CALL US TODAY: (713) 899-9812

Regulatory Compliance Applies to More Than Medicare

by | Aug 5, 2019 | physical therapy compliance

When we talk about compliance the first thing that comes to mind is Medicare. But Medicare is just the tip of the iceberg. There are so many regulations that healthcare providers must be aware of and comply with so let’s just start with a fundamental law; the regulation of our profession at the state level.

Most individuals working in a physical therapy entity should have a working knowledge of the Physical Therapy Practice Act or minimally the rules that impact the practice of Physical Therapy. Why, you ask? Because there are so many ways to go awry and the consequences can be severe and life changing. One of the reasons so many state licensing boards have jurisprudence continuing competency requirements is because they know “out of sight out of mind”. Think about it, would you take the time to review your practice act and rules if you didn’t have to take a test to renew your license?

Some of the rules that physical therapists and physical therapist assistants should know off the tip of their tongue are:

  • Scope of practice and role delineation of the physical therapist e.g. can a physical therapist perform dry needling or diagnostic studies like ultrasonography, dispense over-the-counter vitamins/supplements, utilize telehealth/telecommunication, etc.? Can a physical therapist assistant own or be the director of a physical therapy clinic, modify a Plan of Care, perform tests and measures or functional outcome standardized tests, etc.?
  • Referral requirements or direct access rights and the parameters of each.
  • Type and amount of supervision by the physical therapist regarding physical therapist assistants, technicians, student therapists and other licensees (massage therapists, athletic trainers) to meet the general and direct supervision requirements, etc.
  • Documentation requirements: Daily notes, evaluations, interim reports like progress reports, re-evaluations and plans of care; frequency of reports; co-signing obligations and requisites for documenting conferences with physical therapist assistants or other licensee’s and documentation restrictions of these individuals.
  • License renewal terms and frequency e.g. exams, amount of continuing competency units, updated profile, etc.
  • License posting and/or name badge requirements.
  • Patient abandonment criteria.

The list above is certainly not all inclusive, so a personal review of the Act and Rules is critically important for licensees. TIP: an easy way to stay current is by signing up for the licensing board’s e-newsletters or the like.

So on to the next regulation…Health Insurance Portability & Accountability Act (HIPAA). HIPAA mandates workforce education upon employment followed by regular updating and training, including evaluation annually separate from or as part of an annual performance review. HIPAA mandates the drafting of entity specific policies and procedures; appointment of a HIPAA officer; compliance monitoring, investigation and corrective action (disciplinary measures and breach reporting) and the rendering of Business Associate Agreements to those who are not part of the workforce but use/access PHI on the entity’s behalf.

So how do we know what knowledge our workforce must possess? One approach is to have a general orientation the covers the Privacy and Security Rules for all the workforce and then have position specific educational modules for those that have a need to understand the act in greater detail.

The Privacy Act’s general orientation should include:

  • Privacy Notice
  • Protected Health Information (PHI) and identifiers
  • PHI retention and destruction
  • Access to PHI i.e. uses and disclosures
  • Patient Rights
  • Minimal Necessary determination
  • Patient Authorization for access to PHI
  • Business Associates
  • PHI breaches
  • Work Station privacy & password utilization

The Security Act’s general orientation should include:

  • Security Incident Disclosure
  • Remote Use of/Access to E-PHI
  • Role in Contingency & Disaster Recovery Plan
  • Electronic signatures
  • E-PHI breaches
  • Electronic device utilization
  • Security measures including but not limited to:
    • Passwords
    • Anti-malware
    • Firewalls
    • Encryption at rest and in transit

Position specific education might include the development and implementation of procedures and processes related to the bullets above.

Now on to the third regulation that we often forget to employ… OSHA! Yes, it does apply to outpatient settings and is typically audited because of complaints from employees and patients. All of the standards listed below have mandatory orientation requirements, but the Bloodborne Pathogens Standard also requires annual updates and training.

A few items to have on your checklist are:

  • Development of an Exposure Control Plan which is based on the Bloodborne Pathogens Standard:
    • Employee Health e.g. infection control, TB awareness, vaccinations (Hepatitis B, etc.)
    • Exposure determination
    • Standard precautions
    • Housekeeping checklist and procedures
    • Exposure control reporting & recording
    • Licensed Healthcare Provider consultation
    • Exposure barriers e.g. Personal Protective Equipment/Supplies and engineering & work practice controls such as:
      • Hand washing & hand washing stations
      • Sharps management systems and techniques
      • Hazardous waste containers and disposal vendors
      • Eye wash stations
      • Spill management & kits
      • Area segregation/designation (patient care & eating/drinking activities)

 

  • Development of a Hazard Communication Plan
    • Hazard identification and inventory
    • Hazard Assessment of workforce
    • Safety Data Sheets
    • Container & Substance signs and labeling
    • Exposure barriers and engineering and work practice controls (see above)
    • Emergency intervention (clean-up/spill management)
    • Hazard Communication reporting and recording

 

  • Safety, Injury Prevention & Management (Internal & External Disaster)
    • First aid
    • Cardiopulmonary arrest management
    • Facility evacuation
    • Fire prevention and control
    • Disaster management & recovery
    • Facility and equipment safety procedure implementation
    • Safety Incident reporting and recording

 

  • General Duty Clause
    • Safe working environment that is free from hazards

Just a word about the Americans with Disabilities Act. We are required to have accessible facilities which includes the physical plant as well as access to services. So, while checking off the ADA physical plant access (click here for OSHA’s ADA survey instrument) don’t forget to include access to services which comes from an enhancement of the civil rights law that protects individuals from discrimination. The short list requires that:

  • We must post the federal poster on Patient Rights in our facilities, on our websites and within certain marketing pieces
  • We must provide effective communication with and accessibility for individuals with limited English proficiency
  • We must ensure that individuals are not discriminated against because of sexual preferences or dispositions within our facilities
  • We must provide effective communication with and accessibility to services for individuals with hearing, sight or speech disabilities

This law is being heavily enforced and certainly deserves your attention if you have any deficiencies related to its requirements. Read the full text version published in the Federal Register

I have not addressed employment regulations in this article for three reasons, the first of which is the extensiveness of the material, the second reason is because of state to state variations and the final reason is that it has been well covered in previous issues of Impact. If this is a weak point for you and your practice just let the Impact editor know of your interest and they may consider additional articles on this subject.

In summary, I hope your take away is that healthcare regulatory compliance is more than Medicare and most, if not all, regulations require documented policies and procedures, evidence of education, and implementation of the required provisions. Additionally, federal and state officials expect to see that you actively monitor compliance with the statute and investigate concerns and complaints taking corrective action, as needed.

 

Submitted by Mary R. Daulong, PT, CHC, CHP

President & CEO of Business & Clinical Management Services, Inc.

August 5, 2019