No comprehensive national data are available to know how often "wrong-site" surgeries occur. In Georgia they occur on average more than once a month, data indicate. Yet despite protocols required by the Joint Commission and years of initiatives by medical groups, the problem persists. Regulators at the Georgia Department of Human Resources have received 102 reports of wrong-site surgeries since 2003, when reporting the incidents became mandatory. Since July 1, the state has received 20 reports. It received 15 in fiscal year 2008.
St. Joseph Regional Medical Center of South Bend, IN, has announced a pay freeze for employees as it prepares to open a new $355 million facility later this year. St. Joseph representatives said that it also was making an 8% reduction in executive pay and cutting the hours of some departments. No layoffs were announced. Officials said it has faced a growing number of uninsured patients and that Medicare and Medicaid payments have not kept pace with expenses.
Despite Massachusetts' 2006 health insurance overhaul, healthcare costs are devouring more than 10% of thousands of residents' income, according to a new study from Families USA, a nonprofit organization that lobbies for affordable care. The study found that more than 1 million Massachusetts residents are in families that will spend more than 10% of their pretax income on healthcare this year, even though the vast majority of them have health insurance.
Sen. Arlen Specter said his switch to the Democratic Party doesn't mean he will automatically vote for legislation to overhaul healthcare. Specter, who left the Republican Party, has bolstered Democrats' hopes of passing legislation to overhaul healthcare. His switch moves Democrats closer the 60 votes needed to stop a Republican filibuster.
A television commercial for the Akron Children's Hospital in Ohio presents Austin, who is 14 and bald from chemotherapy. The commercial is emblematic of a new approach to advertising by hospitals—an industry that, despite the recession, is not slashing ad spending. The campaign, by the Marcus Thomas agency in Cleveland and running on about 20 cable channels and network stations in Ohio, is entirely unscripted. Other spots feature more patients and their young siblings, who talk about how their families are coping.
The Federal Trade Commission (FTC) pushed back its compliance date Thursday on the "Red Flags Rule" from May 1 until August 1, giving healthcare facilities considered to be "creditors" three extra months to implement an identity theft prevention program.
But that does not mean healthcare entities should delay implementing a program–especially when you're dealing with the FTC, an organization known for harsh punishment and corrective measures.
"Don't forget, this is a much different agency than [Office for Civil Rights] and CMS, the enforcement agencies for HIPAA, and if they do show up, the consequences will likely be severe," says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
The Red Flags Rule aims to keep the FTC away. It forces any organization considered to be a "creditor" to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.
That regulation falls under the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which defines "creditors" as agencies that regularly extend or renew credit–or arranges for others to do so–and includes all entities that regularly permit deferred payments for goods or services.
Originally, the compliance date for Red Flags was November 1, 2008, but the FTC delayed it until May 1, and now August 1.
Major financial institutions like banks and non-state regulated credit unions did not get a break from the original November 1 compliance date.
"I think the FTC was trying to give people enough time to here about it, embrace it, and move forward with it," says Suzanne Miller, PhD, senior partner at Compliance and Audit Group, Orlando, FL, a consulting firm. "But, do I think that by allowing them until August 1 will cause more to get on board? No. We are in a financial crisis here, and people don't care. If there aren't police or a big stick, people don't care."
So what should your healthcare organization do? For starters, your front end patient access team needs to be in the loop, since they take credit information. Your billing and accounting team and anyone who gets their hands on a patient's bill and credit information should also be involved. Not to mention your compliance and HIPAA officers.
Experts told Healthleaders Media to conduct an organizational audit, develop the identity theft program with approval from your board of directors, monitor the program, and train everyone.
Tanya Forsheit, co-head of the Privacy and Data Security Practice Group at law firm Proskauer Rose LLP in Los Angeles, says healthcare entities should determine whether they are covered, start work on a program to detect and respond to identify theft signs, and develop a written program and consult with counsel to determine what makes sense in that regard. They should also review regular practices for how to deal with patient identification, how to respond to law enforcement requests, and how to deal with medical records that might be at risk of identify theft.
"It may be that they already do a number of things that are in line with compliance and then it's just a question of putting something in writing to memorialize the program and making sure people in the practice or the hospital are trained and understand what this means," says Forsheit.
And realize there is a major financial risk associated with non-compliance–not to mention financial and potentially physical harm to your patients. Identity theft could compromise patient care.
"Look at the state laws," Miller says. "Massachusetts has one coming out that will bring you to your knees if you don't do it. If healthcare providers would understand what their risk is…because today they don't think there is a financial risk to non-compliance. If they realized that all of this really goes together, and if they have a breach of any kind that could be attributed to identity theft or fraud, then the penalties and the fines could put them out of business."
John Commins of Healthleaders Media contributed to this report.