MGMA 2013 ANNUAL CONFERENCE October 7, 2013 Paradigm Shift: Patients, Physician Practices and...
-
Upload
meredith-mcdaniel -
Category
Documents
-
view
216 -
download
2
Transcript of MGMA 2013 ANNUAL CONFERENCE October 7, 2013 Paradigm Shift: Patients, Physician Practices and...
MGMA 2013 ANNUAL CONFERENCEOctober 7, 2013
Paradigm Shift: Patients, Physician Practices and Electronic Communication
Presenters: Barbara J. Zabawa & Melinda S. Giftos
Presentation Summary
• Overview of Current & Emerging Practices
• Five Risk Areas with Best Practice Recommendations
• Q & A
What is Happening Now?
Communications Explosion!
- Web sites & social media
- Personal health record software
- User-generated content
- Mobile, e-mail, text
Online Medical Information
Electronic Medical Records
Social Media Outreach
Patient-Generated ContentPatient testimonials. http://youtu.be/n_rF45bUEJg
mHealth• BYOD (bring your own device)• Specialized health
applications allow patients tomonitor their own data
• Real-time medical data • DIY diagnosis and sharing• E-mail and text
communication
Advantages of E-Communication• Convenient• Efficient• Less expensive than office visit• Creates record of
communication – Automatic documentation
in EMR
• Patient-centered medical home achievement
Disadvantages /Barriers
• More work for providers• Resistance to change• Reimbursement issues
• Risk of liability
5 Areas of Risk
1. Damage to Reputation / violation of fair advertising laws
2. HIPAA/state law violations3. Loss of Patient Data4. Employee issues (violations of the NLRA)5. Malpractice liability
1. Reputation & Branding Risks
Social media can enhance OR damage your reputation
Negative reviews
False reviews
If patient appears coerced into giving testimonial, could be very damaging
Potential Liability
Are you adhering to Federal Trade Commission advertising guidelines?
• Claims must be substantiated
• Cannot give only extraordinary results
• Generally expected results
• Creates difficulty in medical field
Best Practices
• Use only testimonials that are substantiated by your records
• Use a spectrum of testimonials (not just the greatest results)
• Add disclaimers• Be transparent and don’t
promise too much, while still highlighting your successes
2. Risk of HIPAA Violations
More devicesSocial mediaFrequent communicationsShare culture
All increase risk of HIPAA violation.
Example: Web-based Calendar
Clinic posted clinical and surgical appointments for its patients on public web-based calendar• Clinic implemented very few policies and
procedures to safeguard ePHI• Result: $100,000 settlement with OCR, plus
corrective action
OCR Warning:
“We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.”
$1.5 million settlement after unencrypted laptop containing PHI of patients and research subjects was stolen
“In an age when health information is stored and transported on portable devices, such as laptops, tabletop and mobile phones, special attention must be paid to safeguarding the information held on these devices. This enforcement action emphasizes that compliance with HIPAA must be prioritized by management and implemented throughout an organization from top to bottom.”
Example: Stolen Laptop
HIPAAA CE or BA may not use or disclose PHI except as permitted or required by the Privacy Rules
Facebook and other social media posts can be ePHI if patients identified by name (or otherwise) and context of posts (or information about poster) says something about medical condition or patient status of individual
Social Media Slips
2 paramedic students-in- training took digital photos of a shark attack victim, and subsequently e-mailed the photos to numerous friends
Medical Economics, October 10, 2012
Social Media Slips
On his blog, a doctor called a patient lazy and ignorant because she had made several visits to the ER after failing to monitor her sugar levels
Medical student filmed a doctor inserting a chest tube into a patient, whose face was clearly visible, and posted the footage on YouTube
Chicago Daily Herald, July, 2012
Social Media Slips
Temporary employee posted a photo of a patient’s medical record (clearly showing name), accompanied by the comment, “funny but this patient in to cure her VD and get birth control.”*
Nurse posted on her Facebook page that she had treated a “cop killer” the day following many news accounts naming the accused shooter and the hospital where he was treated.**
*“Patient Info on Facebook Traced to Temp Staff,” Same-Day Surgery (May 1, 2012), 2012 WLNR 7485380; **“Nurse Fired for Off-Duty Post on her Facebook,” Healthcare Risk Management (October 1, 2010) 2010 WLNR 19684422.
Is it a Violation?Whether social media posts using patient information constitute a HIPAA violation will depend upon purpose of post and to whom post was disclosed
• Ok to use social media to disclose to subject of PHI without authorization (so long as post is not viewed by others)
• Ok to use e-communications to disclose to another CE for TPO without patient authorization
Common Misunderstandings• Post is private and accessible only to
intended recipient(s)
• Deleted posts are no longer accessible
• If site is limited (“private”) to selected recipients, that disclosure of patient information is harmless if only read by selected recipient(s)
Common Misunderstandings
• No breach of confidentiality if name is not disclosed but other key information about patient is disclosed (from which identification is possible)
• Confusion about patient’s freedom to disclose information about himself/herself and the need for the nurse (provider, institution) to refrain from disclosing information – even if it is in response to the patient
Risk of Sanctions
Example: Rhode Island physician was reprimanded and fined by the State Medical Board for an inadvertent Facebook posting (without giving patient names, detailed certain patient encounters in the ER, but because of the nature of the patients’ injuries, they could be identified by third parties)
Risk of Sanctions
In a 2010 survey, 33 of 46 responding boards of nursing reported receiving complaints of nurses posting photos or information about patients on social networking sites and that 26 of the 33 boards took some sort of disciplinary action in response – minimally, letters of censure
National Council of State Boards of Nursing; 2010 nationwide survey
AMA Ethics Opinions• Opinion 5.026 - email should not be used to
establish physician-patient relationship; only to supplement other encounters
• Physicians should communicate to patients the inherent limitations of email, such as potential for breaches and delayed responses
AMA Ethics Opinions
Opinion 9.124 on social media recommends:
Physicians use privacy settings to safeguard personal information and content, but should realize that privacy settings are not absolute and that once on the Internet, content is likely there permanently.
AMA Ethics Opinions
When physician sees content posted by colleagues that appears unprofessional, they have responsibility to bring that content to the attention of the individual so he or she can remove it or take other appropriate actions.
If individual fails to take appropriate action, physician should report matter to authorities.
Best Practices: HIPAA
• Understand federal and state patient confidentiality rules
• Update risk assessments• Put clear and understandable
policies in place• Promptly investigate
suspected violations• Make HIPAA compliance
a priority
3. Risk of Data Loss
With more and more of a shift to electronic information and communication, risk of data loss increases.
What happens if you lose patient data?
Increased Reliance on OthersWe rely heavily on many third-party providers for data
protection and integrity.
This comes with some serious risks that must be considered and accounted for.
Best Practices• Enter into strong contracts that
protect your data• Ensure you have immediate
recourse if data is interrupted• Ensure you have a back-up method
that is 100% within your control• Consider keeping alternate records
4. Risk Area - Employees
National Labor Relations Act - Section 8 (29 USC s. 158) prohibits an employer from interfering with, restraining or coercing employees in the exercise of Section 7 rights.
Risk Areas - Employees
Personal gripes not protected
Posts on working conditions are protected
Employer restrictions on contents of employee postsmay violate NLRA
Social Media Policies
Employer social media policies:
– An employer violates the NLRA through maintenance of a policy that “would reasonably tend to chill employees in the exercise of their Section 7 rights.”
May 30, 2012 NLRB General Counsel Report
Examples
General Motors had a policy on revealing “non-public information” and “friending co-workers”:
“Think carefully about ‘friending’ co-workers on external social media sites.”
Overbroad or acceptable?
Risk Areas - Employees
“Communications with co-workers on external social media sites that would be inappropriate in the workplace are also inappropriate online.”
Overbroad or acceptable?
Risk Areas - Employees
Policy language: “Report any unusual or inappropriate internal social media activity to the system administrator.”
Overbroad or acceptable?
Risk Areas - Employees
Policy language: “Employer’s Social Media Policy will be administered in compliance with applicable laws and regulations (including Section 7 of the National Labor Relations Act).”
Did this cure the ambiguities in GM’s overbroad rules?
More Examples
Walmart Social Media Policy:
Prohibits “inappropriate postings that may include discriminatory remarks, harassment and threats of violence or similar inappropriate or unlawful conduct.”
Overbroad or Acceptable?
Best Practices• A solid, lawful social media
policy is critical• Proper training and education
are key (on all levels)• Knowledge is power.• See attached example of social
media policy• One size does not fit all – see
your attorney
5. Risk Area - Malpractice Liability
• Increased risk if patients are doing DIY research
• Increased risk if patients video-taping or audio-recording appointments
• Increased documentation / discoverable evidence in lawsuits
Malpractice Liability
• Sometimes electronic/mobile communication is not as complete or professional
• However, it is still part of the medical record and can be discovered and used in any dispute
Best Practices
• Implement policies on what is acceptable during patient visits
• Training is key • Keeping detailed records is key• Understand that these
technologies may be implicated in and discoverable in litigation
Questions?
* Stock images used with permission from Microsoft, istockphoto.com and other sources
Contact UsBarbara J. Zabawa J.D., MPH, FACHEHealth Care Team LeaderPhone: 608-234-6075Email: [email protected]
Melinda S. GiftosIP/IT AttorneyPhone: 608-234-6076Email: [email protected]: @IntellectLawyerLinkedIn: /MadisonIPAttorney