Wednesday, March 30, 2005

Medicare Proposes Updates to the Hospital Conditions of Participation

Below is a copy of the press release from The Centers for Medicare & Medicaid Services (CMS) regarding the proposed rule published in the Federal Register on March 25, 2005 modifying four of the current hospital conditions for participation (CoP).

The Federal Register version of the proposed rule can be found here. The final rule will be published after comments are received and reviewed by CMS. Comments on the proposed rule can be made either electronically or mail and must be submitted by May 24, 2005.

The proposed rule codifies earlier guidance issued by CMS's Survey & Certification Group on January 28, 2002, "Clarification of Hospital Admission and Presurgical History and Physical Examination (H&P) Requirements". The proposed rule states "[t]his proposed rule would codify the guidance provided in the January 28, 2002 memorandum . . . ."

One issue that I have already seen discussed among some of my health care lawyer colleagues is whether the proposed rule conflicts with JCAHO's H&P Update Requirements (see below) announced on December 3, 2004. I have yet to fully review this issue but it may be one worth looking at if you consider submitting comments on the proposed rule.


For Immediate release
CMS Office of Media Affairs
March 24, 2005


The Centers for Medicare & Medicaid Services (CMS) today announced a proposed rule to alleviate hospitals of overly burdensome regulations and allow doctors and nurses to focus more time and energy on patient care.

The proposed rule would revise requirements in the hospital conditions of participation (CoPs) for completion of history and physical (H&P) examinations, authentication of verbal orders, securing medications, and completion of post anesthesia evaluations.

"Based on extensive input from health professionals and the health care community, we are proposing to revise some specific aspects of our regulations to provide better support of the delivery of high-quality, up-to-date care at a lower cost," said CMS Administrator Mark B. McClellan, M.D., Ph.D.

These revisions were contained in the notice of proposed rule making (NPRM) published December 19, 1997, entitled "Medicare and Medicaid Programs; Hospital Conditions of Participation; Provider Agreements and Supplier Approval," which contained extensive revisions to the entire set of hospital CoPs. Other changes in the hospital CoPs are coming, building on these steps to avoid unnecessary burdens while promoting high-quality care.

"To keep up with changes in effective medical practice, we believe it is in the interest of the health care community as a whole for us to move forward with these changes," McClellan said.

The revised requirements include:
* H&P examination. The proposed requirement would expand the number of permissible practitioners who may perform the H&P and the time frame for its completion.

* Authentication of verbal orders. This regulation would require that all orders, including verbal orders, must be dated, timed, and authenticated by a practitioner responsible for the care of the patient. During a five year transition period from publication of the final rule, it would allow all orders, including verbal orders, to be dated, timed and authenticated by the prescribing practitioner or another practitioner responsible for the care of the patient. This would respond to public comments, reduce burden, and provide flexibility for hospitals in meeting the requirements for authentication of verbal orders. CMS expects that sunsetting this flexibility after a five year period is sufficient time for the adoption of changes in health care information technology to make it easy for prescribing practitioners to authenticate all of their own orders in a timely fashion. Additionally, the proposed rule states that in the absence of a State law specifying the timeframe for authentication of verbal orders, verbal orders would need to be authenticated within 48 hours. Finally, this requirement clarifies and reinforces current regulations regarding who may accept verbal orders, authentication of all orders for drugs and biologicals, and authentication of medical record entries.

* Security of Medications. This regulation requires that all drugs and biologicals be kept in secure areas, or locked when appropriate, to prevent unauthorized persons from obtaining access. This regulation addresses community concerns, provides flexibility for hospitals in determining control of nonscheduled drugs and biologicals, and is more patient-focused and outcome-oriented than the current requirement.

* Post anesthesia evaluation. This requirement permits the post anesthesia evaluation for inpatients to be completed and documented by any individual qualified to administer anesthesia. The current CoP requires that the individual who administers the anesthesia do this evaluation.

The intent of this proposed rule is to ensure that our requirements are consistent with current standards of practice, to provide hospitals and practitioners greater flexibility in meeting the needs of patients, and to reduce unnecessary regulatory burden for hospitals.

JCAHO's H&P Update Requirements December 3, 2004 (JCAHO's FAQ section for hospitals)

December 3, 2004H & P Update Requirements
Q: What are the requirements for histories and physical examinations and any updates?

A: The H & P must be performed within 24 hours of the inpatient admission (PC.2.120 EP 2) or you can utilize one that was performed up to 30 days prior to the inpatient admission or the outpatient services for which your medical staff per MS.2.10 EP 11 has determined require an H & P. It must be performed by a practitioner who has been granted privileges to do so (MS.2.10 EP 8). In 2004 at PC.2.120 EP 7 an update (by an LIP with privileges to perform H & Ps) is required at the time of admission when using an H & P that was performed before admission. This is different than in 2003 when the update was only needed when there were significant changes or the H & P was 8 - 30 days old as required by CMS. However, since the entire H & P must be performed and documented (in the format and location defined by the organization) and in the record within 24 hours, when using an H & P that was performed prior to admission or the outpatient procedure, the update can also be within 24 hours of the inpatient admission or at the time of the outpatient services for which your medical staff has determined require an H & P.
In addition the method (s) used to evaluate the patient to identify the need for any update to their condition and the detail and location of the update documentation would be defined by the organization. The admission H & P is good for the entire length of stay. There has never been a requirement for an update to the H & P within 24 hours prior to inpatient surgery. Any changes in the patient's condition prior to surgery would be documented in the progress notes.

Tuesday, March 29, 2005

West Virginia HCA Hospitals "For Sale"

An article in today's Charleston Gazette reports that HCA has put its West Virginia hospital up for sale, including St. Francis Hospital in Charleston, Putnam General Hospital in Teays Valley, St. Joseph's Hospital of Parkersburg and Raleigh General Hospital in Beckley.

The article states that that no buyer or buyers have currently been identified but that the HCA wants the sale to be completed by the 4th quarter of 2005. The article states that HCA is selling the West Virginia hospitals along with a group of 6 other hospitals, including two hospitals in Tennessee and one each in Virginia, Louisiana, Oklahoma and Washington. According to HCA it is selling these particular hospitals in rural markets so that it can continue its trend to focus on large urban and suburban markets.

HCA's press release on the sale of the 10 hospitals states as follows:

HCA also announced its intention to divest 10 acute care hospitals located in six states. The 10 hospitals are located primarily in rural and small urban markets, in contrast to the majority of the Company's remaining hospitals which are located in large urban or suburban markets.

"The divestitures will allow the Company to redeploy capital to support our hospitals in growing urban markets," stated Jack O. Bovender, Jr., HCA's Chairman and CEO. "These facilities are viable community assets. We believe that increased focus and attention and the ability to continue to successfully compete for capital should provide these facilities the best opportunity for success in the future. Many of the facilities to be divested have been a part of HCA for several years and, although it was a difficult decision, we believe the divestitures are in the best long-term interests of the Company, the affected hospitals and their local communities."

As a group, the 10 hospitals to be divested had 2004 net revenues of $654 million. Hospital divestiture list:

1. Clinch Valley Medical Center, Richlands, VA 200 beds
2. Grandview Medical Center, Jasper, TN 70 beds
3. River Park Hospital, McMinnville, TN 127 beds
4. St. Joseph's Hospital, Parkersburg, WV 325 beds
5. Saint Francis Hospital, Charleston, WV 155 beds
6. Raleigh General Hospital, Beckley, WV 369 beds
7. Putnam General Hospital, Hurricane, WV 68 beds
8. North Monroe Medical Center, Monroe, LA 255 beds
9. Southwestern Medical Center, Lawton, OK 212 beds
10. Capital Medical Center, Olympia, WA 119 beds

Monday, March 28, 2005

Preliminary Injunction Granted - Kaiser Permanente v. Cooper

For those of you who have been following the Kaiser Permanente matter involving a former employee, Elise Cooper, you can now view a copy of the preliminary injunction granted by Judge James A. Richman of the Superior Court of California (Alameda County) on March 24, 2005, in the matter of The Permanente Medical Group, Inc. and Kaiser Foundation Health Plan, Inc. v. Elisa D. Cooper, No. RG05-203029.

The order granting the preliminary injunction states that Ms. Cooper (aka Diva of Disgruntled) is ordered, pending resolution of the case, to: (1) stop using, disclosing, disseminating, distributing or making publicly available in any way, including but not limited to distribution through the Internet, any materials containing any health information of Plaintiffs or their memnbers, and (2) remove such materials from any web site under Defendant's control.

CMS Issues Complaint Procedures for Investigating and Resolving Violations of the Aministrative Simplification Rules (HIPAA)

On March 25, 2005, the Centers for Medicare & Medicaid Services (CMS) issued the federal register notice setting forth the procedures for filing with the Secretary of the Department of Health and Human Services a complaint of non-compliance by a covered entity with certain provisions of the administrative simplification rules under 45 CFR parts 160, 162, and 164. The federal register notice also describes the procedures the Department employs to review the complaints.

The complaint procedures do not apply to the regulations adopted under section 264 of the Health
Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. 104–191, as amended, known as
the Privacy Rule. The Secretary has delegated to the Office for Civil Rights the authority to receive and investigate complaints as they may relate to the Privacy Rule codified at 45 CFR parts 160 and 164. For the purpose of this notice, ‘‘administrative simplification provisions’’ means the administrative simplification regulatory requirements under HIPAA, other than privacy.

The effective date of the rule is April 25, 2005.

Friday, March 25, 2005

Mountaineers Madness Moves On to the Elite 8

Tonight the West Virginia Mountaineers moved on to the Elite 8 by beating Bobby Knight and the Texas Tech Red Raiders 65-60 in The Pitt, Albuquerque, New Mexico. Kevin Pittsnogle scored 22 points to lead the Mountaineers.

The Mountaineers will now face the Louisville Cardinals on Saturday at 4:40 p.m. Everyone in the state of West Virginia will be tuned in to watch the Moutaineers make its bid to move on to the 2005 Final Four. This run by the Moutaineers is great for the players, the team, the University and the State of West Virginia.

One of the most exicting points of this years Moutaineer team is to watch different players step up night after night. Pittsnogle, Gansey, Beilein, Sally, Fischer and the list goes on. I think one of the reasons teams have had touble handling the Mountaineers is because they come out with a different look every night.

It is great to see Coach Beilein getting the credit that he deserves at putting together a great year end run to the Final Four.

Friday, March 18, 2005

Kaiser Permanente Files New Motions Against the Diva of Disgruntled Blogger

An article in today's San Jose Mercery News reports that Kaiser Permanente filed new motions in an existing lawsuit against a former employee, Elisa D. Cooper, aka the "Diva of Disgruntled" asserting claims based on invasion of privacy and breach of a confidentiality agreement.

This follows up the announcement by Kaiser last week that it was notifying 140 patients in California that personal information, including names, addresses, telephone numbers, medical record numbers and results of routine lab tests, had been posted on the Web. According to the article today:
Kaiser has since acknowledged that it constructed the unsecured technical Web site but said it id not know if patient information was included on it. Cooper said she tried to notify Kaiser about he breach only to be rebuffed, and she subsequently filed a Federal health privacy complaint with the U.S. Department of Health and Human Services, which in turn contacted Oakland-based Kaiser.
Also, the article reports that the California Department of Managed Health Care (DMHC) is investigating both Ms. Cooper and the actions of Kaiser Permanente. The DMHC has also ordered Ms. Cooper to stop posting certian information to her blog.

For more details and some interesting commentary on this matter check out Matthew Holt's most recent post on The Health Care Blog. Also, for more information about Ms. Cooper's termination from Kaiser you can read her post titled "Details of My Termination from Kaiser." You can also see the nature of the complaint that Ms. Cooper filed with the Office of Civil Rights who are responsible for investigating potential violations under the Privacy Rules of the Health Insurance Portability & Accountability Act of 1996 (HIPAA).

Also check out the March 16, 2005 ComputerWorld article for coverage of this matter.

Monday, March 14, 2005

Kaiser Permanente Gadfly

Matthew Holt's "The Health Care Blog" has an interesting followup post on Kaiser Permanente's announcement last week about the breach of privacy involving patient health information of 140 individuals. The blog post also contains some interesting followup comments by the Gadfly and others.

Yesterday, March 16, 2005, Matthew Holt posted an update on the outcome of the hearing involving the injunction filed by Kaiser Permanente against the Gadfly. The Gadfly also has a recent post on her blog giving her perspective on the outcome of the injunction hearing. the post is titled "My Morning in Court".

Friday, March 11, 2005

Private Patient Data Posted Online Blog by Disgruntled Former Kaiser Employee

Today I read an article (see below) from the iHealthBeat newsletter reporting on an article which appeared in the March 11, 2005, San Jose Mercury News. This will be the 3rd well published breach of private data in as many weeks (see my post on ChoicePoint and Lexis-Nexis). This is also interesting because it involves blogging and employee issues which is the topic of much debate these days due to some other recent high profile cases.

Based on the comments in the article it appears that a privacy related complaint under the Privacy Rule created under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was filed either by one of the parties involved or the blogger and former employee herself since the Office of Civil Rights is now involved and investigating. The article points out that the former employee may face significant fines and penalties, however the article does not point out that the health care provider responsible for complying with the HIPAA mandates may also face such charges.

I did some quick Googling and seemed to come across the blog of "Diva of Disgruntled" which is interestingly titled "Corporate Ethics". The blog contains a recent post today in response to the news break on the matter.

It will be interesting to watch this one unwind.

Following is the iHealthBeat article:

Kaiser Permanente is alerting 140 patients in Northern California that a disgruntled former employee posted private information about them on her blog, the San Jose Mercury News reports. The information includes medical record numbers, patient names and information about some routine lab tests, but not the test results. Kaiser in January learned of the breach from the federal Office of Civil Rights and has been investigating the issue since then, said Kaiser spokesperson Matthew Schiffgens. However, Schiffgens said Kaiser on Wednesday asked the Internet service provider hosting the blog to remove the data, the Mercury News reports. The former employee, who calls herself the "Diva of Disgruntled," said that the company posted the patient information on an unsecured Web site and that Kaiser took it down only after she pointed it out, the Mercury News reports. She said she reposted the information to another site to illustrate how easy it was for someone to access the information, which she said had been on the Internet for a year. She said she also filed a complaint with the federal Office of Civil Rights. Schiffgens said Kaiser has been unable to confirm the woman's claims that it posted private patient data, but he said the woman still breached her obligation to protect member confidentiality by posting the information herself. Schiffgens said Kaiser might take legal action against the woman, the Mercury News reports. Under HIPAA rules, she could face fines of up to $250,000 and 10 years in prison for unlawfully disclosing patient data (Feder Ostrov, San Jose Mercury News, 3/11).

Thursday, March 10, 2005

West Virginia Health Care Authority Issues Draft CON Standards on Cardiac Cath and Cardiac Surgery for Comment

The West Virginia Health Care Authority has published new standards for Cardiac Catheterization Standards and Cardiac Surgery Standards under the State Health Plan. The notice on the West Virginia Health Care Authority's website shows that providers in West Virginia have a 30 day public comment period that ends on April 8, 2005 to comment on the draft standards.

The current Cardiac Catheterization Standards were approved by the Governor of West Virginia on August 22, 2002. The current Cardiac Surgery Standards were approved by the Governor of West Virginia on May 5, 2004.

For those unfamiliar with the Certificate of Need (CON) process, West Virginia has a statutorily mandated CON review process which requires health care provider projects, new services, etc. to obtain CON approval prior to starting the project or new service. The CON review process typical includes the determination of need, consistency with the State Health Plan, and financial feasibility. Need for the project is determined using CON Standards, which generally include population-based quantifiable need methodologies. Financial feasibility includes the evaluation of the reasonableness of proposed charges to patients and the determination as to whether the expense and revenue projections demonstrate fiscal viability for the proposed project. Other review criteria include quality, accessibility, and continuum of care.

Wednesday, March 09, 2005

Confidential Information on 32,000 People Stolen from Lexis-Nexis Database

Today Lexis-Nexis announced that hackers stole confidential information on 32,000 people. According to an news article from PC World the following information was stolen from a Lexis-Nexis subsidiary called Seisint. PCWorld reports that:

The hackers stole passwords, names, addresses, Social Security numbers, and drivers license numbers of legitimate customers of the company's Seisint division. Seisint collects data on individuals that law enforcement agencies and private companies use for debt recovery, fraud detection, and other services.

Here is a press release issued by Lexis-Nexis regarding the investigation into the privacy breach. Lexis-Nexis acquired Seisint in September 2004 for $775 Million. Due to the privacy breach I suspect that the price of the acquisition just went up substantially.

This is the second high profile breach of confidential health data in as many weeks. In mid February there was a report of a breach of 145,000 individuals confidential information at ChoicePoint. For more information on this particular breach read the following article from PCWorld. Interesting on March 4, 2005 ChoicePoint announced its decision to exit those lines of its business which involve the sale of confidential and sensitive consumer data.

Friday, March 04, 2005

My dad has been experimenting with Hello, software that allows you to share your digital photo, and Picassa, software which allows you to find, edit and organize digital photos that reside on your hardrive. These software downloads are part of Google's positioning to take over the desktop from Microsoft.

I have played around with Picassa and have found it very user friendly and intuitive. I think they have found a niche that needed to be filled. As an example, my dad is one of the most knowlegeable computer uses in the 80+ year old category and has been using computers back to the first macintosh that my sisters and I purchased for him in the late 1980s. However, something that has always been confusing for him is the ability to navigate the Explorer features, how to (and where to) save documents, files and now digital photos. Picassa brings to him the ability to have the software find and organize the photos on his hard drive.

He has been using Picassa for a couple of months and just recently sent me an invitation to join Hello so that we can share digital photos back and forth. I have been meaning to download and try out Hello, since I was interested in the feature that allows me to now share photos up to my Blogger blog (Blogger is another product/business swept up by Google). Above is a test post of a photo of my 9 month old during a recent trip to Florida with her, my wife and my 4 year old. Posted by Hello

Wednesday, March 02, 2005

Pizza and Privacy: ACLU Privacy Video

Today someone referred me to an online video put out by the American Civil Liberties Union (ACLU) to demonstate how technology can be used, even by your local pizza business, to access and reveal sensetive financial, medical, employment and other personal data.

Although the video is done in fun it does make one thing about being more cautious with releasing personal and private information.
Here is a press release issued by the ACLU discussing the online pizza delivery privacy video.