Several times in the past few of years, I have mentioned that I am the primary caregiver for my almost 93 year old mother. Last week, she took a fall that has left her in terrible pain and needing a great deal more assistance.
In addition to getting help from others, I am trying to implement some of the suggestions that I have read about. While resources are available, many of us do not find them in time to be of real assistance to us.
One decision I have made is that it is time to set priorities and to follow through on them. I will be going to the medical equipment store today to look at hospital beds. On Thursday, we will get an order from the doctor for home health care assistance. Hopefully, on Friday I will be able to get input about sitters and the like.
In the meantime, I will need to put this blog on hiatus. If I can get some of my co-workers to do a post, there will be something here. If I get inspired and have some found time, I will do a post. Otherwise, I will leave you until things quiet down on the home front.
Thanks for reading. Hope to talk to you again soon.
I know you thought that all your HIPAA policies and procedures were in place and that you were finished with learning about how this law affects you. I am sorry to say that you were wrong.
The HIPAA Omnibus Rule has finally been released. According to FierceHealthIT, HHS released the Omnibus Rule to simplify compliance actions that must be taken by affected entities.
The four rules that combine to create the omnibus final rule include:
- Modifications to the HIPAA Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health Act, and certain other modifications to improve the rules, which were issued as a proposed rule on July 14, 2010.
- Changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act, originally published as an interim final rule on Oct. 30, 2009.
- A final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule’s “harm” threshold with a more objective standard and supplants an interim final rule published on Aug. 24, 2009.
- A final rule modifying the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes, which was published as a proposed rule on Oct. 7, 2009.
Read more: HHS unveils final HIPAA omnibus rule - FierceHealthIThttp://www.fiercehealthit.com/story/hhs-unveils-final-hipaa-omnibus-rule/2013-01-17#ixzz2JZe5a824
Ascertaining the impact of this Omnibus rule could be a while in the making, but HIPAA commentators have begun their assessments. I will be attending a webinar hosted by IDExperts on February 6 in an attempt to start to understand just what has been changed and to try to get an idea about how that affects us and our customers.
On January 30, FierceHealthIT indicated that providers must attend to at least four areas:
Monetary penalties aside, four areas of the rule that will have a significant impact on providers are:
- A change that makes business associates and their subcontractors liable for breaches of personal health information
- An enhanced right for patients to obtain electronic copies of their records
- An enhanced right for individuals to request restrictions regarding disclosure of their PHI
- A change to the breach notification rule in which any disclosure of PHI is presumed to be a breach
Read more: Handling HIPAA: 4 new provisions providers must know - FierceHealthIT http://www.fiercehealthit.com/special-reports/handling-hipaa-4-new-provisions-providers-must-know#ixzz2JZmdjFI7
That fourth area, the breach notification rule, is one that could affect anyone who handles PHI. Any disclosure of PHI is presumed to be a breach.
When the Interim Final Rule was released in 2009, the notion of assessing whether any significant “harm” had occurred to those whose data had been lost or viewed inappropriately was introduced. David Harlow, author of HealthBlawg discussed the current change in FierceHealthIT. The bottom line for Mr. Harlow is this:
… the default assumption is that any irregular release of PHI is a breach, with no subjective standard of harm getting in the way. The covered entity or business associate unfortunate enough to have suffered this breach may either (a) immediately acknowledge that it is, in fact, a breach, and rev up the notification machinery (notice to data subjects, the federales–possibly for posting on the Wall of Shame–and the press, as appropriate, based on the size of the breach) or (b) decide that a risk assessment is necessary, and begin its assessment of at least the four factors highlighted in the regulation.
Read more: Uncertainties surround new HIPAA breach notification rule – FierceHealthIThttp://www.fiercehealthit.com/story/guest-commentary-uncertainties-surround-new-hipaa-breach-notification-rule/2013-01-29#ixzz2JZiJrwSa
What impact will this have on you and your organization? If you allow PHI to be released contrary to your policies and to the law, how will you proceed? Do you know? Who is your Privacy Officer? Do they know?
Time to wake up the HIPAA education machinery again! …or for the first time if you do not have such machinery in place.
Last week when I wrote about violence in our lives, I mentioned my concern that the immediate focus after mass shootings is so often the mental health of the shooter. I also mentioned that the mentally ill are no more likely than the public at large to commit acts of violence.
This morning, my partner Seth mentioned his concern that the focus on the possible mental health issues of individuals who want to own and carry guns potentially presents a whole raft of HIPAA concerns. After all, how do we define mental illness? And who has a right to know what diagnoses have been applied to which people? How do background checks access this information?
Also this morning, a feminist therapist friend shared a link that I had to pass on to you. The speech to which this link will direct you is written by Paula J. Caplan, Ph.D. Dr. Caplan is an articulate and often entertaining psychologist who frequently points her sharp and well-focused eye on the inequities of our culture. She too has concern about how we utilize the issue of so-called mental illness to divert ourselves from the issues of violence in our culture.
Please take a look at her speech on stopping gun violence given yesterday. I would love to hear your comments.
Several ideas have been swirling around in my head for this week’s blog post. The one that emerged today wins, hands down. I am a believer in Carl G. Jung’s concept of synchronicity. When three or four separate but related items come across my desk or inbox at one time, I believe they are connected in some fashion and should be addressed.
This morning I received an email from the Office of Civil Rights listserv on HIPAA Privacy and Security. It contained a link and reference to a letter of clarification written by Leon Rodriguez, Director of OCR.
In light of recent tragic and horrific events in our nation, including the mass shootings in Newtown, CT, and Aurora, CO, I wanted to take this opportunity to ensure that you are aware that the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule does not prevent your ability to disclose necessary information about a patient to law enforcement, family members of the patient, or other persons, when you believe the patient presents a serious danger to himself or other people.
The HIPAA Privacy Rule protects the privacy of patients’ health information but is balanced to ensure that appropriate uses and disclosures of the information still may be made when necessary to treat a patient, to protect the nation’s public health, and for other critical purposes, such as when a provider seeks to warn or report that persons may be at risk of harm because of a patient. When a health care provider believes in good faith that such a warning is necessary to prevent or lessen a serious and imminent threat to the health or safety of the patient or others, the Privacy Rule allows the provider, consistent with applicable law and standards of ethical conduct, to alert those persons whom the provider believes are reasonably able to prevent or lessen the threat.
Given all the discussion about mental health interventions related to the perpetrators of the recent violence, Director Rodriguez clearly felt it was necessary to remind healthcare providers of all stripes that the law does not prevent them from involving the authorities when they believe an individual is potentially dangerous.
I was educated in the Tarasoff era. It was controversial, but clear, that mental health providers have a clear duty to protect the intended victim of a violent action to be committed by one of their patients. That protection may well include the duty to warn the potential victim. Given the occurrence of mass killings in recent years, it is easy to wonder if we all ought to behave as if we have at least a moral responsibility to notice and to notify the authorities about the potentially dangerous behavior of others.
As a former mental health provider, I worry about the tendency of our country to blame violent behavior on mental illness. As research in the area indicates, the relationships among mental illness, drug abuse and violent behavior are complicated, at best. Social factors such as ‘poverty, family history, personal adversity, and stress’ also feed into this complex equation.
On January 15, 2013, President Obama presented proposals to control the sale of certain kinds of guns and the ammunition they use. He also proposed a whole raft of other actions that will hopefully make our awareness and ability to intervene before violence occurs an easier job.
The knee jerk reaction of the NRA and other defenders of the ‘right to bear arms’ has been loud, and people seem to quickly line up in one camp or the other. That is why I was so struck by the post of a Friend of a Friend on Facebook that I shared his statement on our SOS page. You may not be able to get to it unless you are a registered user of Facebook, but if you are, please take a look. This is a well thought out, rational, and personal reaction to some of the responses to the President’s proposals.
One of those proposals is that teachers and others who interact with young people need to learn more about the mental health issues that might help them identify youngsters who are in need of assistance. Linda Rosenberg, President and CEO of The National Council for Community Behavioral Health shared her take on President Obama’s proposals.
As part of his recommendations to protect our communities from gun violence, President Obama today rightly called for Mental Health First Aid training to help teachers and staff recognize the signs of mental health disorders in young people and find them appropriate care.
The youth version of Mental Health First Aid is an evidence-based training program to help citizens identify mental health problems in young people, connect youth with care, and safely deescalate crisis situations if needed. The program, focusing on youth ages 12 to 25, provides an ideal forum to engage communities in discussing the signs and symptoms of mental illness, the prevalence of mental health disorders, the effectiveness of treatment and how to engage troubled young people in services.
Mental Health First Aid has become a major push for The National Council. Information and resources are readily available.
After all is said and done, we get to the bottom line. What should people do if they find themselves in an active shooting situation? This is not a thought most of us want to entertain, but first-responder agencies have always believed that being prepared for an emergency greatly increases a person’s chances of surviving a dangerous situation. With a grant from the Department of Homeland Security, the Houston Police Department has prepared an excellent video about surviving an active shooter event.
Events like the Sandy Hook School shootings stir up primal reactions for most of us. It is important that we not shut those reactions down. Instead, we need to open ourselves to many possibilities of how we and our communities need to intervene to assure that we and our children are as safe as is reasonably possible.
Please share your comments, experiences, concerns below.
Several years ago, I stopped making New Year’s resolutions. I had always been pretty good at accomplishing goals I set, but I was starting to find it harder and harder to follow through on something like those annual resolutions. I was also finding it hard to locate particular words when I was looking for them; and I long ago decided that if something is not written down, it does not exist…at least not for me and my overburdened memory.
My proposed solution to the challenges facing my aging brain is something Seth and I named ‘Google Brain’. It is the chip that will be implanted into our brains to be augmented by Google’s outrageous computers and search capabilities. While I have no advance knowledge of Google working on such a project, I have hope that they are doing so…and that it will be available while I can still benefit from it. They are even welcome to the name I have chosen for their project!
Several things have popped into my awareness lately to make me hope my fantasy will one day be a reality.
At the beginning of January, some psychology colleagues on a technology listserv of which I am a member mentioned an episode of 60 Minutes in which a young man successfully participated in a stair-climbing event in a 103-story Chicago building. This man has a prosthetic leg that he controls by his thoughts.
Another colleague responded indicating that there are many projects in the works that extend that same technology. Neuroscience has become the ‘hot’ research field related to mental health and behavior. It has many practical applications, but can seem so complicated as to be off-putting to some. That is why a video explaining some of the technology and research tools being used is so delightful. This is a clear and visually appealing explanation of semantic mapping in the brain, something that has fascinated me since the very early brain research demonstrated the storing of memories in particular regions of the brain, and their recall through electrical stimulation during brain surgery. The use of fMRI to advance this purpose is very exciting. These are important arenas for behavioral health providers to be informed about. It might well be the future of this field.
We certainly are approaching what many of us thought might be the distant future. Verizon together with cellphone producer HTC has started to communicate the image of humans enhanced by technology with their Droid DNA phone and ads. Google released their new Google Glasses in 2012. These are glasses enhanced with computer, camera, and internet connectivity. When I wrote about two books that used these glasses and fMRI in 2011, I knew the technology was available somewhere but did not know it would soon be here for the rest of us to start to access.
I love finding out about technologies like this that may be available to all of us in my lifetime. Maybe I will even be able to make and carry out New Year’s resolutions again with the help of some of these tools-in-the-making. Are there things in your world that provide the same kind of excitement and hope for you? New tools, new toys, new ideas? Please share your comments below.
The horrible shootings in Newtown, CT this past week have again reminded us of how fragile human life is. Others have more eloquently addressed this tragic loss than I am able to do.
Often in a circumstance like this, it becomes clear that the perpetrator experienced mental health issues that were inadequately addressed. The behavioral health community jumps to the defense of the mentally ill immediately citing the very low incidence of violence caused by the mentally ill. Rather than become defensive, I think we need to be open to hearing and acting upon other perspectives on such tragedies.
My niece is an educator. Yesterday, in her blog, she posted a take on these events that we should all consider. Please take a look at her post, One Educator’s Response to the Sandy Hook School Shooting.
Please feel free to share your comments here and at Kami’s blog.
Do you use a laptop that contains patient information? Do you have a list of your patients with their telephone numbers, email addresses and appointment schedule in your smart phone? Are those devices encrypted?
The number of mobile devices we utilize to conduct our businesses has expanded beyond belief. What can we do to make sure that our patient data is not at risk if we utilize these devices to access their information? As providers of behavioral healthcare services, we have special responsibility to protect the sensitive information related to the care of our clients.
The U.S. Department of Health and Human Services is very concerned about the spread of these devices and their innate insecurity. They have developed a special section of their healthit.gov web site to focus on these privacy and security needs.
The HHS video on the topic focuses on five issues:
- Lost mobile device
- Stolen mobile device
- Downloaded virus or malware
- Shared mobile device
- Unsecured Wi-Fi network
Take a look when you get a chance and learn more about how to protect PHI when using mobile devices. And don’t forget, encryption gives you ‘safe harbor’ under HIPAA, even if you were to experience a data breach.
Does your organization have policies about using mobile devices to access PHI? How do you manage your experience with mobility? Please share your comments below.
I live in Florida. As I read the newspaper today, I was appalled to see that Florida Tea Party members were testifying before the state legislature encouraging them…no insisting…that they flaunt the Federal Affordable Care Act insisting that it is illegal in spite of the Supreme Court decision to the contrary.
Then I read a new issue of FierceHealthPayer, an industry newsletter for Healthcare Plan Executives. This issue had two separate articles and a commentary that made me wonder how we will possibly get to affordable healthcare in this country.
The first article reported that the American Medical Association (AMA) has reviewed health plans across the country and opined that 70% of commercial insurance markets are anti-competitive. This means that in 70% of the locales in this country, the vast majority of the health insurance is provided by one company. One of the primary arguments of the insurance industry and their Congressional supporters against a single payer national health plan is that competition is necessary in order to achieve quality and control costs. If that is so, we will not get to affordable care or adequate quality given this current anti-competitive situation.
The second article discusses the trend toward self-insurance on the part of large employers. There has been a steady increase since 2006 in the number of large employers who are managing administrative costs and avoiding variable state laws by self-insuring. In 2011, approximately 60% of workers were covered in a self-insurance program run by an employer. Small employers generally do not have this option. The risk of self-insuring for a small group is much greater than the outrageous cost of group coverage through one of the major insurance companies. Self-insurance often tries to control costs by limiting benefits.
The final item that grabbed my attention is a commentary in this same newsletter. The editor reported on the confused state of smoking cessation coverage among private insurers. She pointed out the requirement in the Affordable Care Act for such coverage and the indications by surveyed insurers that they do include smoking cessation coverage.
Yet when Georgetown researchers studied 39 health plans, they found that none of them took all of these vitally important steps: clearly stated that tobacco cessation treatment is covered; provided coverage for individual, group and phone counseling and tobacco cessation medication; provided treatments with no cost-sharing for members; and provided access to treatment without members having to meet prerequisites.
Read more: Why wouldn’t insurers cover smoking cessation? – FierceHealthPayer
These are the factors that are most likely to result in successfully quitting the use of tobacco products. You would think that insurers would want to have this particular benefit in their plans and that it be used. After all, the direct medical costs and productivity losses caused by smoking-related illnesses each year is almost $200 million.
The juxtaposition of these four items today reminds me of my personal conclusion…we need a single-payer national healthcare system if we are ever going to get our costs under control and provide quality healthcare services to most U.S. residents. Just by removing the 22% growth in earnings posted by the five major insurers in 2010, we might get a start on controlling some of the costs involved. Standard benefits across the country would make the system easier and more consistent for employers with workers in multiple states. And real implementation of preventive measures like smoking cessation would make all of us healthier.
And now I will wait for the comments….
I have recently been struck by the number of people in my immediate circle who are primary caregivers for someone other than their children. I am not sure how I had not noticed this earlier in my life. I have always had friends older, younger and the same age as me, so I thought I had a wide spectrum of life experiences on my radar. Not so at all. Only in the last several years as I have focused on my own needs as a caregiver have I really started to notice just how common this state of life is.
According to Medicare.gov, nearly 66 million Americans are caring for an elderly, seriously ill or disabled friend or family member. Within our organization, 1/5 of us work full-time and are also primary caregivers. I was surprised to learn that we are exactly representative of the rest of the U.S. The 66 million indicated above is about 21% of the approximately 315 million people living in this country. Just look around you. If you are not the one-in-five yourself, one of the four people who sits near you at work is likely to be.
Medicare is concerned enough about this state of affairs that it has dedicated a section of its website to providing information and resources for caregivers. This includes documents and videos as well as links. If you are caring for someone who is on Medicare, knowing what services Medicare covers can be most helpful, and having access to additional resources can be a lifesaver!
One of the links on the Medicare.gov site takes you to a Department of Health and Human Services Eldercare locator. This is aimed at helping you find specific kinds of services near to your home when the person you care for is elderly. Many caregivers never look for assistance because they assume none is available. That is not necessarily the case. Learning to reach out and ask for help is an essential survival skill.
Those of us who currently work in the behavioral health field or have done so in the past are always attuned to mental health issues in our clients. Unfortunately, we often overlook those same issues in our own family members, friends and co-workers. According to the National Family Caregivers Association, family caregivers often experience major depression.
Family caregivers suffer from major depression much more frequently than the rest of the population. That’s a fact. When a family caregiver suffers from depression, there are two people at risk – the family caregiver and the family member or friend for whom she or he cares.
Learning to identify depression and deciding to seek assistance is essential to self-care. Just as you would assure that a client is getting appropriate services to treat depression, it is important that you reach out to the caregivers in your life who may be in need of support and similar services.
As baby-boomers become ‘senior’ citizens, the numbers of those needing assistance and of caregivers providing that help will increase dramatically. Now may be the time to learn about available resources and to provide them to those caregivers you know.
Please share your experience. Just enter your comments below.
Our book club is reading 1491: New Revelations of the Americas before Columbus by Charles C. Mann. While the book is a fascinating account of relatively new research on the state of the Americas before Columbus and the meeting of Americans and Europeans, I was also struck by Mann’s description of what that harvest celebration we think of as ‘The First Thanksgiving’ between the Pilgrims and the local Indians likely actually included. It was certainly nothing like what we celebrate!
We have created all sorts of traditions that are based more on the ideas of Sarah Josepha Hale, the 19th century editor of Godey’s Lady’s Book and a well known trend setter. According to Elizabeth Armstrong’s article in the Christian Science Monitor in November 2002, the three day harvest festival that occurred in the fall of 1621 included 52 English colonists and 90 Wampanoag Indians. According to Mann’s account, the Indians and their leader Massasoit were likely present to enlist the support of the colonists against a neighboring competing tribe.
A 1999 version of the web site of Plimoth Plantation included in a K-12 curriculum of the state of Wyoming shares details and hypotheses about the development of the Thanksgiving holiday Americans celebrate. A visit to the current web site of Plimoth Plantation reveals significantly more information and tracks the development of the holiday over time. President Abraham Lincoln declared the fourth Thursday in November to be a national day of thanksgiving.
As a behavioral health specialist, holidays and how we handle them have always been interesting to me. How they came to be, which aspects of the celebrations we have adopted, and how we incorporate holiday traditions into our own lives speak volumes about us as a culture and as individuals.
In this year when many are beginning to experience recovery from a very difficult economic time, we hope that a community-wide expression of gratitude for the many privileges we share will help us all move past a bitter and hard-fought election cycle.
We are grateful for our new and our long-time customers. We are indebted to our readers who come back regularly and share their experiences with us and with one another. We appreciate your feedback and your encouragement. Thank you for sharing your journey as behavioral health providers with us.
If you read this blog often, you will notice that I regularly link to articles and other resources posted by The National Council. While we have exhibited at their conference, our organization has never been a member of The National Council. We have, however, been a grateful promoter of the resources that this organization shares freely with the behavioral health community. If you have never gone to their website or attended a webinar, you should take the opportunity to do so. They provide outstanding information in a timely manner. In spite of not being members, we have never been prevented from attending webinars or sharing in their well-researched and well-documented information.
I wanted to point you to some of the current information being provided by The National Council.
- Last week I talked about the need to have your own emergency contingency plans in case of storms and other natural and unnatural disasters. Since most of you are providers of behavioral health services, you will also find yourselves dealing with clients who have experienced the same trauma you have gone through. Just this afternoon, a webinar entitled Mitigating Disaster Trauma: Lessons from Sandy was presented by The National Council. While the webinar is over, The National Council routinely records webinar presentations for later viewing. You should be able to view this one within 48 hours.
- On November 9, Manon and I attended the Council’s webinar on CPT Code changes for 2013. Both the recording of the webinar and the slide deck from the presentation are available. In addition, a December 3 webinar has been scheduled to provide additional information about the new Evaluation and Management CPT Codes and how to use them. Registration is still open for that event.
- A new report announced by The Council reveals the incredible costs of the unmet mental health needs of returning U.S. Veterans. Having just passed Veterans Day, this is a sad reality we all need to be educated about. Those of you who provide services to Veterans will find the report of interest.
Please be sure to reference these resources properly if you refer to them in any of your own newsletters and announcements. The National Council does outstanding work in educating the behavioral health community and deserves credit for all the work they do!
Please share other resources that you find useful in your work. We love to be able to let our readers know about the wonderful materials that are available to them to enhance the outstanding work you all do in providing mental health services to all who need them.
Superstorm Sandy has had major impact on the lives of large numbers of our fellow Americans and colleagues who live in the Northeast U.S. The loss of life, property, and access to conveniences like electricity, warm showers, and transportation has made clear how vulnerable we are to the impacts of catastrophic events.
Sandy has also given us the unfortunate opportunity to evaluate the policies and procedures we have in place for dealing with physical catastrophes.
The Health Insurance Portability and Accountability Act (HIPAA) requires that organizations have in place a Contingency Plan (STANDARD § 164.308(a)(7) Contingency Plan, see page 19):
The Contingency Plan standard requires that covered entities:
“Establish (and implement as needed) policies and procedures for
responding to an emergency or other occurrence (for example, fire,
vandalism, system failure, and natural disaster) that damages systems that
contain electronic protected health information.”
This requirement is not aimed at giving you one more thing to do. The purpose is to protect the health information of your patients and to make sure that they have access to continuing care. Hurricane Andrew in 1992 and Hurricane Katrina in 2005 demonstrated how poorly prepared we have been to maintain continuity of care for our patients. The requirements of HIPAA are designed to prevent such huge failures as happened previously.
FiercePracticeManagement newsletter suggests three key steps.
- Know how your remote data is stored and can be accessed. This assumes that you have your data stored offsite, as it should be. Knowing just where it is and how to access it so you can get your system back up and running without delay is crucial.
- Duplicate needed paper and have it with you. Make sure you have a copy of your schedule with you. Assure that you have with you ways to contact your patients so you can let them know your alternative arrangements for meeting with them.
- Plan where you will relocate physical data. Know where that alternative location will be so you can get access to your data again quickly.
In HealthCare IT News, Benjamin Harris covers some of the same ground. He also suggests three basic processes, but starts at a more basic level.
- On-site safety. How is your hardware and software and record systems protected at your site? Is your server located in the building basement along with the generator? As demonstrated by Sandy, the basement is not the best location for such equipment or records in the case of flooding . . . something that had previously been an issue in hurricanes Andrew and Katrina.
- Off-site data. If you are relying on a remote (cloud) storage facility or you need to access your data by means of the Internet, what do you do if your ISP (internet service provider) is down? And if your EHR is an online product, what do you do if those remote computers are underwater and without electricity? Having your schedules for the next week and treatment summaries for each of those patients printed out gives you a week of buffer time to give your vendors a chance to get back up and running.
- Accessibility. If you are using such remote storage or providers and they are not in the affected area or can implement access to backups quickly, having the capability of connecting to them becomes your responsibility. You can tether your laptop to your cell phone to reach your service or data in an emergency, as long as you have prepared in advance.
Madeline Hyden of the Medical Group Management Association (MGMA) suggests a slightly different but very practical list of steps.
- Secure your electronic information.
- Get the support of your professional colleagues.
- Immediately start securing new office space.
- Establish authority: Make sure someone in your organization is responsible to and has the authority to activate your contingency plan.
- Communicate with your vendors (hardware, software, backup services, electrical company, landlord, billing service, answering service).
- Develop a notification protocol: decide who to contact and how and who does the contacting. Determine just what they will be told.
- Communicate honestly with your patients.
- Protect your records so you are sure you can have access even if your main system is not accessible.
- Practice your emergency plan. If you have not done so, it is possible you will be too traumatized to carry it out.
If you are not sure how to go about establishing a contingency plan, AHIMA has some suggestions for you. This does not need to be a complicated process, but it is a process you need to address if you have not already done so. After all, the U.S. northeast coast did not think they were susceptible to a hurricane-like storm that could cause such disruption.
Whether it is hurricanes, snowstorms, tornadoes, earthquakes, or fires, our electrical systems and business facilities are not impervious to disasters. We must be prepared so our patients can rely upon continued care. Behavioral health clients are especially susceptible to negative consequences from disruptive events. After all, they are likely to have just experienced the same trauma you did.
We hope all our SOS customers and their patients are safe and recovering in the aftermath of Sandy. We hope any of you, our readers will share your experiences and how you have assured the security of your data.
Now that many physicians and other healthcare organizations are purchasing and utilizing EMRs, they seem to be focused on safeguarding the clinical Protected Health Information (PHI) of their patients. In the process, some are forgetting to protect patient financial information even though it is also PHI.
The FierceHealthIT newsletter of October 24, 2012 indicates that healthcare system data thieves are usually after financial information.
Despite reports of efforts to blackmail patients and the possibility of hacking pacemakers, healthcare data breaches in the end are similar to other cyber crimes, according to a new report from Verizon. In an examination of approximately 60 confirmed data breaches over the past two years, the report concludes that those who attack healthcare systems primarily look for information from which they can make a profit.
According to this Verizon report, point-of-sale systems (credit card machines) and desktop and laptop computers are the most common points of breach. Thieves attack the weakest links in the payment chain. Rather than going after your server, they hack into peripheral equipment that can get them access to this financial information.
Here at SOS, we harp on the need to secure the data in your billing and clinical record software. We have been amazed at the lack of awareness of even our largest customers. Every week, we receive emails that contain PHI or a direct way to get to PHI. Employees of behavioral health organizations often do not realize that sending an email with PHI in it is like sending a postcard with the same information. Anyone who sees that postcard and who knows how to read can take a look at your message. The same is true with insecure, unencrypted email. Anyone who knows how to do so and who has any interest can take a look at your email.
This study indicated that, among the breaches they studied, most of the incidents occurred at businesses that had from one to one hundred employees.
The simple solution….encrypt all PHI while it is resting on your system and while it is in transit from one place to another. If you don’t know how to do that, learn how, now!
Please share your experiences, direct or indirect, with safeguarding PHI. Do you encrypt? What procedures has your organization developed to assure that all of the PHI in your possession is as safe as possible from thieves?
Almost every time I bring up the topic of behavioral healthcare being integrated with general healthcare delivery, a private mental health practitioner responds questioning how this could possibly work. In response to my June post on this issue, one of our customers shared his thoughts (see comments) about just how this might occur and the obstacles to making it happen in the private setting. I responded like this:
I think many private practitioners are in the same position you are. Unless they do a very health-oriented practice, they see themselves continuing to function quite separately from general healthcare.
The picture is not the same in the public arena. At this time, about 60% of the funding for all mental health and substance abuse services comes from public, not private, sources. Of the people receiving such services, a large percentage have serious physical illnesses as well.
SAMHSA and The National Council for Community Behavioral Healthcare are moving forward with pilot programs and research on the integration of general and behavioral healthcare since this makes lots of sense in the public sector for the seriously mentally ill. But it may also have implications in the private arena. In fact, the move to provide integrated healthcare services in the public sector, and wherever possible in the private sector (like in Accountable Care Organizations – ACOs) has many folks exploring obstacles that may exist to such integration and ways to overcome those obstacles.
Yesterday, I was reading a September SAMHSA-HRSA Center for Integrated Health Solutions newsletter that linked to an interesting article on the use and evaluation of Telephone Administered Cognitive Behavioral Therapy (CBT) for depression. The research started from the current reality that most treatment for depression is provided in primary care physician offices. Of course, this treatment usually consists of medication. While patients prefer psychotherapy to medication for treatment of depression, and both CBT and medication appear to be about equally effective, access to psychotherapy is limited for most people. Cost or convenient access to a psychotherapist covered by their health insurance or some other equally valid reason interferes with provision of psychotherapy.
The research demonstrated that telephone administered CBT was more effective in keeping the client participating in therapy. Both telephone administered CBT and face-to-face CBT were equally effective in diminishing symptoms of depression at time of termination. Face-to-face CBT seemed to maintain the effects better at a six-month measure.
At this point in reading the results, I was reminded of Dr. Suzanne Bennett Johnson’s initiative as President of American Psychological Association (APA) for 2012. She wanted to remind psychologists that they are part of a healthcare profession, and that most of us are well-trained in conducting research. We are ideally suited to design and conduct the studies that will demonstrate just where psychologists and other mental health professionals can best serve in integrated healthcare. I could instantly imagine the re-design of the study reported above to include Skype or other Internet service-based delivery of the CBT so that at least some of the elements of the face-to-face therapy would be present.
There is already lots of opinion about the potential benefits and detriments of remotely-administered behavioral health treatment. Psychologist David C. Mohr, Ph.D., Professor in Preventive Medicine, Medical Social Sciences, and Psychiatry and Behavioral Sciences at Northwestern University lists Internet Intervention and Telemental Health as significant aspects of his interests. Quoted in that 2008 Time Magazine article, Dr. Mohr sees distinct areas where teletherapy or other internet programming might be of use, especially CBT for depression.
Other cutting-edge practitioners have already added internet-based services including videotherapy into their retinue. Given a solid research foundation, video-based therapeutic services might well be a way for the private practitioner of behavioral healthcare to integrate their services with general healthcare.
We can sit back and watch as our healthcare system changes all around us, letting others dictate to us the role we will play. Alternatively, we can be active participants in designing the models for inclusion of behavioral healthcare in primary care. We can design the models, do the research, and market the methods to ACOs, health plans, and medical providers.
We would love to hear from any of you who already work in a setting where mental health services are integrated into primary healthcare. Please let us know your experience and what you think.
A few weeks ago I wrote about the upcoming changes in the CPT codes for psychiatric services. Lots of people have been looking for detail on those changes, but the American Medical Association has not yet released all of the specifics. They are planning major changes to the general illness codes as well.
The AMA invites the health care community to learn more about the significant changes to the 2013 CPT codes and descriptors by attending the CPT/RBRVS Symposium in Chicago from Nov. 14-16, 2012. For additional information, please visit the AMA website at:http://www.ama-assn.org/go/symposium
If you are not going to be in Chicago in November for the symposium, there will likely be some other venues through which you can obtain more detail. The American Psychiatric Association (aPa) has created some documents that should be helpful, but they too cannot release the codes to the general public until the AMA gives them the go ahead. aPa members can obtain more specific information at their website.
The National Council announced their own upcoming workshop in today’s Public Policy Update. The challenge is that the codes are changing for everyone who provides mental health services. While some changes happen every year, this is a pretty involved set requiring the use of evaluation and management codes. The Council has already put together a fact sheet that you might find helpful. You might consider attending the webinar they are planning in November.
This is a topic for all of us to get informed about and stay on top of. Please share any information or links that you become aware of. Just enter them in the Comments below.
Last night I saw a great horned owl sitting at the top of a tall pine tree silhouetted against the sky.
We had been hearing the hoots of the owls for the past several weeks. Sometimes we would hear him near bedtime when we walked outside briefly to say good night to departing guests or to pet our front porch cat. A few times I heard him calling early in the morning.
I had looked for him before, but seeing a bird in the dark is a real challenge, especially not really knowing where to look. It can be a challenge to localize the source of a bird call, especially one as loud and deep as that of an owl. The sound bounces off nearby houses and trees.
Last night, I walked out into an open part of my front yard and looked up toward the tops of very tall pine trees a couple of properties away from mine. I saw movement at the top of a tree, then saw a very large bird fly off. As I kept watching, I saw a second bird fly from the same location to the top of a nearby pine tree. It sat on the very top of the tree so I could see its 2+ foot height dark against the lighter sky. I ran inside to get my binoculars and he waited in the same spot. I had no camera with the power to photograph it, so my brain will need to store the image. And it will!
I am not a serious birder. I do not have a life list that I seek to fill. I do get significant pleasure from sighting birds that share my locale. It is a major recharge event for me.
You see, I have long found that I require a great deal of self-care and stress management to function well. When I worked as a psychologist, I used a variety of methods, mostly focused on professional involvement and time spent with other people. After 15 years of practice, I had burned out. I had not done enough to take care of myself.
I believe this is a major problem among behavioral healthcare workers. The job of assisting other people in being mentally healthy is a very difficult one. The chronically and seriously mentally ill can be a very satisfying but very draining population with which to work. Finding ways to recharge and re-energize is crucial to doing this work well.
Now that I work with providers of behavioral healthcare services instead of with patients themselves, I still need to do lots of self-care. Bicycling, gardening, watching the birds in my garden and near my home . . . these have become the ways I energize myself.
How do you take care of yourself? What recharges your batteries? Does your practice or organization have tools to help you with your self-care? When did you last see a great horned owl?
Please share your thoughts and experiences. When you offer your insights, you give other readers additional ideas to explore. Please do so!
In early September, the Institute of Medicine published its most recent report on the state of healthcare in the U.S. Best Care at Lower Cost: The Path to Continuously Learning Health Care in America, identifies three major “imperatives for change: the rising complexity of modern health care, unsustainable cost increases, and outcomes below the system’s potential. You can download a free, prepublication .pdf version of this 450 page report before it is out in print.
The committee explored in detail some of the pressing needs of the system. They are convinced that we must move toward a healthcare system that learns from itself as rapidly as possible or the system is likely to self-destruct. We must learn how to incorporate research results more quickly, we must learn to change delivery systems that cost too much, we must move the system closer to its highest potential. In short, we must develop a culture of “continuous improvement to produce the best care at lower cost.”
FierceHealthFinance focused on the reported waste of $750 Billion a year (about 30% of the cost of healthcare in the U.S.) as one of the most important things to change. While that number is appalling, the fact that the figure reported was from 2009 is the most striking thing about it to me. Our system has become so complex that it takes three years before we know what it costs. We are constantly behind the curve, and must find ways to speed up the process of information assessment, dissemination, and implementation for change.
The behavioral healthcare system is often far behind the curve in implementing change that might be more productive. The public health and public behavioral health systems are deep in conversation and pilot programs related to integrating physical and behavioral healthcare. Suzanne Bennett Johnson, Ph.D., current President of the American Psychological Association (APA) identified the need to increase psychology’s role in integrated care as a primary thrust of her presidency; her presidential address also focused on this issue. I wonder how many mental health providers in the private sector are even willing to consider what changes to their work such an integrated system might bring.
Take a look at the very brief summary of the IOM report to see if you would like to read the whole thing. What do you think we need to do in behavioral healthcare to begin to address some of these issues?
On Monday, September 10, 2012, I listened in on the first few hours of the 2012 Consumer Health IT Summit: Expanding Access to Health Information. The program was streamed live on the HHS website. The information presented was pretty fascinating, but what impressed me most was the passion of the presenters. They were really excited about what they call the Blue Button.
Most of Monday’s session focused on increasing patient involvement in their health care through access to their health information, mostly by way of Blue Button technology. While there are many reasons for our healthcare system to move toward our medical records being entirely electronic and interoperable, one of the most important of those reasons is patient access. It is widely believed that engaging consumers in the process of their healthcare is essential to effective prevention and management of chronic health conditions. Unless we get chronic illnesses well-managed, we will never get control of healthcare costs.
This is an important arena for Behavioral Health. I went to the website of The National Council for Community Behavioral Health and did a quick search on “chronic illness and mental health” and came up with 762 documents that contained reference to those terms. Obviously, this is an area that has been written about a great deal. Approximately 78 percent of all health care spending is for individuals with chronic conditions. There is a high co-occurrence of mental illness and substance use disorders and chronic physical health conditions.
Involving the consumer of healthcare services and their families in their treatment may go a long way toward controlling some of the costs involved. Having access to our medical records is just one way to assist in this process. Hence, the focus on the Blue Button.
The Office of the National Coordinator for Health Information Technology has made patient access to their health data a priority. They have created a Pledge program whereby corporations and individuals can pledge to work to make patient health information available to them.
There are Two Types of Pledges. Data Holders, those who manage or maintain individually identifiable health data such as providers, hospitals, payers and pharmacies) would take this pledge:
We pledge to make it easier for individuals and their caregivers to have secure, timely, and electronic access to their health information. We further encourage individuals to use this information to improve their health and their care.
Non-Data Holders, that is folks
who do not manage or maintain consumer health data, but have the ability to educate consumers about the importance of getting access to and using their health information (e.g., employers, consumer and disease-based organizations, health care associations, product developers) . . .
would pledge the following:
We pledge to engage and empower individuals to be partners in their health through information technology.
This is an interesting approach to involve as many people as possible in a process that is huge and will undoubtedly take many years to complete. In the spirit of sharing as much information as possible so we can all learn about our own healthcare information and find ways to gain access to it, I thought I would at least share some links with you.
The Office of the National Coordinator (ONC) maintains a website that contains a wealth of information about healthcare technology and events related to it. The goal of consumer involvement or putting the “I” in healthcare IT is the current focus at this site. If you would like to see the progress physicians and hospitals are making toward adopting electronic medical records, take a look at this dashboard. I am sure there are many other useful sites. I will do my best to share them as we all move forward with this process. Please share the ones you know about as well.
If your doctor had a patient portal for you to visit and have access to your health record, would you use it? Is this something that is important to you? Do you use a Personal Health Record now? Please let us know what you think about this whole move toward patient involvement in and responsibility for their healthcare and using Electronic Medical Records to help it happen.
Here at SOS Software, we have been in an ongoing process to develop, maintain, and implement detailed policies and procedures to assure that we are doing everything possible to act as responsible Business Associates to our Covered Entity customers. We have been holding monthly training for our staff in which we all take a pre-test, watch an instructional video together, discuss what we have learned, take a post-test to measure how much we have learned, then discuss the results of our testing to be sure we all understand these important concepts.
HIPAA (Health Insurance Portability and Accountability Act of 1996) mandated that electronically stored protected health information (PHI) be handled in such a fashion as to assure the privacy of the patients to whom it belongs. The HITECH (Health Information Technology for Economic and Clinical Health) sections of ARRA (the American Recovery and Reinvestment Act of 2009) also required additional security measures be utilized for all PHI. HITECH extended the same privacy and security requirements to Business Associates of Covered Entities as to the entities themselves.
We have been distressed to find that many of our customers have no idea what HIPAA actually requires. While it is true that the requirements are scalable (small organizations like solo psychiatric or psychological practices do not need to do as much as large ones), some customers seem to think that scalability means they need to do nothing since they are not a community mental health center or a hospital. This is far from accurate.
Every organization that handles PHI is responsible to assure that the privacy and security of that information is guaranteed. Not doing a security risk assessment, not having an incident response plan, not having a disaster plan, not having usable backups of your patient information off site . . . all of these things could easily be considered “willful neglect” by the Office of Civil Rights (OCR), the agency responsible for enforcing HIPAA. If an unhappy patient reports you to OCR as ignoring the requirements of HIPAA and you are found to be guilty of “willful neglect”, OCR must penalize you. Are you prepared to pay at least a $10,000 to $50,000 fine . . . or worse?
If the items I just mentioned above are not very familiar to you, that means you and your organization may not have done your HIPAA homework. You may not need to start at the beginning, but reviewing some of our old posts and links might help you get started. We have found that there are many resources available on the Internet free or at low cost. You might consider some of those. Seth plans to attend a free webinar he got notice of last week. He has started a workgroup of some of our customers who are trying to help themselves and one another move their security and privacy programs forward.
What do you need to do to become HIPAA compliant?
What do you or your organization already do to assure your compliance?
Do you know who your Privacy Officer is?
Please share some of the steps you and your organization have taken to assure that your organization is HIPAA compliant. Let us know what you do on an ongoing basis to be sure new employees are educated to the requirements. Just enter your comments below.
Since I was once a Medicare provider, I have long received newsletters from the Center for Medicare and Medicaid Services (CMS). Several years ago, they started to make major improvements to their websites offering large quantities of information for both providers and consumers of services. I am not sure how I wound up on an email list, but I now received regular information about a variety of topics related to healthcare and CMS.
While all healthcare providers need this information, we have found that behavioral health providers are often out of the information loop. Unfortunately, under most laws, HIPAA included, ignorance of a law and its requirements offers you no protection from the law. If you have not already done so, it might be time to begin to inform yourself about various subjects related to Medicare.
The number of topics available is outstanding.
I subscribe to both the CMS Industry ICD-10 Update and to the Caregiver eNewsletter. I find both resources quite useful.
If you would like to stay informed on any topics for which CMS is responsible just sign up for one of their eLists. Once you start receiving information on one topic, you can determine if it is useful and manage your preferences for the updates you receive.
Which of these lists are among those to which you subscribe? Please share your preferences!