Wednesday, August 31, 2016

How a Search Committee Could Benefit Your Organization

Understanding when to use a search committee enables it to become a valuable part of your recruiting efforts.

Steve has been very busy in his efforts to hire somebody for a high profile position within his organization. After spending endless hours sifting through resumes, conducting initial phone interviews, doing on-site interviews, and making the final hiring decision, Steve has finally hired a qualified candidate named Jeff. There was no argument that Jeff was qualified for the position, but Steve was only one opinion and only one view point. Within a few weeks of hiring Jeff, it was apparent to everyone around that Steve had missed something. Although qualified, Jeff was not a cultural fit for the organization. In fact, Jeff was pushing all the wrong buttons and going in all the wrong directions. Jeff was not a fit for the organization and Steve had to let him go. It was now time for Steve to begin the time consuming and costly hiring process all over again.

Could the above situation have been avoided? Maybe not entirely, but the likelihood of it happening could have been greatly reduced if Steve had utilized a search committee in his recruiting efforts.

What is a search committee?
A search committee is a group of individuals gathered together for the purpose of assisting an administrator or hiring manager in recruiting and screening candidates for a vacant position.

Why would I use a search committee?
By forming a search committee, the hiring manager is able to harness the large amount of work that comes with reviewing resumes, conducting initial interviews, and doing on-site interviews. In addition, a search committee provides consistency in reviewing each candidate and the entire hiring process benefits from having multiple perspectives.

When should I use a search committee?
It is best to utilize a search committee when hiring for senior level administrative positions and positions that will have a high public relations impact on your organization.

Who should be a part of a search committee?
Search committee's should be formed with the idea of having a diversity of ideas, opinions, and perceptions. Members of a search committee should include:
  1. People who have valued knowledge about the vacant position
  2. People who are respected
  3. Representatives from areas that the new hire will impact
  4. Representative from both genders
  5. People of different races and cultural backgrounds
How many members should be on the search committee?
The size of the search committee should reflect the importance of the vacant position. With that being said, a search committee should not exceed 11 members nor have no fewer than three members. Keep in mind that the larger the search committee is, the more time it takes to complete the hiring process.

What are the duties of the search committee?
Search committee's should be active in:
  • Determining a timeline for the hiring process
  • Identifying where to advertise for the vacant position
  • Conduct initial interviews
  • Participate in on-site interviews
  • Help determine which candidates will advance to each stage of the hiring process
  • Help determine the final candidate selected to fill the vacant position
When utilizing a search committee to become part of the hiring process for a vacant position, you are opening a door to new ideas and perspectives. These different and sometimes new thoughts should be encouraged and discussed. It is the objective of the search committee to find and hire the candidate who no only can do the job, but would be the best fit for the organization and the culture within.

To subscribe to this blog, enter your email address:

Delivered by FeedBurner

Wednesday, August 24, 2016

Discussion Point: Patients Making Recordings In Healthcare Settings

Policies Restricting Patient Recordings In Medical Settings

What are your opinions on a medical office or practice creating a policy to prevent/limit patients from making audio/video recordings in exam rooms or other common areas where HIPAA or patient privacy could be violated by improper use of these recordings?

Does the office or practice have free reign to create such a policy?  What if any limitations might apply?

What about the patient?  Do they have any "rights" providing them the freedom to be able to record a procedure or practitioner giving treatment instructions for example? 

What about recordings in a maternity ward/nursery or during child birth?  What about the potential for cell phones to disrupt sensitive medical equipment?  What about patient's using apps like Pokemon Go and inadvertently or covertly overhearing and recording sensitive patient information?
What HIPAA regulations or legal ramifications might be evoked by such a situation?  How does an office notify patients of and enforce such a policy?  Should the office require patients to sign an acknowledgement of said policy or is a posted sign or notice adequate?

I would love to hear all your thoughts on this topic and any addition related issues that might come up that I have not already listed in the situations above. 

To subscribe to this blog, enter your email address:

Delivered by FeedBurner

Friday, August 19, 2016

Compliance Essentials: Training

Training is one of the essential cornerstones of any effective compliance program.

Training is an investment for any organization. That investment pays great dividends in the form of liability protection when it comes to compliance. However, with that being said, some organizations are still hesitant to train their employees or outright refuse to make this very important investment.

When it comes to Federal and State compliance, the decision to train employees has been taken out of the hands of the organizations. For example, with HIPAA compliance, the Office for Civil Rights (OCR), states:

"§164.530(b)(1) Standard: Training. A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart and subpart D of this part, as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity."

In the event of a HIPAA audit, the auditor will ask him or herself a discovery question:

"Does the covered entity train its work force and have a policies and procedures to ensure all members of the workforce receive necessary and appropriate training in a timely manner as provided for by the established performance criterion?"

In addition, the auditor will take the following action:

"Obtain and review such policies and procedures. Areas to review include training each new member of the workforce within a reasonable period of time and each member whose functions are affected by a material change in policies or procedures. From the population of new hires within the audit period, obtain and review a sample of documentation of necessary and appropriate training on the HIPAA Privacy Rule that has been provided and completed."

And finally, the auditor will:

"Obtain and review documentation that workforce members have been trained on material changes to policies and procedures required by the HITECH Act."

What is the above patter of the auditor?

  1. As a mater of policy, require that all employees are being fully trained
  2. Ensure that each organization has established policies and procedures
  3. Verify that training is being done by obtaining documentation on training and policies/procedures
This similar pattern is followed by other government organizations. Documented compliance training is required in the areas of OSHA, Medicare, and other various areas where compliance is required.

When organizations give their employees the resources and information they need to be compliant with these various regulations, they begin to establish a culture of compliance within the organization. 

Compliance training is not a request or addressable, it is REQUIRED!!!!!

Employee training is an investment worth making. However, compliance training is not just a good investment, it is liability protection that any organization cannot be without.

To subscribe to this blog, enter your email address:

Delivered by FeedBurner

Friday, August 5, 2016

Compliance Essentials: Documentation

Documentation is one of the essential cornerstones of any effective compliance program.

Henry was understandably nervous on the day his office was being audited by the Office for Civil Rights (OCR). While still feeling some butterflies, he was confident that his compliance efforts will pass the HIPAA audit. Henry was then asked a series of questions:

Auditor - Does your office have establish policies and procedures?
Henry - Yes we do!
Auditor - Show them to me.
Henry - Here is a copy of our employee handbook.
Auditor - This does not contain the necessary written information.
Henry - I thought it was enough . . .

Auditor - Does your office train your employees continuously?
Henry - Yes we do!
Auditor - Show me the training documentation.
Henry - Our employees are trained on compliance every year at our annual "compliance and pizza" meeting.
Auditor - That is not what I asked for.
Henry - I thought it was enough . . .

Auditor - Show me your breach disclosure log.
Henry - Our breach disclosure log . . .
Auditor - Do you not have one?
Henry - I'm not even sure what that log is.

At this point in the audit, Henry's confidence has vanished and he is now thinking about the possibility of having to look for another job.

OCR has stated that it views compliance as an "ongoing journey". When you are on a journey, your attention is focused on what lies ahead. However, if you stop for a moment and look behind you, you will see past evidence of your journey in the form of footprints. If you turn around, you will be able to retrace your journey by following those footprints. If it was not for your footprints, you would not be able to retrace your journey back to where you started.

This same idea of retracing your footprints and being able to follow the history of your journey, applies to your "ongoing journey of compliance". However, rather then leaving footprints behind you, you leave a paper trail called, documentation. By keeping your documentation up-to-date, you have a history of your compliance activity and evidence of where you currently stand (policies and procedures).

There are numerous benefits to good documentation:
  1. Paper Trail - This will be useful in demonstrating your compliance activity for an audit or possible protection against liability.
  2. Compliance Story - It is not only about what you did and the final outcome, but rather what factors were a part of your decision making process and what lead you to make the final decision.
  3. Hand-Me-Down - When an office changes Administrators or Compliance Officers, the newly appointed employee will be able to review previous documentation and have a better understanding of the organizations compliance history.
  4. Employee "Misunderstandings" - Documentation of policies and procedures go a long way to eliminating the employee "misunderstandings" that tend to crop-up. If an employee says that they did not know the policy, you can refer to the written policy and their acknowledgement of it that they signed during their training.
During an audit by OCR, they are wanting to look at your "ongoing journey of compliance". If your documentation is done well and is up-to-date, then you won't have to shy away from their questions. Simply take their hand and guide them through the history of your "ongoing journey of compliance" by following your own footprints.

To subscribe to this blog, enter your email address:

Delivered by FeedBurner

Tuesday, August 2, 2016

OSHA's New Reporting Rule Impacts the Health Care Industry

New OSHA Injury Reporting Rules
The U.S. Occupational Safety and Health Administration (OSHA) recently issued a final rule that becomes effective January 1, 2017 requiring healthcare industry employers to electronically submit to OSHA injury and illness data from their OSHA logs. This information will then become publicly available on the OSHA website.

As a corollary, and “to ensure the completeness and accuracy of injury and illness data,” the final rule also:
  • Creates an explicit requirement that employees must be informed of their right to report work-related injuries and illnesses free from retaliation;
  • Specifically requires that an employer's procedure for reporting work-related injuries and illnesses must be reasonable and not deter or discourage employees from reporting; and
  • Explicitly prohibits retaliation against employees for reporting work-related injuries or illnesses.
The requirement to report data applies to: (1) work locations with 250 or more employees, and (2) work locations with 20 to 249 employees in specific “high-risk industries” identified in the rule. The rule includes several types of healthcare industries in its definition of high-risk industries. Specific healthcare industries that must comply with this rule if they have 20 or more employees at a particular work location are:
  • Ambulatory healthcare services;
  • General medical and surgical hospitals;
  • Psychiatric and substance abuse hospitals;
  • Specialty (except psychiatric and substance abuse) hospitals;
  • Nursing care facilities;
  • Residential mental retardation, mental health, and substance abuse facilities;
  • Community care facilities for the elderly; and
  • Other residential care facilities.
Businesses with 250 or more employees at a work location in industries covered by the new recordkeeping regulation must submit information from their 2016 Form 300A by July 1, 2017. These employers will also be required to submit information from all 2017 forms (300A, 300, and 301) by July 1, 2018. Starting in 2019, the information must be submitted by March 2 each year. Businesses with 20-249 employees in high-risk industries, including those healthcare industries mentioned above, must submit information from their 2016 Form 300A by July 1, 2017, and their 2017 Form 300A by July 1, 2018. Starting in 2019, the information must be submitted by March 2 each year.

OSHA will make the injury and illness data public. After removing any Personally Identifiable Information that could be used to identify individual employees, OSHA will post the data on its website, and anyone will be able to download it. Employers in the above-referenced high-risk industries (and those with 250 or more employees) should begin planning now to ensure compliance with the January 1, 2017 reporting deadlines.

The new rule also emphasizes that employees who report workplace related injuries and illnesses may not be discriminated against or retaliated against because they have reported such injuries or illnesses. It provides OSHA with the authority to cite an employer for retaliation even in the absence of any employee complaint. The commentary to the rule says:
  • Employers must have a reasonable procedure for employees to report work-related injuries and illnesses.
  • Employers’ reporting procedures cannot deter or discourage reasonable employees from accurately reporting a workplace injury or illness.
  • Blanket or automatic post-accident testing policies are prohibited and will be viewed as taking an adverse action against, retaliating against, or discouraging employees from reporting accidents.
  • Employers need not specifically suspect drug use before testing, but there should be a reasonable possibility that drug use by a reporting employee was a contributing factor to the reported injury or illness in order for an employer to require testing, and, even then, the testing should be limited to only the employee who caused the accident rather than everyone involved.
Although the new rule does not prohibit all post-accident/post-injury drug testing policies, OSHA’s position is that the circumstances of some accidents make it unlikely that drug use was a contributing factor, and therefore testing employees in these situations would be viewed as retaliation. OSHA provides these examples of circumstances where required drug testing would be suspect:
  • After an employee reports a bee sting;
  • When an employee has a repetitive strain injury;
  • After an injury caused by a lack of machine guarding; or
  • When a machine or tool malfunctions.
The rule acknowledges many employers implement post-accident/post-injury drug testing policies because they are located in states that offer workers’ compensation premium reductions for enacting Drug Free Workplace Policies. Compliance with these workers’ compensation programs or other state or federal laws or regulations requiring post-accident/post-injury or reasonable suspicion testing are still permitted.

Employers must also specifically inform employees: (i) they have the right to report work-related injuries and illnesses; and (ii) the employer is prohibited from retaliating against employees for reporting work-related injuries or illnesses. Employers also must establish a reporting procedure that does not deter or discourage an employee from reporting work-related injuries and illnesses. These posting and reporting requirements are effective as of November 1, 2016.

In light of OSHA’s new rule, employers in the health care industry should review drug testing policies as well as accident/injury reporting policies to ensure they do not violate OSHA's new rules.

Also See: Provisions call for employers to electronically submit injury and illness data that they already record.

To subscribe to this blog, enter your email address:

Delivered by FeedBurner