false
Catalog
Compliance Learning Moment
Cyber-Risk Compliance
Cyber-Risk Compliance
Back to course
[Please upgrade your browser to play this video content]
Video Transcription
Thank you for joining us for today's ask me anything. A few housekeeping notes to get us started. All attendees are in listen only mode, we will be using the q amp a function today to gather questions for our speakers. We will not be using the raise hand function. Please submit questions through the q amp a and interact with other attendees by posting comments to the chat. When using the chat, just be sure to select all panelists and attendees from the drop down above the message box before submitting your chat so everyone can see it. This webinar is being recorded please know we will be sending all registrants, the webinar recording and PowerPoint slides via email in the next couple of days. Our speakers today are Gina Singleton, an attorney with the law firm Brennan manna and diamond. Ryan Johnson, an attorney with the law firm Fredrickson and Byron. David bullish director of healthcare and consulting with cat sapper and Miller, and Susan Childs the founder of evolution healthcare. Now we'll go ahead and turn it over to Ryan Johnson to get us started. Thank you, Melissa. We have a number of good questions from all of you are going to start with a discussion of ransomware. So Gina I think that you're going to kick things off and we give us your thoughts on how healthcare organizations physician practices to respond to ransomware attacks. Thank you, Ryan. We've had a number of clients who have been hit with ransomware attacks over the past few years. And for those of you who aren't familiar essentially what a ransomware attack does is it invades a virus that invade your system and when somebody clicks on the right trigger, it shuts everything down. We've seen them where they've locked up patient records, or they've locked down entire systems in a facility where the doors don't even open, so they can vary in degree as far as severity, and what they impact, but what we some of the interesting things we've seen recently is that one, it several systems might be attacked I know we just had one a couple weeks ago where there were seven different ransom demands of various amounts, the largest being $2 million, and the lowest being 25,000, and it targeted seven different parts of a system to shut down the providers, it systems. So what we've seen is I can't urge you enough to make sure that you have your HIPAA policies and procedures in place that you're actually following them that everyone's trained on them on a regular basis, that the security measures in particular, that are safeguarding your computer systems and all of your electronic systems are up to date, current effective that you're testing them regularly, that you're training your employees on what to click and not click, and how to identify potential issues that may arise in emails or with links All of those proactive measures can be used as part of your defense if you do get attacked because you have to remember if there's a ransomware attack, there is a HIPAA breach that's highly possible, not always but it is possible that can occur. If you do get hit by a ransomware attack first of all you'll know it, you won't be able to get into certain portions of your system or maybe the whole system. But you'll need to do things such as hire an IT forensics team, you'll want a breach coach who is a lawyer, guiding everything to keep things privileged where possible, there'll be need to be a HIPAA analysis once the forensics team is able to provide their analysis. And in the midst of all this, those steps can't even happen until you've started to negotiate the breach and your IT forensics team would be able to help with that too. They'll be able to negotiate with what we call the TAs, which is such a funny name in my mind. Threat actors is what they call them. So, you'll learn lots of new technology but I think the moral of the story is it's a great time to brush up on all of your HIPAA security measures and privacy measures, because those can be used as a defense. First of all, frontline defense, right, because hopefully it'll protect you from a ransomware attack. But second of all, on the back end, if there ends up being a HIPAA breach because patient information is either accessed or stolen inappropriately, you can use that as part of your breach analysis also, which can help you if there are penalties and fines that get accrued. So, all I can say is take a look at your systems. Brian, did you have something to add? That's great. I want to, again, reinforce the idea that you should have your HIPAA policies and procedures in place, make sure everyone's trained. That's super important to hopefully prevent and avoid ransomware attacks, but for general compliance reasons as well. I'm going to post in the chat section in a few minutes here, a link from OCR that does talk about how HIPAA relates to ransomware attacks and how you kind of go through that risk assessment and respond. I think it's a useful guide, but engage the right team to help you work through a ransomware attack. And that includes, as was mentioned, lawyers, you have the attorney-client privilege, the right forensics analysts, but also make sure you call your insurer and make sure you have a, you might have a claim in coverage, you want to make sure that you notify your carrier on a timely basis. And my experience, many of my clients have insurance and they work with my firm, they work with other lawyers, they work with forensic experts to help sort of walk through the ransomware issue. And you want to make sure you don't lose coverage and have perhaps resource provided by an experienced team through your insurer as well. The last point, and this doesn't always happen, and again, your team can probably advise you on this, is there is a list of actors and individuals who U.S. persons, companies or individuals can't make payments to without running the risk of being sanctioned by the U.S. government. Terrorist countries, other bad actors. And so again, working with your team of experts to help you respond, you can figure out whether paying makes sense and how to pay, when to engage or notify law enforcement, but just keep that in mind, it's not every ransomware attack that includes that, you might not know, but if there is a known actor on this list, you might want to avoid making payments that could expose your organization to sanctions from the U.S. government. Ryan, those are great points. One thing I thought was really interesting about the insurance coverage is, yes, you can buy the freestanding cyber coverage, and it's a good idea to have cyber coverage. But what we've found from lessons learned is that a number of our clients didn't have cyber coverage for whatever reason, they probably should have, but they didn't. But what we've found is that sometimes even if for some reason you get hit and that cyber coverage doesn't exist, you might have some coverage through other pieces of your policies. I know we've found it, and sometimes it's within the definition of terrorism. If you have terrorism coverage that's on a rider, there might be regulatory coverage that has a policy that includes language that might cover part of the whole process. So I guess take a good look at all your insurance policies and don't think that there's no coverage automatically because you didn't have a cyber policy. But look at all your policies. But with that being said, absolutely make sure you have cyber coverage. It'll help you out a lot. Right, right. So Susan or David, any other comments on ransomware? No, that was great. Yeah, I'm sorry, let me find the mute button. I just wanted to note that, you know, security risk assessment is, I put a link in the chat to the healthit.gov that had that and, you know, that's something you should be doing on a routine basis. And I think it actually is something you can do for your MIPS score as part of your programmatic and get a point. Susan might know more on that one, but it's something that's not all that expensive, and it may not solve the world, but it's something that will at least open your eyes to how vulnerable you are and where you can go from there. Yeah, and generally speaking about risk, I would say your liability carrier will come in and do a risk assessment for you for free. You know, you're working with a lot of vendors that will do things for you for free with good assessments. And if you see some good patterns and some good crossovers between those professional opinions, definitely do something about that. All right, so I think our next question has to do with workplace safety and steps that you can all take to keep your employees and office safe, and the example that was given in the question was the angry ex-boyfriend. What if there's an angry ex-boyfriend situation or any other threat from the outside, whether it's patients, patient families, others that create a risk in the workplace? Susan, do you want to start with this one? Yeah, that's actually one of the last slides. There are some before that, but Ron, you go ahead. Go ahead. I'll go after you. Say what you'd like to say. Sure. Well, you know, there are a number of things to keep in mind. And the first is, you know, it's good to have a policy and training, of course, to deal with situations like this, you know, violence in the workplace. Of course, the threat could come from, you know, internally, it could come from your own employees. There should be a policy that addresses, you know, what kind of conduct or threats will not be tolerated within the workplace. That should be, you know, vetted with your HR team, with your outside counsel. But I think that the question that we were asked focused on external threats, what to do with an ex-boyfriend against another person is creating a, you know, a risk of violence in the workplace. And, you know, there's, this is an issue that comes up and we've had incidents here recently in Minnesota where there have been shootings, there have been at the workplace from angry patients or ex-patients of a, you know, of a healthcare organization. You know, training is critically important to make sure employees know what to do. And again, having a policy in place and training is helpful. But I think, you know, there are a couple of practical points I'd like to make. You know, one, you know, make sure that employees know not to treat threats as jokes. Maybe they are jokes. But, you know, the, when people make threats or suggest threats of violence in the workplace, those should be reported up the, you know, command chain to a supervisor. So an evaluation can be done about how to deal to a statement that was made or a risk that someone might just shrug off as a, as a joke, because sometimes they're not jokes. And you want to make sure that you have the appropriate response in place. Another practical tip is just make sure that employees know when they can call 911 to deal with the situation. I think sometimes employees are reluctant to do that. They should know when it's appropriate and how to handle the situation. This is a side comment. I can post some additional links in the chat section too. There are some relatively new laws that deal with multi-line phone systems and how the requirements to, how those connect to 911 emergency calls. I'll post those, but it's important if you have a multi-line phone system to make sure those comply with, you know, federal law dealing with, you know, emergency calls to 911 to make sure that if someone calls using a multi-line phone system, you know, the responders know where that person is located and don't drive to some other location where the threat isn't present. I'll post the comments or those links in the chat section. Gina, Susan, David, any other comments on this? I have a couple of slides ready and I'll just go through those if that's okay. Great. Yeah, and I just put basically the types of workplace violence, we kind of know what they are, but sometimes we're in the thick of it and we cannot just fathom any direction that this comes from. I know when we were talking about this, David and I were talking about, you know, one of the questions is when do you call the cops? And because I've had to call the cops twice in on patients who were quite disruptive and became violent. So, and then another time I had to call the cops in to get a couple that was going through a divorce and they were, one spouse was trying to break in, thus the locked doors is always so important. But these are just kind of the types of the workplace violence. The next slide is kind of saying what we need. And that is, of course, the obvious to create a plan. Now, a lot of you already have an emergent situation plan. You just have to kind of go with this and extend it to a workplace violence situation. So this is when you call in all your resources. Again, you call in emergency management. What can they do for you? How can we work together? Local law enforcement, risk management, human resources, like Ryan was saying. You know, you have a good plan for workplace safety. Establish that procedure and let everybody know about it. Your emergency escape procedures, practice those just like you do with the fire department, with the escape in case there's a fire. And also think about the other locations, not just the one you're in. How are you going to let other people know? And also the information that you will need most at your fingertips, you may not have right at your fingertips in an emergency. So remember to have all of these important things with you at any time. And then the next slide is going to be how to actually evacuate or shelter in place. So first of all, focusing on access and the needed functions. So think about what you're going to need. If you're evacuating someone that's in the middle of a procedure, that's very different than needing somebody just to evacuate and go out back. So you have to think about that. Your evacuation routes. Always have a plan B. Don't just go with one plan. Have a plan B. And these are also your basic things. Think about your shelter in place locations. You have thick walls. The most interior rooms you can find without windows or doors or locked doors. How to lock the doors. The fire department. Other people can show you that. Also have your emergency aid kits, everything available. Things to communicate with devices. Actually having alarms at the front desk and in strategic locations. I worked somewhere that was very high security and they had panic alarms at the front desk and the nurse's station. And they needed them. They had to have them because of the area they were in. And then also, again, how you'll notify other sites. And then the next question, the next slide is these are everyday things you can do to really help. And Ryan, you kind of hit on one of those. I'll get to those in a second. That's really important. But everyone having the display, the ID badge, and having it valid and displaying it openly. The panic button I just talked about. Ensure that your locked doors remain closed and locked. Our office has become like our living rooms. We become very comfortable and we don't worry about it. And when we least need to worry about it is probably when we need to worry about it most. Whenever you are having an employee terminated or anything going on, change those keypad accesses. I know it's a pain, but it really, really pays off. And then the next one. Susan, before you go on, can I make one quick point about the panic button? Yes. I had a client recently who, you know, they had the panic buttons installed and they thought everything was good. When they looked into it, they realized the panic button, when pushed, wasn't triggering the result they thought it would. It was going to a different location. So I think sometimes it's worth looking under the hood to make sure the panic buttons are working before you actually have to rely on them. Yes, that's why you always practice these things. Maybe you never know. I'll just attest that I've also had a client where the panic button was connected to nothing. So it was like a dummy button to make the staff feel good. So please don't do that. Please make it real. Yes. That depends upon who you're working with. I don't do that. Foster respectful working place. You know, people have to feel comfortable about approaching you and create a culture of safety to report unusual and suspicious activity. People cannot be afraid to speak up if they see something to say something. This is where the emotional intelligence kicks in. Being aware of the workplace violence that you may not know is brewing. You have to be aware of how your staff and your patients are feeling. And your staff, for example, we know patients can be upset. The staff gets really upset, too. Think of that person that was going to get that promotion that they thought they deserved for the third time and they didn't get it. How angry are they? I mean, really. You know, talk to them and say, I'm sorry you didn't get it. I'm sorry you didn't get it. I'm sure we can work something else out. Because, again, if they're upset by something, if they don't go up against you and they're not able to talk to you about it, they will tell their friends and they'll get angry. And that could brew into something. So if you have a really good rapport where people feel they can speak up and you don't brew that anger, that really makes a difference. And be very aware of your exit list. Make sure that all of your protocols for security and everything are taken care of with that exit list. And I think that's it. David, did you want to say something else? No. Well, two ad lib comments. One is back to the phones. And I think this is solid. But there used to be an issue with phone switches, multi-line phones, where any place you can just enter four to five buttons and connect to someone that you had to dial nine to get an outside line. And in the heat of the moment, you don't realize that when you dial 9-1-1, you're actually just dialing 1-1. And so maybe that's fixed. I don't know technology-wise. But I worked in clinics where they just had a little tag to the left of the phone or whatever that says to reach 9-1-1, dial 9-9-1-1. Or whatever the outside number was. So just that reminder that something is pretty obvious that you might need to write it down. The other thing is that if you're in a medical office building, it might not be your clinic that has issues. But next door is the, I don't know, the methadone clinic or whatever. And you might get some spillover effect from that. So someone just walking in the wrong door. So this concept that it will never happen to me, maybe they just walked in the wrong door. So that's my only editorial comments. Okay. I think that's it for workplace. So Susan, what's next on the list? Let's see. I think next we can do centralized versus dedicated schedulers. And we have some slides for that. If you'd like to do that next. I can start talking about the slides. Oh, here we go. Okay. So I'm actually working a lot with this because I believe in this. I think it's the most beautiful thing in the world. Because it saves, it's good. The things you have to be aware of we can talk about in a second. The cost savings and efficiencies is wonderful. A lot of people have receptionists still answering the phones in the front. You can actually have them pay attention to the patient in front of them, which is great for customer service. If you have fewer people in charge of the schedule, it means fewer exceptions, which is really good. More cognitive thinking and fewer things like let's just slip them in there. This is also a job that can be done remotely, which is absolutely huge. I work with a practice in Florida, and they have 11 practices across all of northern Florida. And in some places you can get great people, and in some places you can't. It's just like anywhere else in America. So you can actually do this remotely. You can do it in a location with a centralized office. And you can choose the location you want to do that in if there's great hiring there. And I think that that's a wonderful, wonderful thing. And the next slide is the disadvantages. Now, the patients can usually tell when somebody's not really in an office, just like when we call customer service and we know that they're not in that office. So the thing I would suggest is because patients can kind of tell that schedulers may not know your population, and that's incremental in doing your schedule. So whenever you have training to do a centralized scheduling, have someone from the office actually transfer to do a scheduling there if possible, or have them do the training because they know the doctors, they know the pace, and they know the patients. And if you know the patients, you've got it all, because every practice is different. I don't care if you're in the same town. Every practice has different kinds of patients. And also, when you, when you have reduced access you cannot get the doctor if you need them to ask them a quick thing, which sometimes is a good thing, and sometimes it's a bad thing, but you can have that instant access. So a lot of people, I would say, had to have that backdoor line to the practice. So you can call a nurse or a front desk person right away and say, how does Dr. Fink's schedule look right away? Or can I fit somebody in? I'm trying to do that. There needs to be access directly to the office. If there is a problem with a scheduler, I would say to have the supervisors notified, not the scheduler, because that way the supervisors can then monitor the schedulers. And with schedulers, you also have to have different offices, like I say, have different protocols, and schedulers are often working with, I don't know, 10, 15 practices at one time, or even five or six, and every office is different. So their protocols are different, and you have to pull them up every time with that office. So sometimes the biggest mistake will be you make a wrong appointment for the wrong kind of person at the wrong office, and it stands out blatantly. And that's why you have to have the protocols up for each office every time. And once operators get used to this, it's really not a problem. I think handling 70 or 80 calls a day, I think the cost savings are absolutely wonderful because then people can be focused on that, because what happens with dedicated schedulers in an office is they tend to give them extra things like the front desk. Well, why don't you just do this while you're making appointments? And then they can't focus. And that's what you want is somebody definitely dedicated. Your schedule dictates your day. I mean, it's your workflow, and you've got to do it right. I think that is it for me. What about you guys? For scheduling, anything? I'll chime in that when this question came in, there was a couple assumptions I think we made that when we're talking about centralized scheduling, I guess the question is, is it on-site or is it off-site? And so that's kind of one question you have. Obviously, if you're a smallish group, then it's going to be on-site, or maybe it'd be off-site, depending on the social interaction issues. The other thing is how much flexibility each individual provider has on their schedule, on their calendar. And that gets to kind of the management function of the practice. If you let every physician decide how long their appointments are, when their appointments are, you're almost begging to have individual schedulers responding to each individual physician. Not necessarily good or bad, but just know that that's added cost, and that's kind of what you're up against. To the extent you can standardize these things and have one scheduler do scheduling for multiple physicians, that's efficiency, and you're probably better off in the long run. I personally have not used groups when I called in to schedule an appointment, and they said, well, it's Dr. A, you have to call this number. If you want Dr. B, you want this number. It's like, well, I don't know who, I just want the next available. So that to me, if you can't even function as a group when answering the phone, how can you function as a group in providing clinical care? But that's just my soapbox on that. The other question, or the other point on centralized scheduling is to the extent you include pre-registration functions in scheduling. Oftentimes when you have the patient on the phone, you're gonna wanna try and get as much financial insurance information as you can as you're getting that appointment. Is it a new appointment? Is it a repeat? Those are the things you wanna think through. And there's definitely value add in having that centralized because the more they do that insurance aspects, the more they know, the better they are at it, the quicker they get at it. So that pays off in the long run in terms of managing your denials and rework on the backend. The other rambling point I might make is that they're scheduling tests and they're scheduling appointments. Many hospital systems try to centralize the test scheduling and have this centralized appointment scheduling CIS center that is almost always poorly received by the physicians because it's non-responsive. But that's not really something that you can or cannot control perhaps. To the extent you can schedule your own tests, that's probably a good idea from the physician office perspective because you know the availability of the physician, you know the details of the test that you want scheduled, whether it's cardiac rehab or whatever it is. I guess PT would be more applicable in ortho and you might even have that on site. So anyway, so I just kind of wanted to bring those topics up that, you know, I think we've been talking about physician appointment scheduling, but there are other ways that you can look at centralized scheduling of tests and other things. So that's it. That's great because you, oh, I'm sorry. Go ahead, Gina. Well, I was just going to ask a question and maybe Susan and David, Brian, you might have some input too, but has anyone moved to online self-scheduling? Because that sounds like a natural progression. Some have, but it is a slippery slope. It is generally poorly received, yeah. But David, what David brought up is a perfect example of that where you can schedule for a test because when you call the front desk and schedule for a lab appointment, they just have an appointment they're filling up. It doesn't matter what it is. And you can say, okay, only this kind of appointment in the morning or whatever in the afternoon, you can do that just like you do a physician's template. But yeah, and I think a great place to start is you can schedule your own lab test to come in. A lot of times they don't let the patient do that because they know the patient won't do that because that way they get the lab test. So they make sure that it's done by the office. But one thing that you brought up, David, which is really true, which is you can have 20 million ifs, ands, or buts for every schedule for every doctor on a full moon on a Tuesday. And this is a really good way to centralize it. It's a really good way to mandate it. Everyone has their exceptions, but the systems these days, you can build in a purple cow on a Thursday afternoon at two and that's the only person that can be seen. I mean, you can do that. So you can really make it as tight or as loose as you want to. And you can give a few exceptions. They know where to do the build-ins, before lunch, after lunch, or in the morning, something like that. So it's different for each practice, but it is a really good way to straighten out your schedule, which is absolutely huge. So it's a good opportunity. You mentioned patient-centric scheduling or letting the patient do it themselves. I'm not sure I've seen that. What the closest I've seen is letting other clinics, other practices in the same network schedule into your schedule. Most docs don't like that, but that is getting to be a trend for efficiency, especially as hospitals try and tighten down on out-of-network referrals, where, you know, think how easy it would be if the primary care can schedule straight into your orthodox schedule. Well, that's great from a primary care perspective. That's probably not so great from an ortho perspective. So it just, you know, those are just things to be aware of. Actually, I think it would be really good. Well, what I've observed, it gets to surgical yield. It gets to surgical yield if it's so easy. Well, that's when the slippery slope comes in. Yeah, if it gets to be so easy for primary care to throw a patient on an orthodox calendar, the orthodox day gets filled up with my back hurt for the last 10 years. But if they have those appointments for lower back pain, shoulder pain, PT, if they have those selected, I've done primary care and ortho, and if you can have a connection between the two and they agree upon the schedule beforehand, that's a beautiful way. The orthos love to be filled, they love the referrals, and the primary cares love to make it easy. So I see this kind of as an opportunity. It will happen because somebody is going to do it first. Urgent cares are kind of doing it. Yeah, and I'm not dissing it too much. I'm just saying that there's pros and cons on it. Oh, yeah. And if you're a surgeon, you make money in the operating room, not in the clinic. So- That's exactly right. So you would have those appointments. So that's just some reality to check. No, and that's why you have those appointments in the morning or not on Thursdays when you do those procedures. Yeah, you can make it work, but it is a slippery slope. Yes. Yeah. We lost Ryan. He had another appointment. So we thank him for his contributions and everything. It looks like the next topic is vacation policies. Specifically, we're talking about staff vacation and how much advance notice is requested or required and how long staff are allowed to be out of the office at one point. So I know what I'd like to say. What would you guys like to say? Go for it, Susan. You go for it, because I got nothing. You know, I like, and it also asked about how much time off for certain events and things like that, the question. And I'm thinking they're talking about bereavement leave or something like that. And I approach bereavement leave because of recent things, but with bereavement leave for a certain event, I would say, give a buffer day. Please give a buffer day. Because if that person can come home and get used to being in the real world before they have to go back to work, they're gonna be a much happier and much better person when they come back to work. If you slam them back into work and they can't, you know, they don't have any time to recoup or lick their wounds before they come back, it's gonna be a lost day. It's not gonna be good for anybody. So if you can, allow three days at least for bereavement, for, you know, close relatives. I like three weeks leave, three weeks request ahead of time for staff, physicians, three months, six months. It depends upon your office. If you have a really small office, you can do it two weeks or tomorrow. I think there are actually certain states where you can go up to your boss and say, I need a mental health day and they have to give it to you. So there are all sorts of exceptions with that. But I like three weeks for staff. Like I said, three to six months for providers. Now this last year has just been havoc due to COVID. People have used all their leave. They've gone over, they've gone under, they've used PPP, they've used everything. And for holiday leave, and that's another event, that's a touchy thing. And I used to meet with my staff by department in September, and we would plan our holiday leave because we would know who had it last year. We would, and that way we'd say, okay, well, if someone wants to travel, let's protect those dates with some weekends. How can we make everybody get some time off and allow this to happen and everybody to enjoy it? And we worked it out. And that way everybody respected everybody else. They're always extenuating circumstances, last minute stuff, but I really like that. And then the other thing I would say is I'm a real fan of the anniversary day, which is every day that you're there, you get an extra day and it helps you keep long-term really good employees. It also helps you keep long-term really bad employees, but hopefully that would work itself out in a different way. But it's a good way to show how you appreciate long-term employees. What do you think, guys? I think you meant every year you get an extra day, not every- What'd I say? Every day, but- Every day. Oh, every day. Yeah, why not every day? Yeah. Susan's really generous. Yeah. I'm trying to say things too quickly, sorry. I would just add on the legal perspective, make sure that you set a policy, whatever you choose. If you choose three weeks or three months, or if you choose three days, set a policy because it's going to be really important on a compliance end and not running afoul of any discrimination claims, that sort of thing, that you have the same policy for everybody and that you're able, and I understand that things happen and you have to deal with those on a case-by-case basis, but you do want to have a policy that you can fall back on and say, look, this is what we do for everybody. Yeah, I'm sorry. I don't have a lot of experience. I don't have a lot of knowledge on this one. Okay. And you're right, everything in your personnel manual, everything should spell everything out because you want it clearly spelled out for everybody so they can go by that. All right. I think the last topic we have is, there had been some chatter on the AOE chat boards about FMLA and ADA, and I'll try to truncate this, but a question in particular was asked about the relationship between FMLA and ADA as it pertains to covering health benefits. The example that was given was that the practice has an employee who went on pregnancy-related FMLA leave and they extended her leave because she was not cleared to return to work. Due to postpartum depression. And they asked, do they have to continue health benefits? And what are the rules surrounding that? Well, first of all, you need to remember there's two different layers here. One, there's a federal layer with the FMLA leave, and then how does the American with Disabilities Act interact with that? But then there's also the state level. For example, every state will have their own rules regarding what kind of leave you have to give, what insurance benefits you have to cover if someone is on leave, that sort of thing. And you have to marry those two levels of regulations together to make sure that you're not running into any compliance issues. So you want to make sure that you've got someone that can help you, guide you through on both of those levels. On the FMLA issue, generally after FMLA expires, then you have to do an American with Disabilities Act analysis, an ADD analysis. And what you're doing is determining whether a reasonable accommodation needs to be made because a disability exists. And then if an accommodation needs to be made, what is that accommodation and what's the plan? With regards to the health insurance, unless the employer, the practice, has a policy stating something to the contrary, under the ADA, the employer can require the employee to pay 100% of their healthcare costs, of their health insurance costs. That would include the employer and the employee portions. This is, again, under the ADA. Under FMLA, so if we're still back in FMLA before we get to ADA, the employer can only collect the employee portion of the insurance premiums. So you need to know what you can collect. We would say that you want to be careful not to cancel any insurance coverages without discussing with the employee first about who's going to cover what portions. And then, of course, you need to check on your state law to make sure that you're meeting any requirements there that may affect health insurance coverage. And Susan, David, I don't know if you guys have any practical tips on how to deal with employees when they go out on leave. I think you covered it. It is so tricky. And I think the legal way is the way to go. You have to check every step of the way that you're doing everything right because it really is a rocky road. Thank you. Sure. I think that's all we have on our agenda so far. Were there any other hot topics or questions from our attendees? I actually ran across something this week that someone was asking me as a practice and immediately everybody came back and said, no, you can't do this. But somebody actually asked me, can we refuse to see patients if they've not had vaccinations? And this was an allergy, this wasn't ortho, but this is an allergy and asthma. And you're literally like in their face, looking at them. And so they're breathing, you're breathing all over each other. And of course, nobody touched that question with a 10 foot pole because you cannot deny care. You can't do that. That's a liability issue just waiting to happen because delayed care is denied care and you can't refuse a patient once they're your patient. So just be very, very careful of that. So a lot of people came back and said, we're still doing the temp checks for every patient. We're still doing the questionnaire and we're still making every single person wear masks. So if there's any thoughts of that out there, please don't even think about that. And I know it's a safety thing, but we either take care of patients or we don't, we can't kind of select how to do that. Well, and that's an interesting topic, Susan, because even before vaccinations, when people were talking about COVID testing and whether they've had symptoms and what's the policy for the office as far as if somebody has symptoms, we've actually had patients who have been so upset that they've called the medical board and reported the physicians for the conduct of the office staff saying they denied me care. And I think it's a new area that the medical boards are dealing with as far as, well, okay, what was the policy? And what I generally tell our physicians, look, if you have an angry patient and they're upset about the situation, it might be a good idea if you or somebody that's high up on the food chain gets on the phone and talks to them and calls them and tries to sort out what the issue is. We had a situation where a patient showed up and she had just had COVID and they had a policy about you had to be symptom-free for so many hours, but she was not symptom-free, but she still came anyways. So they made her reschedule and she was very angry. So the call to the medical board happened and it's just kind of a pain to have to deal with it. That patient sounds like a problem patient to me to begin with, because everyone knows if you're sick, you don't go to the doctor, especially with COVID. So I think there's more to that story. Yes, I totally agree. I totally agree. There are so many protocols that you have to follow and you have to be, I mean, there are OSHA protocols too, and there are the reasons. If someone comes in with COVID and the office has to shut down, they can't see any patients and patients certainly know that. And you're right about patients calling the administrator or the manager. If they know the manager, they're more apt to call them. If they go into this black hole and they never see the manager and they just see the receptionist and the nurses and other people, they don't even know who to call and they don't even try. A lot of times they'll just call the medical board. So that's why with customer service, you have to reach out and be available because you're right. It will put off a lot of lawsuits if you could just talk to somebody or complaints to the medical board, because a lot of patients do not realize when they call the medical board, what that really means and how you have to answer and how long that takes to clear up. And even when a hundred percent your side, you've done everything according to the law, it still takes months to clear up, but the patients need to be able to go to you. You're exactly right. They need to know that. And we've had situations, Susan, where patients have called the medical board and they're just trying to get someone to call them back. Yeah. Something so rudimentary, but yet it blows up into this enormous issue for the physician because nobody called them back. And that's why I have a job because people, it's the basic stuff. And COVID, it's been so hard to keep staff. It's been so hard to keep people, you know, I mean, you saw on the news what last week, one out of every three health workers is getting burned out. And, you know, those are the ones that admit it. You know what I mean? So it's getting bad. And we've all been taking care of our staff all year long and trying to take care of ourselves as well. But, you know, if we know we're all in this together and everybody's, I think we're at 49.9% vaccinated or something really close. So it is getting better and we just have to keep that in mind. Yeah. But I think that's it. I think that's all we have. You seeing anything else? I am not. Okay. Okay. Melissa or Vicky, would you like to finish up or? Yeah. So I just want to thank you guys all so much for speaking and hosting this wonderful presentation today. And thank you to all of our attendees for joining us. We definitely look forward to seeing you all on June 3rd. And thank you and have a great rest of your day guys. Thank you. Take care everyone.
Video Summary
The video transcript covered topics like centralized scheduling, staff vacation policies, and the relationship between FMLA and ADA in the context of health benefits. Centralized scheduling can improve efficiency but must consider individual practice needs. Staff vacation policies should be clear and comply with both federal and state regulations. When it comes to FMLA and ADA, health benefits continuation may vary depending on the regulations, such as requiring employees to pay for insurance premiums. It's also important to handle patient care situations carefully, avoiding refusal of care based on vaccination status. Clear communication and adherence to protocols can prevent misunderstandings and potential legal issues.
Keywords
centralized scheduling
staff vacation policies
FMLA
ADA
health benefits
insurance premiums
patient care
legal issues
×
Please select your language
1
English