounter, it is a way to provide the patient with a short wrap up of the office visit, outlining the key points, plan, medication changes and follow‐up. It may not be necessary for all patients to receive a visit summary, but it can be an invaluable tool for both efficiency and safety. It is well known that patients remember only 20‐30% of what went on in the visit. Patients are not trying to be noncompliant, they just don’t have all the information they need to follow through with your plan. Medical information is not the usual information for most people. As a result it is common to have frequent callbacks to the office to clarify instructions. Summarizing in writing the nuts and bolts of the encounter provides the patient with a quick review of your treatment plan which they can then digest and share with family or other caretakers in a less stressful environment. A summary may be a valuable educational tool for your patient as well. You can write out the key points of the visit and implement goals. For example, you may write “your blood pressure is 140/90 and the goal is 120/80”. They can share this information with others who participate 191
in their care such as family members and other healthcare providers. Pare down the elements of the visit into a targeted summary focusing on the diagnosis, treatment plan (including lifestyle changes), medication changes and follow‐up. Be sure to include any referrals to specialists and the reason for referral on the visit summary. When completing the visit summary, avoid complicated or confusing instructions. Print your instructions legibly in lay language and review them with your patient. You or your designated staff member should give the patient time to ask questions. Use the “teach back” method to ensure understanding of the information and your instructions. What you believe you have communicated clearly and effectively may not have been understood by the patient. For example, you may order a medicine to be “taken with meals” assuming that means three times a day, but to your patient it may mean six times a day if that is their routine meal schedule. Asking the patient to repeat back instructions will help clarify misunderstandings and prevent patient noncompliance and harm. If your patient understands your treatment plan, he or she will be more likely to comply with your orders. It also allows you to assess the patient’s ability to complete your plan by offering patients a chance to disclose any financial or physical barriers to compliance. You may suggest that your patients attach their follow‐up appointment card to the visit summary and post it on the refrigerator as a reminder to follow the plan and keep the return appointment. Some offices post a reminder on the exam room door stating, “Did you get a visit summary from your provider today?” to help reinforce the habit of using the form. If your patient didn’t receive the summary, they feel comfortable asking for it before they leave the office. Resources: CMS FAQ on this subject: https://questions.cms.gov/faq.php?id=5005&faqId=5989 Rev. 3/15 192
Sample Forms Letters and Policies Chapter 7 193
___________________________________________ Practice/Facility Name Accounting of Disclosures of Protected Health Information Patient's name: _________________________________ Date of birth______________ Dates Covered by this Accounting Sheet: ___________________________ The individual has the right to an accounting of disclosures made up to six (6) years prior to the date of the request. Date Protected health information disclosed To Whom Disclosed Name/Address Basis for Disclosure For multiple disclosures to single person/entity for single purpose, frequency, and date of last disclosure for accounting period. Date Approved
Rev 3/15
194
A. Notifier:
B. Patient Name:
C. Identification Number:
Advance Beneficiary Notice of Noncoverage (ABN)
NOTE: If Medicare doesn’t pay for D.
below, you may have to pay.
Medicare does not pay for everything, even some care that you or your health care provider have
good reason to think you need. We expect Medicare may not pay for the D.
below.
D.
E. Reason Medicare May Not Pay:
F. Estimated
Cost
WHAT YOU NEED TO DO NOW:
Read this notice, so you can make an informed decision about your care.
Ask us any questions that you may have after you finish reading.
Choose an option below about whether to receive the D.
listed above.
Note: If you choose Option 1 or 2, we may help you to use any other insurance
that you might have, but Medicare cannot require us to do this.
G. OPTIONS:
Check only one box. We cannot choose a box for you.
☐ OPTION 1. I want the D.
listed above. You may ask to be paid now, but I
also want Medicare billed for an official decision on payment, which is sent to me on a Medicare
Summary Notice (MSN). I understand that if Medicare doesn’t pay, I am responsible for
payment, but I can appeal to Medicare by following the directions on the MSN. If Medicare
does pay, you will refund any payments I made to you, less co-pays or deductibles.
☐ OPTION 2. I want the D.
listed above, but do not bill Medicare. You may
ask to be paid now as I am responsible for payment. I cannot appeal if Medicare is not billed.
☐ OPTION 3. I don’t want the D.
listed above. I understand with this choice I
am not responsible for payment, and I cannot appeal to see if Medicare would pay.
H. Additional Information:
This notice gives our opinion, not an official Medicare decision. If you have other questions on
this notice or Medicare billing, call 1-800-MEDICARE (1-800-633-4227/TTY: 1-877-486-2048).
Signing below means that you have received and understand this notice. You also receive a copy.
I. Signature:
J. Date:
According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.
The valid OMB control number for this information collection is 0938-0566. The time required to complete this information collection is estimated to average 7
minutes per response, including the time to review instructions, search existing data resources, gather the data needed, and complete and review the information
collection. If you have comments concerning the accuracy of the time estimate or suggestions for improving this form, please write to: CMS, 7500 Security
Boulevard, Attn: PRA Reports Clearance Officer, Baltimore, Maryland 21244-1850.
Form CMS-R-131 (03/11)
Form Approved OMB No. 0938-0566
195
A. Notificante:
B. Nombre del paciente:
C. Número de identificación:
Notificación previa de NO-cobertura al beneficiario (ABN)
NOTA: Si Medicare no paga D.
a continuación, usted deberá pagar.
Medicare no paga todo, incluso ciertos servicios que, según usted o su médico, están justificados.
Prevemos que Medicare no pagará D.
a continuación.
E. Razón por la que no está cubierto
F. Costo
D.
por Medicare:
estimado
Lo que usted necesita hacer ahora:
Lea la presente notificación, de manera que pueda tomar una decisión fundamentada sobre
la atención que recibe.
Háganos toda pregunta que pueda tener después de que termine de leer.
Escoja una opción a continuación sobre si desea recibir D.
mencionado
anteriormente.
Nota: Si escoge la opción 1 ó 2, podemos ayudarlo a usar cualquier otro seguro que
tal vez tenga, pero Medicare no puede exigirnos que lo hagamos.
G. OPCIONES: Sírvase marcar un recuadro solamente. No podemos escoger un
recuadro por usted.
☐ OPCIÓN 1. Quiero D.
mencionado anteriormente. Puede cobrarme ahora, pero
también deseo que se cobre a Medicare a fin de que se expida una decisión oficial sobre el pago,
la cual se me enviará en el Resumen de Medicare (MSN). Entiendo que si Medicare no paga, soy
responsable por el pago, pero puedo apelar a Medicare según las instrucciones en el MSN. Si
Medicare paga, se me reembolsarán los pagos que he realizado, menos los copagos o
deducibles.
☐ OPCIÓN 2. Quiero D.
mencionado anteriormente, pero que no se cobre a
Medicare. Puede solicitar que se le pague ahora dado que soy responsable por el pago.
No tengo derecho a apelar si no se le cobra a Medicare.
☐ OPCIÓN 3. No quiero D.
mencionado anteriormente. Entiendo que con esta
opción no soy responsable por el pago y no puedo apelar para determinar si pagaría Medicare.
H. Información adicional:
En esta notificación se da a conocer nuestra opinión, no la de Medicare. Si tiene otras
preguntas sobre la presente notificación o el cobro a Medicare, llame al 1-800-MEDICARE (1-800633-4227/TTY: 1-877-486-2048).
Al firmar abajo usted indica que ha recibido y comprende la presente notificación. También se le
entrega una copia.
I. Firma:
J. Fecha:
De conformidad con la Ley de reducción de los trámites burocráticos de 1995, nadie estará obligado a responder en todo pedido para recabar información a menos que
se identifique con un número de control OMB válido. El número de control OMB válido para esta recolección de información es 0938-0566. El tiempo necesario para
completar esta solicitud de información se calcula, en promedio, 7 minutos por respuesta, incluido el tiempo para revisar las instrucciones, buscar en fuentes de datos
existentes, recabar los datos necesarios y llenar y revisar los datos recogidos. Si tiene comentarios sobre la precisión del cálculo del tiempo o sugerencias para mejorar el
presente formulario, sírvase escribir a: CMS, 7500 Security Boulevard, Attn: PRA Reports Clearance Officer, Baltimore, Maryland 21244-1850.
Formulario CMS-R-131 (03/11)
Formulario aprobado OMB No 0938-0566
196
Form Instructions
Advance Beneficiary Notice of Noncoverage (ABN)
OMB Approval Number: 0938-0566
Overview
The ABN is a notice given to beneficiaries in Original Medicare to convey that Medicare is
not likely to provide coverage in a specific case. “Notifiers” include physicians, providers
(including institutional providers like outpatient hospitals), practitioners and suppliers paid
under Part B (including independent laboratories), as well as hospice providers and religious
non-medical health care institutions (RNHCIs) paid exclusively under Part A. They must
complete the ABN as described below, and deliver the notice to affected beneficiaries or
their representative before providing the items or services that are the subject of the notice.
(Note that although Medicare inpatient hospitals and home health agencies (HHAs) use other
approved notices for this purpose, skilled nursing facilities (SNFs) must use the revised ABN
for Part B items and services.) Beginning March 1, 2009, the ABN-G and ABN-L will no
longer be valid; and notifiers must begin using the revised Advance Beneficiary Notice of
Noncoverage (CMS-R-131).
The ABN must be verbally reviewed with the beneficiary or his/her representative and any
questions raised during that review must be answered before it is signed. The ABN must be
delivered far enough in advance that the beneficiary or representative has time to consider the
options and make an informed choice. Employees or subcontractors of the notifier may
deliver the ABN. ABNs are never required in emergency or urgent care situations. Once all
blanks are completed and the form is signed, a copy is given to the beneficiary or
representative. In all cases, the notifier must retain the original notice on file.
ABN Changes
The ABN is a formal information collection subject to approval by the Executive Office of
Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (PRA). As
part of this process, the notice is subject to public comment and re-approval every 3 years.
The revised ABN included in this package incorporates: suggestions for changes made by
notifiers over the past 3 years of use, refinements made to similar liability notices in the same
period based on consumer testing and other means, as well as related Medicare policy
changes and clarifications occurring in the same interval. We have made additional changes
based on suggestions received during the recent public comment period.
This version of the ABN continues to combine the general ABN (ABN-G) and the laboratory
ABN (ABN-L) into a single notice, with an identical OMB form number. As combined,
however, the new notice will capture the overall improvements incorporated into the revised
ABN while still permitting pre-printing of the lab-specific key information and denial
reasons used in the current ABN-L.
Also, note that while previously the ABN was only required for denial reasons recognized
under section 1879 of the Act, the revised version of the ABN may also be used to provide
197
voluntary notification of financial liability. Thus, this version of the ABN should eliminate
any widespread need for the Notice of Exclusion from Medicare Benefits (NEMB) in
voluntary notification situations.
Instructions for completion of the form are set forth below. Once the new ABN approval
process is completed, CMS will issue detailed instructions on the use of the ABN in its online Medicare Claims Processing Manual, Publication 100-04, Chapter 30, §50. Related
policy on billing and coding of claims, as well as coverage determinations, is found
elsewhere in the CMS manual system or website (www.cms.hhs.gov).
Completing the Notice
OMB-approved ABNs are placed on the CMS website at: http://www.cms.gov/BNI .
Notices placed on this site can be downloaded and should be used as is, as the ABN is a
standardized OMB-approved notice. However, some allowance for customization of format
is allowed as mentioned for those choosing to integrate the ABN into other automated
business processes. In addition to the generic ABN, CMS will also provide alternate versions,
including a version illustrating laboratory-specific use of the notice.
ABNs must be reproduced on a single page. The page may be either letter or legal-size, with
additional space allowed for each blank needing completion when a legal-size page is used.
Sections and Blanks:
There are 10 blanks for completion in this notice, labeled from (A) through (J), with
accompanying instructions for each blank below. We recommend that the labels for
the blanks be removed before use. Blanks (A)-(F) and blank (H) may be completed
prior to delivering the notice, as appropriate. Entries in the blanks may be typed or
hand-written, but should be large enough (i.e., approximately 12-point font) to allow
ease in reading. (Note that 10 point font can be used in blanks when detailed
information must be given and is otherwise difficult to fit in the allowed space.) The
Option Box, Blank (G), must be completed by the beneficiary or his/her
representative. Blank (I) should be a cursive signature, with printed annotation if
needed in order to be understood.
A. Header
Blanks A-C, the header of the notice, must be completed by the notifier prior to delivering
the ABN.
Blank (A) Notifier(s): Notifiers must place their name, address, and telephone number
(including TTY number when needed) at the top of the notice. This information may be
incorporated into a notifier’s logo at the top of the notice by typing, hand-writing, preprinting, using a label or other means.
198
If the billing and notifying entities are not the same, the name of more than one entity may be
given in the Header as long as it is specified in the Additional Information (H) section who
should be contacted for questions.
Blank (B) Patient Name: Notifiers must enter the first and last name of the beneficiary
receiving the notice, and a middle initial should also be used if there is one on the
beneficiary’s Medicare (HICN) card. The ABN will not be invalidated by a misspelling or
missing initial, as long as the beneficiary or representative recognizes the name listed on the
notice as that of the beneficiary.
Blank (C) Identification Number: Use of this field is optional. Notifiers may enter an
identification number for the beneficiary that helps to link the notice with a related claim.
The absence of an identification number does not invalidate the ABN. An internal filing
number created by the notifier, such as a medical record number, may be used. Medicare
numbers (HICNs) or Social Security numbers must not appear on the notice.
B. Body
Blank (D): The following descriptors may be used in the header of Blank (D):
•
•
•
•
•
•
•
•
•
•
•
•
Item
Service
Laboratory test
Test
Procedure
Care
Equipment
The notifier must list the specific items or services believed to be noncovered under
the header of Blank (D).
In the case of partial denials, notifiers must list in Blank (D) the excess component(s)
of the item or service for which denial is expected.
For repetitive or continuous noncovered care, notifiers must specify the frequency
and/or duration of the item or service. See § 50.14.3 for additional information.
General descriptions of specifically grouped supplies are permitted. For example,
“wound care supplies” would be a sufficient description of a group of items used to
provide this care. An itemized list of each supply is generally not required.
When a reduction in service occurs, notifiers must provide enough additional
information so that the beneficiary understands the nature of the reduction. For
example, entering “wound care supplies decreased from weekly to monthly” would
be appropriate to describe a decrease in frequency for this category of supplies; just
writing “wound care supplies decreased” is insufficient.
Blank (E) Reason Medicare May Not Pay: In this blank, notifiers must explain, in
beneficiary friendly language, why they believe the items or services described in Blank (D)
may not be covered by Medicare. Three commonly used reasons for noncoverage are:
199
•
•
•
“Medicare does not pay for this test for your condition.”
“Medicare does not pay for this test as often as this (denied as too frequent).”
“Medicare does not pay for experimental or research use tests.”
To be a valid ABN, there must be at least one reason applicable to each item or service listed
in Blank (D). The same reason for noncoverage may be applied to multiple items in Blank
(D).
Blank (F) Estimated Cost: Notifiers must complete Blank (F) to ensure the beneficiary has
all available information to make an informed decision about whether or not to obtain
potentially noncovered services.
Notifiers must make a good faith effort to insert a reasonable estimate for all of the items or
services listed in Blank (D). In general, we would expect that the estimate should be within
$100 or 25% of the actual costs, whichever is greater; however, an estimate that exceeds the
actual cost substantially would generally still be acceptable, since the beneficiary would not
be harmed if the actual costs were less than predicted. Thus, examples of acceptable
estimates would include, but not be limited to, the following:
For a service that costs $250:
•
•
•
Any dollar estimate equal to or greater than $150
“Between $150-300”
“No more than $500”
For a service that costs $500:
•
•
•
Any dollar estimate equal to or greater than $375
“Between $400-600”
“No more than $700”
Multiple items or services that are routinely grouped can be bundled into a single cost
estimate. For example, a single cost estimate can be given for a group of laboratory tests,
such as a basic metabolic panel (BMP). Average daily cost estimates are also permissible for
long term or complex projections. As noted above, providers may also pre-print a menu of
items or services in Blank (D) and include a cost estimate alongside each item or service. If a
situation involves the possibility of additional tests or procedures (such as in reflex testing),
and the costs associated with such tests cannot be reasonably estimated by the notifier at the
time of ABN delivery, the notifier may enter the initial cost estimate and indicate the
possibility of further testing. Finally, if for some reason the notifier is unable to provide a
good faith estimate of projected costs at the time of ABN delivery, the notifier may indicate
in the cost estimate area that no cost estimate is available. We would not expect either of
these last two scenarios to be routine or frequent practices, but the beneficiary would have
the option of signing the ABN and accepting liability in these situations.
200
CMS will work with its contractors to ensure consistency when evaluating cost estimates and
determining validity of the ABN in general. In addition, contractors will provide ongoing
education to notifiers as needed to ensure proper notice delivery. Notifiers should contact the
appropriate CMS regional office if they believe that a contractor inappropriately invalidated
an ABN.
C. Options
Blank (G) Options: Blank (G) contains the following three options:
☐ OPTION 1. I want the (D)
listed above. You may ask to be paid now,
but I also want Medicare billed for an official decision on payment, which is sent to me on a
Medicare Summary Notice (MSN). I understand that if Medicare doesn’t pay, I am
responsible for payment, but I can appeal to Medicare by following the directions on the
MSN. If Medicare does pay, you will refund any payments I made to you, less co-pays or
deductibles.
This option allows the beneficiary to receive the items and/or services at issue and requires
the notifier to submit a claim to Medicare. This will result in a payment decision that can be
appealed. See Ch. 30, §50.14.1 of the online Medicare Claims Processing Manual for
instructions on the notifier’s obligation to bill Medicare.
Note: Beneficiaries who need to obtain an official Medicare decision in order to file a claim
with a secondary insurance should choose Option 1.
☐ OPTION 2. I want the (D)
listed above, but do not bill Medicare. You
may ask to be paid now as I am responsible for payment. I cannot appeal if Medicare is not
billed.
This option allows the beneficiary to receive the noncovered items and/or services and pay
for them out of pocket. No claim will be filed and Medicare will not be billed. Thus, there
are no appeal rights associated with this option.
☐ OPTION 3. I don’t want the (D)
listed above. I understand with this
choice I am not responsible for payment, and I cannot appeal to see if Medicare would
pay.
This option means the beneficiary does not want the care in question. By checking this box,
the beneficiary understands that no additional care will be provided and thus, there are no
appeal rights associated with this option.
The beneficiary or his or her representative must choose only one of the three options listed
in Blank (G). Under no circumstances can the notifier decide for the beneficiary which of the
3 checkboxes to select. Pre-selection of an option by the notifier invalidates the notice.
However, at the beneficiary’s request, notifiers may enter the beneficiary’s selection if he or
201
she is physically unable to do so. In such cases, notifiers must annotate the notice
accordingly.
If there are multiple items or services listed in Blank (D) and the beneficiary wants to receive
some, but not all of the items or services, the notifier can accommodate this request by using
more than one ABN. The notifier can furnish an additional ABN listing the items/services
the beneficiary wishes to receive with the corresponding option.
If the beneficiary cannot or will not make a choice, the notice should be annotated, for
example: “beneficiary refused to choose an option”.
D. Additional Infor mation
Blank (H) Additional Information: Notifiers may use this space to provide additional
clarification that they believe will be of use to beneficiaries. For example, notifiers may use
this space to include:
•
•
•
•
A statement advising the beneficiary to notify his or her provider about certain tests
that were ordered, but not received;
Information on other insurance coverage for beneficiaries, such as a Medigap policy,
if applicable ;
An additional dated witness signature; or
Other necessary annotations.
Annotations will be assumed to have been made on the same date as that appearing in Blank
J, accompanying the signature. If annotations are made on different dates, those dates should
be part of the annotations.
E. Signature Box
Once the beneficiary reviews and understands the information contained in the ABN, the
Signature Box is to be completed by the beneficiary (or representative). This box cannot be
completed in advance of the rest of the notice.
Blank (I) Signature: The beneficiary (or representative) must sign the notice to indicate
that he or she has received the notice and understands its contents. If a representative signs
on behalf of a beneficiary, he or she should write out “representative” in parentheses after his
or her signature. The representative’s name should be clearly legible or noted in print.
Blank (J) Date: The beneficiary (or representative) must write the date he or she signed the
ABN. If the beneficiary has physical difficulty with writing and requests assistance in
completing this blank, the date may be inserted by the notifier.
Disclosure Statement: The disclosure statement in the footer of the notice is required to be
included on the document.
202
After-hours Phone Call Record Pad Order Form
After-hours phone call record pads are provided at no cost to SVMIC policyholders. These pads are designed
for use by a physician when away from the office and the medical record is not available. They are NOT
designed for use by office staff to record routine office calls.
The pads measure 5” x 3”. It is recommended a pad be kept near the telephone at home and one be carried by
the physician so that notes regarding any treatment advice or prescriptions given over the telephone can be
documented and taken to the office to be attached to the patients medical record. The back side of the paper
is treated so that when moistened, it will adhere to the record.
If you wish to order these pads complete the form below and fax it to (615) 846-1783 or mail it to:
SVMIC
PO Box 1065
Brentwood, TN 37024-1065
Attn: Risk Mgmt.
TO: Risk Management Department
Fax: (615) 846-1783
NUMBER OF PHYSICIANS REQUESTING PADS: ___________
CONTACT NAME:
PRACTICE/PHYSICIAN’S NAME:
ADDRESS:
Items are shipped via UPS, please use your physical address (No PO Boxes)
SUITE #:
CITY, STATE & ZIP:
TELPHONE NUMBER:
203
Authorization Revocation Purpose: This form is used to revoke or to confirm revocation of an authorization previously given to ___________________________________. Section A: Individual revoking the authorization. Name: ________________________________Address:____________________________________ DOB: ___________________ Telephone: _________________________ Section B: Statement of Revocation. I revoke my previous authorization for your use and/or disclosure of my protected health information as described below. I understand that this revocation of my authorization will not affect any action you or others took in reliance on my authorization before receipt of this written notice of my revocation. Description of Authorization Revoked. Date of Authorization: _____/____/_____ Protected Health Information: Entities Authorized to Use or Disclose: The revoked authorization authorized the following persons and/or organizations (or classes of persons and/or organizations), including us, to make use of or to disclose the protected health information described above: Entities Authorized to Receive and Use: The revoked authorization authorized the following persons and/or organizations (or classes of persons and/or organizations), including us, to receive and or use the protected health information described above: INDIVIDUAL’S SIGNATURE Signature: ____________________________________ Date: _________________________ If this revocation is signed by a personal representative on behalf of the individual, complete below: Personal Representative’s Name: __________________________________Relationship:_________________
Rev 3/15 204
Practice Information AUTHORIZATION TO RELEASE MEDICAL INFORMATION (All sections must be completed) I hereby authorize ______________________and its physicians, employees, and agents to release or disclose to the below‐named recipient all of my medical records including any specially protected records such as those relating to psychological or psychiatric impairments, drug abuse, alcoholism, sickle cell anemia, sexually transmitted disease, or HIV/AIDS infection. Patient Name: __________________________Date of Birth: I hereby authorize the release of medical records to: Purpose of disclosure: The authorization will expire on: Date or Event may not exceed one year This request and authorization applies to: _______ All medical records _______ Health care information relating to the following treatment, condition, or dates of treatment: ________________________________________________ ________________________________________________ _______ Specific records to be released (eg. labs, imaging reports, other): ________________________________________________ If you DO NOT WANT certain portions of your medical records released, please initial the box for the information you do not want released. ______Substance abuse ______ Psychological or psychiatric treatment ______ HIV/AIDS/STD I understand I have a right to revoke this authorization by written notification to the Privacy Officer, except to the extent it has acted in reliance thereon before notice of revocation. I understand that any disclosure of information carries with it the potential for an unauthorized re‐disclosure which may not be protected by federal confidentiality rules. I understand that I may request a copy of this authorization. I understand that I can refuse to sign this authorization and the above‐named office may not condition treatment on my signing of this authorization. __________________________________ ____________________________________ Signature of Patient or Authorized Representative Date Signed _________________________________ Relationship to Patient 3/15
205
CLOSING A MEDICAL PRACTICE LETTER‐ 1 Date Dear Patient Name __________________: It is with mixed emotions that I am announcing my retirement from active practice, effective (date). It has been a great pleasure providing for your health care needs over the years, and it is not easy for me to give it up. As of (date), Dr. [ ________________ ] will be taking over my practice. I am pleased that you have the opportunity to have him as your physician. Dr. [_________] is a well‐trained graduate of [_____________________________]. He served his internship at [_____________________] and completed his residency at [________________________]. I am glad to have left my patients in his capable hands. Of course, you may seek medical care from another doctor if you like. If you choose to do so, I recommend looking for a new physician as soon as possible. The County Medical Society can help you begin your search by giving you the names of doctors in the area who are accepting new patients. Your medical records are confidential, and a copy can be transferred to another doctor or released to you or another person you designate only with your permission. If you plan to continue with this office your records will be available to Dr. _________________. If you choose to see a different physician, please sign the enclosed authorization form and return it to my office as soon as possible so we may send a copy of your records to your new doctor. I have greatly valued our relationship and thank you for your loyalty and friendship over the years. Best wishes for your future health. Sincerely, [YOUR NAME} Rev 3/15 206
CLOSING A MEDICAL PRACTICE LETTER‐ 2 Dear Patient: It is necessary that we inform you that Dr. xxxx will be leaving our practice. We realize that this may cause you concern. We would like to make this transition go as smoothly as possible to make sure that your health care is well taken care of. We are happy to have one of our other highly qualified physicians continue seeing you here at the XXXX Clinic. If you would like to have your records transferred to Dr. xxxx, please sign the enclosed authorization form and forward it back to our office. We will then take care of transferring copies of your records to Dr. xxxx. If you should need to make an appointment at his new office please call 555.555‐5555. The office is located at 1234 Main Street, ______48879. If you would prefer to transfer your care to another physician here at the XXX Clinic, then you do not need to do anything. Simply make an appointment and our physicians will have complete access to all of your medical information. It has been our privilege to serve you in the past and we will be honored to do so in the future. Should you have any questions or require assistance, please feel free to call our office. Sincerely, ****************************************************************************** 3/15 207
Consent to Treatment of a Child by Authorized Persons The undersigned parent or legal guardian of ___________________ authorizes the person(s) listed below to (Child’s Name) consent to treatment of the child, including, but not limited to, emergency, x‐ray, anesthetic, or surgical services when I am not immediately available in person, or by a telephone call to ____________________. (Phone Number) It is understood that this consent is given in advance of any specific diagnosis or treatment and allows the physician/provider to diagnose and treat the child even when the parent or guardian is not present. 1. Person(s) who may consent to treatment (please print): Name: ______________________Relationship to Child: _____________Phone: ______________ Name: ______________________Relationship to Child: _____________Phone: ______________ Name: ______________________Relationship to Child: _____________Phone: ______________ 2. Medical concerns: _____________________________________ 3. Known allergies: _______________ Name of Parent or Legal Guardian: __________________________Relationship to Child:________________ (Print Name) Contact Number(s): ________________________________________________________________________ Address: ______________________________________City, State, Zip: _____________________________ Signature: ____________________________ Date: ______________ This consent is effective until withdrawn in writing by the child’s parent or guardian. Rev 3/15 208
SAMPLE [Insert Practice/Facility Name] DOCUMENTATION REVIEW TOOL Date of Review: _________________ Name of Reviewer: ____________________________ Element 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Patient ID is on each page Patient demographics are current Emergency contact information is present and current. All elements of the medical record are secured in chart (e.g., no loose papers) Medical record organized so that documents are easy to find All entries are signed/initialed and dated All entries are legible and easily interpreted Entries are in chronological order All entries are made in black ink with non‐erasable pen Patient’s primary language is noted A. If other than English, the name of a qualified interpreter is documented for each encounter. Evidence that patient received copy of the office’s Notice of Privacy Practices for Protected Health Information Health history form, completed by patient, is present. A. Evidence of physician review of health history (e.g., initials, statement in progress notes) B. Health history is updated annually and/or as indicated based on changes in patient’s medical status. Allergy history is obtained at each visit Allergies are noted prominently on record Incoming medical reports (consultations, lab, radiology, etc.) are initialed by physician prior to filing in chart Yes
No
N/A
Comments
Rev. 3/15 209
Element 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. All telephone calls, electronic, or other communications to/from patient are documented. All telephone calls, electronic, or other communications made or received on the patient’s behalf are documented. Documentation of telephone calls includes: A. Date & time of call B. Clear indication of whether call was received or made (e.g., “call to” or “call received from”) C. Name of person making call D. Name of person receiving call E. Nature of call F. Orders, instructions, information given After hours calls are documented Calls received and/or made by covering physician are documented. Telephone advice is reviewed and authorized by the physician (e.g., physician’s initials) A medical problems list is maintained. A. The medical problems list is reviewed and updated during each visit. Medication orders include: A. Type of medication B. Amount C. Dosage D. Duration A medication list is present. A. List is updated at each patient visit B. List includes start/stop dates Medication refills are documented. Verbal orders are co‐signed by physician. A progress note is present for each office visit. Office visit documentation includes: A. Reason for visit B. Patient concerns Yes
No
N/A
Comments
Page 2 of 4 210
Element 29. 30. 31. 32. 33. C. Description of examination D. Clinical findings (positive & negative) E. Working diagnosis F. Treatment rendered G. Patient response to treatment H. Evidence of patient compliance or non‐compliance I. Instructions given J. Date patient is to return Patient education is documented. A. Includes documentation of printed, or other educational materials given. Informed consent documentation is present for office procedures requiring informed consent (according to office policies and procedures). Informed consent discussion is documented by physician performing treatment/ procedure & includes: A. The proposed treatment/ procedure B. Risks C. Benefits D. Alternatives to treatment/ procedure E. Opportunities for questions F. Expected outcomes/results G. Consequences if refused or not treated Informed refusal (including the risks of refusal) is documented by physician in the event patient refuses recommended tests/procedures & includes: A. Informed refusal form is signed by patient. Missed/cancelled appointments are documented. A. Evidence of physician review (e.g., initials) of missed/cancelled appointments. Yes
No
N/A
Comments
Page 3 of 4 211
Element B. Attempts to follow‐up missed/cancelled appointments are documented. Office visit notes are entered in the medical record or reports are dictated at the time of the visit. Operative or procedure reports are dictated within 48‐72 hours of the procedure. Dictated reports are transcribed within 48 hours. Evidence of physician review of transcribed reports (e.g., initials) prior to filing in medical record. Only standard abbreviations (in accordance with office policy) are used. Error corrections are made according to office policy (e.g., by lining out the error, writing in the correct information, dating and initialing the change) 34. 35. 36. 37. 38. 39. Yes
No
N/A
Comments
Page 4 of 4 212
DRESS CODES Practices should determine and educate employees as to what is and is not acceptable apparel and accessories in the office setting. Consideration should be given to personal appearance and grooming, uniforms, shoes, skirt and pant length/styles, arm and leg coverings, nametags, jewelry, hair, makeup, perfumes, piercings, body art, unacceptable garments, etc. Decisions as to what is and is not acceptable will also be based on assigned job duties and any pertinent safety issues. It is acceptable to have different requirements for different departments based on job requirements such as scrubs for clinical staff and business attire for clerical staff. Many offices choose to have all employees wear scrubs especially where staff may fill multiple roles. It is important that physicians, providers and administrative staff set a professional image and adhere to their own dress code as well. Consequences for failure to adhere to the dress code should also be addressed in the policy. The below policy is merely a sample meant to provide guidance as to the form of a policy and items to be considered in developing your own policy. It is not intended to be used without review and revisions in consideration of your own specific office situation. It is also always advisable to consult with a human resources attorney in these matters. SAMPLE POLICY PERSONAL APPEARANCE AND GROOMING Work attire and grooming standards should complement an environment that reflects an efficient, orderly and professionally operated health care facility. Employees are to dress conservatively, in good taste and in accordance with the requirements of their position. Extreme styles which are distracting or that do not meet [practice name] grooming and dress code expectations are not permitted and employees will be notified if their appearance or grooming is unacceptable. Attention should always be paid to safety, [practice name] image and patient interactions and perception. UNIFORMS It is the policy of [practice name] that all employees wear clothing appropriate to the duties the employee performs. A uniform is defined as a scrub top and scrub pants. If the employee duties require uniforms, the practice will provide three (3) sets of uniform clothing (optional; some practices provide uniform allowances). The dress code is mandatory on every business day unless otherwise notified. Uniforms should be neat and clean in appearance at all times. BUSINESS CASUAL Conservative business casual attire is acceptable for all employees every day except those employees required to wear a uniform. Business casual is not the same as home casual. Business casual means: Neatly groomed appearance (clean, hair combed, etc.) at all times. Pressed slacks or pants, including corduroys. Rev 3/15 213
Golf or polo shirts. Pressed casual or dress shirts or blouses, sleeveless blouses or shells are acceptable if dressy and straps do not show. This does not include tank tops, which cannot be worn unless covered up with a jacket, blazer or overshirt. Non‐collared dressy shirts may be worn. Turtlenecks, vests and sweaters. Skirts (including tailored split skirts), no shorter than 2” above the knee. Dress shoes, loafers, flats, dressy sandals (open toed and split toed shoes are acceptable if dressy) with moderate to low heels. Shirt tail in, except hemmed shirts designed to be worn with the tail out. Socks should be worn with appropriate men’s and women’s shoes. Pants/slacks with hem no higher than mid‐calf; may be worn in combination with a blazer, jacket or nice overshirt. Women’s dressy tee shirts (no writing or pictures); may be worn in combination with a blazer, jacket or nice overshirt. Tank tops must be worn in combination with a blazer, jacket or nice overshirt. UNACCEPTABLE AT ANY TIME Casual denim or jeans of any color (exception: may be pre‐approved by supervisor if doing manual work such a cleaning out a storage area or moving files, designated casual days, etc.). Bib overalls. Sweatshirts, sweat suits, running suits, other athletic wear except during limited periods when employee is leaving office to exercise outside the office. Employee must be in appropriate office attire before and after exercise. Skirts more than 2” above the knee, skirts that are tight or snug. Leggings, spandex, pants where the hem is higher than mid‐calf, pants that are tight or snug or similar clothing. Tops/shirts with writing, pictures or non‐(practice name) large logos. Midriff tops, halter tops. Shorts, cutoffs, beachwear/casual flip‐flops, or other beachwear. Athletic shoes, tennis shoes (with or without tread), Birkenstocks, sports sandals. Exception: medical reason by a physician. Spaghetti or narrow straps. Exception: may be worn under a blazer or jacket or overshirt where straps do not show. Any tattered, torn, stained or worn‐out items. Anything revealing, provocative, tight, restrictive, or snug that challenges the bounds of conservatism. Anything that looks sloppy. Tattoos that are of a size or a subject matter that challenges the bounds of conservatism. Ear piercings that challenge the bounds of conservatism, including an excessive number of ear piercings. Visible body piercing, excluding ears as outlined above, to include bars, gauges or similar piercings of the body that are visible. If an employee wonders if an item is appropriate, it probably isn’t. Rev 3/15 214
GENERAL GUIDELINES We trust your appearance will support the healing environment and quality care we provide. If there is any question as to whether your attire is appropriate for the responsibilities you should ask your immediate supervisor or the practice manager/administrator. Jewelry should be kept to a minimum at all times. 1. Rings should be of simple design, and for employees directly involved in patient care, only wedding bands/sets may be worn. 2. Employees involved with direct patient care should wear watches with a second hand. 3. Bracelets should not be worn. 4. Only name tags can be worn on lab coats or uniform jackets. 5. Earrings should be small and not of a dangling style. Hair should be clean and well groomed. Employees involved with direct patient care should have hair pulled away from the face. If headbands are worn they should be solid color (optional to designate a color if using specific colored uniforms). Fingernails should be kept short and neatly filed. Nail polish may be worn, but should be a reasonable color to ensure visibility of nails for cleanliness. Nail polish that is chipped should be removed prior to coming to work. If a work situation or the nature of the job warrants, employees may be required to meet special dress or grooming standards or may be allowed to deviate from standard dress code regulations, but any deviations must be equal to or better than business casual standards as defined in this policy. Any employee who does not meet the standards of this policy will be subject to corrective action, which may include leaving the premises. Any work time missed because of failure to comply with this policy will not be compensated, and repeated violations of this policy will be cause for disciplinary action. Rev 3/15 215
_________________________________________ Practice/Facility Name Environmental Safety Checklist Date:_____________________ Performed by:__________________ Y N Comments 1. Waiting Room A. Is furniture arranged so that it does not interfere with traffic patterns? B. Is waiting room visible from the reception desk? C. Are waiting room occupants monitored? D. Are toys large enough to prevent swallowing? E. Are toys free of breakable pieces and sharp edges? 2. Exam Rooms A. Are chairs and examination tables appropriate to the needs of the patient? B. Are sturdy stepstools of the proper height and
width used to assist a patient to the table?
3. Bathrooms A. Are functional call bells/lights and safety bars present in patient‐use bathrooms? 4. Patient Care A. Are patients at risk for falls provided assistance? B. Are patients asked to sit in a chair while waiting for the physician? C. Is a staff person assigned to check on patients in exam rooms? 5. Hallways/Stairs A. Are rails attached firmly to the walls? B. Are hallways free of clutter and equipment? C. Are steps clearly visible (e.g., lighting, marked)? 6. Premises A. Are smoke detectors, fire extinguishers, and sprinklers routinely inspected and maintained? B. Are all exits clearly marked? C. Are extension cords used only on a temporary basis and secured to prevent tripping?
D. Are electrical cords in good condition? E. Are sharp table corners identified and remedied? F. Are caution signs or other precautionary Rev 3/15
216
measures taken to identify wet floors? G. Are glass doors identified by emblems? H. Is floor covering clean and in good repair? 7. Grounds A. Is there a designated individual responsible for snow/ice removal? B. Is parking lot free of uneven surfaces? C. Is parking lot well‐lit? D. Are sidewalks even? E. Are steps clearly visible? 8. Equipment A. Is periodic maintenance performed on equipment according to manufacturer’s recommendations and documented? B. Is malfunctioning equipment taken out of service until repaired or replaced? 9. Staff Education/Training A. Is safety training included in staff orientation? B. Is safety training provided annually thereafter? 10. Emergency Preparedness A. Is a CPR certified staff member present during hours patients are present? B. Are periodic emergency drills (e.g., fire) performed? Rev 3/15 217
Incident Report _____________________________________________________________________________________
Practice Name For risk management and quality control purposes only. Not part of patient’s medical record First and last name of individual involved in the incident: _______________________________ □ Patient □ Visitor □ Other Age: ____________ □ Male □ Female Phone number: _________________ Medical Record or ID#_________________________ Date of incident or near miss: __________________ Time: _______________am/pm Factual description of incident (how, where, and why): ________________________________________________________________________
________________________________________________________________________
________________________________________________________________________ Primary Physician name: ___________________________ Notified? □ Yes □ No Manufacturer, model and lot (or batch) number of any medical device or drug involved: _______________________________________________________________________ Who was this first reported to: ______________________________________________ Witnesses (names, addresses, and telephone numbers): _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________
Name, address, telephone number of person completing form: _______________________________________________________________________ _______________________________________________________________________ Action Taken: ___________________________________________________________ Signature: ______________________________ Date of Report: ________________ Rev 3/15 218
SAMPLE LETTER REQUESTING VALID AUTHORIZATION Letter to be sent to a requester of confidential information if valid authorization has not been submitted ________________________ Practice Sending Letter [Date] [Address] Dear [requester]: This letter is to confirm that our office received your request for [patient’s name] medical records. We will be happy to comply with your request as soon as we have the proper authorization. However, it appears that the authorization to release information sent with your request is not adequate to meet federal and state confidentiality requirements. We are enclosing an authorization form for use in obtaining a patient’s authorization for disclosure which complies with these requirements. We will be pleased to honor your request when it is accompanied by the enclosed signed authorization form, provided that all elements contained in the form have been completed by the patient for whom your request has been made. We regret any inconvenience this may cause you. We take our ethical and legal obligations to protect our patients’ confidentiality seriously. Thank you in advance for your cooperation. Very truly yours, [Physician]
Rev 3/15 219
SAMPLE – Print on letterhead Letter to be sent to a Requester of Confidential Information if A Valid Subpoena has not been submitted [Date] [Inside address] Dear [Requester]: This letter is to confirm our office received your subpoena for [patient’s name] medical and/or billing records. We are happy to comply with your request as soon as we have the proper authorization. We cannot comply with the subpoena at this time for the following reason(s): [Check the appropriate box or boxes] The subpoena is not issued by a local State Court or a Federal Court. The subpoena is not HIPAA compliant, as it does not provide satisfactory assurance that the patient have been notified and been given the opportunity to object to the production of their records. If you will send a properly issued and/or corrected subpoena, we will promptly comply with the request. [Optional] Our fee for providing these medical/billing records is $_____. We would appreciate pre‐payment. Sincerely, [Name, title] Rev 3/15 220
Medication Flow Sheet
Patient Name:
Allergies/Reaction:
DOB or MR#
Date:
Medication (include samples)
Start/Stop
Dosage/Directions/Amount
Special Instructions
or Educational
Materials Given:
Refills:
Date
Amount
Initial
High Risk Medications
Date:
Medication:
Start/Stop
Dosage/Directions/Amount
Test
Date/Result
(INR, drug
level)
New
Dose
Next
Test or
F/U
REFILLS:
Date amount initial
Rev 3/15 221
No Show or Cancellation Worksheet Patient Name: ___________________________________ MR # or DOB: _________________ Physician Name: ____________________ Referring Physician (if applicable):_____________
Date of appointment: ________________ No Show Cancellation Reason patient cancelled: ________________________________________________________ Action Requested Per: _______________ _______________ [Initials] [Date] ______________________________________________________________________________ ______________________________________________________________________________ [Suggested actions to consider: reminder card to patient; phone call to patient; two phone calls and a letter to patient with a copy to the referring physician; notice of missed appointment form faxed to the referring physician.] Action Taken: _______________ _______________ [Initials] [Date] ______________________________________________________________________________ File in patient chart or with records
Rev 3/15 222
Practice Name Notice of Missed Appointment Date: _______________ Referring Physician: ________________________________ Name of Patient: ___________________________________ DOB: __________________ Thank you for referring the above named patient to____________________________ for the evaluation of: _________________________________________________________________________. The patient was scheduled for an initial consultation on _______________. [Appointment Date] The patient DID NOT KEEP the appointment for the initial consultation. The patient CANCELLED the appointment for the initial consultation. Reason patient cancelled: ________________________________________________________________ Other Action Taken:
[Note: The following is a list of potential actions. Not all actions may be necessary for your practice.] No attempt made to contact patient. Please follow‐up as you feel appropriate. Reminder card to patient: _______________ _______________ [Date] [Initials] Called patient: _______________ _______________ [Initials] [Date] Rescheduled for __________ Refused Left message Unable to reach Letter to patient: _______________ _______________ [Date] [Initials] Comments: ___________________________________________________________________________ _____________________________________________________________________________________ Please call ______________________ if you have any questions. Notice Faxed to: [Phone Number] Thank you, ____________________________________ [Practice Name] ______________ _______________ [Fax Number] [Date] Notice Mailed: ________________ [Date} Keep a Copy for Your Records Rev 3/15 223
Orientation Checklist All new hires should receive orientation and ongoing education to include reviewing the policy and procedure manual, signing confidentiality agreements and instruction covering infection control, OSHA, HIPAA, safety, equipment use, patient relations, etc. All employees should receive an effective orientation driven by their particular job description and area of responsibility to ensure competency with specific tasks outlined in their job description. (See Job Descriptions) In addition, it is good practice to utilize a skills checklist for orientation of clinical staff with a capable individual signing off as procedures are performed in an acceptable manner. The checklist below is merely a sample meant to provide guidance as to the form and items to be considered in developing your own checklist. It is not intended to be used without review and revisions in consideration of your own specific office situation and job descriptions. NEW HIRE CHECKLIST Position: Receptionist Employee Name: Required In‐service/Reading HIPAA Privacy & Security Infection Control OSHA (annually) Employee Handbook Policy Manual Company Property Key ID Badge Parking pass DATE COMPLETED PERFORMED (P) OBSERVED (O) SKILL Check‐in desk Checking in patients Updating patient information Scanning Collecting copays, deductibles Credit card machine Entering patient demographics and payment information Checking out patients Scheduling follow‐up appointments No Shows and Cancellations Billing Office Superbill/Charge tickets Co‐insurance ICD‐10 & CPT Coding EMPLOYEE INITIALS DATE COMPLETED OBSERVED BY Rev 3/15 224
Posting patient payments Posting insurance payments Processing insurance claim forms Posting account adjustments Processing credit balances Processing account refunds Insurance verification and eligibility Surgical pre‐authorizations Referrals General Clerical Answering telephone Filing charts Compiling charts Scheduling patient appointments Equipment Telephone System, headset Copier Scanner Time clock Fire Extinguisher Alarm system Computer Systems Practice management system Email Other software _________________________________________ _________________________ Signature Date Rev 3/15 225
Patient Agenda Please take a moment to answer the questions below in order to best use the time spent today with your provider. Name ________________________________________Date ____________________________ 1. What concerns do you want to be sure to discuss at today’s appointment? ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ 2. What symptoms do you want your provider to be aware of? ______________________________________________________________________________ ______________________________________________________________________________ 3. What providers (hospital, Emergency Room, Urgent Care Clinic, Specialist, etc.) have you seen since your last visit? _________________________________________________________ ______________________________________________________________________________ 4. Please list all your medications (including OTC, vitamins and supplements, indicating any changes or any new medicines) Drug Name Dose Time(s) of Day Taken Refill needed? (30 or 90 days) ______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________ 5. Please list all allergies:_________________________________________________________ 6. Do you have specific requests for: New medications__________________________________________ Tests/Referrals___________________________________________ Completion of forms_______________________________________ Work/School Forms________________________________________ Rev 3/15 226
PATIENT INFORMED CONSENT Sample Patient (or Authorized Representative’s) Consent to Medical Treatment This is only a sample form. It must be revised to the situation and any appropriate state law. I hereby give my consent for the performance of the following: [Insert name of treatment or procedure. For example, Total Abdominal Hysterectomy with Bilateral Salpingo‐oophorectomy]. I understand the procedure will involve: [Insert explanation of the procedure in layman’s terms. For example, removal of the womb and ovaries]. My physician has provided me with a general explanation of the nature of this treatment or procedure and the reasons for its indication for my particular medical condition. I have been told that there are possible benefits to having this procedure. However, I also understand that there is no certainty that I will achieve these benefits and no guarantee has been made to me regarding the outcome of this procedure. My physician has also discussed with me the risks of the treatment. Some of the risks include, but are not limited to the following: [Describe risks] I understand and fully assume these risks. My physician has also explained the expected outcomes of the procedure, including but not limited to, the following: [Describe the expected outcomes. For example, Following a TAH/BSO: you will no longer be able to have children. You will have symptoms of menopause, etc. Following mole removal: you will have a scar Following eye surgery: you will be unable to drive for X period of time Following bladder repair: you will have an indwelling catheter for X period of time Following a hip replacement: you will require physical therapy for X period of time] The reasonable alternatives to undergoing this treatment or procedure have been explained to me: Rev 3/15 227
[List reasonable alternatives if any exist] My physician has explained the risks and benefits of each of these alternatives: [Describe risks and benefits of alternatives] My physician has also explained the risks and benefits of not proceeding with the treatment or procedure recommended, including but not limited to: [Describe risks and benefits of foregoing treatment] My physician has explained to me other physicians and healthcare personnel will participate in my care. [Physicians should insert a description of the practice arrangement. For example, if residents are participating, explain; or if in a group practice and another physician may substitute, disclose fully.] I extend this authorization to these other physician(s) and healthcare personnel. Although unlikely, in the event my physician is not available to perform the above treatment or procedure, I understand this authorization may be extended to them. If possible however, I will be notified of the substitution. I also understand that during the procedure it may be necessary to administer other medical treatment. While I authorize necessary medical care, I limit this consent to what is indeed medically necessary. After discussing all of the above, my physician has given me an opportunity to ask questions and seek further information regarding the above items. I believe I do not require further information at this time, and I am prepared to proceed with the recommended treatment or procedure. I believe my physician has honored my right to make my own informed healthcare decision. I give my consent voluntarily and certify that I can give valid consent (that is, I am not a minor or incompetent to make my own healthcare decisions.) I understand I can revoke this consent at any time up until the time the treatment or procedure is started. If the signature below is of an authorized representative, the authorized representative certifies that he/she is legally authorized to provide consent on behalf of the patient listed below. ______________________________________________________________________________ Patient’s Printed Name ______________________________________________________________________________ Signature of Patient (or Authorized Representative) Relationship to Patient Rev 3/15 228
______________________________________________________________________________ Time Date ______________________________________________________________________________ Signature of Witness (preferably a family member) Consideration may be given to the following (if applicable): Conscious Sedation: I consent to use of anesthetics for sedation. I agree to have a responsible adult drive me home. I understand that my mental alertness may be impaired for several hours following the administration of anesthesia. I will avoid making decisions and taking part in activities which depend upon full concentration or judgment during that period. Photographs/Video Recording: For the purpose of advancing medical education, I consent to photographing and/or recording of the procedure and in the post‐operative period, provided my identity is not revealed. Pathology: I give my permission to have any tissue removed during the procedure sent for histologic examination to a pathologist. Disposal of Tissue: I authorize the disposal of any surgically removed tissue or parts resulting from the procedure according to accustomed practice. Blood Products: I (do)_____ (do not)_____ consent to the use/administration/transfusion of blood products as deemed necessary. Rev 3/15 229
PHYSICIAN CODE OF CONDUCT [Insert Practice Name Here] The physicians of [Insert Practice Name Here] will at all times conduct themselves as professionals and live by our Core Values. CORE VALUES • We will work as a team to serve our patients. • We will provide high quality care. • We cherish family relationships and a balanced life. • We will treat all people with respect and dignity. • We will always do what is right. These are positive examples of professionalism that we will strive to live by: • Compliance with practice standards; • Using conflict resolution skills in negotiating differences and disagreements; • Addressing concerns about clinical differences directly and privately; • Approaching dissatisfaction with policies through established grievance channels; • Supporting policies that promote cooperation and teamwork; and • Listening to and trying to understand constructive feedback. Behavior that does the following will be deemed unacceptable and subject to disciplinary action: • Undermines or is felt to undermine practice morale; • Heightens unnecessary turnover; • Promotes ineffectiveness in teamwork; • Increases the risk of substandard care; • Intimidates or threatens harm to others; and/or • Disproportionately causes distress to peers, staff and others in the practice. Rev 3/15 230
REFUSAL OF TREATMENT Patient (or Authorized Representative’s) Refusal of Medical Treatment ______________________________________________________________________________ Patient’s Printed Name Date of Birth I hereby certify my physician, Dr. ______________________ has informed me of the nature of the following test, treatment, operation or procedure, which I am refusing: _______________________________________________________________________________ (Describe test, treatment, operation or procedure] My physician has informed me of the risks and complications that the above involves, as well as the expected benefits and alternatives. Specific, significant and probable risks of refusing my physician’s recommendations include, but are not limited to, the following: ________________________________________________________________________________ [Describe specific, significant and probable risks] I understand the above list is not exhaustive and other complications of my refusal may result. I also understand my refusal may seriously impair my health and well‐being, as well as my physician’s ability to appropriately treat me. This is my choice and I assume the risks and consequences involved in my refusal, and I will not hold liable my physician nor any other healthcare personnel or entity participating in my care. If the signature below is of an authorized representative, the authorized representative is to also complete and certify that the following is true: I am legally authorized to provide consent on behalf of the patient listed above. My relationship to the patient is described as follows: ______________________________________________________________________________ Signature of Patient (or Authorized Representative) Relationship to Patient ______________________________________________________________________________ Time Date ______________________________________________________________________________ Signature of Witness [Preferably family member] Relationship to Patient ______________________________________________________________________________ Signature of Authorized Representative 3/15
231
Practice Name
Request for Consultation Date: ___________ Consulting Provider: ______________________ Office Phone: ___________________ Fax Number :____________________ Patient Name: _________________________________________________ Daytime Phone: _________________ Date of Birth:_________________ Hospital and Room Number (if applicable) ______________________________ Reason for Consultation: ____________________________________________ ________________________________________________________________ ________________________________________________________________ Pertinent History:__________________________________________________ _______________________________________________________________ Specific Requests: _________________________________________________ Urgent ___________ Non Urgent ____________ Please notify me promptly of your recommendation or if the patient fails to keep the requested appointment. ____________________________ Signature of Requesting Physician Consultant Notification: Date: _________ Sent by:_____________ Received by:___________________ Appointment Date: ________________ Records Sent: YES NO 3/15
232
SAMPLE Termination of Physician‐Patient Relationship Print on Practice Letterhead Certified Mail Date: Patient Address: Dear: This letter is to formally notify you that I will no longer be able to attend to you professionally because (REASON REQUIRED IN MISSISSIPPI; optional in other SVMIC covered states). Sample language for reason: I am retiring, moving out of the area, etc. You have consistently failed to follow my advice and recommendations. You have consistently failed to come in for scheduled appointments. You have not followed through with arrangements to pay the balance due on your account. There are significant philosophical differences in our views of medical care and treatment. Please be advised that I will continue to provide medical care to you for 30 days while you seek another physician, but will no longer be available to provide medical care after (a date that is 30 days from the date of the letter). I encourage you to select another physician promptly and place yourself under his/her care. (May need to add additional language if the patient has a medical condition that requires continued treatment or follow up, but be aware that it may not be appropriate to terminate care if the patient is in a critical stage of treatment. Contact SVMIC for recommendations.) It is important for you to continue with treatment because of your current medical condition. I suggest you consult the local physician referral service (include phone number), your county medical society (include phone number) or insurance plan as soon as possible so that you may find another physician who will assume responsibility for your care. I will be pleased to assist the physician of your choice by sending a copy of your medical records upon receipt of your written authorization. I am enclosing an authorization form for you to complete with your new physician’s mailing address. (Your closing line) (Physician name) Rev 3/15 233
___________________________________________
Practice/Facility Name
TRACKING LOG PATIENT’S NAME MEDICAL RECORD # or date of birth TEST/REFERRAL
SENT TO
DATE SENT DATE RECEIVED PROVIDER REVIEWED PT. NOTIFIED REV 3/15
234
VISIT SUMMARY Visit Summary Name: __________________________________________________ Key Points of Visit: 1.______________________________________ ________________________________________________________ 2.______________________________________________________
3.______________________________________________________ New or Changed Medications: ______________________________ ________________________________________________________
________________________________________________________ Instructions: _____________________________________________ ________________________________________________________
________________________________________________________
________________________________________________________ Call our office if symptoms worsen or if you have any questions. ________________________________________________________ Physician/Provider Date Rev 3/15 235
(Insert healthcare provider/clinic name) Workforce Confidentiality Agreement As a member of the workforce at Insert healthcare provider/clinic name (“Practice”), I understand the following in regard to HIPAA and patient confidentiality: The Practice has an ethical and legal responsibility to ensure the confidentiality of patient information. As a member of their workforce, I also have this responsibility. As a condition of my employment, I agree to abide by all policies and procedures related to the privacy and security of all patients’ protected health information (PHI). I will access, use and/or disclose only the PHI that is required for the performance of my job duties. If I have a question about whether or not I should access certain information, I will immediately check with my supervisor or the Privacy Officer. Any personal access codes, user IDs, and passwords that I am assigned will be kept confidential at all times and are not to be shared with other workforce members. I will not remove any PHI from the Practice, in paper or electronic form, without proper approval from my supervisor or the Privacy Officer. I will not disclose information pertaining to patients with anyone that is not authorized to receive such information. This includes but is not limited to, acquaintances, friends, and/or family members. I will not disclose PHI on any social media site, such as Facebook or Twitter, or any other internet outlet; including any discussion or description of patients (even if the patient is not specifically identified). I will not transmit PHI on any mobile device without using a secure messaging application approved by the Practice. This includes texting PHI to physicians, other workforce members and/or patients. I understand that texting PHI using the regular text messaging application on my phone can result in a HIPAA violation. I will not email PHI using a personal email account or any email account not approved by the Practice. If my job requires the use of email, I will follow the specific guidelines established for email by the Practice. I will not discuss information pertaining to patients with other workforce members, unless I have a valid work‐related reason to do so. I will not make any unauthorized copies, modifications or deletion of PHI. This includes, but is not limited to, transferring PHI from the Practice’s computer system to an unauthorized location, such as a personal computer, USB drive or personal email. Upon termination of my employment with the Practice, I will immediately return all property belonging to the Practice. This would include, but is not limited to, keys to the facility, ID badges, documents, electronic files, computer equipment and/or mobile devices. I agree that my obligation to maintain confidentiality of PHI will continue after the termination of my employment. I understand that knowingly using or disclosing PHI in violation of the HIPAA Privacy Rule is a criminal offense and I may personally face fines and/or time in jail. Any violation of this Agreement may result in disciplinary action, up to and including termination of my employment with the Practice. I have read the above agreement and agree to comply with all of the terms as a condition of my employment with the Practice. Signature of Workforce Member: _______________ Date: _____ (Employee/physician/student/volunteer) Printed Name: __________________________________ Privacy Officer Signature: _______________ Date: _____ 3/15 236
Physician Defendant
Handbook
Chapter 8
237
Understanding the Phases of
a Medical Malpractice Case
A professional malpractice lawsuit is
one experience all physicians want to
avoid. While no physician wants to be
sued, many have to face litigation. It
happens at least once to most
physicians at some point during their
career. However, just because a lawsuit
is filed, it does not mean that the case
has merit. Historically, the vast majority
of all malpractice claims handled by
SVMIC have been resolved without any
payment. Rest assured that if you are
sued for malpractice, SVMIC will
support you through each phase of the
litigation process with unequaled
resources.
The defense of your case will be a
coordinated effort between you, your
defense attorney, and the SVMIC claims
attorney. Your defense attorney will
provide you with relief from the
pressures of dealing with a lawsuit. You
will find that your cooperation and
participation will be critical to the
outcome, with more of your time
required at certain times than others.
While all lawsuits generally follow a
prescribed path, each individual case
has its own pace. Your defense attorney
will guide and advise you through each
phase.
This is a general outline of what you can
expect when you are confronted with a
malpractice lawsuit. Lawsuits are an
unfortunate and inevitable part of the
practice of medicine. We understand
that being sued is personal, and we
stand ready to provide you with the best
possible defense tailored to your case.
Phase One:
The Litigation Begins
You may learn about the possibility of a
patient filing a lawsuit against you
before a complaint is filed with the
court. Your office may receive a request
for medical records from a patient or
his/her attorney. You may receive a
letter written by the patient or his/her
attorney informing you that the patient
is dissatisfied with the care you
provided. This letter may contain a
request for some type of compensation.
Also, some states require that you be
notified in writing before a medical
malpractice lawsuit is filed against you.
If you receive any communication,
written or oral, that leads you to believe
a claim or lawsuit may be filed against
you, contact SVMIC as soon as you can.
The claims attorney may need to take
steps to protect your interests, even
though a lawsuit has not been filed.
Sometimes a physician will be served
with a summons and complaint without
any prior notification. You may receive
these papers via personal service of
238
process through the sheriff’s office or a
private process server, or you may
receive these papers through the mail.
When you have knowledge that a lawsuit
has been filed against you, it is
imperative that you contact an SVMIC
claims attorney immediately. A
responsive pleading to the complaint
must be filed with the court within 20
or 30 days of your being served,
depending on the jurisdiction in which
the lawsuit has been filed. Your
attorney will work with you in
determining the appropriate response to
the complaint that will ensure your
interests are protected.
The plaintiff may state in the complaint
the specific allegations against you. For
the most part, the allegations in the
complaint should not be taken too
literally. The complaint often involves
as much form as substance, and the
language is often inflammatory.
Furthermore, the complaint may seek
damages in excess of your policy limits
with SVMIC, or the amount of damages
may not be specified at all. In these
instances, SVMIC will send you
correspondence informing you that the
damages sought exceed your policy
limits or that the damages cannot be
determined, and advising you of your
right to retain personal counsel, at your
expense, if you so desire. This letter is
not an indication that SVMIC believes
that you are facing an excess situation.
The purpose of this letter is to bring to
your attention the possibility that you
could face personal exposure beyond
your applicable policy limit, no matter
how remote that possibility may be. As
the case develops, you and your defense
attorney will be in a better position to
evaluate the damages and possible
exposure the case presents.
Once you have notified SVMIC that you
have been served with a summons and
complaint, defense counsel will be
retained to represent you, with the costs
of defending your case being covered by
SVMIC in accordance with the terms of
your policy. Your defense attorney will
be an attorney with specialized
knowledge as to the type of legal issues
involved, who has previous experience
in representing physicians in medical
malpractice cases. After SVMIC has
retained a defense attorney to represent
you, he/she will contact you to schedule
a meeting in order to learn from you as
much as possible about the facts of the
case. The most important factor in
defending your lawsuit is your
participation in the defense of your
case. The key to your defense will be
good preparation based on close
cooperation with your attorney. It is
imperative that you are completely
honest and forthcoming with your
attorney. You may be asked to provide
and interpret medical records, to help
locate relevant literature, to identify
potential expert witnesses, and to help
develop exhibits or visual aids.
239
However, do not take any action until
you have been contacted by your
defense attorney. Remember your
defense counsel is your attorney and
will be representing you. Rely on your
attorney’s expertise and make your best
effort to help build your defense.
for admission. In addition to these, and
by far the centerpiece of the discovery
process, is the deposition which is the
testimony of an individual under oath.
The discovery process seeks to remove
surprise and unforeseen events from the
proceedings.
In addition to receiving a summons and
complaint, you may receive additional
documents, such as a set of written
questions called interrogatories,
requests for admissions, or requests for
production of documents. Sometimes
these additional documents are served
with the complaint, and at other times
they are served later. Whenever you
receive these additional documents,
please provide them to the SVMIC
claims attorney as well as to your
defense counsel.
Medical Experts
Phase Two:
The Discovery Phase
of Litigation
The term “discovery” in litigation
generally refers to the process and
pre-trial devices that each side in the
lawsuit can use to learn information
that will help them prepare their case
for trial. In a medical malpractice case,
the most frequently used means of
gathering this information consists of
interrogatories, requests for production
of documents or things, and requests
Early in the litigation your attorney will
begin seeking experts who can support
your medical care (standard of care
experts) and experts who can speak to
whether the alleged error caused the
patient harm (causation experts). The
standard of care expert is usually
another physician who practices in your
field or specialty. This expert will be
able to testify that the care provided
was appropriate, given the
circumstances involved. The causation
expert may be from your same field or a
different one. For example, if a case
alleges a delay in diagnosis of a
disease, a specialist in the treatment of
that disease may be able to offer
support that the alleged delay did not
cause additional harm to the patient.
Experts on both sides are generally paid
for their time to review cases, render
opinions, and testify in depositions and
court.
Your attorney may seek your input on
the selection of experts. It is common
to seek the opinion of several experts
early in the case. When multiple
240
opinions are obtained, your attorney will
likely narrow down the field to the
experts who are most supportive and
most effective. State law will define the
qualifications necessary for a witness to
serve as an expert.
The plaintiff’s attorney will develop their
expert proof from a different
perspective. They will contend that
your actions breached the standard of
care and that the breach caused the
patient harm. As the litigation
progresses, your attorney will provide
you with the opinions of the plaintiff’s
experts. Some items to consider about
the experts on the other side include:
What is their background? Are they
credible? Are they in private practice or
do they spend most of their time
teaching in an academic setting? Do
they have the same resources at their
disposal as you did when the event took
place? Do they actually perform the
procedures about which they are
offering an opinion?
Depositions
During the course of the litigation,
attorneys will take depositions of the
plaintiffs, defendants, experts on both
sides, and individuals with firsthand
knowledge of the events in question. In
the deposition, attorneys on both sides
may ask questions of the witness. The
witness is under oath, and the
deposition is given before a court
reporter who will transcribe the
testimony. It is becoming more
common for depositions to be
videotaped, as well. Depositions are
used to discover the various facts
related to the case and may be used
later in the litigation, including at trial.
Typically, the plaintiff, who has the
burden of proof, will be deposed first.
You are free to attend the depositions in
your case. In fact, it may be
advantageous for you to attend the
depositions. Just as the plaintiff’s
attorney will use your deposition to gain
information about you, evaluate you,
and learn your version of the facts, your
attorney will do the same with the
plaintiff and his or her experts.
Your Deposition
Your deposition is critically important
and, aside from the trial itself, may be
the most important aspect of your case.
The plaintiff’s attorney will likely leave
no stone unturned when questioning
you about your care. While your
attorney can intercede to some degree
to object to improper questions, there
are very few restrictions on the areas
about which the plaintiff’s attorney can
inquire. In the deposition it is not just
the content of your answers that is
important, but it is how you say it, and
how you look, act and carry yourself
during the deposition. In this, as in all
phases of the case, your credibility is
241
everything. While this may seem
daunting, the issues and difficulties
that you may encounter in your
deposition can be managed through
thorough preparation.
Giving a good deposition is a skill that
is learned. Preparation is vital, and we
will provide you with the resources to be
completely prepared. Plan to allow a
significant amount of time to prepare
for your deposition. Your attorney will
work with you as to the likely content of
the questions, how to address any
weaknesses in your case, and strategies
for answering questions and conducting
yourself in the deposition. Your
attorney may conduct a “mock”
deposition to simulate the process as
much as possible.
Should the case continue toward trial, a
decision must be made either to defend
the case through trial or to attempt to
reach a reasonable settlement. Your
defense attorney will provide you with
input regarding whether to settle or try
the case. Your SVMIC policy contains a
consent to settle clause, so no claim
will be compromised without your
consent. SVMIC will not recommend
settlement solely to avoid legal fees and
expenses, because SVMIC believes that
a physician who has practiced good
medicine deserves to be defended.
Trial
The Final Phase:
Resolution
The trial will be scheduled for a specific
period of time. Some trials last only a
few days, while others take several
weeks. Your attendance is required in
the courtroom throughout your trial.
Your SVMIC policy includes a trial
attendance benefit for each day you
attend your trial.
The final phase of a lawsuit sees the
case reach its resolution. This can
occur by dismissal of the lawsuit by the
plaintiff or the court, by compromise
(settlement) of the lawsuit, or by trial.
If voluntarily dismissed by the plaintiff,
the plaintiff may be able to refile the
case during a prescribed time period.
At the time of dismissal your attorney
and SVMIC will advise you if the
dismissal is final, or if the plaintiff
retains the right to refile the case.
While the trial itself requires a
significant time commitment, perhaps
even more crucial is the time and
attention you devote to pretrial
preparation with your defense attorney.
Preparing and presenting a case at trial
is a team effort, and you are the most
important member of your defense
team. A trial is often a very stressful,
uncomfortable event, and your practice
and preparation will decrease your
anxiety and will provide familiarity with
242
the procedures of the trial. Your
defense attorney will work vigorously to
prepare for the trial and will make sure
that you are well-prepared. Rest
assured, SVMIC will provide you and
your defense attorney access to the best
available experts, trial exhibits, and
technology to allow you to present the
strongest defense possible.
Appellate Process
If you win your case and the plaintiff
chooses not to appeal, then the case is
over. However, under our legal system,
the party that loses at trial has the right
to appeal to at least one appellate
court. The appeal process typically
begins with the filing of post-trial
motions, which are usually required to
be filed within one month after the trial.
If the post-trial motions are denied, the
party may file an appeal. An appeal
may also be filed when the case is
otherwise dismissed by the trial court
before or even during trial.
A decision cannot be successfully
appealed simply because one party is
not satisfied. The party must have legal
grounds for appealing. In most
jurisdictions the appellate process
involves mandatory review by an
intermediate appellate court, then
permissive review by a higher appellate
court, such as a state Supreme Court.
Any appeal may prolong the ultimate
resolution of the case, sometimes by
several years, and includes brief periods
of activity followed by longer periods of
inactivity.
Conclusion
Regardless of the amount of time it
takes to defend your malpractice
lawsuit, or the ultimate result of the
litigation, always know that SVMIC will
provide you with the best possible
resources and people to protect your
interests. The key to resolving your case
in the manner most satisfactory to all
involved is your cooperation.
A win, no matter how it is secured, is
only accomplished when everyone is
working in concert. We are all together
in this process, and it takes a team
effort to provide you with the best
possible outcome. Your SVMIC claims
attorney and the defense attorney
assigned to represent you will have
years of expertise and knowledge in
representing doctors in every imaginable
type of medical malpractice claim. It is
your willingness to work with the
professionals assigned to you, however,
that proves most beneficial in the
defense of your case.
While a medical malpractice lawsuit is a
painful personal experience, you do
have a company completely dedicated
to making it as painless as possible. We
hope this information will allow you to
feel more comfortable in each phase of
your lawsuit. Never forget that SVMIC
will be with you every step of the way.
243
Action Steps After Receiving Notice of a Claim
• Call the SVMIC claims department (1-800-3422239) immediately if you receive a notice of
potential claim or lawsuit. Prompt notification is
necessary to protect your interests. After a claim
file has been opened, you should alert your claims
attorney or defense attorney to any new letters or
legal papers sent directly to you.
• Do not attempt to speak with or contact the
patient or their attorney without first contacting
and discussing your thoughts with a claims
attorney or your defense attorney.
• Do not discuss the medical facts related to the
claim with others; this includes any
co-defendants, your partners, colleagues, and
others who provided care to the patient. Review
with your defense attorney anyone with whom you
wish to speak about your case, and your defense
attorney will determine how best to proceed.
• Do not cut yourself off from your professional and
personal support system. You can let others know
that you have been sued, will have to be
dedicating time and attention to your defense, and
will be dealing with the frustration of this
unwelcome event. However, remember not to
discuss the actual facts and issues involved in the
claim. Alert your defense attorney and claims
attorney if you experience significant stress during
the course of the litigation. Resources are
available that can help you.
• Secure the medical record to the extent possible.
Do not attempt to obtain records that were
unavailable to you at the time of treatment. Do
NOT alter the medical records in any way – do not
“supplement”, “clarify”, “complete” or
“reconstruct” them. Changes to the medical
records will make your case more difficult to
defend, can increase your liability exposure, and
can potentially put your insurance coverage at
risk.
• Do not destroy any documents, including any
electronically stored or accessible documents,
emails, databases, or backup media, which may
have some connection with the claim. You should
take immediate steps to preserve and prevent the
destruction of this information.
• Do not take any steps to answer the complaint
against you or any requests for information from
the patient or their attorney without first talking
with your defense attorney.
• Do not conduct any independent research on the
medical or legal issues involved. Discuss any
research you think is necessary with your defense
attorney, and he or she will determine how best to
accomplish this and protect your interests.
• Determine if the Medical Board in each state
where you are licensed requires you to report the
receipt of a lawsuit or claim. (For instance,
Arkansas requires a report using a specific form
within 10 days of notice of a claim.) Your defense
attorney can assist you with any required
reporting.
• Cooperate fully and promptly with your defense
attorney. Tell them the truth about the medical
incident and any concerns you have about the
care provided. If you have any questions during
the course of the litigation, contact your defense
attorney or claims attorney.
• Keep your defense attorney and claims attorney
aware of your best contact information. Update
them promptly on any changes in this information
or your employment, when you will be unavailable
(travel out of the country, health issues, maternity
leave, etc.), or of other significant issues that
could impact your defense.
• Store all materials from SVMIC and your defense
attorneys in a confidential file separate from your
medical records on the patient. Do not make any
notation in the patient’s chart regarding
conversations with SVMIC.
244
