Tag Archive for: Oklahoma

In this article, Oklahoma City healthcare attorney Mary Holloway Richard discusses how safeguarding patients’ electronic health information is an employment matter and how companies can enact HIPAA rules with their employees.

Q: In preparation for an employee or other members of a health care company’s workforce quitting, what preventive steps can be taken to ensure that patients’ health information is protected?

A: Two particular measures are critical to health care providers, in their role as employers, to protect the private patient information. Those are preparation and training. First, advance preparation is essential. Administrative, technical and physical safeguards are mandated by HIPAA (the Health Insurance Portability and Accountability Act) and its amendments, and just as we recommend with regard to all types of health care compliance and regulations, a compliance plan should be in place to provide security for protected health information electronically maintained. The person responsible for a health care practice or company’s IT should perform periodic risk assessments, and sufficient access termination procedures should also be in place. Second, an important part of prevention is proper training. Just as we recommend preparation to respond to identity theft, employers must identify the individuals responsible for safeguarding electronically maintained protected health information and responding to a breach, and provide them with appropriate training. Since health care is such a labor-intensive industry, a high rate of personnel turnover requires proportionate re-training and monitoring of employees regarding compliance with privacy and other regulatory requirements.

Q: You mentioned termination procedures — what procedures provide effective deterrents to unauthorized use or access to electronically maintained protected health information in such situations?

A: As a part of an overall separation procedure, there are some critical checkpoints along the way. Health care providers/employers are advised to standardize the process and create a checklist of steps to be taken when an individual leaves. Document that these steps have been taken, including the return of any company equipment. Next, if the company or practice is large enough to have departments, it is important to quickly alert the department or staff members responsible for changing access to electronically maintained protected health information, deactivating or deleting user accounts and monitoring access. Also, after these and other important steps are carried out, I recommend a post-termination audit to verify that all necessary steps to cut off access to electronically maintained protected health information have been taken.

Q: What steps must be taken to terminate access to electronically maintained protected health information?

A: Such steps, in addition to terminating user accounts and reclaiming computers, laptops, iPads and cellphones, should include terminating access to the physical space, which may require changing locks, access codes, and authorized individuals lists. Obviously, keys, fobs, ID badges, card keys and other items by which the former employee gained access to the physician space must be reclaimed or reprogrammed so that access by the former employee or other former member of your company’s workforce to secure areas with electronically maintained protected health information is no longer possible. For all former employees, and particularly for those with remote access, deactivation of any remote accounts and accessibility should reach all levels of access so that portals, web access and email services are no longer accessible.

 

Published: 5/9/18; by Paula Burkes
Original article: http://newsok.com/for-health-care-providers-safeguarding-patients-electronic-health-information-is-also-an-employment-matter/article/5593919

In this article, Oklahoma City healthcare attorney Mary Holloway Richard discusses Oklahoma’s Certificate of Need laws with the Daily Oklahoman newspaper.

Q: What are Certificate of Need (CON) laws and what is the status of CON in Oklahoma?

A: The history of CON laws is an interesting one. Federal law required CON for facilities that received federal funds to construct facilities. By 1978, unique CON statutes were passed in 36 states. Although the federal mandate was repealed in 1987, many states still have CON laws in place. The CON system was intended by Congress as one mechanism for controlling healthcare costs by controlling development. The idea was that unnecessary beds or services would drive up the costs and miss system efficiencies and economies of scale. Development was broadly defined to include activities ranging from new development, acquisitions, mergers, management agreements, leases, stock purchases and changes in ownership via foreclosure. The Oklahoma legislature repealed CON laws in all areas except for psychiatric and chemical dependency services and long-term care.

Q: What are the current requirements for developing long-term care and behavioral health services in Oklahoma under these statutory schemes?

A: For long-term care, the Oklahoma law provides for the development of long-term care services in a “ … planned orderly economical manner consistent with and appropriate to services needed by people in various (parts of Oklahoma) ….” Development must match or reflect the need demonstrated in the CON application as evaluated by the state Department of Health. The statutes also enumerate the powers of the Department of Health with regard to long-term care facilities and services. The law applies to long-term care facilities including nursing homes, specialized facilities such as long-term acute care and skilled nursing facilities and the nursing component of continuity of care and life care communities. For psychiatric and chemical dependency service facilities, the process is outlined in the statutes and includes application requirements, findings by the state Board of Health, providing bases for the board’s decision, the opportunity for appeal of the board’s decision and an explanation of potential penalties for failure to comply.

Q: Some writers and consultants in the healthcare industry contend that these laws no longer serve the purposes for which they were created by legislatures or fail to achieve the ostensible objectives. Is this fair criticism?

A: All segments of the healthcare industry are highly regulated. There is a good argument to be made that business decisions in the healthcare space are guided by reimbursement, the impact of effectiveness and outcome metrics, and classic business principles such as market share and that, while the original ideas supporting the CON effort may have been sound, the system now provides an additional hurdle and expenses in two areas of significant needs in our state — services to the elderly and others requiring long-term care and to those suffering from behavioral health diagnoses. More specifically, Oklahoma’s CON rules apply only to hospitals so that development for treatment facilities not considered “hospitals” by the Oklahoma Department of Health are not covered by the CON procedures and limitations. The result is that addiction treatment facilities providing services, including beds, only require the approval of the Oklahoma Department of Mental Health and Substance Abuse Services, which does not have its own CON process and can be developed without hindrance.

Q: Is there interest among Oklahoma lawmakers to repeal the last vestiges of CON law in Oklahoma?

A: Although this issue has come up in the last several years, it has not been successful. No such legislation was proposed in the first regular session of this legislative term, which ended in May. In terms of the status of CON laws in the nation, as of 2016, 14 states had discontinued their certificate of need requirements and 34 continued with some remnant of the CON system.

Published: 10/12/17; by Paula Burkes
Original article: http://newsok.com/qa-with-mary-holloway-richard-certificate-of-need-laws-can-bridle-behavioral-other-care/article/5567643