Visibility and Enforcement Activities are Heating Up at the OCR

Health care providers across the board need to be concerned about what’s going on at the Office of Civil Rights (OCR), according to Sarah E. Swank, a principal in the Ober Kaler law firm’s Health Law Group and co-founder of the Ober|Kaler Health Care General Counsel Institute. Under the guidance of Leon Rodriguez, Director of the HHS Office for Civil Rights, the OCR is heating up its visibility and enforcement activities related to unlawful discrimination under Title VI of the Civil Rights Act of 1964, provider consciousness protection, and the Health Insurance Protection and Accountability Act (HIPAA) (104-191) and Health Information and Technology for Economic and Clinical Health (HITECH) Act, Swank said. Swank discussed recent trends in the OCR enforcement activity and provided tips for compliance professionals during a webinar on October 18, 2012, sponsored by the Health Care Compliance Association (HCCA).

OCR’s Responsibilities

The OCR is charged with investigating complaints, conducting compliance reviews, providing technical assistance, and conducting outreach. The OCR ensures that federal financial assistance recipients comply with national civil rights laws including those related to discrimination based on race, color, national origin, disability, and age. In addition, the OCR enforces the requirements and investigates complaints under HIPAA, enforces federal health care provider conscience rights, and certifies Medicare applications for compliance with the national civil rights laws. Swank stated that even if a compliant is not filed with the OCR, individuals have a private cause of action for many of the areas that the OCR oversees and noted the possibly of the OIG excluding a provider that violates any of the laws from participation in federal health care programs. The OCR provides information about the obligations of health care providers on its website. In her presentation, Swank went into detailed explanations of several areas that the OCR enforces and provided suggestions and recommendations for providers to follow to comply with the specific requirement.

Limited English Proficiency

Individual with limited English proficiency (LEP) are those whose primary language is not English and who have a limited ability to read, write, speak or understand English. Health care providers are required to take reasonable steps to provide meaningful access to LEP persons, such as language access services at not cost to ensure that person are not discriminated against on the basis of national origin. In conducting compliance reviews of providers seeking to participate in Medicare Part A, the OCR assesses whether the provider has an adequate policy and procedure to ensure effective communication with LEP persons. HHS has issued Guidance for providers to establish a plan for identifying LEP individuals who need language assistance, providing language assistance measures, training staff, and providing notice. LEP plans must be monitored regularly and updated as needed to ensure compliance with the requirements. Swank stressed the importance of translating written materials including consent and complaint forms, intake forms, notice of eligibility criteria and rights, and notices advising LEP person of free language assistance but noted that smaller organizations such as a small physician practice may be okay with oral translation  if they meet the size requirement. She stressed providers to err on the side of caution. Among the requirements the OCR has included in  corrective actions, are: (1) coordinate interpreters and translations in a single department, (2) implement qualification testing and training, (3) post signs informing the public of the availability of language assistance services, (4) hire more bi-lingual staff,  (5) establish and implement policies for professional interpreters and translated documents,  (6) document interpretative ser ices, and (7) designate a language assistance coordinator.

Disability, Sign Language

 Providers must provide free of charge to the deaf or hard of hearing person, auxiliary aides including brailed and taped material, and sign language interpreters. In addition providers of fifteen or more employees must provide appropriate auxiliary aids to persons impaired with sensory, manual or speaking skills. Providers should have policies and procedures in place, develop auxiliary aids, train staff, and provide patients with notices of their right to auxiliary aid and services free of charge, Swank recommended. Further, providers should have policies not limiting access to only those service animals used by persons who are visually impaired, Swank noted.

Provider Consciousness Protection

Several federal statutes prohibit health care providers from discriminating against other health care professionals based on their objection to, participation in, or refusal to participate in specific medical procedures and related training and research activities. In addition, a health care worker can not be coerced into performing procedures that the worker finds religiously or morally objectionable. This may apply to religious facilities but mostly applies to individual practitioners including trainees and residents, Swank explained.

 HIPAA Breach Reporting

Swank explained that the OCR opens a review of all breach reports involving more than 500. She advised covered entities to be prepared to respond with determination of the root cause of disclosure, identifying gaps in compliance with Privacy and Security rules that led to the breach, and providing evidence that the root cause has been addressed to insure that further breaches do not occur. When a breach occurs the OCR imposes civil money penalties or settlement amounts, and may enter into a resolution agreement and a corrective action plan, including self monitoring. Corrective actions may include implementing the OCR approved policies and procedures, employee training, and independent monitoring. Among the areas vulnerable to theft identified by Swank were paper files, flash drive, lap tops and electronic health records. Swank recommended keeping policies and procedures up to date, tracking who has access to such records, and auditing the processes. She stressed that common sense still applies when safeguarding records.

An OCR Specific Compliance Tip

Swank specifically recommended that health care providers to conduct a self-audit focused on the areas the OCR enforce, stressing that self-audits should be added to compliance work plans. Among the items Swank included in the self-audit are review of policies and procedures, review of training materials, review of contracts, talking to staff members and walking through the facility.