Friday, November 30, 2012

Wellness Plans, Part Two

In Wellness Plans, Part One, the different options for Wellness Plans were discussed, as well as how they are affected by HIPAA. Today we will look at the way the American Disabilities Act (ADA) and the Genetic Nondiscrimination Act (GINA) affect the structure of a Wellness Plan.

The ADA is “a Federal civil rights law that prohibits discrimination against people with disabilities in everyday activities.” This includes the workplace. While it is essential to note that the ADA’s rules must be followed for any type of Wellness Plan, it is especially important in a Standards Plan. There must be equal opportunity for all employees to get the same incentives. Therefore, when the plan is drafted, a company should pay special attention to creating alternative goals with similar incentives. For example, if a reward is given for employees using a pedometer to count steps, and there is an employee confined to a wheelchair, then the company must allow for that employee perform a different activity to achieve a reward. The ADA also limits when an employer can require a medical exam. They must be voluntary to the employee and all results must be kept confidential. There are also rules concerning the way in which the information can be used. The results cannot be used to discriminate against the employee and must always be separate from the employee’s personnel record.

GINA revolves around a relatively new area of concern:  genetics. This law is meant to protect employees from discrimination based on genetic information. Signed into existence in 2008, it states: “The law forbids discrimination on the basis of genetic information when it comes to any aspect of employment, including hiring, firing, pay, job assignments, promotions, layoffs, training, fringe benefits, or any other term or condition of employment. An employer may never use genetic information to make an employment decision because genetic information is not relevant to an individual's current ability to work.” It is important to note that GINA does provide for certain exceptions, and testing for Wellness Plans is allowed. Written authorization must be obtained prior to the testing, and the employee is the only person that can be provided with a detailed report of findings. The employer may only receive findings in cumulative form without identifying specific employees. It is illegal under GINA to offer financial incentives to employees who provide their genetic information as a part of their Wellness Plan.

EEOC guidelines state that a wellness program is “voluntary.” There is no issue with having a Wellness Plan in general, but it must be voluntary, and no employee can be penalized for not participating. It is also important to remember that healthcare reform is shining a spotlight on the significance of preventative medicine and wellness. As changes begin with the Affordable Care Act, Wellness Plans may gain even more momentum as the cost for employer-provided health care rises.

Wellness Plans are beneficial to both employer and employee. Improving the health of your workers can help to improve the overall health of your company. Keep in mind how important it is to include your attorney when designing your plan. Because there are different laws that must be consulted, it is important to meet with your attorney to make sure nothing is overlooked or misinterpreted.

ADA Business Connection. (n.d.) Americans with Disabilites Act. Retrieved November 20, 2012.
Genetic Information Discrimination. (n.d.) US Equal Employment Opportunity Commission. Retrieved November 20, 2012.

Wednesday, November 28, 2012

Wellness Plans, Part One

Recent history has a seen a trend in companies implementing Wellness Plans. At their core, Wellness plans are meant to improve the health of employees and therefore help to keep down the overall cost of healthcare. Healthy employees improve a company’s productivity and cut down on missed work due to health issues. In theory, putting together a Wellness Plan seems like a straightforward operation. In actuality, there are many choices that must be made and many laws that must be followed.

There are two types of Wellness Plans: Participation Only Programs and Standards Based Programs. Both types have the same goal of helping employees be as healthy as possible; however, the way they go about it is very different.

Participation Only Programs
In Participation Only Programs, the only requirement is participation. As long as the employee follows that requirement, the employee receives incentives. There are no goals or standards that must be met. This type of program may center around education. For example, the company offers seminars on healthy eating or classes about the benefits of exercise, and those that attend receive an incentive. The incentives offered in this type of plan can also feature things like gym membership discounts, cooking classes, or a free health fair. These types of plans are not considered a health plan and are therefore not subject to HIPAA guidelines. It is a requirement that these plans be available to everyone in the same station in a company and cannot be based on health. For example, diabetes awareness must be offered to all full time employees, and not only to those with diabetes. Companies often choose the Participation Only route because there are less hurdles and rules when the plan is not considered to be a health plan.

Standards Based Plan
In a Standards Based Plan, the employee must meet goals or standards based on health conditions in order to receive incentives. These types of plans often involve screenings and testing to determine what the goals should be for each employee. The goals normally involve meeting certain lifestyle standards, such as smoking cessation or lowering BMI. They can also feature an education component and diagnostic testing. Because a Standards Based Plan provides medical benefits through testing and screenings, it is considered a health plan and is subject to all HIPAA rules and regulations.
According to the Department of Labor, HIPAA has the five following requirements for Standards Based Plans:
  1. The total reward for all the plan’s wellness programs that require satisfaction of a standard related to a health factor is limited – generally, it must not exceed 20 percent of the cost of employee-only coverage under the plan. If dependents (such as spouses and/or dependent children) may participate in the wellness program, the reward must not exceed 20 percent of the cost of the coverage in which an employee and any dependents are enrolled.
  2. The program must be reasonably designed to promote health and prevent disease.
  3. The program must give individuals eligible to participate the opportunity to qualify for the reward at least once per year.
  4. The reward must be available to all similarly situated individuals. The program must allow a reasonable alternative standard (or waiver of initial standard) for obtaining the reward to any individual for whom it is unreasonably difficult due to a medical condition, or medically inadvisable, to satisfy the initial standard.
  5. The plan must disclose in all materials describing the terms of the program the availability of a reasonable alternative standard (or the possibility of a waiver of the initial standard).

HIPAA also decrees that a Standards Based Plan cannot be structured in a way that the outcomes are measured from protected data. Also, all data must be kept confidential at all times.

HIPAA is not the only law that governs how a plan must be designed and administered. GINA and ADA also have rules concerning Wellness Plans.  Wellness Plans, Part 2 will discuss the limitations that the ADA and GINA put on Employer Wellness Plans.

Employee Benefits Security Administration (n.d.) FAQs About The HIPAA Nondiscrimination Requirements. United States Department of Labor. Retrieved November 19, 2012.
Mastroianni, Peggy R. (August 19, 2011). ADA & GINA: Incentives For Workplace Wellness Programs. The U.S. Equal Employment Opportunity Commission. Retrieved November 19, 2012. http.://

Wednesday, November 14, 2012

Disposing of Paper Charts: When and How

We have discussed choosing the right EMR. You have picked your system, gotten the training, and gone live. You are living happily-ever-after with your electronic charts. But what about all of those paper charts that are lurking in your practice? What should happen to them? There are rules and regulations about when and how they can be disposed of.

There are several factors that dictate how long a practice must retain paper records. It is important to look at state laws, Medicare and Medicaid and insurance regulations, and the statute of limitations for malpractice or other legal actions. The North Carolina Medical Board guidelines, updated in 2009, state:
  •        Medicare and Medicaid: 7 years
  •        Medical Malpractice: consult your malpractice insurance carrier
  •        Immunization Records: must be kept indefinitely
The board also issued the following statement concerning how to determine the length of times records should be kept: “The board, therefore, recognizes that the retention policies of physicians giving one time, brief episodic care may differ from those physicians providing continuing care for patients.” Therefore, it is important to use best judgment when determining which records to retain. A practice such as an urgent care may use the minimum requirement. In a practice that is providing long term care for a patient, especially in the case of disease treatment, the records may be kept longer. HIPAA does not provide any guidelines about the length of time that records must be kept, but advises that providers should defer to state law. It is also important to note that the “seven years” starts on the date of the last encounter.

The destroying of records is strictly governed by HIPAA regulations. According to the US Department of Health and Human Services, the entity that implements HIPAA, “covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited uses and disclosures of PHI, including in connection with the disposal of such information.” It is illegal to dispose of any PHI, including paper charts, in a way that is accessible to the public. That includes, but is not limited to, dumpsters, recycling centers, and public trashcans.  There is no one way that charts must be disposed of, as long as they are rendered “unreadable, indecipherable, and otherwise cannot be reconstructed.” The most popular way to accomplish this is to have the records shredded. Burning, pulping, and pulverizing are also options. The company that is hired to destroy the records is considered by HIPAA to be a business associate, and a contract for safe and appropriate disposal must be created. For more information see this entry about vendor agreements.

Once you are prepared to destroy your practice’s paper charts, contact your attorney. Together you can form an action plan that includes an appropriate vendor and meets the requirements for what information needs to be saved and what does not. It is important to consult with an experienced healthcare lawyer who is well versed in the latest state law. Fines for misappropriation of PHI are steep, and the negative exposure that surrounds breaches is immense. Protect your patient’s privacy rights and keep your practice safe by following the law to the letter.

Waller Lansden Dortch & Davis LLP. (March 26, 2008). Retaining Medical Records: How Long is Long Enough. FindLaw.  Retrieved November 8, 2012.

Retention of Medical Records. (May 1, 1998, modified May 2009). North Carolina Medical Board. Retrieved November 8, 2012. retention_of_medical_records/

Department of Health and Human Services. (n.d.) Frequently Asked Questions About the Disposal of Protected Health Information. Retrived November 8, 2012. enforcement/ examples/disposalfaqs.pdf

Thursday, November 8, 2012

The Workplace and Domestic Violence

Nearly one third of US women report having been the victim of sexual or physical abuse at some point in their lifetime. This staggering statistic indicates the high likelihood that one or more of your employees has been victimized. Business owners need to understand the impact that domestic violence has on their employees, their workplace, and their bottom line.

Domestic violence (DV) creates a ripple effect. It impacts every part of a victim’s life, including work. Employers must take steps to create a safe environment and understand their responsibilities when an employee falls victim to DV. It is important to create policies that aid and protect the victim and the business and to understand the company’s role in the situation.

Laws are in place in most states allowing the victim to maintain their job security while dealing with DV and its aftermath. Allowances must be made by law so that a victim can receive the proper medical and psychological care, and deal with any legal issues. The following is the North Carolina law concerning this:

NORTH CAROLINA: N.C. Gen. Stat. § 50B-5.5 & § 95-270(a). 
An employer is prohibited from discharging, demoting, disciplining, or denying a promotion to an employee who takes “reasonable time off” from work to obtain or attempt to obtain a protective order or other relief under the state’s domestic violence law. An employee who is absent from the workplace shall follow the employer’s usual leave policy or practices; if the employer generally requires advance notice of absences, an employee must provide advance notice “unless an emergency prevents the employee from doing so.”  An employer may require the employee to provide documentation showing the reason for the employee’s absence

74% of female victims report being harassed by their partners while working. There is a restraining order that an employer can get to protect the employee. The employer applies for it on behalf of the employee to safeguard them from violence, harassment, or stalking while at work. The law for North Carolina is as follows:

NORTH CAROLINA: N.C. Gen. § Stat. 95-261.
An employer may seek a civil no-contact order on behalf of an employee who has been subject to unlawful conduct, such as physical injury or threats of violence, at the workplace. Prior to seeking such an order, the employer must consult with the employee who is the target of the violence to determine whether the employee’s safety would be jeopardized by participating in the process. An employee who is the target cannot be disciplined based on their involvement or lack of involvement in the process.

In addition to following the letter of the law concerning victim’s rights, it is important to have a DV policy in place. Taking measures to do this, before there is a problem, will ensure your company is prepared should a situation arise. 

Recommendations for a thorough policy:
·  Abide by all existing laws covering victims of DV.
·  Establish a confidential system for reporting domestic or sexual violence.
·  Carefully define domestic and sexual violence. Broad is better. Consider including same-sex and dating relationships.
·  Keep resources and referral information current and post in highly accessible areas.
·  Adjust schedules and provide paid and unpaid leave for medical care, counseling and legal assistance.
·  Ensure workplace safety. Assess parking arrangements, enforce civil protections, exercise the right for an employer restraining order, screen phone calls and visitors, and develop a safety plan.
·  Enforce a strict policy on employees who threaten or abuse on work time or with company resources.
·  Choose health insurance plans that do not discriminate against physical or sexual abuse.

Employer Liability
It is imperative to understand the company’s role in protecting employees. If management ignores threats and does not adequately provide safeguards to ensure employee safety, the company can be held liable. In 2008, an associate at Old Navy in the Chicago area was shot and killed by her abuser at work. The parent chain, Gap, Inc., was sued for not taking the proper precautions for the employee’s safety. The gunman was able to enter through an unlocked employee door. Also, after the perpetrator entered the store the management failed to act, despite previously being made aware of the threats.

Missed work is a problem with victims of DV. Over one million women are stalked each year, and a quarter report missing work because of it. In 2000, 36% of rape and sexual assault victims lost more than ten days of work after being victimized. While missed work is usually unavoidable in these situations, having a comprehensive policy to help victims may minimize time off. This is another reason why victims must feel safe and supported at work.

Show your employees that you value them, and their well-being, by explaining the company’s stand on domestic violence. Outline your policies and remind them that they can always reach out to management if they have a problem with DV or sexual assault. Understand the laws and how your company can help an employee that is a victim. Providing workers with information and education will not only help any victims, it will also show any abusers that their behavior is unacceptable socially, and by law. Take a stand against domestic violence for your employees, their co-workers, and their families.

Domestic Violence Statistics. (2012) Domestic Violence Statistics. retrieved November 1, 2012.
Employment rights for victims of domestic violence. (n.d.) Legal Momentum. retrieved November 1, 2012.
State Law Guide: Workplace Restraining Orders. (August 2010). Legal Momentum.  retrieved November 1, 2012.
The Facts on the Workplace and Domestic Violence. (n.d.) Futures Without Violence.  Retrieved November  1,  2012.

Tuesday, November 6, 2012

Through a Patient's Eyes

The majority of medical offices today move their patients around the office to maximize time and flow. It is completely normal for a patient to move from the check in desk, to the outer waiting room, to the inner waiting room, to the lab, back to another waiting room, to the exam room, on to various testing rooms, to chat in the doctor’s office, then to check out. At minimum, that is seven stops for a normal visit! Every provider and manager should move through the practice, mirroring the patient’s route, to determine if each stop is HIPAA compliant. It is easy to overlook small breaches when setting up the flow in the office. See the practice through the patient’s eyes to help prevent breaches from happening.

Most practices have the outer waiting room under control. It is widely known that sign in sheets are allowed, and that calling the patient by name is permissible. However, problems can arise at the check in desk. Are stacks of charts visible to patients standing at the counter? Can they read the schedule the front desk is using to monitor patient flow? Stand on the patient’s side and look. What can you see? What needs to be turned over or moved from view? A great deal of information passes through this area. It is also highly visible to every person that comes into the office. Because it is extremely busy, it is often the spot that PHI is left where anyone can see it.

The layout of modern practices often includes workstations in the hall, near the “inner waiting area.” Patients are brought back to wait, and then the nurse moves to the station to look at charts or a computer. When you sit in this area as a patient, can you see what the nurse is doing? How easy is it to read the screen or chart that is open? When the provider is finished at the station, are they leaving behind items that contain visible PHI? Are they signing out of the computer so that nothing but a screen saver is visible? If the screen can be seen while in use, a privacy filter should be employed. No charts should ever be left within a patient’s site line. There is often not a lot to do, and looking at a readily available chart may appeal to some people as a way to pass the time. Even the most sensitive patient may glance at the name and any other stickers on the outside if the chart is where they can read it.

Many offices today do their own testing. This involves moving patients in and out of testing rooms with equipment. These machines often have their own data entered on patients, as well as computers. Sit in the patient’s chair. What do you observe? Is there anything within the patient’s reach if you leave the room and they are left alone? Keep in mind that screen savers or ways to shield testing equipment screens should be used.

Physicians often bring their patients into their personal offices at some point in their visit. When you sit on the opposite side of your desk, is there any PHI noticeable? There should be no stacks of charts, no schedules, no tests or results, and no communication from other doctors. There should also be a privacy screen on the computer and a screen saver should pop up whenever the computer is not in use. Don’t bring your patients in to put them at ease, and then show them that you are displaying private information for all to see.

Other problems are widespread throughout offices. Paperwork such as routing slips, charts and insurance information are left out. If you still use a system of charts on doors, make sure they are always turned around. Many practices post schedules at various spots around the facility to keep things running smoothly. Make sure that those are not where the curious eyes of patients can read them. 

Wander around the office and just look. Observe what patients are looking at while they are visiting the restroom, waiting for lab work, or waiting in line at checkout. A great deal of the patient’s time in your office is spent sitting and waiting. Remember that fact when you are looking at how your office is handling PHI. What seems obscure to you may be obvious when a patient has nothing else to look at. Walk in your patient’s shoes to troubleshoot the spots where your staff is unknowingly exposing PHI and putting you at risk for a complaint. It only takes one patient noticing one thing. Be the patient and see what they are seeing when they move around your office. You may be surprised by what is slipping through the cracks.

Related Posts Plugin for WordPress, Blogger...