April 23, 2014
3800 VerMaas Place, Suite 200
Lincoln, NE 68502 (map)
Phone: 402.475.7011
Toll Free: 800.714.3439

QAPI, Not Penalties to Reduce Adverse Events in Skilled Nursing Facilities

   In a report released by the Health and Human Services Office of the Inspector General (OIG), more than one in five Medicare beneficiaries receiving skilled care after a hospitalization experiences an adverse event.  The study defined an adverse event as harm that resulted in a longer stay in the skilled nursing facility or transfer to a hospital, permanent harm life-sustaining intervention, or death.  These adverse events are preventable and the resulting care and hospitalizations cost Medicare an estimated $2.8 billion in 2011, the year the study was conducted.

   The OIG stated that this study confirmed the need and opportunity for skilled nursing facilities to reduce the number of adverse events to residents and recommends that CMS direct the state surveyors to review facility practices for identifying and reducing adverse events.  When asked how they intended to deal with these adverse events, the CMS stated they did not want to approach the matter using harsher penalties and that survey citations won’t be the primary way for dealing with these incidents.  Rather, they want to focus on helping nursing care providers in setting up quality improvements specifically through the use of QAPI.

   The OIG recommended that CMS work on developing lists of preventable events to help skilled nursing facility’s staff understanding, include preventable events on the QAPI systems and to encourage facilities to report adverse events to safety organizations.  The OIG also recommended that CMS tell state surveyors to include an assessment of adverse event identification and reduction in their QAPI compliance and to link related deficiencies to their resident safety practices.  CMS did say that they are working to include guidance for surveyors on how to evaluate nursing facilities efforts to identify and reduce adverse events in their QAPI requirements.

   CMS still has not stated when QAPI will formally roll out. 

LB 854 Passes

On March 24, 2014, the Nebraska Legislature passed LB854.  The bill recognizes that there is a need for sufficient planning and input from stakeholders, including service providers and consumers, in order to establish an effective managed care system for Medicaid recipients.  In order to protect the state’s most vulnerable citizens, LB854 states that the Nebraska Department of Health and Human Services “shall not release a request for proposals relating to procurement of managed care for long-term care services and support prior to September 1, 2015.”

New CDC Website Provides Tools to Fight Infections

The Centers for Disease Control and Prevention (CDC) has started a new website to help long term care providers gain access to information and resources to help in the prevention of infections in nursing home residents.  The site provides information to clinical staff, infection control coordinators and residents.

The CDC estimates that there are 1 to 3 million serious infections occurring each year in the long term care setting.  The site will provide information on hand hygiene, antibiotic management and dialysis safety.  Long term care providers will also have access to the CDC’s infection tracking system and to resources that the CDC has developed in partnership with the Advancing Excellence in America’s Nursing Homes Campaign (AE).  The two share a common goal in preventing c. difficile infections in nursing home residents.

The new website will promote AE’s resources on infection control in hopes it will extend AE’s campaign along with providing additional tools in the fight against infections.  The new website can be accessed http://www.cdc.gov/longtermcare/


2014 Health Care Legislation Introduced

The Nebraska Legislature began its 2014 session on January 8th and over the first ten days of the session Senators introduced several pieces of legislation which could potentially impact nursing home facilities throughout Nebraska.

Senators Steve Lathrop and Les Seiler have proposed amendments to the Nebraska Hospital-Medical Liability Act to increase the amount recoverable from a health care provider for any injury or death of a patient.  Sen. Lathrop introduced LB 862 and proposed to increase the limit to $2.5 million.  Sen. Seiler proposed LB 893 which would increase the limit to $2 million.  Currently the amount someone could recover under the Hospital-Medical Liability Act is $1.75 million which was set in 2004.

Senator Kathy Campbell introduced LB 887 which would adopt the Wellness in Nebraska Act.  The proposed legislation would expand health coverage to individuals who are newly eligible for medical assistance.  It would allow those newly eligible individuals who do not have access to employer sponsored insurance but are not at the federal poverty level and do not have an exceptional medical condition to enroll in a qualified health plan.  The bill would also require that any private managed care organizations that provide “WIN Medicaid” coverage to ensure the newly eligible individuals have access.

Senator Colby Coash introduced LB 920 which would adopt the Public Guardianship Act.  This bill would create an Office of Public Guardian to provide individuals too incapacitated persons when no private guardian or conservator is available.  The public guardian will have the power to hire a deputy guardian and up to twelve associate public guardians.  The proposed legislation puts a limit of an average of 40 individuals for each associate public guardian.

LB 1072, introduced by Sen. Lathrop, would set up a board to maintain a prescription monitoring program with regards to dispensing controlled substances and other drugs identified as a potential for abuse.  The program will provide real time access to prescriptions information generated by dispensers and prescribers regarding a controlled substance.  The patient may not opt out of having the information shared through the program, but the information in the program is not subject to public disclosure unless requested by a subpoena.

These proposed legislative bills have not been adopted and will be discussed and analyzed throughout the 2014 session.

New Healthcare Laws Take Effect

On September 6, 2013, most of the laws the Nebraska State Legislature passed during the 2013 legislative sessions became effective.  Among those bills were LB 459 and LB 326.  In order to prevent several communicable diseases, LB 459 requires acute hospitals, immediate care facilities, nursing facilities and skilled nursing facilities to offer on-site vaccinations of diphtheria, tetanus, and pertussis prior to a patient or resident’s discharge.  LB 459 does not require facilities to pay for the cost of the vaccinations; it can be passed onto the resident.

Legislative Bill 326 amended the Automated Medication Systems Act to allow long-term care facilities to register and operate automated medication systems which will be licensed as a separate pharmacy.  In order for a nursing home to have an automated medication system, a pharmacist in charge of a licensed pharmacy must annually license the automated medication system.  It is the responsibility of the pharmacist to ensure that the automated medication system complies with Federal Drug Enforcement Administration and State Law.  The long-term care facility must comply with the policy and procedures that the pharmacist puts in place.  If a long-term care facility has an automated medication system the residents are not forced to receive their prescriptions from the automated pharmacy, they still have the choice to choose their pharmacy.

Model HIPAA Privacy Notices Now Available

   The Office for Civil Rights (OCR) and the Office of the National Coordinator (ONC) for Health Information Technology teamed up to develop 3 models for Notice of Privacy Practices for health care providers to utilize to communicate with their residents maintain HIPAA compliance.

   HIPAA gives residents the fundamental right to know what a health care providers privacy practices are and to be informed of just what their privacy rights are when it comes to their personal health information.  Because of this health care providers are required to develop and distribute a Notice of Privacy Practices.  The Notice must describe how the provider ensures that the residents privacy is protected and their rights under HIPAA.  The Notice has to be made available to anyone who asks to see it and it must be prominently posted on any website maintained by the health care provider.

   OCR and ONC developed the three models after receiving feedback from many entities asking for guidance on how to develop a notice that their residents and patients can understand.  The models also reflect recent HIPAA regulatory changes in the Omnibus Rule.  The options are:

  •        Notice in the form of a booklet;
  •     A layered notice with a summary of the information on the first page and then the full content on the following pages;
  •       A notice with the design elements in the booklet but in a full page presentation;
  •       A text only version of the notice.

The models are fully customizable so that the health care provider can enter their own information into the model.  Instructions for what information is to be included are also provided. 

Links to the models may be found at:  http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html

New Requirements for Contracts Between Hospice Providers and Nursing Facilities

   On August 26, 2013, 42 CFR 483.75(t) will go into effect and place new requirements for contracts between hospice providers and nursing facilities.

    Often times the provisions regulating the services a nursing facility must provide and the services a hospice provider must provide do not overlap or conflict. There is only problem when a nursing home resident elects to receive services from a hospice provider. Then there is usually some overlap between the services provided by the nursing facility and the services provided by hospice. The Centers for Medicare and Medicaid Services (CMS) issued a ruling in late June that addressed this issue.

    The ruling requires that when nursing facilities contract with hospice providers, the contract must be in writing and specifically detail the roles and responsibility of each entity. This is to ensure that the resident is receiving all necessary services, but not receiving any duplicate or conflicting services.  This will establish better quality and consistency of care for the residents. Also, the contract will have to lay out communication and coordination processes to ensure that each group is maintaining their end. The new rule did establish that the nursing home facility’s interdisciplinary team will act as the point of contact for the hospice care.

   CMS expects these changes to have an initial impact of $437 per facility and then $232 after it is implemented. CMS did not determine this to be a significant impact.

Employer Mandate of Affordable Care Act Delayed

   The date requiring employers to supply health insurance to its employees under the Affordable Care Act has been delayed until 2015. Originally, the provision was set to begin in January 2014, but in July President Obama’s administration decided to push back the start date another year. Under the Affordable Care Act, employers who employ 50 or more full-time employees are required to supply health insurance to their employees or face a penalty of $2,000 per full-time employee that was not covered by health insurance.

   This delay gives employers extra time to start planning and implementing the program in order to avoid being fined. The added time should be used to ensure that the insurance policy the facility is going to use meets all the guidelines of the ACA. Nursing homes should take advantage of this delay not put off the implementation until the last minute, and carry on as if the implementation was still 2014. The delay also gives employers the chance to be fully prepared for the transition in 2015 as they can practice voluntary reporting for one year.


Mail Scam Targets Local Businesses

An entity calling itself “Corporate Records Service” using an address in Lincoln, NE, has mailed official-looking letters to Lincoln, NE businesses requesting $125 in fees along with a completed statement of corporate information. 

Please be advised Corporate Records Service is being investigated on scamming charges in numerous states.  These letters are not what they seem to be and should be ignored. 

If you have any questions, you are welcome to call us for further information. 

HIPAA Omnibus Final Rule Goes Into Effect

The HIPAA Omnibus Final Rule went into effect on March 26, 2013 and full compliance is expected by September 23, 2013.  The amended rule expands the accountability of business associates, and requires business associates to assume responsibility for keeping data safe and secure.  After March 26, if a breach occurs for which a business associate is responsible, the business associate must pay the cost of breach remediation.  Further, similar to covered entities, business associates are responsible for assessing risk when a breach occurs and reporting the breach.

In order to assist business associates and covered entities with HIPAA compliance, the new rule provides four factors that business associates and covered entities must evaluate to determine if a breach has occurred.  Under the HIPAA Omnibus Final Rule, risk assessments focus on the risk that Protected Health Information (PHI) has been compromised as opposed to an evaluation of harm to a particular individual resulting from a breach.

The rule includes four factors to consider when a breach occurs to determine if PHI has been compromised and to what level reporting of the breach must be made.  The Journal of AHIMA outlined the four factors, which include:

·         The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification.

·         The unauthorized person who used the protected health information or to whom the disclosure was made.

·         Whether the protected health information was actually acquired or viewed.

·         The extent to which the risk to the protected health information has been mitigated; for example, was the breached information received via facsimile and then destroyed or actually used and/or shared?

In addition to the four risk assessment factors, 19 unique identifiers must be reported with each risk assessment.  According to the Journal of AHIMA, the unique identifiers include:

·         Name

·         All geographic subdivisions smaller than a state

·         For dates directly related to the individual, all elements of dates, except year (i.e., date of birth, admission date, discharge date, date of death)

·         All ages over 89 or dates indicating such an age

·         Telephone number

·         Fax number

·         Email address

·         Social Security number

·         Medical Record number

·         Health Plan number

·         Account numbers

·         Certificate or license numbers

·         Vehicle identification numbers, including license plate numbers

·         Device identification/serial numbers

·         Universal Resource Locators

·         Internet Protocol addresses

·         Biometric Identifiers

·         Full face photographs and comparable images

·         Any other unique identifying number, characteristic, or code

Facilities should begin considering these more objective factors when conducting risk assessments to determine if PHI has been compromised and breach notification is necessary.  In order to ensure compliance with HIPAA guidelines, the four risk factors and 19 unique identifiers should be considered and reported with each potential breach.

Client Testimonial:

Jeanelle Lust offered expert guidance and provided clear direction as to how to handle my legal issue. The legal matter was handled professionally and to my satisfaction. She has definitely brought the term "legal counselor" back into the law arena.