First Healthcare Compliance CONNECT July 2018

Client FAQ Corner
I just recieved a HIPAA Authorization for a patient record
that contains psychotherapy notes. How do I respond?
By Julie Sheppard, BSN, JD, CHC
1. Do board members have responsibilities related to compliance?
Yes, it’s well established that board members have responsibilities related to
the organization’s compliance program. Several credible sources illustrate the
important relationship of the board and the compliance program and highlight
an individual director’s potential liability:
- A landmark case found that directors are potentially liable for a breach of
duty to exercise appropriate attention if they knew or should have known
that employees were violating the law, declined to make a good faith effort
to prevent the violation, and the lack of action was the proximate cause of
damages. Effectively, oversight responsibilities extend to compliance programs
and failure to provide adequate oversight can render a director liable
for losses caused by non-compliance.
- The Yates Memo sets forth individual accountability for corporate wrongdoing
and recognizes individual accountability. The focus is on holding individuals
responsible for corporate misconduct and highlights enforcement priorities.
- In 2016 following a corporate resolution, the former CEO of Tuomey
Healthcare settled his own liability for $1 million and agreed to a four-year
period of exclusion from participating in federal health care programs.
- The Office of Inspector General provides references for board members with
Corporate Integrity Agreements and helpful reference documents that include
Practical Guidance for Boards on Compliance Oversight.
2. Should compliance officers report directly to the board?
We know that the board must ensure that the compliance program operate
in practice and not simply exist on paper, so it’s necessary to have a process
that ensures appropriate access to information. Structures vary among
organizations, but generally it’s a good idea to establish a direct reporting
relationship between the company’s Chief Compliance Officer and the board.
Effective board oversight includes asking the right questions of management
to determine that there are mechanisms in place to ensure timely reporting
of suspected violations and to evaluate and implement remedial measures.
Ideally, a risk-based reporting system, is used by those responsible for
the compliance function to provide reports to the board on a regular basis.
Fortunately, there are tools available to track and identify areas of compliance
concern in an efficient manner.
Regular meetings and reviews that provide a board with overall compliance
insight should lead to better results. A 2018 survey shows that compliance
officers meeting with the board more than four times per year is the norm.
3. How can board members mitigate risk and avoid liability?
Every board is responsible for ensuring that its organization complies with
laws and regulations. Obviously, this is necessary to protect patients and
public funds. A growing awareness of potential individual liability and the
relationship between the board and the compliance officer highlights the need
for an effective compliance program. Exercising oversight and monitoring of
the organization’s compliance program is essential to corporate governance.
And a director who acts in good faith may not be held liable for bad outcomes.
Follow these tips to detect non-compliance early and mitigate your risk:
- Follow OIG guidance and implement a robust compliance program
- Take steps to educate and inform board members about compliance
- Keep an eye out for risk areas and red flags and respond appropriately
- Stay engaged and communicate with management and the compliance
officer
Psychotherapy notes are primarily for personal use by the treating professional
and generally are not disclosed for other purposes. The provider should review the
definition of psychotherapy notes under HIPAA and remove any of this information
from the patient’s file before disclosure. Under HIPAA, psychotherapy notes is
defined as follows: Notes recorded (in any medium) by a health care provider who is
a mental health professional documenting or analyzing the contents of conversation
during a private counseling session or a group, joint, or family counseling
session and that are separated from the rest of the individual’s medical record.
Psychotherapy notes excludes medication prescription and monitoring, counseling
session start and stop times, the modalities and frequencies of treatment furnished,
results of clinical tests, and any summary of the following items: Diagnosis,
functional status, the treatment plan, symptoms, prognosis, and progress to date.
(See 45 CFR 164.501).
Do I need Safety Data Sheets (SDS) for cleaning
products?
SDS must be maintained for all hazardous chemicals and are obtained directly
from the manufacturer, distributor, or importer. This requirement includes
hazardous cleaning products. An exception exists for household consumer
products used for cleaning (if used in the same manner as a consumer would
use them) Such cleaning products do not require SDS to be maintained.
Explore the FAQs tab in your compliance solution to find
answers to your compliance questions!
4 First Healthcare Compliance, LLC © 2018
Contact Toll Free: 888-54-FIRST 5