NGA - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

NGA

Description:

NGA s HIPAA Webcast: Preparing for Complaint Driven Enforcement Ren e Popovits Popovits & Robinson 19065 Hickory Creek Drive, Suite 220 Mokena, IL 60448 – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 29
Provided by: Rene2152
Category:

less

Transcript and Presenter's Notes

Title: NGA


1
NGAs HIPAA WebcastPreparing for Complaint
Driven Enforcement
  • Renée Popovits
  • Popovits Robinson
  • 19065 Hickory Creek Drive, Suite 220
  • Mokena, IL 60448
  • rpopovits_at_popovitslaw.com

2
Complaint Driven Enforcement
  • The enforcement process will be primarily
    complaint-driven.
  • The process will be progressive, affording a
    covered entity against whom a complaint has been
    filed opportunities to demonstrate compliance or
    to develop a corrective action plan.
  • Covered entities have a BIG incentive to resolve
    patient complaints BEFORE it goes to OCR--think
    risk management!

3
Complaints to the DHS Secretary
  • 45 CFR 160.306 Persons have a right to file a
    complaint with DHS Secretary. Complaints must
  • 1. Be filed in writing, either on paper or
    electronically
  • 2. Name the entity that is the subject of the
    complaint and describe the acts or omissions
    believed to be in violation of the applicable
    requirements

4
Complaints to the Secretary
  • 3. A complaint must be filed within 180 days of
    when the complainant knew or should have known
    that the act or omission complained of occurred,
    unless this time limit is waived by the Secretary
    for good cause shown
  • 4. Additional procedures may be prescribed
  • 5. Individuals may also file complaints with the
    Covered Entity

5
Investigation of Complaints
  • The Secretary may investigate complaints.
    160.306(c). Such investigation may include a
    review of the pertinent policies, procedures, or
    practices of the covered entity and of the
    circumstances regarding any alleged acts or
    omissions concerning compliance.
  • Covered entities must have a process for persons
    to make complaints. CEs must document complaints
    received as well as disposition. 164.530(d)(1)
    and (2).

6
OCR Complaint Process
  • Informal review may resolve issue fully without
    formal investigation
  • Many complaints will be resolved at this stage
  • If not, begin investigation
  • Voluntary resolution yet possible
  • Technical Assistance
  • See Sections 160.310 and 160.312.

7
Penalties
  • Under HIPAA -- civil monetary penalties of not
    more than 100 for each violation, with a cap of
    25,000 per calendar year. (Much larger penalties
    are provided for disclosure of individually
    identifiable health information)
  • Criminal penalties for wrongful disclosures

8
Types of Complaints I May Encounter?
  1. PHI released outside the rule
  2. PHI disclosed and person is embarrassed or harmed
    by it
  3. Patient is granted access and doesnt like what
    the record says
  4. Patient not granted access to records
  5. Patient not granted an amendment
  6. Patient not given timely information
  7. Unrelated patient care complaints
  8. Patient just wants to complain!

9
Strategies for Complaints/Risk Management
  • Instill in staff a customer service attitude
  • (desire to resolve concerns so the patient does
    not complain to OCR)
  • Conduct patient satisfaction surveys
  • Develop solid policies to safeguard protected
    information
  • Conduct trainings to inform individuals as to the
    appropriate uses and disclosures of PHI
  • Reward compliance
  • Develop and enforce discipline and mitigation
    policies

10
Strategies for Complaints (contd)
  • Hire the right person to take complaints. A
    patient advocate, someone with good customer
    service skills. Handle complaints in a timely
    manner
  • Respond to complaints professionally with a high
    degree of empathy
  • Do not be afraid to take corrective action, even
    if you need to admit you were wrong
  • Address and resolve at a local and personal level
  • Train clinical staff on appropriate records
    documentation
  • Document any interventions or corrective actions
    that have occurred

11
What methods are States using to process
complaints?
  • Hotlines
  • Methods established by Federal Regulations and
    OCR
  • Privacy Officers
  • Client Rights Advocates or Officers
  • Mail
  • E-mail
  • On-line Forms

12
North Carolina
  • North Carolinas Department of Health and Human
    Services (DHHS) has an information and referral
    service located in their Office of Citizen
    Services known as their CARE-LINE.

13
North Carolina
  • The CARE-LINE is designated to receive and
    document complaints and concerns regarding the
    Departments privacy practices, policies, and
    procedures related to the protection of
    individually identifiable health information.
    CARE-LINE ensures that all privacy complaints are
    recorded accurately, and retained for a period of
    at least six years from either the date of
    creation or the date when it was last in effect.
    Any complaint not resolved by the hotline is
    forwarded to a DHHS Privacy Officer.

14
CARE-LINE Procedures
  • CARE-LINE staff respond immediately to privacy
    complaints that are general in nature and do not
    require additional research or privacy expertise.
    ALL FACTS ARE DOCUMENTED AS IS THE RESOLUTION in
    their information referral system.

15
CARE-LINE Procedures
  • What if the designated agency receives the
    complaint first?
  • The designated agency shall research and resolve
    the privacy complaint promptly, if possible.
    Documentation of the complaint and resolution
    shall be sent to CARE-LINE, ensuring no
    individually identifiable health information
    other than that provided by the individual is
    included. Documentation for routine issues shall
    be provided within 30 days.

16
CARE-LINE Procedures
  • CARE-LINE shall provide reports about privacy
    complaints to the DHHS Privacy Officer on a
    routine and ad hoc basis, as requested.
  • CARE-LINE can be accessed Monday-Friday 800 am
    to 500 pm (except holidays). You can also Fax,
    E-mail or send a letter to CARE-LINE.

17
CALIFORNIA
  • California developed a policy entitled Covered
    Entity Policy Procedure Reporting Compliance
    Concerns which delineates the procedures to be
    followed the handling of Privacy Complaints under
    HIPAA. Reports can be made in four ways.

18
CALIFORNIA
  • 1. Verbal report by a named individual, in person
    or by telephone, made to the Privacy Officer.
  • 2. Written report by a named individual, by use
    of the Confidential Report of Concern, submitted
    to the Privacy Officer.
  • 3. Anonymous telephone report by an unidentified
    individual made to the Privacy Officer or to the
    organizations anonymous reporting system.
  • 4. Anonymous written report by an unidentified
    individual submitted in one of the following
    ways
  • - Mailing a completed Confidential Report of
    Concern to the Privacy Officer at the
    organizations address
  • Depositing a completed Confidential Report of
    Concern in one of the organizations suggestion
    boxes.

19
CALIFORNIA
  • The Privacy Officer investigates each report of
    concern. The findings of an investigation
    prompted by a report of concern will be recorded
    on the Compliance Report Investigation Form
    within five working days of the report.

20
MICHIGAN
  • The Michigan Department of Community Health has
    posted their Privacy Notice on-line at
    http//www.michigan.gov/mdch.
  • In their policy, they offer the option of writing
    to the Office of Civil Rights to file a complaint
    or you can file a complaint directly with Denise
    Chrysler, their Privacy Officer.

21
NEW YORK
  • Mario Tedesco, the HIPAA Project Manager for New
    Yorks Department of Health stated that a
    phone-in Help Line will be posted to handle HIPAA
    Privacy Complaints shortly before the deadline.

22
ILLINOIS
  • Illinois Department of Human Services requests
    that patient complaints be filed on the local
    level through their local offices
  • There are other Illinois State Departments that
    are covered entities and each will have their own
    complaint processes--there is not a state-wide
    system for complaints.

23
Georgetown Project
  • On April 8, 2003 the Health Privacy Project (HPP)
    announced the launch of its HIPAA privacy
    complaint monitoring initiative.
  • Initiative will monitor the oversight and
    enforcement of the HIPAA privacy rule by OCR to
    ensure that patients' privacy rights are enforced
    effectively.

24
Georgetown Project
  • HPP will track the number and types of complaints
    and will monitor how effectively the Office of
    Civil Rights investigates and resolves them.
  • More information on this initiative can be found
    on-line at the following URL
  • http//www.healthprivacy.org.
  • Model complaint form can be found at the
    following link http//www.healthprivacy.org/usr_d
    oc/Final_Complaint_Form.pdf

25
Resources
  • The Federal Register
  • http//www.archives.gov/federal_register/index.htm
    l
  • HHS/Office of Civil Rights
  • http//www.hhs.gov/ocr/hipaa/whatsnew.html

26
What to do if a Privacy Complaint draws Media
attention
  • The Ten Commandments of Winning with the News
    Media by Clarence Jones.
  • 1. Be Open and Cooperative- Never Lie!
  • 2. Personalize- Americans have a negative
    mindset for almost anything that smacks of
    bigness and bureaucracy. Let them get to know
    someoneshow them the real people of your
    organization

27
What to do if a Privacy Complaint draws Media
attention
  • 3. Develop Media Contacts.The better your
    relationships with the media the better the
    coverage you will get.
  • 4. Take Good Stories- Find positive stories for
    the media to hear.
  • 5. Respond Quickly
  • 6. Never say No Comment.
  • 7. Its OK to say I dont know.

28
What to do if a Privacy Complaint draws Media
attention
  • 8. Confess and Repent
  • 9. Use the Big Dump- If you have bad news, give
    it all at once, dont offer a little at a time.
  • 10. Always Prepare, Prepare, Prepare!
Write a Comment
User Comments (0)
About PowerShow.com