September 2022: Office of Compliance Programs Newsletter
This message is sent on behalf of the EHC Office of Compliance
Chief Compliance Officer’s Corner
Compliance is everyone’s responsibility and with that responsibility you may experience stress, anxiety, being afraid to mess up, financial strain, or other feelings about being able to meet your compliance or work responsibilities. We already know working in health care can be stressful as you take care of patients, support your fellow team members, teaching students, and working to ensure the financial success of the organization. Additionally there are lots of changes happening at Emory Healthcare (EHC) that are impacting our work such as the move to Epic, and the new UKG time keeping tool.
Studies show that although jobs in health care can be stressful there is also a lot of job satisfaction in what we do. Jobs can be the source of anxiety and also be the source for satisfaction and sense of accomplishment. A good work life balance can help us all. EHC has many ways to provide support to employees for balancing work and life and to address concerns with mental health or our day-to-day support needs. Please check out these wellness opportunities and the BHS confidential support services provided to you and your family. Thank you for all you do for EHC and our internal and external communities.
Coming Soon – New Electronic Medical Record Auditing Tool - SecureLink
EHC has chosen SecureLink Privacy Monitor (formerly Maize) solution to be the main patient privacy monitoring tool for monitoring access to Emory’s electronic medical record system. As health care data breaches remain on an upward swing patient privacy monitoring remains one of the top priorities for healthcare organizations. The best way to protect patient data is to start from the inside by auditing internal access to electronic medical records (EMR). Patients including employees that are patients express concern about inappropriate access to their medical record.
SecureLink Privacy Monitor is a compliance software that flags inappropriate access to medical records and logs all access attempts from within the organization. The software will run 24 hours 7 days a week 365 days a year reviewing access to patients’ records. The system uses contextual information to confirm the accuracy of access attempts as appropriate or inappropriate. It will provide real time updates on suspected inappropriate access to a patient’s medical record. Reports will be provided to the privacy and security teams for first line review. SecureLink will assist EHC in effectively and efficiently monitoring access to the electronic record to better serve our patients. Be on the lookout for more information as we roll out SecureLink.
Request from Patients to Amend Their Medical Record
Patients have a right to request amendments to their healthcare records. With the medical notes and other documents now available in the Patient Portal, EHC may receive an increase in requests to amend medical records as patients begin to routinely review their medical information. Please review the information Patient’s Right to Request an Amendment.
Information from the EHC Policy
– If you feel that health information we have about you is incorrect, you may ask us to amend it. You have the right to request an amendment for as long as the health information is kept by or for EHC. To request an amendment, your request must be made in writing and submitted to the medical records department of the entity where you received your care. In addition, you must provide a reason that supports your request. You need to include in your request your name, contact information, date of birth and dates of service if known. If you are acting as a personal representative for the patient, include the name of the patient, your contact information, date of birth and dates of service if known. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend health information that: was not created by us, unless the person or entity that created the health information is no longer available to make the amendment; is not part of the health information kept by or for EHC; is not part of the health information which you would be permitted to inspect and copy; or is accurate and complete.
Patient Privacy and Security - Information Relating to Reproductive Health Care
The Health Insurance Portability and Accountability Act (HIPAA) was in part created to give individuals confidence that their medical information, including information relating to abortion and other sexual and reproductive health care, will be kept private and secure. HIPAA creates rules and regulations outlining when a covered entity such as EHC can use and disclose patients’ medical information with and without a signed authorization. For example, EHC is not required to have the patients’ sign an authorization when using/disclosing medical information for treatment purposes, payment purposes or healthcare operations (TPO).
With very limited exceptions, if the purpose of using patients’ medical information does not fall under TPO, signed authorizations may be required. The Office for Civil Rights (OCR) who administers and enforces the Privacy Rule has published some guidance on using and disclosing medical information for Law Enforcement purposes without a signed authorization.
Patient Privacy in the Medical Office Environment
A lot of emphasis is placed on electronic security of patient information and rightly so as cybersecurity is a major threat to healthcare organizations. Many of us still come in contact with patient information that is on paper or provided verbally. Recent onsite privacy audits of several medical offices were completed. In this fast-paced environment it is important to keep patient privacy top of mind as part of patient care. The privacy rule requires that we make reasonable efforts to protect patient privacy. Please remember to shred documents throughout the day, keep paper records turned over and out of the view of the public, and secure offices and file cabinets. Also ensure that your computer screen does not have other patient information showing when you are with a patient or leave the patient alone in the room. You need to ensure you disconnect from the EMR.
Help Address Health Care Disparities for People with Disabilities
Did you know people living with disabilities are less likely to have access to adequate health care? They also face poorer overall health outcomes, including increased likelihood of obesity (38.2%), heart disease (11.5%), and diabetes (16.3%). Help our patients access health care. Assess your area and review strategies to remove barriers and deliver high-quality, patient-centered, physically accessible care for individuals with disabilities. Review the information in the below website to learn how you can help address these challenges.
New Conflict of Interest Disclosure System Coming Soon
The Emory Healthcare Conflict of Interest (EHC) disclosure process is moving to the eDisclose electronic system. This is a new cloud-based enterprise-wide system for disclosing conflicts or potential conflicts of interests such as financial and external activities. The eDisclose will replace the EHC manual process for completing the Conflict of Interest Disclosure Statement. While the EHC Conflict of Interest Policy applies to all employees, a Conflict of Interest Disclosure statement is completed only by certain employees based on their role. Be on the lookout for additional information for when the system will go live.
For specific information regarding the EHC Conflict of Interest policy and required COI Disclosure Statement please send questions to ehccompliance@emoryhealthcare.org
2023 Evaluation and Management Changes/Updates
After some big changes to Office Outpatient Evaluation and Management (E/M) services (99201-99215) in 2021, the American Medical Association (AMA) is coming out with some more big changes to other E/M services in 2023.
If you would like additional training on the 2021 changes or the 2023 changes, please contact Tom Koss at tom.koss@emoryhealthcare.org.
2023 ICD-10 PCS
The 2023 ICD-10 Procedure Coding System (ICD-10-PCS) have been published. The 2023 ICD-10-PCS codes are to be used from October 1, 2022 through September 30, 2023.
To view the 2023 ICD-10 codes, go to: https://www.cms.gov/medicare/icd-10/2023-icd-10-pcs
Reporting of Compliance Issues and Non-Retaliation Policy
Emory Healthcare employees have a responsibility to report concerns about any real or potential noncompliance with applicable federal, state, and local laws and internal policies and procedures. Emory Healthcare is firmly committed to a policy which encourages disclosure of such concerns and prohibits retaliation. To promote this culture, Emory Healthcare has established a problem resolution process and a non-retaliation policy to protect employees who report problems and concerns in good faith from retaliation. Any form of retaliation can undermine the problem resolution process and result in a failure of communication channels in the organization. The Reporting of Compliance Issues and Non-Retaliation Policy is intended to protect any individual who engages in good faith disclosure of alleged noncompliance issues. Please note the online compliance reporting tool is temporarily unavailable. We are in the process of updating the online compliance web reporting tool and moving it to a different URL. In the meantime please use the Emory Trust Line at 1-888-550-8850 if you want to make an anonymous report about your concern or even if you want to include your contact information. We will get in touch with you. You may also contact us at 404-778-2757 or by e-mail at ehccompliance@emoryhealthcare.org.
Contact Us
REMEMBER – if you are aware of a non-compliant matter, you must report that matter so that EHC can investigate it. We take all reports seriously. If you have questions, comments, need an education class, or want to report a concern about a compliance issue, please call our office at 404-778-2757 or email at ehccompliance@emoryhealthcare.org. If you want to make an anonymous report about your concern, please call the Emory Trust Line at 1-888-550-8850.
Tell Us. It Matters. We Care. Working Together for Corporate Responsibility
