Accountability is important to research, and the implications are especially important to health care research. Researchers must act with integrit

62 JULY/AUGUST n 2018

HEALTH LAW AND POLICY

BRINGING VALUE

KNOWING THE RULES A BOON FOR LEADERS n Eugene Fibuch, MD, CPE, CHCQM, FACPE, FABQAURP, and Arif Ahmed, BDS, PhD, MSPH

In this article … Understanding the legal and regulatory framework of health care is an essential component of the physician leader’s role. Here’s some of what’s important to know.

EXPERIENCE SUGGESTS MANY PHYSICIAN leaders are uncomfortable dealing with the legal and regulatory requirements that confront health care today. This makes sense, because the legal and regulatory body of knowledge is generally not part of a physician’s educational experience. Yet when the need arises, a physician leader should have a good working knowledge of health care law and regulatory requirements.

First, some basics. Laws are passed by legislative bodies at the federal, state or local levels and are codified as statutes. Statutes are elaborated into rules as interpreted by the administrative agencies assigned to implement the law. It is in the interpretation where disagreements can occur between the agencies, such as the U.S. Department of Health and Human Services, and the individuals or institutions affected by the rules. In addition, laws and regulations constantly evolve, so physician leaders must be attentive to the changing landscape.

Health care is a highly regulated industry, especially in matters of billing, compliance, human resources, licensure, liability, fraud and abuse, among others.1 Health care primarily is regulated at the state level, so physician leaders should stay informed about any changes being considered in their state legislative bodies.2

So, how does a physician leader acquire the necessary skill set to manage in the present legal and regulatory environment? A starting point should be reviewing the organization’s medical staff bylaws and rules and regulations. Strong governance within the medical staff is essential to avoid

legal and regulatory landmines. The medical bylaws, rules and regulations set the framework for the behavior the institution expects from its medical staff. That framework is also critical for complying with federal and state regulations that apply to hospitals and clinics.

Typically, a physician leader cannot possibly know all of the intricacies of the legal and regulatory environment. Partnering with the appropriate legal counsel and regulatory experts at the institution’s disposal is a critical activity that a physician leader should consider. Also, it is important for physician leaders to keep the medical staff educated on the key legal and regulatory issues. These issues will change with time, so this activity should be an ongoing effort.

Health care law is divided into specific areas such as malpractice, finance and reimbursement, regulations, credentialing and privileging of providers, peer review, contracting, fraud and abuse, among others. Because each area is complex, many hospitals and health systems contract with law firms that specialize in health care law. On the regulatory side, health care organizations must meet a wide variety of rules that range from local fire codes to federal Medicare billing. Physician leaders should ensure that internal organizational subject matter experts are in place to make sure their organizations meet regulatory requirements, particularly as they relate to the medical staff.

There are, however, specific legal issues that physician leaders should know.3 In recent years, enactment of the Accountable Care Act, the Health Insurance Portability and Accountability Act, the Emergency Medical Treatment

American Association for Physician Leadership® n Physician Leadership Journal 63

Health care is a highly regulated industry, and it’s essential for physician leaders to stay informed about any changes being considered in the law that would affect the way they — and their organizations — work.

64 JULY/AUGUST n 2018

and Active Labor Act, Medicare anti-kickback laws, fraud and abuse statutes, and the Stark Law have added to the complexity and burden of the industry’s legal and regulatory restrictions.4

CREDENTIALS AND PRIVILEGES

Physician leaders will be called upon to oversee the creden- tialing and privileging process in their organizations. This is critically important, because hiring the best and most com- petent providers begins with this process.5 Laws governing the credentialing and privileging process are derived from numerous sources, including state licensure statutes, Medi- care Conditions of Participation, and case law.4 In addition, the Joint Commission, although not a legal entity, plays an important role in developing and enforcing high-quality cre- dentialing and privileging practices in hospitals.

Credentialing and privileging has two important functions. First, it helps to ensure that patients receive the appropriate care, treatment, and services from competent and qualified providers.5 Second, robust and contemporary credentialing and privileging processes reduce health care institutions’ exposure to liability for injuries stemming from unqualified physicians.5

The first function is understandable to most physicians, but the second might be less-appreciated. This second function stems from a 1965 landmark court case (Darling v. Charleston Community Memorial Hospital). This decision held that hospitals are liable for the actions of physicians, even if the physician is an independent provider, if they knew or should have known that the physician was not performing to an established standard.5 The relevant legal doctrines include respondeat superior (Latin: “let the master answer”) and ostensible agent (a person given the appearance of being an employee).4

Ultimately, it is an organization’s governing body — its board of directors, for example — that is responsible for care rendered to patients. In our complex health care environ- ment, the board generally delegates this responsibility to the organized medical staff. Health care organizations found to be negligent in assessing the qualifications of a physician can be found guilty under the doctrine of corporate liability for negligent credentialing.4,5

Another area of responsibility a physician leader will be asked to manage is peer review of the medical staff. As with most of the legal and regulatory requirements that face a health care institution, managing that process necessitates ensuring that the process is within the framework of the re- quirements. The good news with peer review is that legal protections are afforded the medical staff performing the review. These protections are in part based on the 1986 Health Care Quality Improvement Act. There are individual state re- quirements related to this legal protection, so it’s imperative that physician leaders understand them. Also, immunity is afforded under the authority of federal agencies and declara- tory judgment actions.4 State laws also provide protection for peer review documents.2 Physician leaders should make sure that when they accept an administrative or leadership position

in a hospital or health system, they are provided director’s and officer’s insurance to protect themselves from potential liability related to any actions they might take against a medi- cal staff member.

CONFIDENT ABOUT CONFIDENTIALITY

HIPAA and data breaches also are difficult areas for physician leaders.3 Mobile information technology continues to expand and, therefore, it is expected that stolen or lost mobile devices will occur in health care institutions. According to the Department of Health and Human Services, about 24 percent of data breaches occurred with the theft of laptops.3 All mobile devices in which patient or institutional data is housed should have strong data encryption capabilities, and the medical staff should be instructed in the danger of physically removing storage devices from their institution. (For more on this topic, see “The Enemy Within,” Last Look, page 84.)

Physician leaders occasionally will be involved in developing financial relationships with physicians. It is important to realize kickback statutes often govern these relationships. Hospitals and health systems must ensure financial relationships are not rewards for physician referrals to the institution.3 These laws are similar to the Stark Law prohibitions against self-referral. Some health care institutions have run afoul of the law by providing free services, such as free rent or hospital-employed staff to a physician practice.3

To meet the framework of the law, payment to physicians must meet a fair-market valuation test and be reasonable compared to the local marketplace. Similarly, under Stark, physicians may not refer patients to entities in which they have a financial interest. Physician leaders also should be aware of arrangements in which independent physicians are hired as medical directors of hospital or health system functions or departments. These entities must be able to show that their medical directors actually provide direction services and that there is a record of the time spent.

There are a number of exceptions built into Stark, which allow physicians and health care institutions some flexibility in developing financial relationships with physicians and in how physicians legally may refer patients.3 Additionally, there are the antitrust laws, such as the Sherman Act, that prohibit anticompetitive behavior, including unreasonable restraint of trade.2 Physician leaders must always remember to keep finan- cial relationship decisions and processes from running afoul of these laws; it’s essential to include review of legal counsel in all financial relationships.

MONEY CHANGES EVERYTHING

Intertwined with this are the fraud and abuse laws (including Stark, the Medicare Anti-Kickback Statute, OIG Administra- tive Civil Monetary Penalty Authority, and assorted state laws) that are concerned with the effect of compensation based on referral decisions of physicians. There are three types of remu- neration that the fraud and abuse laws are concerned with:

American Association for Physician Leadership® n Physician Leadership Journal 65

n Remuneration aimed at affecting referral decisions made by physicians.

n Remuneration to a physician intended to reward the physician for withholding care.

n Remuneration to a beneficiary intended to affect the choice of the beneficiary.

One always should pay fair-market value for physician service and remember that an organization cannot buy physicians’ loyalty or even “rent” it.2 Fair-market value is defined as value that is commercially reasonable. The amount of the reimbursement cannot be based on the volume or value of the referral to the entity, and the entity can pay on a per-service or per-use basis.2 Fair-market value should be well documented and preferably benchmarked against known and accepted standards.

Another legal area that a physician leader may be asked to manage is issues related to financial audits by recovery audit contractors. These private contractors are hired by the federal government to review payment histories in an effort to fix federal overpayments and underpayments.3 Physician leaders who manage physician groups should work with their financial teams to ensure appropriate charges are being assigned by their physicians for the services rendered.

A parallel issue is the possibility of a false claim being filed by the Office of Inspector General. Physicians can be held liable for false claims even if a third party submits the claim (U.S. v. Krizek, 111 F.3d 934 (1997)). The best way to help ensure meeting the requirements of the false claim statutes is to have an effective corporate compliance program in place and functioning, which includes a mechanism to review the coding and billing processes.2

Needless to say, there are numerous legal and regulatory land mines that await a physician leader. Being prepared to meet these challenges can best be accomplished by the physi- cian leader through ongoing education and partnering with informed legal counsel.

Eugene Fibuch (1945-2017) was profes- sor emeritus at the School of Medicine and co-director of the physician leadership program in the Henry W. Bloch School of Management at the University of Missouri in Kansas City. This article is part of an ongoing series he submitted in 2016.

Arif Ahmed, BDS, PhD, MSPH, is chair of the public affairs department and an associ- ate professor of health administration in the Henry W. Bloch School of Management at the University of Missouri in Kansas City, where he also is academic director of the physician leadership program.

REFERENCES

1. Trendwatch. Realizing the Promise of Telehealth: Understanding the Legal and Regulatory Challenges. Chicago, IL: American Hospital Association, May 2015.

2. Lapenta SM, Casale HM. The Essentials of Health Law. 2008 Winter Institute, American College of Physician Executives, Weston, Florida.

3. Page L, Fields R. 13 Legal issues for hospitals and health systems. Becker’s Hospital Review. March 14, 2011.

4. Lapenta SM. Health Law Overview. In: Essentials of Medical Management. Eds. Curry W, Linney BJ. Chapter 8, pp. 111-24, 2003.

5. LaValley D. Credentialing, privileging, and patient safety. Forum (CRICO/RMF, 101 Main Street, Cambridge, Massachusetts) 24 (3):1-21, Oct. 2006.

How have health care’s laws and regulations affected the way

you practice medicine? What advice would you give fellow physi-

cian leaders when it comes to working within a heavily regulated

environment? Share your experiences with your colleagues, and

we might publish them in an upcoming issue.

We welcome letters and manuscripts on this and other health

care leadership topics. To send a letter for publication, or to re-

quest a copy of our manuscript guidelines, email us at [email protected]

physicianleaders.org.

YOUR TURN

USC Master of Medical Management. Turning healers into leaders.

• Get the business skills you need to lead in today’s health care environment.

• Complete your degree in just over a year without interrupting your career.

• Earn your business degree from an internationally-ranked business school.

Call 213-740-8990 today to find out when classes begin, or learn more online at www.marshall.usc.edu/mmm

Copyright of Physician Leadership Journal is the property of American Association of Physician Leadership and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.

64 AJN ▼ September 2016 ▼ Vol. 116, No. 9 ajnonline.com

Legal Considerations in Telehealth and Telemedicine

The delivery of nursing services through the Internet or any other electronic channels con- stitutes the practice of nursing.

—National Council of State Boards of Nursing, 2014

Technology and science change faster than the legal system. Technologic advances have per-mitted nurses to monitor patients remotely and interact with medical devices. Telehealth (also called telemedicine—more on that below) is the de- livery of health care remotely, in some cases virtually, through video or audio technology. It can address access and provider-shortage issues by permitting long-distance health care with patients at one site and providers at another. Telehealth can take many forms, such as the remote monitoring of medical de- vices; wearable tracking devices; video monitoring (both live and stored); nursing call centers; telephone triage; and the use of computers, tablets, cell phones, or other modes of electronic communication between provider and patient. About 10 million patients a year receive telemedicine services in the United States (that number includes mental health services).1, 2

As telehealth modalities become integrated into practice, however, issues of licensure, privacy, secu- rity, confidentiality, scope of practice, and definitions of the practice of nursing all need to be considered. When is the provider–patient relationship created? Which state is the nurse required to be licensed in if a patient is in one and the nurse is in another? Which state’s scope of practice determines her or his role?

DEFINITIONS Although the terms telemedicine and telehealth are of- ten used interchangeably, telemedicine applies more narrowly to clinical services and telehealth more broadly to general health care, such as patient educa- tion and monitoring.3 Telehealth is provided in several modalities4: • real-time, or synchronous, communication

such as telephone, Webcam, or audio or video links

• the storage and forwarding of information, such as diagnostic-imaging data

• remote patient monitoring, such as at-home vital sign measurement or blood glucose level testing

• mHealth (mobile health, also written m-health), which can include the use of wearable devices, cell phones, or smartphone applications The definitions of telehealth or telemedicine vary

somewhat from organization to organization: • The Department of Health and Human Services

defines telehealth as the “use of technology to de- liver health care, health information or health edu- cation at a distance.”5

• The National Council of State Boards of Nursing (NCSBN) says it’s “the practice of nursing deliv- ered through various telecommunications tech- nologies, including high speed Internet, wireless, satellite and televideo communications.” The NCSBN further states that “[t]he nurse engages in the practice of nursing by interacting with a client at a remote site to electronically receive the client’s health status, initiate and transmit therapeutic in- terventions and regimens, and monitor and record the client’s response and nursing care outcomes.”6

• The American Telemedicine Association’s defini- tion of telemedicine is “the use of medical infor- mation exchanged from one site to another via electronic communications to improve a patient’s clinical health status.”7

• The Federation of State Medical Boards defines telemedicine as “the practice of medicine using electronic communications, information technol- ogy or other means between a licensee in one lo- cation and a patient in another location with or without an intervening health care provider.”8

LEGAL STANDARDS OF PRACTICE When engaging in telemedicine, it is important for a nurse to understand legal and regulatory require- ments. Nurses must still adhere to traditional clini- cal standards of care and practice within the scope authorized by law. It is particularly challenging in telehealth to establish and meet evidence-based stan- dards. Krupinski and Bernard have noted,9

As the technology changes, it is incumbent on the telehealth community to verify the reliability

LEGAL CLINIC

[email protected] AJN ▼ September 2016 ▼ Vol. 116, No. 9 65

By Edie Brous, JD, MS, MPH, RN

and validity of these technologies before use in routine care, and to establish standards and practice guidelines for their use. However, this takes time, effort, and usually funds, and it is often argued that rigorous evaluation studies are done just as the technology becomes ob- solete.

Telehealth best practices and guidelines are still be- ing developed and determined by regulatory agencies, but the legal system lags behind technology. Laws and regulations must, of necessity, be modified by slower systems and are always playing catch-up. The Tri- Council for Nursing (an alliance of the American As- sociation of Colleges of Nursing, the American Nurses Association [ANA], the American Organization of Nurse Executives, and the National League for Nurs- ing) and the NCSBN have noted, “With the advent of the information age and digital era, nursing reg- ulation must address the unique needs of interstate practice enabled by telehealth technologies.”10 It is important to adhere to the laws as they exist in the moment while keeping abreast of changes. This is an evolving area of the law, as the Center for Con- nected Health Policy reports: “In the 2015 legisla- tive session, [42] states have introduced over 200 telehealth-related pieces of legislation.”11

WHERE DOES TELEHEALTH REALLY LIVE? Nurses must hold licenses in the state in which they reside but also must be licensed or allowed to prac- tice in the state in which their patients are located.4 It is important to know each state’s requirements. Pro- viding care that exceeds a state’s scope-of-practice limits is considered practicing without a license and can expose the nurse to both civil and criminal liabil- ity, as well as licensure discipline.

In determining whether a nurse can legally deliver telehealth services to patients in a different state, the question is not where the patient is geographically lo- cated, but where the nurse is practicing: is a telehealth nurse practicing in the state from which services are provided or in the state where they are received? Opin- ions vary. The ANA believes that the nurse is practic- ing in the state where the nurse is located,12 but the position of the NCSBN is that the nurse is practicing where the patient is located.13 And some states require providers using telemedicine technology across state lines to have a valid license in the state where the pa- tient is located,3 whereas other states’ nurse practice acts are silent on the subject.

In actuality, the scope-of-practice and nursing reg- ulations that apply to the telehealth nurse–patient encounter are based on the laws in place where the patient is located. Additionally, there is no federal

licensure for physicians, only state licensure, which means that nurses can only take orders from physi- cians licensed in the state where the patient is located, not where the nurse is located.8

Telehealth nurses should understand that malprac- tice lawsuits that arise in the course of a telehealth nurse–patient relationship will be brought in the state where the patient is located. The nurse would there- fore be forced to defend the lawsuit in a state she or he was never physically in during the relationship. It is also important for the nurse to determine—before engaging in telehealth—whether her or his malprac- tice insurance policy covers telehealth practice.

THE NURSING LICENSURE COMPACT These restrictions also apply to nurses covered under the Nursing Licensure Compact (NLC). The NLC is an interstate mutual recognition model of licensure that permits nurses who are licensed in one compact- member state to practice in another compact-member state. Currently, 25 states are members of the NLC. Nurses are granted multistate licensure privileges, but they still must follow the laws and regulations of the state in which they are practicing. Because scope-of- practice limitations vary by state, it is critical for a nurse to know the regulations of any state in which she or he practices. Nurses who act outside of their legal scope, or in violation of nurse practice acts or other regulations, expose themselves to licensure dis- cipline. The nurse can both lose the multistate privi- lege and be disciplined by the states in which she or he holds a license.

Nurses who practice telehealth with patients throughout the country must be legally authorized to deliver those services in all jurisdictions. They need

Ph ot

o ©

A ss

oc ia

te d

P re

ss .

66 AJN ▼ September 2016 ▼ Vol. 116, No. 9 ajnonline.com

LEGAL CLINIC

to have multistate privileges and valid individual li- censure in all states and territories that do not cur- rently participate in the NLC. To encourage more state participation in the NLC, the NCSBN signifi- cantly revised the original compact, adopting the new version in May 2015, when it also approved model legislation for states to adopt a licensure compact for advanced practice nurses.14

A state-by-state analysis of physician standards and licensure noted that “[p]rofessional licensure portability and practice standards for providers us- ing telemedicine are some of the biggest challenges for health care providers considering telemedicine adoption.”15 Similarly, the ANA stated,16

As advocates for the profession and health care consumers/patients, nurses should thought- fully consider how their practice and priorities might be affected by these different license por- tability models. It is up to nurses to engage in the effort to ensure that changes in licensure policy reflect the profession’s needs, values, and commitment to health care consumer/ patient safety.

PRIVAC Y AND CONFIDENTIALITY Nurses have a duty to safeguard patient information and prevent unauthorized access to medical records. When engaging in telehealth, nurses must meet medi- cal information and patient privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA), as well as state privacy laws, organiza- tional policies, and ethical standards. Devices that contain protected health information (PHI) must meet security requirements, and wireless communi- cations must have cybersecurity protection. Like pa- per documents, electronic files must be stored in a manner that ensures privacy and confidentiality. Au- dio and video recordings are susceptible to hacking. All providers should be educated on how to prevent data breaches when communicating information and transmitting images or audio or video files electroni- cally, and on how to respond when they do occur.

Providers can have a false sense of security in us- ing mHealth apps, too. A recent report noted that the majority of mobile health apps contain critical se- curity vulnerabilities. Some of the vulnerabilities have patient safety implications because they “could result in application code tampering, reverse-engineering, privacy violations, and data theft. In addition to sen- sitive data being taken, the vulnerabilities could lead to a health app being reprogrammed to deliver a le- thal dose of medication.”17 Patient satisfaction is also at risk, as another report indicates: “80% of consumers indicated they would change providers if

they knew the apps they were using were not secure. And 82% of consumers would change providers if they knew alternative apps offered by similar service providers were more secure.”18

To adequately meet HIPAA standards, any elec- tronic systems that transmit or store electronic in- formation about patients must be operated and monitored by computer technicians with expertise in security measures. Providers should also understand that PHI includes more than medical information. Anything that can identify a patient can be considered PHI, including e-mail addresses, birth dates, telephone numbers, Internet protocol addresses, and so on. State privacy laws can be more stringent and spe cifically address medical devices and telehealth apps. The Na- tional Telehealth Policy Resource Center provides state-specific information on laws, regulations, re- imbursement policies, and pending legislation.19

BARRIERS A 2014 national survey conducted by the Robert Graham Center for Policy Studies in Family Medicine and Primary Care (created by the American Academy of Family Physicians) found that, although most fam- ily physicians believed that telehealth can improve access to and continuity in care, only 15% reported actually having used telehealth in the previous year. Barriers cited for not using it were a lack of training, inadequate mechanisms for obtaining reimbursement, technology costs, and liability issues.20 This is consis- tent with what the Institute of Medicine (IOM) iden- tifies as the “seven deadly barriers” to the “use of telemedicine modalities”2: • money • regulations • hype • adoption • technology • evidence • success

Several examples of such barriers in action can be found in a project implemented at the Henry Ford Health System.21 Home care nurses identified patients at risk for medication noncompliance. Funding was obtained for a one-year trial program in which tele- health medication dispensers were installed in the pa- tients’ homes and caregivers were trained to fill the dispensers. The dispensers uploaded daily activity and communicated power failures or missed doses over landlines. The dispensers sent messages to patients, reminding them to do such things as measure their blood pressure or change fentanyl patches.

The project successfully reduced hospitalizations and readmissions related to medication noncompli- ance. It prevented missed doses and adverse drug

[email protected] AJN ▼ September 2016 ▼ Vol. 116, No. 9 67

responses related to overdosage when patients forgot they had already taken their medications. However, despite achieving a 96% compliance rate using these telehealth medication dispensers, Henry Ford was un- able to expand the program. Many patients could not access the system because it required a landline. The cost of monitoring, $65 per month, was not covered by insurance and many of the participants could not afford to assume the burden (Mary Hagen, e-home care supervisor, telephone interview, January 5, 2016).

Ultimately, the program was compromised by in- adequate technology, a lack of insurance coverage, and an inability to obtain funding.

CONCLUSION In its landmark publication, The Future of Nursing: Leading Change, Advancing Health, the IOM noted that “[t]here is perhaps no greater opportunity to transform practice than through technology.”22 With the growth in remote patient-monitoring and biomet- rics technology, nursing practice will continue to be transformed. It will be essential for nurses to be aware of the legal and regulatory implications of this evolv- ing change in nursing practice. ▼

Edie Brous is a nurse and attorney in New York City and the coordinator of Legal Clinic: [email protected] The au- thor has disclosed no potential conflicts of interest, financial or otherwise.

REFERENCES 1. American Psychological Association, Practice—Legal and

Regulatory Affairs. Te

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.