Harassment, patient data protection are compliance priorities
by Greg Shulas
August 6, 2019

Home health care providers aren’t responding this year to pressing new mandates or making large increases in annual compliance spending, but they are busy with timely issues, such as anti-harassment training, patient data protection and other tasks.

“Training in anti-harassment is a big priority,” said Chad Schiffman, director of compliance at Utah-based Healthcare Compliance Pros, which works with home health and other companies on analyzing, preventing and resolving compliance issues. “We have seen organizations making this a focus this year.”

The effort comes as the #MeToo movement—with its spotlight on ending sexual harassment—brings focus to workplace behavior standards. And it occurs as home health care providers are seeking out computer-based training programs to help employees identify unconscious biases, according to the Chicago Policy Review.

“By increasing workers’ knowledge of sexual harassment and confidence to respond to inappropriate behavior, these computer-based training modules could be scaled up to reach a growing sector of home health employees,” Joseph Semprini wrote in “Care for the Caretakers: Preventing Workplace Harassment in Home Health Care,” an article published in that journal.

Proactive Efforts

Anti-harassment efforts can have a magnified effect in the homecare space, where workplace risks can occur at higher rates than in other industries. A 2017 study from the International Association for Healthcare Security and Safety Foundation concluded that as many as 61% of home health care nurses have experienced some form of workplace violence; 18% to 59% reported verbal aggression as most pervasive.

For home health care companies operating in certain jurisdictions, putting more resources toward anti-harassment training is required by law. For example, all New York state employers must follow sexual harassment prevention policies and provide employees with training by Oct. 9, 2019, according to the Society for Human Resource Management. In California, employers must offer at least two hours of sexual harassment training to all employees with supervisor duties starting this year, and an hour of training to all workers without manager duties by the end of 2020—and then every two years after that.

Along with training, home health care providers are seeking to strengthen workplace compliance cultures by supporting initiatives that screen job candidates, said Todd McDonagh, who is principal and CEO of the HealthCare Compliance Network.

“Every home health care company should perform a background check and an exclusion check on their candidates,” McDonagh explained. The first, he said, is to check a candidate’s criminal background; the second is to ensure they have not conducted illegal billing practices. By filtering out risky candidates, providers will see their overall workplace risk levels decrease, leading to more positive outcomes for stakeholders.

Other Compliance Needs

While public movements such as #MeToo draw attention to anti-harassment training, a large quantity of current resources are still being allocated to tried-and-true compliance efforts such as HIPAA and coding, McDonagh said.

To improve HIPAA performance, providers are investing in educational sessions to help staff protect patients’ personal information, as well as stronger cybersecurity applications that ensure networks containing personal data are kept safe from intruders and breaches.

“Home health care companies need to educate their employees about protecting health information because they are in different environments every day dealing with different people,” McDonagh said. That creates a risk of disclosing private information to people who shouldn’t have access to it.

And since home health workers are mobile by the very nature of their work, they must have access to secure systems for documenting patient information when off-site, as vulnerable tech connections can create compliance liabilities, he added.

Proactive planning is key for all compliance-related objectives these days. For example, effective providers are drafting formal security risk assessments that can help staff pinpoint weaknesses in their operational processes and plan solutions. Leaders are also ensuring that audit work preparation is done throughout the year, rather than just before audit time, Schiffman said.

“Audit priorities have been very big in terms of what people are coming to us for,” Schiffman said. “They will ask, ‘Do we have policies and procedures in place?’”

He said that overall they’re seeing companies and agencies working on ongoing compliance activity throughout the year, billing and coding audits and documentation audits.

MACRA & More

That should also help providers comply with the Medicare and CHIP Reauthorization Act (MACRA). The legislation, approved in 2015, encourages providers to embrace a value-based care model.

Compliance with MACRA entails adhering to the principles behind the Centers for Medicare & Medicaid Services’ Merit-Based Incentive Payment System (MIPS). Under this framework, providers can receive a positive score by showing they provide strong value-based care, and then are able to earn payment bonuses—or, in the case of failure, penalties.

Extra caution on MACRA compliance efforts should be welcomed, Schiffman said, as home health providers are noticing more audits from Medicare and other payers. It’s crucial that coding be done accurately throughout the MACRA compliance process, he said.

Rural area providers may face greater obstacles in complying with MACRA- and MIPS-related rules than those associated with national or regional corporate organizations, according to RevCycle Intelligence, a publication covering financial management processes in health care.

A lack of staffing resources is a challenge facing small and rural practices that seek to adhere to legacy value-based purchasing programs, but struggle to achieve success with MIPS, the publication notes, citing a report from the U.S. General Accounting Office. (The report looked at health care broadly, not just home health care.)

Worker Safety

As homecare companies prioritize areas such as year-round audit preparation and anti-harassment training, they are generally staying neutral in categories such as workplace safety-related spending, or at least programs needed to comply with workplace physical protection rules governed by the U.S. Occupational Safety and Health Administration (OSHA).

Some of that spending flatline stems from a lack of government pressure on home health care providers to bolster OSHA compliance. McDonagh explained that while OSHA compliance is mandated, companies only need to spend what’s needed to establish the required safety protocols.
“Once it is in place, there is no need to increase spending unless the organization brings other risks into the work environment,” he said.

As the year progresses, McDonagh expects current compliance spending levels to stay on track, barring any unforeseen uptick in business risks.

“Every organization has a level of risk tolerance,” he said. “If an organization is risk averse, they will spend the money to know that all areas of compliance in their organization are covered. There are organizations that will not spend the money on compliance, because they are willing to roll the dice and deal with it reactively. We don’t recommend this, but a mandate doesn’t always mean that good compliance behavior occurs.”