Copy of Compliance FAQ's (In process)


COMPLIANCE FAQ’s

 K N O W L E D G E B A S E



I.    COURSES


Courses Customization

 

  1. Client’s request example:
    “After reviewing a few sample courses, I was wondering if there are shorter versions of them, as we have to pay for sitting time. Also, I do wish it had more videos and interaction built into it.”

    (Requires Brian involvement)
    Our team can work with you on making courses that are “right-sized” for your organization.  We can discuss your preferences for video and interactions, and I could show you some additional examples. Would you like to get on a call to discuss which courses we could put together or develop for you? Please let me know your availability.
  2. Looking forward to 2019, effective Jan 1, 2019 all employers in California (with 5 or more employees) must provide there full staff with 1 hour of harassment training in addition to the currently provided 2 hours of training to managers and supervisors.  Currently, the MedTrainer staff level harassment training course is 30 mins.  Does MedTrainer have plans to expand this course to be CA compliant or provided a CA compliant course in addition?

           “The changes in the law is in regarding to number and types of employees that are now covered by the existing California State Laws.  The new requirements cover employers with at least five or more                   employees, temporary and seasonal employees.  MedTrainer’s courses for Sexual Harassment for employees and supervisors meet the training standard.

           Overview of the Regulations

             California employers with at least five employees must provide sexual harassment prevention training and education to all supervisory employees and non-supervisory employees in California by January                1, 2020.

              Since 2005, employers with at least 50 employees have been required to train and educate all personnel in supervisory positions in California in the prevention of sexual harassment. Senate Bill 1343                    lowers the number of employees to five and includes non-supervisors in the mandate.

             SB 1343 requires covered employers to provide at least two hours of sexual harassment prevention training and education to all supervisory employees and at least one hour of such training to all non-                 supervisory employees in California, by January 1, 2020. Training and education must be provided once every two years thereafter, as specified under the new law.

             The new law also creates requirements for the California Department of Fair Employment and Housing (DFEH).

             Highlights

             Under SB 1343:

  •  By January 1, 2020, employers with at least five employees must provide: (1) at least two hours of sexual harassment prevention training to all supervisory employees; and (2) at least one hour of sexual      harassment prevention training to all non-supervisory employees in California within six months of their assumption of either a supervisory or non-supervisory position. The training must be provided once    every two years.
  • Employers must provide sexual harassment prevention training to temporary or seasonal employees within 30 calendar days after the hire date or within 100 hours worked if the employee will work for less than six months. In the case of a temporary employee employed by a temporary services employer (as defined by the California Labor Code) to perform services for clients, the training must be provided by the temporary services employer, not the client.
  • The anti-sexual harassment training may be conducted with other employees, as a group, or individually, and broken up into shorter time segments, as long as the two-hour requirement for supervisory employees and one-hour requirement for non-supervisory employees is reached.
  • Employers who provide the required trainings after January 1, 2019, are not required to comply with the January 1, 2020, deadline.
  • The DFEH must develop, obtain, and make available on its website the one-hour and two-hour anti-sexual harassment training courses for supervisory and non-supervisory employees. Employers may develop their own training platforms, as long as they comply with the law’s requirements.

The DFEH must make existing informational posters and fact sheets regarding sexual harassment prevention available to employers and to members of the public in English and other languages (as listed in the law) on the department’s internet website.”


3. What is the required training for CMS and JCAHO for surgery centers?

  • The Joint Commissions has training requirements within their standards that are above and beyond OSHA compliance training, based on program type and various job functions. 

    We are going to focus the additional training requirements for the most common, which include:

    • Policies and procedures
    • Disaster Preparedness (must be a qualified CMS plan that includes an All-Risk Hazardous Analysis,
    • Infection Control (It is advisable to perform the Infection Prevention Gap analysis and prioritize deficiencies according to the potential for patient harm)
    • Hand Hygiene
    • Medication Management (clinical staff)
    • Conscious Sedation
    • Staff must be trained on the Safety Program
    • Staff must be trained on equipment they are using for diagnosis (CLIA Waived testing and competency) and for any type that has a potential hazard to the staff, patient or others, especially new equipment/technology.
    Advanced Cardiac Life Support (ACLS) for all medical staff
  • Additonal Refefences: file:///C:/Users/MedTrainer/Dropbox%20(MedTrainer)/Onboarding%20Docs/JCAHO/2018_Joint%20Commission_ASC_Standards_Sampler.pdf

4. Can a customer use another states Harassment Courses, as a en example; can California use the New York's harrasment courses? 

  • “New York Sexual Harassment Prevention training” and “New York State Harassment Prevention Training Case Studies” are model training's developed by the New York Department of Labor and Division of Human Rights. These are New York State specific to fulfill the revised training requirements effective October 9, 2018.

    I would recommend our other harassment training modules – Unlawful Harassment for Employees (ID 3) and Harassment Training Gender Identity and Sexual Orientation (ID 1325). 

5. Sample Curriculum for the year ( CHC/FQGC/JC/AAAHC) 


6. Does Medtrainer provide compliance posters for staff such as for OSHA, HIPPA, and FMLA for New York?

Here is a link to the NY Department of Labor website.  Posters and forms can be downloaded without a charge/cost.


NY Labor Posters: https://labor.ny.gov/workerprotection/laborstandards/employer/posters.shtm


7. Does Medtrainer offer courses on Chart Auditing Compliance, Incident Reporting staffing, Billing related courses, HR Training courses for onboarding or New orientation package for employess, Confidentiality agrreements?

 We Currently do not offer the above courses, but we can definitely upload it if she has the presentation or do a Custom course. 


8. How often is the DOT course required?


DOT is required every two years. 


9. What courses need to be taken in order to be compliant in California?


Course ID 1325 Harassment Training Gender Identity and Sexual Orientation should be taken in conjunction with Unlawful Harassment to meet all of the requirements for CA.



HIPAA Course Updates

 

  1. In 2013, Omnibus Rule changed the standards for Communicating with Patients by Unencrypted Email and Text Messages. Does MedTrainer course contain these most recent updates?

    Up until 2017, our HIPAA Course is up to date and complies with the official requirements.

 

OSHA Course Updates

 

  1. Reps from other companies have been visiting some healthcare facilities, trying to sell an OSHA mandated Walking and Working Surfaces course, saying that all industries should have been in compliance with this by May 2017. Does MedTrainer have this course available?

    The rule for OSHA mandated Walking and Working Surfaces required training, relates to industries that use ladders, and other equipment to prevent falls.  Please see rule here:
    https://www.osha.gov/walking-working-surfaces/
    https://www.osha.gov/Publications/OSHA3903.pdf

    However, MedTrainer does have a course that is used to teach fall prevention in healthcare: “Preventing Slips, Fall, Trips and Workplace Clutter”   



Continuing Education Courses

 

  1. Does MedTrainer have CE (Continuing Education) Courses for MA’s (Medical Assistants) that need credits for licensing?

    MedTrainer has some of the required courses for MA’s licensing and we are building many clinical courses for our anticipated American Nurses Credentialing Center (ANCC) approval later this year.
    A discussion should be scheduled if employee meets the post-secondary education and extern requirements, and completes MedTrainer courses combined with on-the-job training and competency review. It may meet the following standard, but we should check with the State to confirm.   

    Reference example for Washington:
    “The secretary of health may also approve an applicant who submits documentation that he or she completed post-secondary education with a minimum of 720 clock hours of training in medical assisting skills, including an externship of no less than 160 hours. The documentation must include proof of training in all of the duties identified in RCW 18.360.050(1)”.
    Washington State Department of Health Medical Assistant http://www.doh.wa.gov/LicensesPermitsandCertificates/ProfessionsNewReneworUpdate/MedicalAssistant/LicenseRequirements/CertifiedorInterim

    There is another possibility that could be explored – Medical Assistant Registered:
    http://www.doh.wa.gov/LicensesPermitsandCertificates/ProfessionsNewReneworUpdate/MedicalAssistant/LicenseRequirements/Registered

    One of the requirements from the State is a 7 hours HIV/AIDS Education and Training which we currently do not have.  There is a list of resources available –which if a 2-hour course is acceptable, we would consider creating it.


  2.  Is MedTrainer accredited by the American Academy of Physician Assistants (AAPA) or National Commission on Certification of Physician Assistants (NCCPA) to provide CME’s?

    This information applies specifically for Physicians, PA’s – not for nurses:
    NCCPA accepts for Category 2 credit any educational activity that relates to medicine, patient care or the PA that has not been designated for Category 1 credit. (http://www.nccpa.net/CMECategoryTypes)
    MedTrainer courses CAN be used for Category 2 claims, but NOT for Category 1 ones.

    When you complete a course in MedTrainer that you want to designate as CMS (Cat II) you go to your “my student dashboard”, then click on the “Completed” tab.  Then click on Claim CEU’s.  A dropdown menu will appear and you enter in your state and license number.  Once completed, you can then click on the course certificate to get a copy.

  3. Medtrainer currently offers AMA PRA Category 1 Credit™ for our new Opioids Crisis and Interventions series (2 hours) and for the ACLS and PALS courses (4 hours).  Here is a link to the Texas State Medical Board continuing education requirements: http://www.tmb.state.tx.us/page/licensee-resources. If you open the first link – CME for MD/DOs which indicate 24 Category 1 or 1A, and at least 2 of the hours must include the study f medical ethics and/or professional responsibility.  The 24 informal hours are based on Category 2 requirements.


    CME requirements for licensure and license renewal vary depending on the jurisdiction. The vast majority of US state and territory medical boards (both allopathic and osteopathic) have mandatory CME requirements for license renewal. A majority of these boards will accept a current AMA PRA certificate or an AMA approved AMA PRA application as documentation of meeting the CME requirements. There is information about state CME requirements for license renewal on the FSMB website, but physicians should contact the appropriate state medical board directly to get the most current information. The FSMB website also has a list of state licensing boards.


    MedTrainer allows providers to assign Category 2 Credits towards their AMA bi-annual requirements, for any course taken in the MedTrainer Learning Library that the provider determines to meet the self-study requirements as defined by the AMA.  


    American Medical Association Category 2 Credits – Definition


    AMA PRA Category 2 Credit™ is CME credit which is self-designated and claimed by individual physicians for participation in activities not certified for AMA PRA Category 1 Credit™ that:


    • Comply with the AMA definition of CME; and
    • Comply with the relevant AMA ethical opinions; at the time of this writing this includes E-8.061 “Gifts to Physicians from Industry”, E-9.011 “Continuing Medical Education” and E-9.0115 “Financial Relationships with Industry in Continuing Medical Education”, and
    • Are not promotional; and
    • A physician finds to be a worthwhile learning experience related to his/her practice.


    Examples of learning activities that might meet the requirements for AMA PRA Category 2 Credit™ include, but are not limited to:

    • Teaching residents, medical students or other health professionals
    • Unstructured online searching and learning (i.e., not Internet PoC)
    • Reading authoritative medical literature
    • Consultation with peers and medical experts
    • Small group discussions
    • Self-assessment activities
    • Medical writing
    • Preceptorship participation
    • Research
    • Peer review and quality assurance participation


    A physician must individually assess the educational value for each learning experience in which he or she participates to determine if it is appropriate to claim AMA PRA Category 2 Credit™. AMA Definition of CME: CME consists of educational activities which serve to maintain, develop, or

    increase the knowledge, skills and professional performance and relationships that a physician uses to provide services for patients, the public or the profession. The content of CME is the body of knowledge and skills generally recognized and accepted by the profession as within the basic medical sciences, the discipline of clinical medicine and the provision of health care to the public. (HOD policy #300.988)


    The physician should self-claim credit for appropriate AMA PRA Category 2 Credit™ activities and document the activity title or description, subject or content area, date(s) of participation and number of credits claimed. Physicians may not claim AMA PRA Category 2 Credit™ for an activity for which the physician has claimed AMA PRA Category 1 Credit™. Each physician is responsible for maintaining a record of their AMA PRA Category 2 Credit.


Fraud, Waste and Abuse Courses

 

  1. The Centers for Medicare & Medicaid Services (CMS) require Medicare Advantage Prescription Drug Plans, such as Easy Choice Health Plan (ECHP), and its entire first tier, downstream, and related entities to complete the compliance Fraud, Waste, and Abuse (FWA) training upon contract implementation and annually thereafter. Which course or courses make a customer compliant with this?
    MedTrainer’s – Combatting Medicare Parts C and D Fraud, Waste and Abuse course is presented verbatim as issued by CMS.


  2.  From a regulatory perspective, what is the difference between MedTrainer’s courses "Combatting FWA, Medicare parts C & D" and "Intro to FWA (non-CMS)”?

    The difference between the “Introduction to FWA (non-CMS course)” and the CMS issued “Combating FWA, Medicare Parts C&D” is that the MedTrainer Introduction to FWA was created to provide staff with a general overview of FWA.  The CMS course, when required, must be viewed verbatim.  MedTrainer utilizes an attestation that the course was not changed or altered from the original content.

    The CMS version is specifically for Medicare Parts C and D Sponsors and FDR’s.  Medicare provided clarification on the training requirements for FDR’s – specifically the positions that would have the requirement noted below.     

    “Completing this training module satisfies the Medicare Parts C and D plan Sponsors annual general compliance training requirements in the regulations and sub-regulatory guidance at: • 42 Code of Federal Regulations (CFR) Section 422.503(b)(4)(vi); • 42 CFR Section 423.504(b)(4)(vi); • Section 50.3 of the Compliance Program Guidelines (Chapter 9 of the “Medicare Prescription Drug Benefit Manual” and Chapter 21 of the “Medicare Managed Care Manual”); and • June 17, 2015, Health Plan Management System (HPMS) memo: Update – Reducing the Burden of the Compliance Program Training Requirements. While Sponsors are required to complete this training or use this module’s downloaded content to satisfy compliance training requirements, completing this training in and of itself does not ensure that a Sponsor has an “effective Compliance Program.” Sponsors are responsible for establishing and executing an effective compliance program according to the Centers for Medicare & Medicaid Services (CMS) regulations and program guidelines”.

    CMS guidance on compliance program training requirements on February 10, 2016: 
    https://www.cms.gov/Medicare/Compliance-and-Audits/Part-C-and-Part-D-Compliance-and-Audits/Downloads/2016_Compliance_and_-FWA_Training_Requirement_Update.pdf

    “In order to prevent unnecessary burden on FDRs, Sponsors should work with their FDRs and specify which positions within an FDR must complete the training. There will be certain FDRs where not every employee needs to take the training based on their duties. Below are examples of the critical roles within an FDR that should clearly be required to fulfill the training requirements: Positions/Roles • Senior administrators or managers directly responsible for the FDR’s contract with the Sponsor (e.g. Senior Vice President, Departmental Managers, Chief Medical or Pharmacy Officer); • Individuals directly involved with establishing and administering the Sponsor’s formulary and/or medical benefits coverage policies and procedures; • Individuals involved with decision-making authority on behalf of the Sponsor (e.g. clinical decisions, coverage determinations, appeals and grievances, enrollment/disenrollment functions, processing of pharmacy or medical claims); • Reviewers of beneficiary claims and services submitted for payment; or, • Individuals with job functions that place the FDR in a position to commit significant noncompliance with CMS program requirements or health care FWA”.




Board of Dentistry

CPR

  1. FOR ALABAMA: Can a Dentist take our online CPR course for getting certified by the Board of Dentistry?

     According to the Board of Dentistry, in Alabama in-person CPR is the only acceptable form of certification.,

     270-X-4-.04 Mandatory Continuing Education For Dentists And Dental Hygienists

    “Dentists must maintain current certification in cardiopulmonary resuscitation (CPR) at the basic support level by the American Heart Association, American Red Cross, or an equivalent program; provided. However this requirement shall be satisfied only by completing an in-person training”. However, MedTrainer offers blended and non-blended versions of both training courses. Blended courses require materials and hands on training with trained company skill evaluators, non-blended courses are taken completely online.
    *Attach CPR Ad Pricing PDF with more detailed info


II.  HIPAA


Products

Please be advised to NOT sell the HIPAA Risk Assessment as we currently do not have the processed programmed and it is very labor intensive.  We do not have an ETA on when we will have it, but will be kept in the que.  We DO have a HIPAA Policy Manual that is programmed with an intake sheet that generates a set of Policies with the client’s name, compliance officer, contact numbers, etc.  This should sell for a minimum of $300.  If they want different information for other locations, we could scale the pricing – which has not been discussed yet. – Confirm if this info is still current


  1. Can the HIPPA agreement be edited in the Hippa toolkit or must the institution create its own Compliance Agreement. *  The easiest way to accommodate this request is to revise the language of the agreement and create a policy document.  It can be uploaded and assigned, and the employee will be required to digitally sign and acknowledge the document.

 

Security Risk Assessment (SRA)

 

  1. Does MedTrainer have past clients who have passed CMS (Centers for Medicare & Medicaid Services) audits using MedTrainer’s SRA (Security Risk Assessment)?

    Although we have no knowledge of completed CMS audits to the clients we have worked with, we fulfill the purpose and requirements of the SRA. The main problem our clients had was, in fact, not having it completed on an annual basis for which they have to attest to.
  2.  What does Medtrainer Offer, how does SRA work,  and how much does the SRA cost?

            

There are two parts to the HIPAA Security Risk Assessment – a qualitative review and vulnerability or penetration testing


MedTrainer will perform a qualitative review that includes determining the probability of breach occurring, the organization's preparedness to handle each type of breach that could occur,  and the impact on the business in the event a breach does occur.  The risk is determined by reviewing administrative, physical, technical and safeguards through a series of questions according to the National Institute of Standards and Technology (NIST), along with submission of documentation, and attestations. 


A report based on the findings of the assessment is created that includes recommendations for improving HIPAA compliance. The assessment will not include data or systems verifications but will rely on statements from service providers as to their internal/external monitoring of systems that transmit or store your organizations Protected Health Information.  For example, if you are using a vendor for your Electronic Health Record, they will supply affirmation as to audits and other activities that they have taken on your behalf. The report meets or exceeds the requirements for an annual Privacy and Security Risk Assessment (SRA).  The cost for this service is a one-time fee of $1,500, and we offer a policy manual for $500 or combine both for $1,750


MedTrainer uses a nationally recognized firm that specializes in vulnerability and penetration testing.  Vulnerability testing is designed to scan your internal network for missing vendor patches and external network vulnerabilities.  Penetration testing is a much more involved process in which professional IT staff actively try to penetrate your systems and gives a thorough review of areas in your system that are most vulnerable – internally and externally.  The Department of Health and Human Services notes that “the Security Rule does not prescribe a specific risk analysis methodology, recognizing that methods will vary dependent on the size, complexity, and capabilities of the organization. Instead, the Rule identifies risk analysis as the foundational element in the process of achieving compliance, and it establishes several objectives that any methodology adopted must achieve”.   Cost for vulnerability testing for up to 10 IP addresses is approximately $1,800 - $2,400.  Penetration testing is customized based on a survey and discussion, which is followed by a formal quote.


Conducting a Risk Analysis is required annually by CMS, and the Medtrainer’s virtual Privacy and Security Risk Assessment meets the HHS/CMS requirement.  There is an advantage for the combined services, as Medtrainer will identify areas that are in need of support, training, policy documentation, IT equipment management, etc. and deploy those resources through your LMS.  This becomes a repeatable process and provides a great documentation trail.

 

Sample Cases

 

  1. GOSSIPING:
    One of the employee’s brother-in-law is currently being treated at the clinic and she claims to have seen one of her co-workers flirting with him. This employee then went to share this information with her sister directly -the wife and emergency contact-, stirring up a storm. The clinic administrator will be letting the employee go for not following the chain of command and because the clinic has a zero tolerance policy for gossip. The administrator would like to know if there are any articles in HIPAA that could get the clinic in trouble, and if the wife, who is the emergency contact, had a right to know this information. The employee in question has been working with the clinic for about 6 months and has completed HIPAA on MedTrainer and has a signed HIPAA Compliance Agreement.

    It is important to first clarify that our Compliance Officer for MedTrainer is unable to give legal advice, and nothing contained within our response should be construed as such.

    An employee, who does not have a reason to access PHI (Protected Health Information), such as a nurse or counselor, could possibly be creating a HIPAA violation by disclosing the location of the patient – if that location was not already known. Additionally, whether the PHI must be authorized or does not need to be authorized, the covered entity must always release only as much information is necessary to address the need of the entity requesting the information (what the regulation refers to as the "minimum necessary" information to satisfy the inquiry).  The employee according to our discussion, did not have an inquiry, did not have authorized access to PHI, nor did the employee have the authority to make contact with any person in the patient’s medical record – specifically the person listed in the medical record as the emergency contact.

    The Privacy Rule does not cut off all communications between a person and the families and friends of patients. As long as the patient does not object, The Privacy Rule permits you to:
  • Share needed information with family, friends, or anyone else a patient identifies as involved in his or her care;
  • Disclose information when needed to notify a family member or anyone responsible for the patient's care about the patient's location or general condition;
  • Share the appropriate information for these purposes even when the patient is incapacitated if doing so is in the best interest of the patient.

    It is good that they have a confidentiality agreement and documented HIPAA training with the employee, but they could also focus on the “hostile” work environment the employees’ actions may have created.

 

Medicare

 

  1. “Within my HIPAA Toolkit, I have Medicare Parts C and D trainings. Why not Parts A and B?

    Medicare Part A (covers inpatient hospital care, skilled nursing facility, hospice, lab tests, surgery, and home health care) and Part B (services and supplies that include outpatient care, preventive services, ambulance services, and durable medical equipment) are covered in general terms in the Preventing Fraud, Waste and Abuse.  Medicare Parts C & D were mandated by the US Department of Health and Human Services to be taken based on the following:

    Completing this training module satisfies the Medicare Parts C and D Plan Sponsors annual general compliance training requirements in the regulations and sub-regulatory guidance at:
  • 42 Code of Federal Regulations (CFR) Section 422.503(b)(4)(vi);
  • 42 CFR Section 423.504(b)(4)(vi);
  • Section 50.3 of the Compliance Program Guidelines (Chapter 9 of the “Medicare Prescription Drug Benefit Manual” and Chapter 21 of the “Medicare Managed Care Manual”); and
  • June 17, 2015, Health Plan Management System (HPMS) memo: Update – Reducing the Burden of the Compliance Program

    The course on Medicare Parts C & D has to be taken “verbatim” from the course provided by CMS, which is made available in the MedTrainer Learning Library.



III. THE JOINT COMMISSION

Incident Severity Categories

 

  1. What is the categorization that The Joint Commission defined for incidents that should be reported? / Do near-miss incidents need to be reported?

    The Joint Commission considers near-miss incidents as actual incidents and your policies should encourage employees to share information to improve safety and prevent future cases.


2. Do the joint commission's have training requirements?

  • The Joint Commissions has training requirements within their standards that are above and beyond OSHA compliance training, based on program type and various job functions.
    We are going to focus the additional training requirements for the most common, which include:
    • Policies and procedures
    • Disaster Preparedness (must be a qualified CMS plan that includes an All-Risk Hazardous Analysis,
    • Infection Control (It is advisable to perform the Infection Prevention Gap analysis and prioritize deficiencies according to the potential for patient harm)
    • Hand Hygiene
    • Medication Management (clinical staff)
    • Conscious Sedation
    • Staff must be trained on the Safety Program
    • Staff must be trained on equipment they are using for diagnosis (CLIA Waived testing and competency) and for any type that has a potential hazard to the staff, patient or others, especially new equipment/technology.
    • Advanced Cardiac Life Support (ACLS) for all medical staff


IV.   EMERGENCY AND DISASTER PREPAREDNESS PLAN
 

General Info

 

  1. What capabilities does MedTrainer have in regards to Emergency Management Plans? Does it have a template that is compliant with the new CMS regulations that were just released to help build the plan?

    MedTrainer has completed a review of the necessary for healthcare organization to be in compliance with the CMS rules that include a tool for developing an “all-hazards” approach for a basic risk assessment and an emergency plan template. –Add sales kit info on the EDP Plan



  2. "Could we see a sample of what all would be covered or would it be customized to our facility/needs? Our fear is that it would include many things that would not work for our facilities since we are an outpatient facility." 

    The Disaster Preparedness Plan is customized to the facility, so it does not have policies or procedures that are not applicable to the organization. 
     
    Things that the client is likely to need includes:
    ·         All-Risk assessment
    ·         Regional All-Risk assessment
    ·         Incident Management Capabilities Assessment
    ·         Communication Plan (Internal/External)
    ·         Service prioritization, alternatives, and community resources
    ·         Roles and Responsibilities (have to have an Incident Commander)
    ·         Evacuation Decision Matrix
    ·         Procedures to organize evacuation
    ·         Facility shut-down instructions
    ·         Record keeping, billing, and restoration of services
     
    The process of creating the plan begins with a discovery call, so that we can prioritize what needs to get completed based on the needs of the organization, available resources, and meeting or exceeding minimum requirements. 
  3.  The Federal Register posted the final rule Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers. The regulation went into effect on November 16, 2016 and all health care providers and suppliers must comply and implement all regulations one year after the effective date, which is this coming November 16, 2017. Which kind of entities need to comply with this? 

    There are 17 provider types that are required to have disaster plans that meet CMS requirements:

    INPATIENT

    OUTPATIENT

    Critical Access Hospitals (CAHs)

    Ambulatory Surgical Centers (ASCs)

    Hospices

    Clinics, Rehabilitation Agencies, and Public Health Agencies as Providers of Outpatient Physical Therapy and Speech-Language Pathology Services

    Hospitals

    Community Mental Health Centers (CMHCs)

    Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID)

    Comprehensive Outpatient Rehabilitation Facilities (CORFs)

    Long Term Care (LTC)

    End-Stage Renal Disease (ESRD) Facilities

    Psychiatric Residential Treatment Facilities (PRTFs)

    Home Health Agencies (HHAs)

    Religious Non-medical Healthcare Institutions (RNMHCIs)

    Hospices

    Transplant Centers

    Organ Procurement Organizations (OPOs)

     


    Programs of All Inclusive Care for the Elderly (PACE)

     


    Rural Health Clinics (RHCs) and Federally Qualified Health Centers (FQHCs)


    For a general description of each type, please refer to:
    https://asprtracie.s3.amazonaws.com/documents/aspr-tracie-ta-cms-rule-provider-type-definitions.pdf


  4. Are Physician Offices required to meet the new CMS Emergency Preparedness Rule?

    Medicare as of October 28, 2016:
     
    The new Emergency Preparedness requirements do not apply to physician offices that are not part of a certified Medicare participating facility. Physicians’ offices or practices that are considered part of a certified Medicare participating facility would be required to meet the regulations.

  5. Is MedTrainer’s new EDP Plan going to include fire safety plans, or is this something that customers can create using our current template and still comply with the new CMS standards?


    MedTrainer’s EDP Plan does have a section addressing fires; however, it is acceptable to refer to the Fire Safety Plan that staff has access to and have acknowledged receiving.  The CMS Rule does not require a certain format – but does require that all hazards are considered and planned for.


  6. What information does a client need to provide for MedTrainer to generate their customized EDP Plan?

    It's important to note that the deadline for compliance with the CMS was November 15th, 2017. 

    Please send via email the following template containing a link for a survey ONLY for your clients that are seeking assistance with Disaster Preparedness, so we can provide a solution that best meets their need.  The solution is not a one-size fits all, so it needs to be integrated with what they may already have or created for their type of facility.  The cost for a complete plan is $1,000 and will be custom until fully-automated.  


    Client name,
     
    Thank you for your interest in our Disaster Preparedness Plan.  As you can imagine, there is not a one-size fits all so please click on the link below and provide as much information as possible so we can put together a proposal based on your organization’s needs. 
     
     
    Once your responses have been received, we will set-up a discovery call with you to expedite your request.



    Once a responses have been received, they will be recorded in Google docs and the account managers will automatically receive an email notification for it.

    Just for your information, these are the questions contained in the link:
     
    Name of Client:
    Name of Organization:
    Confirm Type of Organization:
    Number of Locations:
    Number of Employees:
     
    1.       Has an “All-Risk” Assessment been completed in 2017?
     
    An all-hazards approach is an integrated approach to emergency preparedness planning that focuses on capacities and capabilities that are critical to preparedness for a full spectrum of emergencies or disasters, including internal emergencies and a man-made emergency (or both) or natural disaster. This approach is specific to the location of the provider or supplier and considers the particular type of hazards most likely to occur in their areas. These may include, but are not limited to, care-related emergencies, equipment and power failures, interruptions in communications, including cyber-attacks, loss of a portion or all of a facility, and interruptions in the normal supply of essentials such as water and food.
     
    2.       Does the organization have policies and procedures for Disaster Preparedness?
     
    Policies and procedures must address a range of issues including subsistence needs, evacuation plans, procedures for sheltering in place, tracking patients and staff during an emergency.
     
    3.       If the organization has policies and procedures for Disaster Preparedness, has it been updated to include procedures to address high probability risks from the “All-Risk” Assessment?
     
    4.       Does the organization have a Communication Plan?
     
    The Communication Plan is used to coordinate patient care within the facility, across health care providers, and with state and local public health departments and emergency management systems.  It includes the names and contact info for staff, other hospitals, volunteers, State and local EP officials.-There also must be primary and alternate means of communicating with staff identified as well as how to contact EP officials and emergency management agencies, and a method to share medical records and patient information including general condition and location.
     
    5.       Has the organization activated their Disaster Plan in 2017 due to an emergency or disaster?
     
    6.       Has the organization participated in or had two (2) disaster drills in 2017?
     
    If the organization experienced a disaster or activated their plan due to a disaster this counts as one (1) of the two (2) required exercises.  Participation in a full-scale exercise that is community-based or when a community-based exercise is not accessible, an individual, facility-based exercise. Conduct an additional exercise that may include, but is not limited to the following: A second full-scale exercise that is individual, facility-based. A tabletop exercise that includes a group discussion led by a facilitator, using a narrated, clinically-relevant emergency scenario, and a set of problem statements, directed messages, or prepared questions designed to challenge an emergency plan.
     
    7.       Has the organization’s staff received disaster preparedness training in 2017?
     
    Please send all response to compliance@medtrainer.com 



V. OIG / SAM EXCLUSIONS

General Info

 

  1. WHAT IS THE OIG EXCLUSION LIST?

    The Office of the Inspector General (OIG) maintains a List of Excluded Individuals/Entities (LEIE) a list of individuals and entities currently excluded from participation in Medicare, Medicaid and all other Federal health care programs.



  2. WHAT IS THE SYSTEM FOR AWARD MANAGEMENT (SAM) EXCLUSION LIST?

    There are 39 states that maintain their own independent Medicaid Exclusions List. The General Services 
    Administration (GSA) maintains a database of the Central Contractor Registry (CCR), the Federal Agency Registration (FedReg), Online Representations and Certifications Application (ORCA), and the Excluded Parties List System (EPLS).

    Not all exclusions are reported to the OIG, so the SAM Exclusion List provides another layer of protection for healthcare organizations that accept payments from Medicare or Medicaid to comply with the requirements of participation.



  3. HOW DO I COMPLY WITH THE USE OF OIG AND SAM EXCLUSIONS? 

    Screen employees and contractors for exclusion prior to employment or engagement. In addition, healthcare organizations and providers should conduct exclusion checks on a regular basis for existing employees and contractors. Providers must be check on no less than a monthly basis (CMS 2011).



  4. WHAT IS THE COST FOR NON-COMPLIANCE?

    The effect of an exclusion is that no payment will be made by any Federal health care program for any items or services furnished, ordered or prescribed by an excluded individual or entity. The exclusion applies regardless of who submits the claims and applies to all administrative and management services furnished by the excluded person. A Penalty of $10,000 plus up to three-times the amount claimed for each item or service may be imposed. Additional civil and criminal charges may be filed for fraud under the False Claims Act.


  5. HOW CAN MEDTRAINER HELP?

  • MedTrainer automates the process of checking names of individuals, entities, and contractors, so that your organization is proactive and protected.
  • Utilize the system during the pre-employment screening and prior to entering into agreements.
  • Save time and money by eliminating manual processes and duplication of findings into a database.
  • Automatically run OIG/SAM checks on a monthly basis (or any desired frequency).
  • Manage “false” findings easily to avoid disruption and confusion.
  • Historical reports of results perpetually available in your account.
  • Receive automatic notifications and monthly reports.

 

QuickCred OIG General Rules


MANDATORY EXCLUSIONS

Mandatory exclusions are compulsory for a five year minimum term, when an individual has committed any of the applicable criminal offenses (listed below). The OIG is required by law to adhere to this standard

 

What Constitutes a Mandatory Exclusion?

  • Conviction of program-related crimes. Minimum Period: 5 years
  • Conviction relating to patient abuse or neglect. Minimum Period: 5 years
  • Felony conviction relating to health care fraud. Minimum Period: 5 years
  • Felony conviction relating to controlled substance. Minimum Period: 5 years
  • Conviction of two mandatory exclusion offenses. Minimum Period: 10 years
  • Conviction on 3 or more occasions of mandatory exclusion offenses. Permanent Exclusion

 

 

PERMISSIVE EXCLUSIONS

Permissive exclusions are foisted on an individual at the OIG’s own discretion and the offenses do not even have to be healthcare related.

 Although there isn’t a 5-year minimum, there are minimum terms for some permissive authorities



Permissive Exclusions can be initiated by the OIG for a number of reasons, including: 

  • Misdemeanor conviction relating to health care fraud.
    Baseline Period: 3 years
  • Conviction relating to fraud in non- health care programs.
    Baseline Period: 3
  • Conviction relating to obstruction of an investigation.
    Baseline Period: 3 years
  • Misdemeanor conviction relating to controlled substance.
    Baseline Period: 3 years
  • License revocation or suspension.
    Minimum Period: No less than the period imposed by the state licensing authority.
  • Exclusion or suspension under federal or state health care program.
    Minimum Period: No less than the period imposed by federal or state health care program.
  • Claims for excessive charges, unnecessary services or services which fail to meet professionally recognized standards of health care, or failure of an HMO to furnish medically necessary services.
    Minimum Period: 1 year
  • Fraud, kickbacks, and other prohibited activities.
    Minimum Period: None
  • Entities controlled by a sanctioned individual.
    Minimum Period: Same as length of individual’s exclusion.
  • Entities controlled by a family or household member of an excluded individual and where there has been a transfer of ownership/ control.
    Minimum Period: Same as length of individual’s exclusion.
  • Failure to disclose required information, supply requested information on subcontractors and suppliers; or supply payment
  • Failure to grant immediate access.
    Minimum Period: None
  • Failure to take corrective action.
    Minimum Period: None
  • Default on health education loan or scholarship obligations.
    Minimum Period: Until default has been cured or obligations have been resolved to Public Health Service’s (PHS) satisfaction.
  • Individuals controlling a sanctioned entity.
    Minimum Period: Same period as entity.
  • Making false statement or misrepresentations of material fact.
    Minimum period: None. The effective date for this new provision is the date of enactment, March 23, 2010.

  • Failure to meet statutory obligations of practitioners and providers to provide’ medically necessary services meeting professionally recognized standards of health care (Peer Review Organization (PRO) findings). Minimum Period: 1 year

VI.    AMBULATORY SURGERY CENTERS

General Info


  1. How can MedTrainer assist an Ambulatory Surgery Center to comply with Accreditation Association for Ambulatory Health Care (AAAHC) requirements and/or tasks?

    MedTrainer is a perfect tool to maintain AAAHC compliance, which requires considerable documentation and assurances that standards are communication effectively, staff is trained appropriately, and documentation is consistently maintained and easy for the management staff to utilize.  The MedTrainer system provides a systematic approach to managing equipment (and maintaining logs), policy and procedures management (including version control), required training, documentation of licenses and certifications – with automatic reminders, contract management, Safety Data Sheet access and management and more.   Many ASC’s have multiple methods – electronic and manual that MedTrainer provides in single portal.
  2. Are Surgery center Required to submit OSHA 300 logs?
  • The surgery center would not be required to submit OSHA 300 logs according to the following OSHA rules:

 

  • Healthcare organizations, such as offices of physicians, offices of other health practitioners, and outpatient care center are partially exempt as follows:  Employers are not required to keep OSHA injury and illness records for any establishment classified in the following North American Industry Classification System (NAICS), unless they are asked in writing to do so by OSHA, the Bureau of Labor Statistics (BLS), or a state agency operating under the authority of OSHA or the BLS. All employers, including those partially exempted by reason of company size or industry classification, must report to OSHA any workplace incident that results in a fatality, in-patient hospitalization, amputation, or loss of an eye (see §1904.39).


  • For a list of industries that are covered by this recordkeeping ruleclick here.

  • Note to Subpart B: All employers covered by the Occupational Safety and Health Act (OSH Act) are covered by these Part 1904 regulations. However, most employers do not have to keep OSHA injury and illness records unless OSHA or the Bureau of Labor Statistics (BLS) informs them in writing that they must keep records. For example, employers with 10 or fewer employees and business establishments in certain industry classifications are partially exempt from keeping OSHA injury and illness records. 

1904.1(a) Basic requirement.


1904.1(a)(1) If your company had ten (10) or fewer employees at all times during the last calendar year, you do not need to keep OSHA injury and illness records unless OSHA or the BLS informs you in writing that you must keep records under § 1904.41 or § 1904.42. However, as required by § 1904.39, all employers covered by the OSH Act must report to OSHA any workplace incident that results in a fatality or the hospitalization of three or more employees.


1904.1(a)(2) If your company had more than ten (10) employees at any time during the last calendar year, you must keep OSHA injury and illness records unless your establishment is classified as a partially exempt industry under § 1904.2.


1904.1(b) Implementation.


1904.1(b)(1) Is the partial exemption for size based on the size of my entire company or on the size of an individual business establishment? The partial exemption for size is based on the number of employees in the entire company.


1904.1(b)(2) How do I determine the size of my company to find out if I qualify for the partial exemption for size? To determine if you are exempt because of size, you need to determine your company's peak employment during the last calendar year. If you had no more than 10 employees at any time in the last calendar year, your company qualifies for the partial exemption for size. 

Please reinforce the requirement that employers must continue to document work-related injuries and illnesses, and must report to OSHA as required by § 1904.39, any workplace incident that results in a fatality or the hospitalization of three or more employees.  State guidelines may require additional reporting.


3. What are the mandatory Trainings for Urgent care Centers?

  • Training for an Urgent Care Center requires the same basic compliance courses that are listed in the State Guidelines. 


    State Guidelines: https://www.dropbox.com/sh/0ljrp8h2lqtrl06/AADX1nMsYIvzQaPrRriXQJ1da?dl=0


    If you look at the additional courses required if they were accredited by Joint Commission (I’m assuming they are not) – which courses do you think would be applicable to the Urgent Care environment?


    The Joint Commissions has training requirements within their standards that are above and beyond OSHA compliance training, based on program type and various job functions.  We are going to focus the additional training requirements for the most common, which include:


    • Disaster Preparedness
    • Infection Control
    • Hand Hygiene
    • Medication Management (clinical staff)
    • Staff must be trained on the Safety Program
    • Staff must be trained on equipment they are using for diagnosis and for any type that has a potential hazard to the staff, patient or others, especially new equipment/technology.


    The above standards are implied – and should be suggested, and are not mandatory – unless they are accredited. The only possible exception would be for EMTALA – which they are not required to follow but may be good for them, to know.   They have just passed legislation on billing transparency, which they may have an interest in building a custom course for their billing staff: https://www.bizjournals.com/denver/news/2018/04/25/after-five-year-effort-regulations-on-free.html




VII.    OSHA

OSHA Requirements by State
*We already have a document of OSHA Requirements for every state. They should be updated in case it's needed, and made available.


VIII. QuickCred

  1.  What does QuickCred Consider an enrollment? If a provider is already enrolled with a certain insurance company and becomes due for Renewal how do you apply the Fee? 
  • If you decide to do Fully Managed we would not charge for the renewal for already enrolled processes
  • If you want to go Self-Managed we have an onboarding one time fee to get, upload and monitor the documents and the renewal for already enrolled processes would drop to $199
  • In both Fully Managed and Self-Managed the fee for new enrollments would be $299

VIIII. Additional Information

        1.    Do you have a Refrigeration Log, similar to the Vaccination log that notes the Refrigerator's temperature?

               


2. When it comes to accreditation or validation of Medtrainer, is there a entity that endorses or reviews the content of the training or services offered?

  • The majority of CMS courses are listed under Health and Human Services (HHS) which is the top of the government organization to CMS, HRSA, AHRQ, and others.   The reason CMS Fighting Fraud, Waste, and Abuse was in its own category is that it is provided verbatim (without sound) from CMS.  The courses provided by MedTrainer comply with Medicare and the Medicare Advantage programs as they are based on the written standards provided and have been reviewed for accuracy. 


    We do not advertise that our courses meet CMS training requirements because it takes so much more to ensure that staff understands how the training applies to their specific responsibilities.  The current compliance guidelines according to an overall corporate compliance plan, as follows:  


    The Corporate Compliance Plan not only addresses health care fraud, waste, and abuse (FWA), but the requirements and obligations set forth by the Center for Medicare and Medicaid Services (CMS), contracts, employment, whistleblower, insurance laws, and regulations. The plan covers the following areas: § Written policies, procedures and standards of conduct; § Compliance officer, corporate compliance committee and high-level oversight; § Training and education; § Lines of communication; § Disciplinary standards; § System for routine monitoring and identification of compliance risks; § Procedures and system for prompt response t to compliance issues; and § Any other area pertaining to compliance”.


    MedTrainer provides so much more than just training to meet compliance requirements.  Organizations such as yours can assign and track the training, assign policies and procedures, as well maintaining version control and employee acknowledgment.  Incident reporting can also be utilized, and when there is a new risk or a non-compliance issue discovered, the organization can quickly inform the organization through their MedTrainer portal and employees will always have access to compliance training and documents provided to them.


3. One requirement of OSHA is that the physician and some medical assistant staff have an annual Sharps Safety Test, where they as a team they test different sharps to document how safe they feel using them. An OSHA inspector once told us that we had to try out every model of sharps manufactured in the world which includes lot of searching. 

So there are a few things MedTrainer suggests for your client to consider:


  1. Have there been any injuries or close calls with sharps devices in the past year?  If so, has the cause been determined, user error, patient movement, an incorrect device for the procedure, etc.?
  2. Does the organization currently utilize engineer sharps?
  3. Has the employees that use sharps (or have a reasonable expectation of exposure such as a housekeeper) been surveyed on how they feel about the sharps they are working with?
  4. Are there any reasonable assumptions that can be made on the safety of current devices utilized at the organization – such as retractable syringes compared to non-engineered types?


Then, whatever the client does, it should be well documented and noted in the exposure control manual.  If the client is not familiar with available engineered sharps they can find them in the McKesson SupplyManager by searching for “with safety” and the type of device, lancet, syringe, or scalpel, etc.  Take a look at: https://mms.mckesson.com/product/475758/Cardinal-8881833810


It is not necessary to try everything available.  In fact, even if a safer product is available there is no requirement for the employer to purchase them.  If a safer device is available and was discussed with staff; however, due to the absence of exposures or injuries, a decision to maintain the current devices is an acceptable approach.  If the current devices have caused injuries or exposures – this would not be a credible argument for not changing.


Here is a great resource to links for all types of devices: https://www.cdc.gov/niosh/stopsticks/safersharpsdevices.html


Your client can be assured that MedTrainer will be an excellent partner for their compliance program and documentation.  Please let me know if your client has any additional questions.  


3. Employers are required in their annual review of the exposure control plan to reflect changes in technology and document annual consideration and implementation of commercially available and effective safer medical devices. Should this review include reconsideration of technologies not currently selected even if they are not new, especially if there are indications from the analysis of the sharps injury log that currently used products may not be sufficiently effective?


There is no requirement under (c)(1)(iv) to reconsider already considered medical devices. Please keep in mind that it is common for facilities to observe a slight initial increase in injuries after the selection and implementation of a new device. Additional training is often needed when staff attempts to become familiar with a newly selected device. Any analysis of the sharps injury log should take these factors into consideration in arriving at a conclusion about the effectiveness of a newer device. However, if an analysis of the sharps injury log identifies a particular selected engineering device as the root cause of injuries (i.e., as opposed to work practices, employee training, or other issues), then the employer may choose to include one or more of the previously evaluated devices in the annual re-evaluation to determine if a better selection can be made.

4.  Employers are required to solicit input from non-managerial employees responsible for direct patient care. Is a simple open request for input adequate, even if none is received or does this require a serious study of user observations, opinions and testing of currently used and alternative devices?


A simple open request for input is adequate. The employer must solicit employee input in a manner appropriate to the circumstances in the workplace. Methods for soliciting employee input may include joint labor-management safety committees; involvement in informal problem-solving groups; participation in safety meetings and audits, employee surveys, worksite inspections, or exposure incident investigations; using a suggestion box or other effective methods for obtaining written employee comments; and participation in the evaluation of devices through pilot testing. The opportunities for employee input shall be effectively communicated to employees [CPL 02-02-069, XIII.C.6]. The failure of employees to provide input is not in itself a violation of the standard. No studies are required under this provision.