Kusserow on Compliance: Five major ambulatory risk areas

The Emergency Care Research Institute (ECRI) Institute analyzed 4,355 adverse events reported and found diagnostic testing errors pose the biggest risk to patients in ambulatory care settings with nearly half occurring in physician practices. Nearly half involved diagnostic testing errors with one fourth relating to medication safety and the remaining involving falls, security, and safety and privacy-related risks. The following risk areas were cited: 

Diagnostic testing errors. This is the leading cause of liability claims against primary care doctors and accounts for the highest proportion of payouts. Most of these errors involved laboratory tests. Other tests where problems occurred included imaging tests, pathology, and cardiology.

Medication safety events. Two-thirds of safety events were classified as wrong drug, wrong patient, or wrong time, the analysis found. Medication errors are a leading cause of malpractice claims in ambulatory care and can occur during any stage of the medication process. They are often the result of a series of failures within a system, the report said.

Falls. About half of the 800,000 hospitalizations from fall-related injuries occur in ambulatory settings in the exam room or waiting room.

HIPAA violations. Misunderstandings concerning HIPAA privacy and security rules prompted more than 350 HIPAA-related events to be reported to the ECRI Institute. The majority of these pertained to inadvertent disclosure of patients’ protected health information.

Security and safety incidents. Most such events involved verbal threats or disruptive behavior by patients or visitors.

Tips to Reduce Risks

 

  1. Provide decision support tools to assist in ordering the proper tests and monitoring processes for test tracking and follow-up.
  2. Standardized medication management procedures and create a policy directing how to report and manage safety events.
  3. Screen patients for fall risk at every visit, when a change in condition occurs and after a fall.
  4. Train staff on HIPAA Privacy/Security rules, particularly as they relate to disclosure of PHI.
  5. Train staff on what to do in the event of a violent incident and conduct monthly security and safety surveillance rounds.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS issues final rule on affiliation disclosure requirements for the provider enrollment process

CMS issued a final rule on September 10 that sets forth requirements mandating providers and suppliers who submit an application for enrollment or revalidation for Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP) disclose current or previous (up to five years) affiliations with a provider or supplier who has uncollected debt; has been or is subject to a payment suspension under a federal health care program; has been excluded from participation from Medicare, Medicaid, or CHIP; or has had billing privileges denied or revoked. CMS said a history of bad actors trying to escape the ramifications of inappropriate or fraudulent behavior by re-entering the program in some capacity, and/or shifting their activities to another enrolled Medicare provider or supplier with which they are affiliated, provided the motivation for the rule. In addition to furnishing the disclosure information, the provider must submit: (a) an organizational diagram identifying all of the entities listed in this section and their relationships with the provider and with each other; and (b) if the provider is a skilled nursing facility, a diagram identifying the organizational structures of all of its owners.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Tips for reducing the risk of cyber-attacks

Tim Murphy, former FBI deputy director stated that he rated cyber-attacks as the number one threat facing the country. Threats come from both inside organizations and outside. Insider threats may involve current or former employees or vendors. They may be motivated to steal intellectual property, funds, or simply to cause problems. The danger of employee-related crimes is that they have inside information concerning how things work and have access to data and computer systems. One of the best ways to combat attacks by insiders is to maintain a continuous monitoring of an individual’s public, online activity as well as the internal, network activity to detect changes in behavior. Often, cyber-attackers have patterns of detectable behavior and network activity which can provide indicators of risk, assist in early detection. It is important to know at any given time what are employees doing on the network; who are they dealing with; if they are leaving with data and files; and whether they are violating policy by sharing sensitive information with outsiders. Employee engagement in careless practice is far more common than engagement in malicious practice. Oftentimes carelessness takes the form of simple negligence by clicking on a link in a random email. However, there are ways to mitigate the threats, which can reduce the risk of cyber-attacks by as much as 80 percent, including:

  1. Provide ongoing employee and contractor training on what to do and not to do
  2. Conduct a risk assessment to understand threats presented by an insider
  3. Continuously monitor employee and vendor networks
  4. Update and upgrade software
  5. Use encryption to guard against information being read by unauthorized parties
  6. Establish multi-factor authentication

For more information health care provider cyber-security, contact Dr. Cornelia Dorfschmid at cdorfschmid@strategicm.com or at (703) 535-1419.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: GAO reports CMS gaps in nursing home oversight

CMS needs to address gaps in federal oversight of nursing home abuse investigations

The Government Accountability Office (GAO) reviewed CMS oversight of nursing home abuse in response to a request from the Congress. As part of its review, the GAO interviewed officials from survey agencies about how they investigate complaints and facility-reported incidents of resident abuse in nursing homes in five selected states.

The GAO noted, there are approximately 15,600 nursing homes providing care to about 1.4 million nursing home residents, a population of elderly and disabled individuals. CMS defines the standards nursing homes must meet to participate in the Medicare and Medicaid programs, including standards for resident care and safety. To monitor compliance with these standards, CMS enters into agreements with state survey agencies to conduct standard surveys or evaluations of the state’s nursing homes. Those surveys and evaluations investigate both complaints from the public and facility-reported incidents regarding resident care or safety, such as abuse. Investigations of nursing homes based on public complaints and facility-reported incidents offer a unique opportunity for the state survey agencies to identify potential abuse, as these can provide a timely alert of acute issues that otherwise might not be addressed until the standard survey.  Federal nursing home surveys and investigations of complaints and facility-reported incidents can be cited and tracked by CMS. Where deficiencies are found, CMS can impose federal sanctions to prompt the correction of deficiencies.

The review focused on Oregon, a state with 135 nursing homes caring for approximately 7,000 residents. The GAO found failure to follow federal requirements that the survey agency investigate all complaints and facility-reported incidents. Additionally, the GAO found CMS failed to address gaps in federal oversight in Oregon for at least 15 years. The GAO suggested to CMS that these problems may extend to other states and that CMS needs to take corrective action.

GAO recommendations to the administrator of CMS included: (1) evaluating state survey agency processes in all states to ensure all state survey agencies are meeting federal requirements that state survey agencies are responsible for; (2) investigating complaints and facility-reported incidents alleging abuse in nursing homes; and (3) that the results of those investigations are being shared with CMS.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.