Details on Section 1135 waivers and “flexibility” may be downloaded at https://www.cms.gov/About-CMS/Agency-Information/Emergency/downloads/MedicareFFS-EmergencyQsAs1135Waiver.pdf and https://www.cms.gov/About-CMS/Agency-Information/Emergency/
With the largest EMTALA fine (civil monetary penalty) in the history of the 1986 law, the Office of Inspector General (OIG) has fired what appears to be a massive warning shot across the bow of hospital emergency departments across the country. On June 23, 2017, AnMed Health in Anderson, S.C. entered into a $1,295,000 settlement agreement with OIG to settle allegations of multiple EMTALA violations arising from boarding psychiatric patients in the emergency department while there were empty beds in the hospital psychiatric unit.
Over the history of EMTALA enforcement, typical fines have run less than $100,000 and the largest prior fine of which the Publisher is aware was less than a third of the recent settlement.
Prepare for EMTALA enforcement assault:
“This settlement signals a new level of EMTALA enforcement is here. The increased level of fines, and an anticipated increase in complaints from patients and their advocates, means that the government will be motivated to come after hospitals more frequently,” according to Mark Kadzielski, a nationally recognized health law and EMTALA expert.
“This settlement highlights the vulnerabilities of hospitals that are not well-equipped to handle psychiatric patients. Warehousing mental health patients and not transferring them for a significant time period presents serious issues. Not admitting such patients at facilities where appropriate inpatient services are actually available is a clear violation. Hospital ERs must revaluate all of their policies in light of this settlement,” Kadzielski said.
Bringing the big guns on target
Kadzielski’s point about forcing hospitals to re-evaluate their mental health practices is re-enforced by the fact that OIG obviously handled this as a case of high importance both by the massive fine they chose to assess in this case and by the fact they assigned their top veteran EMTALA attorney, Sandra Sands, to oversee the case personally.
In addition, the apparently serious nature of the case may have presented the OIG with an ideal set of circumstances to make a highly visible point.
According to the OIG press release, AnMed was cited for 36 incidents where patients with unstable psychiatric conditions presented to the AnMed emergency department. OIG alleges that instead of being examined and treated by an on-call psychiatrist, and even though there were open beds in the hospital psychiatric unit, AnMed physicians issued involuntary commitments on the patients and kept them in the hospital Emergency Department for a period ranging from 6 to 36 days.
The practice of “boarding” patients in the emergency department has generally been criticized by CMS, but is still relatively common for psychiatric patients, nationwide. The practice has become more prevalent as state and private hospital psychiatric beds have steadily declined, and it has become more difficult to locate available beds to transfer psychiatric patients for facilities that do not have psychiatric capabilities. Joint Commission standards also tend to be critical of boarding practices as a problem in patient flow that can result in heightened risk for patients and inefficiencies for staff. Joint Commission defines boarding as holding patients in the ED for more than 4 hours awaiting admission or transfer.
Mental Health is a lingering problem
This case is not the first occasion OIG has had to be aware of the difficult problem that evaporating mental health capabilities pose for EMTALA compliance. In 2005, a Technical Advisory Group (TAG) was detailed by Congress to advise CMS on controversial issues arising from EMTALA. Among those issues were agenda items to determine medical screening standards for psychiatric presentations and the possible development of protocols. When the TAG authorization expired in 2007, no mental health recommendations emerged, and one member of the mental health group commented: “We could not even agree on a chairman.”
The changing threat
The OIG foray into the issue threatens significant changes for hospitals on the mental health issue.
We had a patient in our ER this evening who presented with dehiscence of a ventral hernia repair which was done at another facility several days ago. Patient and his family were adamant they did not want to return to that facility. The ER physicians called all the surgeons of our facility in an attempt to help this patient and all referred this patient back to the surgeon who did the original surgery. They even attempted to contact another facility who also referred him back to the original facility.
My question: I know we like to refer surgical cases back to the original surgeon, however, if we can perform the surgery here, and the patient does not wish to return to that surgeon, are we not obligated under EMTALA to provide those services?
ANSWER: You are correct. The fact that the patient is presenting with complications of prior surgery performed elsewhere is irrelevant under EMTALA. Your facility is required to render stabilizing care to patients who present at your facility. The only two exceptions would be if your facility lacked the capability to perform the necessary care which would require you to make an appropriate transfer, or if the patient requested transfer back to the original hospital and that hospital accepted the patient in transfer.
A secondary issue might be to question the refusal of transfer from the third hospital. In this case, since your facility could not declare this an EMTALA transfer because you had the capacity to render care and transfer would not be permitted by EMTALA, this was probably one of the few cases where the third hospital could refuse the transfer request without EMTALA compliance concerns.
In 2016 OCR issued new guidance setting out standards for patient access to records as a high priority for HIPAA COMPLIANCE. The guidance can be found at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
In response to the new guidance and to aid covered entities to comply with the guidance, the American Health Information Management Association (AHIMA) released its final version of a Model Form this week. The model form is specifically aimed at documenting proper patient access to their own files and is not intended to serve as a tool for release of information to third parties. Full instructions accompany the Model Form.
You may download the form at https://engage.ahima.org/viewdocument/patient-request-model-form
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) civil money penalty against Children’s Medical Center of Dallas (Children’s) based on its impermissible disclosure of unsecured electronic protected health information (ePHI) and non-compliance over many years with multiple standards of the HIPAA Security Rule. OCR issued a Notice of Proposed Determination in accordance with 45 CFR 160.420, which included instruction for how Children’s could file a request for a hearing. Children’s did not request a hearing. Accordingly, OCR issued a Notice of Final Determination and Children have paid the full civil money penalty of $3.2 million. Children’s is a pediatric hospital in Dallas, Texas, and is part of Children’s Health, the seventh largest pediatric health care provider in the nation.
On January 18, 2010, Children’s filed a breach report with OCR indicating the loss of an unencrypted, non-password protected BlackBerry device at the Dallas/Fort Worth International Airport on November 19, 2009. The device contained the ePHI of approximately 3,800 individuals. On July 5, 2013, Children’s filed a separate HIPAA Breach Notification Report with OCR, reporting the theft of an unencrypted laptop from its premises sometime between April 4 and April 9, 2013. Children’s reported the device contained the ePHI of 2,462 individuals. Although Children’s implemented some physical safeguards to the laptop storage area (e.g., badge access and a security camera at one of the entrances), it also provided access to the area to workforce not authorized to access ePHI.
OCR’s investigation revealed Children’s noncompliance with HIPAA Rules, specifically, a failure to implement risk management plans, contrary to prior external recommendations to do so, and a failure to deploy encryption or an equivalent alternative measure on all of its laptops, work stations, mobile devices and removable storage media until April 9, 2013. Despite Children’s knowledge about the risk of maintaining unencrypted ePHI on its devices as far back as 2007, Children’s issued unencrypted BlackBerry devices to nurses and allowed its workforce members to continue using unencrypted laptops and other mobile devices until 2013.
The Notice of Proposed Determination and Notice of Final Determination may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/Childrens
COMMENT: Way too many organizations allow employees and medical staff members to have protected health information on portable devices without good cause. Most of those are still unencrypted — especially private devices of physicians.
Illinois’ Presence Health Network found out in a big way in a December 29, 2016 settlement with the HIPAA enforcement unit of Office of Civil Rights for the sun of $475,000. While the settlement does not admit wrong-doing, the settlement agreement released by OCR states the grounds are allegations of a delay in breach notifications to affected patients, media, and OCR.
OCR indicates that the first alleged violation involved a October 22, 2013 incident in which paper-based operating room schedules containing PHI of 836 went missing from the Surgery Center at Presence St. Joseph Medical Center. The incident was not reported to OCR until January 31, 2014 (101 days) due to “miscommunications between its workforce members.” In this incident, OCR recites that notice was not given to affected individuals until February 3, 2014 (104 days) while the Breach Notification Rule requires notification no later than 60 calendar days after discovery. Required notification to media was reportedly not made until February 5, 2014 (106 days). Media notification is required to be made in breaches involving more than 500 individuals “without unreasonable delay” and no later than 60 calendar days of breach discovery. Each day of delay for notification under the rules constitutes a separate violation for each requirement.
OCR reported that during the investigation of the original incident, it reviewed breach reports for the system reported in 2015 and 2016 annual reporting for breaches of fewer than 500 individuals. While apparently reported to OCR in a timely manner in their annual reports, OCR discovered several incidents did not result in timely notification to individuals whose PHI was compromised.
In addition to the fine, Presence entered into a Corrective Action Plan that includes revisions within 60 days, and OCR approval, to policies and procedures that clearly delineates individual roles and responsibilities for:
In addition, Presence is to establish sanctions (disciplinary rules and penalties) against workforce members who fail to comply with policies and procedures implementing the Breach Notification Rule. New employees are to be trained on the policies and procedures within 30 days of commencing service. All employees are to be trained within 60 days of OCR approving training materials. Annual retraining is also required. Compliance reporting is also required by the agreement.
Reminder – EMTALA reality: Since the dawn of EMTALA I have been telling people that one of the biggest compliance problems with the law is that nobody reads the definitions. Later when the regulations and site review guidelines (State Operations Manual) came out, the second big set of “definitions” were included in the law through the interpretations and guidelines that the regulators put out. Since then, revisions to the site review guidelines have modified or expanded on those definitions. Over the past few weeks questions have been coming to me fast and furiously about walk-in, urgent care clinics, “fast track” and free-standing ED’s under EMTALA.
Today I received notification of a court ruling centering on these types of delivery models and EMTALA in Friedrich v. South County Hosp. Healthcare, C.A. No. 14-353 S. The case centered on whether or not an Urgent Care that was owned and operated by a hospital was required to comply with EMTALA. The court’s answer in a ruling on a motion by the hospital to dismiss the case was that EMTALA does apply.
What you call things matters:
In this case, the plaintiff alleges that they were going to the hospital for chest pain and pulled into a facility with an Urgent Care sign. The Plaintiff alleges that they failed to provide care required by EMTALA. The hospital defended that an Urgent Care is not an emergency department and not, therefore, covered by EMTALA. They also argued that their website explained that they did not handle emergencies.
The court, however, followed the CMS regulations and site review guidelines definition of a “designated emergency department (DED).” Under the site review guidelines, CMS clearly warns that hospital owned Urgent Care departments are almost always “designated emergency departments” because they are held out as appropriate to treat “urgent” conditions – and to the public the word urgent and emergency are virtually synonymous. The court opinion went on to find that someone driving by with a medical concern is not likely to stop to visit the website.
So what are the technicalities?
1. Is it a hospital-owned service – is it billing under the hospital provider number? (Note: Rural Health Clinics are typically operating under a separate provider number.)– and
2. Is it held out to the public as an appropriate place to bring emergencies through name, signage, or advertising? — OR —
3. Does it see 1/3rd or more of its patients on an unscheduled basis for conditions similar to those typically seen in the emergency department? (Guidance and comments from CMS indicates that it does not count immunization campaigns, routine school or similar physicals, or forensic tests such as routine pre-employment blood tests.)
A hospital owned Urgent Care would typically be considered a DED for EMTALA purposes. (COMMENT: Just for the record, I wish CMS would think about their names and abbreviations for things – DED sounds a lot like “dead” and that is not even humorous when discussing an emergency department.) A free-standing urgent care that is owned by a physician group would be billing under a different provider number than the hospital and would NOT typically be considered to be regulated under EMTALA – unless the advertising or signage is done under the hospital name without disclosing the separate ownership, which could complicate things considerably.
A hospital-owned “convenient care” or “immediate care” or some other name (but NOT Urgent Care) would be generally looked at in terms of the 1/3rd walk-in patient standard to determine whether it fell under the DED standards. A note of caution here — CMS draws its own sample in its own way to determine whether or not the 1/3rd threshold has been reached or not. Again, a clinic owned by a physician group would be billing under a separate provider number from the hospital and would generally not be subject to EMTALA.
A hospital “fast track” associated with an Emergency Department is typically viewed by CMS as an extension of the ED and any patients triaged to Fast Track or diverted to sign in at Fast Track are also typically viewed as ED patients for EMTALA compliance purposes. Allowing patients to “self-select” ED or clinic at registration or triage has resulted in citations.
The concept of “freestanding emergency departments” also raises similar issues. A hospital-owned Freestanding ED (FED) would be typically held to the exact same standard as the main ED for EMTALA compliance. Privately owned FEDs would not typically be held to EMTALA, but many state licensing laws impose standards similar to EMTALA that are enforced by the State rather than CMS. Deceptive signage or advertising linking a FED to a hospital might trigger CMS claims of EMTALA jurisdiction.
CAUTION: Various other structures or care delivery modes may run afoul of CMS EMTALA standards based on the individual details of the incident or complaint.
Hospitals trying to evade EMTALA
Many of the new service clinic models have arisen because hospitals are seeking to evade the EMTALA financial and scope of care rules for better profit margins. Strict attention to the definitions is critical to this being successful. I have, for instance, been hired by hospitals to unwind the EMTALA issues caused by not considering the definitions when setting up these clinics. Fortunately, today more folks are asking for help before committing to names, advertising, and staff hiring.
Examples of the more common approaches to working around the EMTALA exposures include “same day appointment” clinics and limiting walk-in hours to stay below the 1/3rd unscheduled presentations threshold. Again, CMS reaches compliance decisions on the individual details of the situation.
CMS has posted resources to help you comply with the right wording and languages.
A sample of the required sign template is available at Sample Notice English PDF. The notice must be posted or published on your website, and include it in significant communications targeted to potential beneficiaries of services and the public. Smaller publications must include a basic notice SMALL NOTICE SAMPLE PDF
Taglines are required in each of the top 2 foreign languages in your state. A list of those language rankings by state is available at TOP LANGUAGES LIST PDF. Approved tagline samples are available at TAG LINE TRANSLATIONS
These notifications are in addition to all of the other mandatory signs for federal, state and local requirements.
Be aware that hospitals and medical offices are seeing an increase in civil rights type claims for disabilities and other language based discrimination, including services for the deaf. Review your insurance coverage with your agent, as many policies exclude civil rights claims from coverage.